Project

General

Profile

Actions
Copy link

Bug #2911

closed

pathinfo not recognized if basedir is empty

Added by ef about 6 years ago. Updated about 6 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
1.4.51
ASK QUESTIONS IN Forums:

Description

The pathinfo logic in response.c fails if physical.basedir is empty (or "/").

The first loop path will evaluate the stat cache on an empty string, which is bound to fail.
Inserting

if (pathinfo == con->physical.path->ptr) continue; /* may happen in first pass if basedir is empty */

at the beginning of the loop solves the problem.
The block just above the loop does contain special handling (len>0) for an empty basedir, though.

Actions
Copy link
 #1

Updated by gstrauss about 6 years ago

Are you looking at code in the latest version of lighttpd? What version are you looking at?

Actions
Copy link
 #2

Updated by ef about 6 years ago

Are you looking at code in the latest version of lighttpd?

Yes.

What version are you looking at?

https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/master/entry/src/response.c#L177

Actions
Copy link
 #3

Updated by gstrauss about 6 years ago

if (pathinfo == con->physical.path->ptr) continue;

Ah. I misread. I was looking for that line in the code and obviously did not see it.

I'll test out your provided patch.

BTW, for others reading this ticket, there are security implications to having the web server serving the root of the filesystem, and so doing so is generally inadvisable, with the possible of exception for properly configured and protected containers.

Actions
Copy link
 #4

Updated by gstrauss about 6 years ago

  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.51

I find it clearer to keep the initial condition check above the loop.

--- a/src/response.c
+++ b/src/response.c
@@ -171,7 +171,12 @@ static handler_t http_response_physical_path_check(server *srv, connection *con)
                        size_t len = buffer_string_length(con->physical.basedir);
                        if (len > 0 && '/' == con->physical.basedir->ptr[len-1]) --len;
                        pathinfo = con->physical.path->ptr + len;
-                       if ('/' != *pathinfo) pathinfo = NULL;
+                       if ('/' != *pathinfo) {
+                               pathinfo = NULL;
+                       }
+                       else if (pathinfo == con->physical.path->ptr) { /*(basedir is "/")*/
+                               pathinfo = strchr(pathinfo+1, '/');
+                       }
                }

                for (char *pprev = pathinfo; pathinfo; pprev = pathinfo, pathinfo = strchr(pathinfo+1, '/')) {
Actions
Copy link
 #5

Updated by gstrauss about 6 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100
Actions
Copy link

Also available in: Atom