uri processing reject paths not starting with slash

https://github.com/warmcat/libwebsockets/issues/481 Return 403 Forbidden if we don't end up with a uri path starting with / Test server already did this, but this makes it built into the library. Signed-off-by: Andy Green <andy@warmcat.com>
author: Andy Green <andy@warmcat.com> 2016-04-02 08:03:48 +0800
committer: Andy Green <andy@warmcat.com> 2016-04-02 08:03:48 +0800
commit: 8b832663011c4ff7b853b218361855efd18d8510 (patch)
tree: e16110595921f2594f52987c387a1fa556ffa925
parent: e3e89a7241230df6d4948281f0307d9df421fe26 (diff)
download: libwebsockets-8b832663011c4ff7b853b218361855efd18d8510.tar.gz
libwebsockets-8b832663011c4ff7b853b218361855efd18d8510.tar.bz2
libwebsockets-8b832663011c4ff7b853b218361855efd18d8510.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/lib/server.c b/lib/server.c
index 0b6e4c1f..59e664f9 100644
--- a/lib/server.c
+++ b/lib/server.c
@@ -243,6 +243,14 @@ lws_http_action(struct lws *wsi)
 			break;
 		}
 
+	/* we insist on absolute paths */
+
+	if (uri_ptr[0] != '/') {
+		lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL);
+
+		goto bail_nuke_ah;
+	}
+
 	/* HTTP header had a content length? */
 
 	wsi->u.http.content_length = 0;
author	Andy Green <andy@warmcat.com>	2016-04-02 08:03:48 +0800
committer	Andy Green <andy@warmcat.com>	2016-04-02 08:03:48 +0800
commit	8b832663011c4ff7b853b218361855efd18d8510 (patch)
tree	e16110595921f2594f52987c387a1fa556ffa925
parent	e3e89a7241230df6d4948281f0307d9df421fe26 (diff)
download	libwebsockets-8b832663011c4ff7b853b218361855efd18d8510.tar.gz libwebsockets-8b832663011c4ff7b853b218361855efd18d8510.tar.bz2 libwebsockets-8b832663011c4ff7b853b218361855efd18d8510.zip