Permalink
Browse files

Fix httpd directory traversal on Windows

Although the validation in httpd_request works well on platforms using
forward slash as directory separator, on Windows systems, this
protection can be circumvented using URLs containing backslashes.

This way, any file accessible to the user running the server (even
those outside the document root) can be read through HTTP. This commit
solves the problem by expanding the list of path separators to '/\\'.
  • Loading branch information...
dnet committed Aug 26, 2011
1 parent 4a5a758 commit a93679550d8caac290ab4fe355c77ca7ed3ae18d
Showing with 1 addition and 1 deletion.
  1. +1 −1 lib/inets/src/http_server/httpd_request.erl
@@ -313,7 +313,7 @@ validate_uri(RequestURI) ->
{error, {bad_request, {malformed_syntax, RequestURI}}};
_ ->
Path = format_request_uri(UriNoQueryNoHex),
Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938
Path2=[X||X<-string:tokens(Path, "/\\"),X=/="."], %% OTP-5938
validate_path( Path2,0, RequestURI)
end.

0 comments on commit a936795

Please sign in to comment.