Project

General

Profile

Bug #2911

pathinfo not recognized if basedir is empty

Added by ef almost 2 years ago. Updated almost 2 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
ASK QUESTIONS IN Forums:

Description

The pathinfo logic in response.c fails if physical.basedir is empty (or "/").

The first loop path will evaluate the stat cache on an empty string, which is bound to fail.
Inserting

if (pathinfo == con->physical.path->ptr) continue; /* may happen in first pass if basedir is empty */

at the beginning of the loop solves the problem.
The block just above the loop does contain special handling (len>0) for an empty basedir, though.

#1

Updated by gstrauss almost 2 years ago

Are you looking at code in the latest version of lighttpd? What version are you looking at?

#2

Updated by ef almost 2 years ago

Are you looking at code in the latest version of lighttpd?

Yes.

What version are you looking at?

https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/master/entry/src/response.c#L177

#3

Updated by gstrauss almost 2 years ago

if (pathinfo == con->physical.path->ptr) continue;

Ah. I misread. I was looking for that line in the code and obviously did not see it.

I'll test out your provided patch.

BTW, for others reading this ticket, there are security implications to having the web server serving the root of the filesystem, and so doing so is generally inadvisable, with the possible of exception for properly configured and protected containers.

#4

Updated by gstrauss almost 2 years ago

  • Status changed from New to Patch Pending
  • Target version changed from 1.4.x to 1.4.51

I find it clearer to keep the initial condition check above the loop.

--- a/src/response.c
+++ b/src/response.c
@@ -171,7 +171,12 @@ static handler_t http_response_physical_path_check(server *srv, connection *con)
                        size_t len = buffer_string_length(con->physical.basedir);
                        if (len > 0 && '/' == con->physical.basedir->ptr[len-1]) --len;
                        pathinfo = con->physical.path->ptr + len;
-                       if ('/' != *pathinfo) pathinfo = NULL;
+                       if ('/' != *pathinfo) {
+                               pathinfo = NULL;
+                       }
+                       else if (pathinfo == con->physical.path->ptr) { /*(basedir is "/")*/
+                               pathinfo = strchr(pathinfo+1, '/');
+                       }
                }

                for (char *pprev = pathinfo; pathinfo; pprev = pathinfo, pathinfo = strchr(pathinfo+1, '/')) {
#5

Updated by gstrauss almost 2 years ago

  • Status changed from Patch Pending to Fixed
  • % Done changed from 0 to 100

Also available in: Atom