From a93679550d8caac290ab4fe355c77ca7ed3ae18d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A1s=20Veres-Szentkir=C3=A1lyi?= <vsza@vsza.hu>
Date: Fri, 26 Aug 2011 02:52:19 +0200
Subject: Fix httpd directory traversal on Windows

Although the validation in httpd_request works well on platforms using
forward slash as directory separator, on Windows systems, this
protection can be circumvented using URLs containing backslashes.

This way, any file accessible to the user running the server (even
those outside the document root) can be read through HTTP. This commit
solves the problem by expanding the list of path separators to '/\\'.
---
 lib/inets/src/http_server/httpd_request.erl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/inets')

diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index 7084d9824a..d2d354d17d 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -313,7 +313,7 @@ validate_uri(RequestURI) ->
 	    {error, {bad_request, {malformed_syntax, RequestURI}}};
 	_ ->
 	    Path = format_request_uri(UriNoQueryNoHex),
-	    Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938
+	    Path2=[X||X<-string:tokens(Path, "/\\"),X=/="."], %% OTP-5938
 	    validate_path( Path2,0, RequestURI)
     end.
 
-- 
cgit v1.2.3


From 1fd7edb98877afdf8e044ee8f4f3c1f9fca371ce Mon Sep 17 00:00:00 2001
From: Micael Karlberg <bmk@erlang.org>
Date: Mon, 19 Sep 2011 19:16:30 +0200
Subject: Fixed release notes, version and cosmetics in source.

---
 lib/inets/doc/src/notes.xml                 | 37 +++++++++++++++++++++++++++++
 lib/inets/src/http_server/httpd_request.erl |  4 ++--
 lib/inets/vsn.mk                            |  2 +-
 3 files changed, 40 insertions(+), 3 deletions(-)

(limited to 'lib/inets')

diff --git a/lib/inets/doc/src/notes.xml b/lib/inets/doc/src/notes.xml
index 34f26bf45b..b093cafbdc 100644
--- a/lib/inets/doc/src/notes.xml
+++ b/lib/inets/doc/src/notes.xml
@@ -32,6 +32,43 @@
     <file>notes.xml</file>
   </header>
   
+  <section><title>Inets 5.7.1</title>
+
+    <section><title>Improvements and New Features</title>
+    <p>-</p>
+
+<!--
+      <list>
+        <item>
+          <p>[httpc|httpd] Added support for IPv6 with ssl. </p>
+	  <p>Own Id: OTP-5566</p>
+        </item>
+
+      </list>
+-->
+
+    </section>
+
+    <section><title>Fixed Bugs and Malfunctions</title>
+<!--
+    <p>-</p>
+-->
+
+      <list>
+        <item>
+          <p>[httpd] Fix httpd directory traversal on Windows. 
+	  Directory traversal was possible on Windows where
+	  backward slash is used as directory separator. </p>
+	  <p>András Veres-Szentkirályi.</p>
+	  <p>Own Id: OTP-9561</p>
+        </item>
+
+      </list>
+    </section>
+
+  </section> <!-- 5.7.1 -->
+
+
   <section><title>Inets 5.7</title>
 
     <section><title>Improvements and New Features</title>
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index d2d354d17d..90f8bdd912 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -312,8 +312,8 @@ validate_uri(RequestURI) ->
 	{'EXIT',_Reason} ->
 	    {error, {bad_request, {malformed_syntax, RequestURI}}};
 	_ ->
-	    Path = format_request_uri(UriNoQueryNoHex),
-	    Path2=[X||X<-string:tokens(Path, "/\\"),X=/="."], %% OTP-5938
+	    Path  = format_request_uri(UriNoQueryNoHex),
+	    Path2 = [X||X<-string:tokens(Path, "/\\"),X=/="."], 
 	    validate_path( Path2,0, RequestURI)
     end.
 
diff --git a/lib/inets/vsn.mk b/lib/inets/vsn.mk
index 4abc1733d3..0e77bf913d 100644
--- a/lib/inets/vsn.mk
+++ b/lib/inets/vsn.mk
@@ -18,7 +18,7 @@
 # %CopyrightEnd%
 
 APPLICATION = inets
-INETS_VSN   = 5.7
+INETS_VSN   = 5.7.1
 PRE_VSN     =
 APP_VSN     = "$(APPLICATION)-$(INETS_VSN)$(PRE_VSN)"
 
-- 
cgit v1.2.3