From a93679550d8caac290ab4fe355c77ca7ed3ae18d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A1s=20Veres-Szentkir=C3=A1lyi?= Date: Fri, 26 Aug 2011 02:52:19 +0200 Subject: Fix httpd directory traversal on Windows Although the validation in httpd_request works well on platforms using forward slash as directory separator, on Windows systems, this protection can be circumvented using URLs containing backslashes. This way, any file accessible to the user running the server (even those outside the document root) can be read through HTTP. This commit solves the problem by expanding the list of path separators to '/\\'. --- lib/inets/src/http_server/httpd_request.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl index 7084d9824a..d2d354d17d 100644 --- a/lib/inets/src/http_server/httpd_request.erl +++ b/lib/inets/src/http_server/httpd_request.erl @@ -313,7 +313,7 @@ validate_uri(RequestURI) -> {error, {bad_request, {malformed_syntax, RequestURI}}}; _ -> Path = format_request_uri(UriNoQueryNoHex), - Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938 + Path2=[X||X<-string:tokens(Path, "/\\"),X=/="."], %% OTP-5938 validate_path( Path2,0, RequestURI) end. -- cgit v1.2.3