ref: 3a90e2da7856e6ce3b4b4bc0bcacfaaaa66b6753
parent: 4e454ff73b93ca50fcc0905e6a73213587e54fa3
author: Stanley Lieber <sl@stanleylieber.com>
date: Sun Nov 21 13:49:58 EST 2021
bin/contrib/rc-httpd{rc-httpd, handlers/error}: do some minimal sanitization on $SERVER_NAME before handing it off to select-handler. this prevents malformed Host: headers from retrieving arbitrary files from the file system. (thanks, Lightning)
--- a/bin/contrib/rc-httpd/rc-httpd
+++ b/bin/contrib/rc-httpd/rc-httpd
@@ -86,6 +86,11 @@
SERVER_PORT=$SERVER_NAME(2)
SERVER_NAME=$SERVER_NAME(1)
}
+switch($SERVER_NAME){+ case */* ..
+ error 400
+ exit
+}
if(~ $REQUEST_METHOD (PUT POST)){if(! ~ $"CONTENT_LENGTH '')
trim_input | exec $rc_httpd_dir/select-handler
--
⑨