shithub: werc

Download patch

ref: b7b3c7b1d4ea36ec141886409fca4e3ef33b8c92
parent: f9c9fc1d164fbd9796a55a31d2793ef472d3e224
author: <[email protected]>
date: Sun Nov 21 13:49:58 EST 2021

bin/contrib/rc-httpd{rc-httpd, handlers/error}: do some minimal sanitization on $SERVER_NAME before handing it off to select-handler. this prevents malformed Host: headers from retrieving arbitrary files from the file system. (thanks, Lightning)

--- a/bin/contrib/rc-httpd/rc-httpd
+++ b/bin/contrib/rc-httpd/rc-httpd
@@ -86,6 +86,11 @@
 	SERVER_PORT=$SERVER_NAME(2)
 	SERVER_NAME=$SERVER_NAME(1)
 }
+switch($SERVER_NAME){
+	case */* ..
+		error 400
+		exit
+}
 if(~ $REQUEST_METHOD (PUT POST)){
 	if(! ~ $"CONTENT_LENGTH '')
 		trim_input | exec $rc_httpd_dir/select-handler