"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "apps/s_server.c" between
openssl-1.0.2t.tar.gz and openssl-1.0.2u.tar.gz

About: OpenSSL is a toolkit implementing the Transport Layer Security (TLS) and Secure Sockets Layer (SSL v2/v3) protocols as well as a full-strength general purpose cryptography library. Long Term Support (LTS) version (support will be provided until end of 2019).

s_server.c  (openssl-1.0.2t):s_server.c  (openssl-1.0.2u)
skipping to change at line 59 skipping to change at line 59
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. * SUCH DAMAGE.
* *
* The licence and distribution terms for any publically available version or * The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be * derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence * copied and put under another distribution licence
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1998-2018 The OpenSSL Project. All rights reserved. * Copyright (c) 1998-2019 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
* are met: * are met:
* *
* 1. Redistributions of source code must retain the above copyright * 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer. * notice, this list of conditions and the following disclaimer.
* *
* 2. Redistributions in binary form must reproduce the above copyright * 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in * notice, this list of conditions and the following disclaimer in
skipping to change at line 3048 skipping to change at line 3048
"HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
/* skip the '/' */ /* skip the '/' */
p = &(buf[5]); p = &(buf[5]);
dot = 1; dot = 1;
for (e = p; *e != '\0'; e++) { for (e = p; *e != '\0'; e++) {
if (e[0] == ' ') if (e[0] == ' ')
break; break;
if (e[0] == ':') {
/* Windows drive. We treat this the same way as ".." */
dot = -1;
break;
}
switch (dot) { switch (dot) {
case 1: case 1:
dot = (e[0] == '.') ? 2 : 0; dot = (e[0] == '.') ? 2 : 0;
break; break;
case 2: case 2:
dot = (e[0] == '.') ? 3 : 0; dot = (e[0] == '.') ? 3 : 0;
break; break;
case 3: case 3:
dot = (e[0] == '/') ? -1 : 0; dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0;
break; break;
} }
if (dot == 0) if (dot == 0)
dot = (e[0] == '/') ? 1 : 0; dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0;
} }
dot = (dot == 3) || (dot == -1); /* filename contains ".." dot = (dot == 3) || (dot == -1); /* filename contains ".."
* component */ * component */
if (*e == '\0') { if (*e == '\0') {
BIO_puts(io, text); BIO_puts(io, text);
BIO_printf(io, "'%s' is an invalid file name\r\n", p); BIO_printf(io, "'%s' is an invalid file name\r\n", p);
break; break;
} }
*e = '\0'; *e = '\0';
if (dot) { if (dot) {
BIO_puts(io, text); BIO_puts(io, text);
BIO_printf(io, "'%s' contains '..' reference\r\n", p); BIO_printf(io, "'%s' contains '..' or ':'\r\n", p);
break; break;
} }
if (*p == '/') { if (*p == '/' || *p == '\\') {
BIO_puts(io, text); BIO_puts(io, text);
BIO_printf(io, "'%s' is an invalid path\r\n", p); BIO_printf(io, "'%s' is an invalid path\r\n", p);
break; break;
} }
#if 0 #if 0
/* append if a directory lookup */ /* append if a directory lookup */
if (e[-1] == '/') if (e[-1] == '/')
strcat(p, "index.html"); strcat(p, "index.html");
#endif #endif
 End of changes. 6 change blocks. 
5 lines changed or deleted 11 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)