version 1.79, 2014/07/21 22:33:01 |
version 1.80, 2014/07/22 18:14:13 |
Line 467 resp_searchform(const struct req *req) |
|
Line 467 resp_searchform(const struct req *req) |
|
} |
} |
|
|
static int |
static int |
|
validate_urifrag(const char *frag) |
|
{ |
|
|
|
while ('\0' != *frag) { |
|
if ( ! (isalnum((unsigned char)*frag) || |
|
'-' == *frag || '.' == *frag || |
|
'/' == *frag || '_' == *frag)) |
|
return(0); |
|
frag++; |
|
} |
|
return(1); |
|
} |
|
|
|
static int |
validate_manpath(const struct req *req, const char* manpath) |
validate_manpath(const struct req *req, const char* manpath) |
{ |
{ |
size_t i; |
size_t i; |
|
|
if (NULL == (scriptname = getenv("SCRIPT_NAME"))) |
if (NULL == (scriptname = getenv("SCRIPT_NAME"))) |
scriptname = ""; |
scriptname = ""; |
|
|
|
if ( ! validate_urifrag(scriptname)) { |
|
fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n", |
|
scriptname); |
|
pg_error_internal(); |
|
return(EXIT_FAILURE); |
|
} |
|
|
/* |
/* |
* First we change directory into the MAN_DIR so that |
* First we change directory into the MAN_DIR so that |
* subsequent scanning for manpath directories is rooted |
* subsequent scanning for manpath directories is rooted |
|
|
return(EXIT_FAILURE); |
return(EXIT_FAILURE); |
} |
} |
|
|
|
if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) { |
|
pg_error_badrequest( |
|
"You specified an invalid architecture."); |
|
return(EXIT_FAILURE); |
|
} |
|
|
/* Dispatch to the three different pages. */ |
/* Dispatch to the three different pages. */ |
|
|
path = getenv("PATH_INFO"); |
path = getenv("PATH_INFO"); |
Line 1038 pathgen(struct req *req) |
|
Line 1065 pathgen(struct req *req) |
|
dpsz--; |
dpsz--; |
req->p = mandoc_realloc(req->p, |
req->p = mandoc_realloc(req->p, |
(req->psz + 1) * sizeof(char *)); |
(req->psz + 1) * sizeof(char *)); |
req->p[req->psz++] = mandoc_strndup(dp, dpsz); |
dp = mandoc_strndup(dp, dpsz); |
|
if ( ! validate_urifrag(dp)) { |
|
fprintf(stderr, "%s/manpath.conf contains " |
|
"unsafe path \"%s\"\n", MAN_DIR, dp); |
|
pg_error_internal(); |
|
exit(EXIT_FAILURE); |
|
} |
|
if (NULL != strchr(dp, '/')) { |
|
fprintf(stderr, "%s/manpath.conf contains " |
|
"path with slash \"%s\"\n", MAN_DIR, dp); |
|
pg_error_internal(); |
|
exit(EXIT_FAILURE); |
|
} |
|
req->p[req->psz++] = dp; |
} |
} |
|
|
if ( req->p == NULL ) { |
if ( req->p == NULL ) { |