mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-08-06 09:50:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add check to ServeRedirect to ensure valid location

Browse source
This commit is contained in:
Paul Kulchenko 2021-08-16 16:40:40 -07:00
parent 275be556cd
commit b7a40bd737
1 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
tool/net/redbean.c
View file

@ -3061,25 +3061,28 @@ static int LuaServeIndex(lua_State *L) {
static int LuaServeRedirect(lua_State *L) { static int LuaServeRedirect(lua_State *L) {
size_t loclen; size_t loclen;
const char *location; const char *location, *eval;
int code; int code;
OnlyCallDuringRequest("ServeRedirect"); OnlyCallDuringRequest("ServeRedirect");
code = luaL_checkinteger(L, 1); code = luaL_checkinteger(L, 1);
if (!(300 <= code && code <= 399)) { if (!(300 <= code && code <= 399)) {
luaL_argerror(L, 1, "bad status code for redirect"); luaL_argerror(L, 1, "bad status code");
unreachable; unreachable;
} }
location = luaL_checklstring(L, 2, &loclen); location = luaL_checklstring(L, 2, &loclen);
if (msg.version < 10) { if (msg.version < 10) {
(void)ServeError(505, "HTTP Version Not Supported"); (void)ServeError(505, "HTTP Version Not Supported");
lua_pushboolean(L, false); lua_pushboolean(L, false);
} else { } else {
if (!(eval = EncodeHttpHeaderValue(location, loclen, 0))) {
luaL_argerror(L, 2, "invalid location");
unreachable;
}
LOGF("REDIRECT %d to %s", code, location); LOGF("REDIRECT %d to %s", code, location);
luaheaderp = AppendHeader( luaheaderp = AppendHeader(
SetStatus(code, GetHttpReason(code)), "Location", SetStatus(code, GetHttpReason(code)), "Location", eval);
FreeLater(EncodeHttpHeaderValue(location, loclen, 0))); free(eval);
lua_pushboolean(L, true); lua_pushboolean(L, true);
} }
return 1; return 1;