[PATCH taurus] Fix arbitrary read from file system
Export this patch
If you pass path like `example.com//etc/passwd`, server will respond
with contents of `/etc/passwd` file
Signed-off-by: Alexey Yerin <yerinalexey98fd@gmail.com>
---
src/gemini.rs | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/gemini.rs b/src/gemini.rs
index 1dd3c85..5f9cb3b 100644
--- a/src/gemini.rs
+++ b/src/gemini.rs
@@ -14,13 +14,21 @@ impl GeminiRequest {
Ok(gemini_request)
}
- pub fn file_path(&self) -> Option<&str> {
+ fn unsafe_file_path(&self) -> Option<&str> {
self.path
.path()
.chars()
.next()
.map(|c| &self.path.path()[c.len_utf8()..])
}
+
+ pub fn file_path(&self) -> Option<&str> {
+ match self.unsafe_file_path() {
+ Some(path) if path.contains("..") || path.starts_with("/") => None,
+ Some(path) => Some(path),
+ None => None,
+ }
+ }
}
fn parse_path(req: &str) -> Option<&str> {
--
2.29.2