[src/trunk]: src/libexec/httpd Fix handling path with multiple slashes at the...

[shm <shm%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/2e5b18290391
branches:  trunk
changeset: 339356:2e5b18290391
user:      shm <shm%NetBSD.org@localhost>
date:      Thu Jul 16 12:19:23 2015 +0000

description:
Fix handling path with multiple slashes at the beginning
Fix redirections escaping for user support

OK mrg@

diffstat:

 libexec/httpd/bozohttpd.c        |  12 ++++++++++--
 libexec/httpd/tilde-luzah-bozo.c |  19 ++++++++++++++-----
 2 files changed, 24 insertions(+), 7 deletions(-)

diffs (84 lines):

diff -r ca03ab14a62c -r 2e5b18290391 libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Thu Jul 16 08:42:53 2015 +0000
+++ b/libexec/httpd/bozohttpd.c Thu Jul 16 12:19:23 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.c,v 1.65 2015/07/09 12:32:16 shm Exp $       */
+/*     $NetBSD: bozohttpd.c,v 1.66 2015/07/16 12:19:23 shm Exp $       */
 
 /*     $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $      */
 
@@ -895,8 +895,12 @@
                case ';':
                case '=':
                case '%':
+               case '\n':
+               case '\r':
+               case ' ':
+               case '"':
                encode_it:
-                       snprintf(d, 4, "%%%2X", *s++);
+                       snprintf(d, 4, "%%%02X", *s++);
                        d += 3;
                        len += 3;
                        break;
@@ -1332,6 +1336,10 @@
                goto bad_done;
        }
 
+       /* omit additional slashes at the beginning */
+       while (file[1] == '/')
+               file++;
+
        switch(check_bzredirect(request)) {
        case -1:
                goto bad_done;
diff -r ca03ab14a62c -r 2e5b18290391 libexec/httpd/tilde-luzah-bozo.c
--- a/libexec/httpd/tilde-luzah-bozo.c  Thu Jul 16 08:42:53 2015 +0000
+++ b/libexec/httpd/tilde-luzah-bozo.c  Thu Jul 16 12:19:23 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: tilde-luzah-bozo.c,v 1.10 2014/01/02 08:21:38 mrg Exp $        */
+/*     $NetBSD: tilde-luzah-bozo.c,v 1.11 2015/07/16 12:19:23 shm Exp $        */
 
 /*     $eterna: tilde-luzah-bozo.c,v 1.16 2011/11/18 09:21:15 mrg Exp $        */
 
@@ -36,6 +36,7 @@
 
 #include <sys/param.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <pwd.h>
 #include <stdlib.h>
@@ -58,20 +59,28 @@
 bozo_user_transform(bozo_httpreq_t *request, int *isindex)
 {
        bozohttpd_t *httpd = request->hr_httpd;
-       char    c, *s, *file = NULL;
+       char    c, *s, *file = NULL, *user;
        struct  passwd *pw;
 
        *isindex = 0;
 
-       if ((s = strchr(request->hr_file + 2, '/')) != NULL) {
+       /* find username */
+       user = strchr(request->hr_file + 2, '~');
+
+       /* this shouldn't happen, but "better paranoid than sorry" */
+       assert(user != NULL);
+       
+       user++;
+
+       if ((s = strchr(user, '/')) != NULL) {
                *s++ = '\0';
                c = s[strlen(s)-1];
                *isindex = (c == '/' || c == '\0');
        }
 
        debug((httpd, DEBUG_OBESE, "looking for user %s",
-               request->hr_file + 2));
-       pw = getpwnam(request->hr_file + 2);
+               user));
+       pw = getpwnam(user);
        /* fix this up immediately */
        if (s)
                s[-1] = '/';