httpd: disallow directory traversal

Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
pull/1/head
Floris Bos 9 years ago
parent 6836ccb208
commit f5ae94639b

@ -423,6 +423,14 @@ httpProcessInput(rfbScreenInfoPtr rfbScreen)
}
}
/* Basic protection against directory traversal outside webroot */
if (strstr(fname, "..")) {
rfbErr("httpd: URL should not contain '..'\n");
rfbWriteExact(&cl, NOT_FOUND_STR, strlen(NOT_FOUND_STR));
httpCloseSock(rfbScreen);
return;
}
/* If we were asked for '/', actually read the file index.vnc */

Loading…
Cancel
Save