~garritfra/taurus

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
1

[PATCH] Remove URL from 51 error to prevent path leaks

Details
Message ID
<20201110135350.53199-1-yerinalexey98fd@gmail.com>
DKIM signature
pass
Download raw message
Patch: +11 -13
Signed-off-by: Alexey Yerin <yerinalexey98fd@gmail.com>
---
 src/main.rs | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index f84ba0f..bd39db8 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -103,14 +103,14 @@ fn send_file(path: &str, response: &mut gemini::GeminiResonse) {
            println!("Error [{}]: {}", path, err);

            response.status = [b'5', b'1'];
            response.meta = format!("Resource not found: {}", path).into();
            response.meta = "Resource not found".into();
        }
    }
}

fn not_found(path: &str, response: &mut gemini::GeminiResonse) {
fn not_found(response: &mut gemini::GeminiResonse) {
    response.status = [b'5', b'1'];
    response.meta = format!("Resource not found: {}", path).into();
    response.meta = "Resource not found".into();
}

fn handle_client(mut stream: TlsStream<TcpStream>, static_root: &str) -> Result<(), String> {
@@ -134,20 +134,18 @@ fn handle_client(mut stream: TlsStream<TcpStream>, static_root: &str) -> Result<

    if file_path.has_root() {
        // File starts with `/` (*nix) or `\\` (Windows), decline it
        not_found(url_path, &mut response);
        not_found(&mut response);
    } else {
        let path = path::Path::new(".").join(file_path).as_path().to_owned();

        let actual_path = path::Path::new(&static_root)
            .join(&path)
        let path = path::Path::new(&static_root)
            .join(&file_path)
            .as_path()
            .to_owned();

        // Check if file/dir exists
        if actual_path.exists() {
        if path.exists() {
            // If it's a directory, try to find index.gmi
            if actual_path.is_dir() {
                let index_path = actual_path
            if path.is_dir() {
                let index_path = path
                    .join("index.gmi")
                    .to_str()
                    .ok_or("invalid Unicode".to_owned())?
@@ -156,12 +154,12 @@ fn handle_client(mut stream: TlsStream<TcpStream>, static_root: &str) -> Result<
                send_file(&index_path, &mut response);
            } else {
                send_file(
                    actual_path.to_str().ok_or("invalid Unicode".to_owned())?,
                    path.to_str().ok_or("invalid Unicode".to_owned())?,
                    &mut response,
                );
            }
        } else {
            not_found(url_path, &mut response);
            not_found(&mut response);
        }
    }

-- 
2.29.2
Details
Message ID
<CAD16O85a4Zs1pBkj9qaD38gAar45yk+b9DrGLY+CTjHL1WTfrg@mail.gmail.com>
In-Reply-To
<20201110135350.53199-1-yerinalexey98fd@gmail.com> (view parent)
DKIM signature
pass
Download raw message
Applied. Thanks!

>
> Signed-off-by: Alexey Yerin <yerinalexey98fd@gmail.com>
> ---
>  src/main.rs | 24 +++++++++++-------------
>  1 file changed, 11 insertions(+), 13 deletions(-)
>
> diff --git a/src/main.rs b/src/main.rs
> index f84ba0f..bd39db8 100644
> --- a/src/main.rs
> +++ b/src/main.rs
> @@ -103,14 +103,14 @@ fn send_file(path: &str, response: &mut gemini::GeminiResonse) {
>              println!("Error [{}]: {}", path, err);
>
>              response.status = [b'5', b'1'];
> -            response.meta = format!("Resource not found: {}", path).into();
> +            response.meta = "Resource not found".into();
>          }
>      }
>  }
>
> -fn not_found(path: &str, response: &mut gemini::GeminiResonse) {
> +fn not_found(response: &mut gemini::GeminiResonse) {
>      response.status = [b'5', b'1'];
> -    response.meta = format!("Resource not found: {}", path).into();
> +    response.meta = "Resource not found".into();
>  }
>
>  fn handle_client(mut stream: TlsStream<TcpStream>, static_root: &str) -> Result<(), String> {
> @@ -134,20 +134,18 @@ fn handle_client(mut stream: TlsStream<TcpStream>, static_root: &str) -> Result<
>
>      if file_path.has_root() {
>          // File starts with `/` (*nix) or `\\` (Windows), decline it
> -        not_found(url_path, &mut response);
> +        not_found(&mut response);
>      } else {
> -        let path = path::Path::new(".").join(file_path).as_path().to_owned();
> -
> -        let actual_path = path::Path::new(&static_root)
> -            .join(&path)
> +        let path = path::Path::new(&static_root)
> +            .join(&file_path)
>              .as_path()
>              .to_owned();
>
>          // Check if file/dir exists
> -        if actual_path.exists() {
> +        if path.exists() {
>              // If it's a directory, try to find index.gmi
> -            if actual_path.is_dir() {
> -                let index_path = actual_path
> +            if path.is_dir() {
> +                let index_path = path
>                      .join("index.gmi")
>                      .to_str()
>                      .ok_or("invalid Unicode".to_owned())?
> @@ -156,12 +154,12 @@ fn handle_client(mut stream: TlsStream<TcpStream>, static_root: &str) -> Result<
>                  send_file(&index_path, &mut response);
>              } else {
>                  send_file(
> -                    actual_path.to_str().ok_or("invalid Unicode".to_owned())?,
> +                    path.to_str().ok_or("invalid Unicode".to_owned())?,
>                      &mut response,
>                  );
>              }
>          } else {
> -            not_found(url_path, &mut response);
> +            not_found(&mut response);
>          }
>      }
>
> --
> 2.29.2
Reply to thread Export thread (mbox)