aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMicael Karlberg <[email protected]>2011-09-19 19:31:42 +0200
committerMicael Karlberg <[email protected]>2011-09-19 19:31:42 +0200
commit368449d2316b0f0f7c0dce55a9dd47c3acadb76d (patch)
tree5b38a054ca7918f486992aef39ecf11305f021e2
parent7c730a573a7e239f41bc619b024a675667767428 (diff)
parent1fd7edb98877afdf8e044ee8f4f3c1f9fca371ce (diff)
downloadotp-368449d2316b0f0f7c0dce55a9dd47c3acadb76d.tar.gz
otp-368449d2316b0f0f7c0dce55a9dd47c3acadb76d.tar.bz2
otp-368449d2316b0f0f7c0dce55a9dd47c3acadb76d.zip
Merge branch 'bmk/inets/httpd/windows_dir_traversal/OTP-OTP-9561' into bmk/inets/inets571_integration
Conflicts: lib/inets/doc/src/notes.xml
-rw-r--r--lib/inets/doc/src/notes.xml8
-rw-r--r--lib/inets/src/http_server/httpd_request.erl4
-rw-r--r--lib/inets/src/inets_app/inets.appup.src4
3 files changed, 14 insertions, 2 deletions
diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml
index 60559afc2e..5b5dfdde21 100644
--- a/lib/inets/doc/src/notes.xml
+++ b/lib/inets/doc/src/notes.xml
@@ -69,6 +69,14 @@
<p>Own Id: OTP-9434</p>
</item>
+ <item>
+ <p>[httpd] Fix httpd directory traversal on Windows.
+ Directory traversal was possible on Windows where
+ backward slash is used as directory separator. </p>
+ <p>Andr�s Veres-Szentkir�lyi.</p>
+ <p>Own Id: OTP-9561</p>
+ </item>
+
</list>
</section>
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index 7084d9824a..90f8bdd912 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -312,8 +312,8 @@ validate_uri(RequestURI) ->
{'EXIT',_Reason} ->
{error, {bad_request, {malformed_syntax, RequestURI}}};
_ ->
- Path = format_request_uri(UriNoQueryNoHex),
- Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938
+ Path = format_request_uri(UriNoQueryNoHex),
+ Path2 = [X||X<-string:tokens(Path, "/\\"),X=/="."],
validate_path( Path2,0, RequestURI)
end.
diff --git a/lib/inets/src/inets_app/inets.appup.src b/lib/inets/src/inets_app/inets.appup.src
index 301bc2d58a..d5fdf86a60 100644
--- a/lib/inets/src/inets_app/inets.appup.src
+++ b/lib/inets/src/inets_app/inets.appup.src
@@ -20,12 +20,14 @@
[
{"5.7",
[
+ {load_module, httpd_request, soft_purge, soft_purge, []},
{load_module, httpc_cookie, soft_purge, soft_purge, [http_util]},
{load_module, http_util, soft_purge, soft_purge, []}
]
},
{"5.6",
[
+ {load_module, httpd_request, soft_purge, soft_purge, []},
{load_module, httpc, soft_purge, soft_purge, [httpc_manager]},
{load_module, http_transport, soft_purge, soft_purge, [http_transport]},
{load_module, httpc_cookie, soft_purge, soft_purge, [http_util]},
@@ -59,12 +61,14 @@
[
{"5.7",
[
+ {load_module, httpd_request, soft_purge, soft_purge, []},
{load_module, httpc_cookie, soft_purge, soft_purge, [http_util]},
{load_module, http_util, soft_purge, soft_purge, []}
]
},
{"5.6",
[
+ {load_module, httpd_request, soft_purge, soft_purge, []},
{load_module, httpc, soft_purge, soft_purge, [httpc_manager]},
{load_module, http_transport, soft_purge, soft_purge, [http_transport]},
{load_module, httpc_cookie, soft_purge, soft_purge, [http_util]},