diff options
-rw-r--r-- | apps/s_server.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index ce7a1d64b6..97b65046bb 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -3045,6 +3045,12 @@ static int www_body(int s, int stype, unsigned char *context) if (e[0] == ' ') break; + if (e[0] == ':') { + /* Windows drive. We treat this the same way as ".." */ + dot = -1; + break; + } + switch (dot) { case 1: dot = (e[0] == '.') ? 2 : 0; @@ -3053,11 +3059,11 @@ static int www_body(int s, int stype, unsigned char *context) dot = (e[0] == '.') ? 3 : 0; break; case 3: - dot = (e[0] == '/') ? -1 : 0; + dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; break; } if (dot == 0) - dot = (e[0] == '/') ? 1 : 0; + dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; } dot = (dot == 3) || (dot == -1); /* filename contains ".." * component */ @@ -3071,11 +3077,11 @@ static int www_body(int s, int stype, unsigned char *context) if (dot) { BIO_puts(io, text); - BIO_printf(io, "'%s' contains '..' reference\r\n", p); + BIO_printf(io, "'%s' contains '..' or ':'\r\n", p); break; } - if (*p == '/') { + if (*p == '/' || *p == '\\') { BIO_puts(io, text); BIO_printf(io, "'%s' is an invalid path\r\n", p); break; |