From eb41be3884ea25aad05c99da562e014dbff0e1e3 Mon Sep 17 00:00:00 2001 From: hhm Date: Sun, 14 Sep 2014 06:28:03 -0400 Subject: [PATCH] B"H net_io: http: check if file can be sent --- net_io.c | 22 +++++++++++++++++----- winstubs.h | 1 + 2 files changed, 18 insertions(+), 5 deletions(-) diff --git a/net_io.c b/net_io.c index 25abb88..67dfa2c 100644 --- a/net_io.c +++ b/net_io.c @@ -741,14 +741,26 @@ int handleHTTPRequest(struct client *c, char *p) { } else { struct stat sbuf; int fd = -1; + char *rp, *hrp; - if (stat(getFile, &sbuf) != -1 && (fd = open(getFile, O_RDONLY)) != -1) { - content = (char *) malloc(sbuf.st_size); - if (read(fd, content, sbuf.st_size) == -1) { - snprintf(content, sbuf.st_size, "Error reading from file: %s", strerror(errno)); + rp = realpath(getFile, NULL); + hrp = realpath(HTMLPATH, NULL); + hrp = (hrp ? hrp : HTMLPATH); + clen = -1; + content = "Server error"; + if (rp && (!strncmp(hrp, rp, strlen(hrp)))) { + if (stat(getFile, &sbuf) != -1 && (fd = open(getFile, O_RDONLY)) != -1) { + content = (char *) malloc(sbuf.st_size); + if (read(fd, content, sbuf.st_size) != -1) { + clen = sbuf.st_size; + free(content); + } } - clen = sbuf.st_size; } else { + errno = ENOENT; + } + + if (clen < 0) { char buf[128]; clen = snprintf(buf,sizeof(buf),"Error opening HTML file: %s", strerror(errno)); content = strdup(buf); diff --git a/winstubs.h b/winstubs.h index f416668..051e2f0 100644 --- a/winstubs.h +++ b/winstubs.h @@ -75,6 +75,7 @@ _inline uint64_t strtoll(const char *p, void *e, UINT32 base) {return _atoi64(p) _inline int inet_aton(const char * cp, DWORD * ulAddr) { *ulAddr = inet_addr(cp); return 0;} #define snprintf _snprintf #define vsnprintf _vsnprintf +#define realpath(A, B) _fullpath(B, A, _MAX_PATH) _inline void cls() { HANDLE hStdOut = GetStdHandle(STD_OUTPUT_HANDLE);