mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-01-31 03:27:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow .well-known/ hidden paths (#499)

Browse source
This commit is contained in:
Paul Kulchenko 2022-07-20 23:26:49 -07:00 committed by GitHub
parent 7e2eae5c15
commit 439ad21b12
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
net/http/isacceptablepath.c
View file

@ -26,6 +26,7 @@
*
* 1. The substring "//" is disallowed.
* 2. We won't serve hidden files (segment starts with '.').
* The only exception is `/.well-known/`.
* 3. We won't serve paths with segments equal to "." or "..".
*
* It is assumed that the URI parser already took care of percent
@ -66,7 +67,10 @@ bool IsAcceptablePath(const char *data, size_t size) {
x = '/';
}
if (y == '/') {
if (x == '.') return false;
if (x == '.' && // allow /.well-known/ in the first position
(p - data > 2 ||
size < 13 ||
memcmp(data, "/.well-known/", 13) != 0)) return false;
if (x == '/' && t) return false;
}
y = x;