Project

General

Profile

Bug #2911

pathinfo not recognized if basedir is empty

Added by ef about 1 month ago. Updated about 1 month ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
core
Target version:
Start date:
2018-10-04
Due date:
% Done:

100%

Estimated time:
Missing in 1.5.x:

Description

The pathinfo logic in response.c fails if physical.basedir is empty (or "/").

The first loop path will evaluate the stat cache on an empty string, which is bound to fail.
Inserting

if (pathinfo == con->physical.path->ptr) continue; /* may happen in first pass if basedir is empty */

at the beginning of the loop solves the problem.
The block just above the loop does contain special handling (len>0) for an empty basedir, though.

Associated revisions

Revision 7af5ba92 (diff)
Added by gstrauss about 1 month ago

[core] PATH_INFO calculation when basedir is "/" (fixes #2911)

PATH_INFO calculation when basedir is "/" or empty

x-ref:
"pathinfo not recognized if basedir is empty"
https://redmine.lighttpd.net/issues/2911

History

#1

Updated by gstrauss about 1 month ago

Are you looking at code in the latest version of lighttpd? What version are you looking at?

#2

Updated by ef about 1 month ago

Are you looking at code in the latest version of lighttpd?

Yes.

What version are you looking at?

https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/master/entry/src/response.c#L177

#3

Updated by gstrauss about 1 month ago

if (pathinfo == con->physical.path->ptr) continue;

Ah. I misread. I was looking for that line in the code and obviously did not see it.

I'll test out your provided patch.

BTW, for others reading this ticket, there are security implications to having the web server serving the root of the filesystem, and so doing so is generally inadvisable, with the possible of exception for properly configured and protected containers.

#4

Updated by gstrauss about 1 month ago

  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.51

I find it clearer to keep the initial condition check above the loop.

--- a/src/response.c
+++ b/src/response.c
@@ -171,7 +171,12 @@ static handler_t http_response_physical_path_check(server *srv, connection *con)
                        size_t len = buffer_string_length(con->physical.basedir);
                        if (len > 0 && '/' == con->physical.basedir->ptr[len-1]) --len;
                        pathinfo = con->physical.path->ptr + len;
-                       if ('/' != *pathinfo) pathinfo = NULL;
+                       if ('/' != *pathinfo) {
+                               pathinfo = NULL;
+                       }
+                       else if (pathinfo == con->physical.path->ptr) { /*(basedir is "/")*/
+                               pathinfo = strchr(pathinfo+1, '/');
+                       }
                }

                for (char *pprev = pathinfo; pathinfo; pprev = pathinfo, pathinfo = strchr(pathinfo+1, '/')) {
#5

Updated by gstrauss about 1 month ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom