Code Review / vpp.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a93c85a) | patch
http_static: sanitize path before file read 76/40976/2
authorMatus Fabian <[email protected]>
Tue, 28 May 2024 11:39:13 +0000 (13:39 +0200)
committerFlorin Coras <[email protected]>
Tue, 28 May 2024 20:42:30 +0000 (20:42 +0000)
commit5409d330020b19ab909838e734e29ab71c36a14f
treed290fd755a494827be0bc3f31cbdb3887939cb0etree | snapshot
parenta93c85a5793852b6edda20bc1100fa9fabd0eb29commit | diff
http_static: sanitize path before file read

Romove dot segments from requested target path before start reading
file in file handler to prevent path traversal.

Type: fix

Change-Id: I3bdd3e9d7fffd33c9c8c608169c1dc73423b7078
Signed-off-by: Matus Fabian <[email protected]>
extras/hs-test/http_test.go diff | blob | history
extras/hs-test/utils.go diff | blob | history
src/plugins/http/http.h diff | blob | history
src/plugins/http_static/static_server.c diff | blob | history
Vector Packet Processing