ref: e2a8d3493ab0fdc345b6513a53f30f2b4f36ed97
parent: a27afe904d4b65520cdc5f2a13c69894a9bb02c1
author: glenda <glenda@9front.local>
date: Sun Nov 21 18:42:13 EST 2021
/rc/bin/rc-httpd/{rc-httpd, handlers/error}: do some minimal sanitization on $SERVER_NAME before handing it off to select-handler. this prevents malformed Host: headers from retrieving arbitrary files from the file system. (thanks, Lightning)
--- a/rc/bin/rc-httpd/handlers/error
+++ b/rc/bin/rc-httpd/handlers/error
@@ -19,6 +19,11 @@
'
}
+fn 400{+ do_error '400 Bad Request' \
+ 'The request was invalid.'
+}
+
fn 401{do_error '401 Unauthorized' \
'The requested path '^$"location^' requires authorization.'
--- a/rc/bin/rc-httpd/rc-httpd
+++ b/rc/bin/rc-httpd/rc-httpd
@@ -85,6 +85,11 @@
SERVER_PORT=$SERVER_NAME(2)
SERVER_NAME=$SERVER_NAME(1)
}
+switch($SERVER_NAME){+ case */* ..
+ error 400
+ exit
+}
if(~ $REQUEST_METHOD (PUT POST)){if(! ~ $"CONTENT_LENGTH '')
trim_input | exec $rc_httpd_dir/select-handler