diff options
| author | Micael Karlberg <[email protected]> | 2011-09-19 19:31:42 +0200 |
|---|---|---|
| committer | Micael Karlberg <[email protected]> | 2011-09-19 19:31:42 +0200 |
| commit | 368449d2316b0f0f7c0dce55a9dd47c3acadb76d (patch) | |
| tree | 5b38a054ca7918f486992aef39ecf11305f021e2 | |
| parent | 7c730a573a7e239f41bc619b024a675667767428 (diff) | |
| parent | 1fd7edb98877afdf8e044ee8f4f3c1f9fca371ce (diff) | |
| download | otp-368449d2316b0f0f7c0dce55a9dd47c3acadb76d.tar.gz otp-368449d2316b0f0f7c0dce55a9dd47c3acadb76d.tar.bz2 otp-368449d2316b0f0f7c0dce55a9dd47c3acadb76d.zip | |
Merge branch 'bmk/inets/httpd/windows_dir_traversal/OTP-OTP-9561' into bmk/inets/inets571_integration
Conflicts:
lib/inets/doc/src/notes.xml
| -rw-r--r-- | lib/inets/doc/src/notes.xml | 8 | ||||
| -rw-r--r-- | lib/inets/src/http_server/httpd_request.erl | 4 | ||||
| -rw-r--r-- | lib/inets/src/inets_app/inets.appup.src | 4 |
3 files changed, 14 insertions, 2 deletions
diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml index 60559afc2e..5b5dfdde21 100644 --- a/lib/inets/doc/src/notes.xml +++ b/lib/inets/doc/src/notes.xml @@ -69,6 +69,14 @@ <p>Own Id: OTP-9434</p> </item> + <item> + <p>[httpd] Fix httpd directory traversal on Windows. + Directory traversal was possible on Windows where + backward slash is used as directory separator. </p> + <p>Andr�s Veres-Szentkir�lyi.</p> + <p>Own Id: OTP-9561</p> + </item> + </list> </section> diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl index 7084d9824a..90f8bdd912 100644 --- a/lib/inets/src/http_server/httpd_request.erl +++ b/lib/inets/src/http_server/httpd_request.erl @@ -312,8 +312,8 @@ validate_uri(RequestURI) -> {'EXIT',_Reason} -> {error, {bad_request, {malformed_syntax, RequestURI}}}; _ -> - Path = format_request_uri(UriNoQueryNoHex), - Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938 + Path = format_request_uri(UriNoQueryNoHex), + Path2 = [X||X<-string:tokens(Path, "/\\"),X=/="."], validate_path( Path2,0, RequestURI) end. diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src index 301bc2d58a..d5fdf86a60 100644 --- a/lib/inets/src/inets_app/inets.appup.src +++ b/lib/inets/src/inets_app/inets.appup.src @@ -20,12 +20,14 @@ [ {"5.7", [ + {load_module, httpd_request, soft_purge, soft_purge, []}, {load_module, httpc_cookie, soft_purge, soft_purge, [http_util]}, {load_module, http_util, soft_purge, soft_purge, []} ] }, {"5.6", [ + {load_module, httpd_request, soft_purge, soft_purge, []}, {load_module, httpc, soft_purge, soft_purge, [httpc_manager]}, {load_module, http_transport, soft_purge, soft_purge, [http_transport]}, {load_module, httpc_cookie, soft_purge, soft_purge, [http_util]}, @@ -59,12 +61,14 @@ [ {"5.7", [ + {load_module, httpd_request, soft_purge, soft_purge, []}, {load_module, httpc_cookie, soft_purge, soft_purge, [http_util]}, {load_module, http_util, soft_purge, soft_purge, []} ] }, {"5.6", [ + {load_module, httpd_request, soft_purge, soft_purge, []}, {load_module, httpc, soft_purge, soft_purge, [httpc_manager]}, {load_module, http_transport, soft_purge, soft_purge, [http_transport]}, {load_module, httpc_cookie, soft_purge, soft_purge, [http_util]}, |