Permalink
Browse files

treat null bytes as bad requests for directory/static

  • Loading branch information...
1 parent f467170 commit 3cc6be9bed7ee027ee320790060cd990d9139497 @tj tj committed Aug 11, 2011
Showing with 5 additions and 2 deletions.
  1. +3 −0 lib/middleware/directory.js
  2. +2 −2 lib/middleware/static.js
View
3 lib/middleware/directory.js
@@ -62,6 +62,9 @@ exports = module.exports = function directory(root, options){
, originalDir = decodeURIComponent(originalUrl.pathname)
, showUp = path != root && path != root + '/';
+ // null byte(s)
+ if (~path.indexOf('\0')) return utils.badRequest(res);
+
// malicious path
if (0 != path.indexOf(root)) return utils.forbidden(res);
View
4 lib/middleware/static.js
@@ -117,8 +117,8 @@ var send = exports.send = function(req, res, next, options){
, path = decodeURIComponent(url.pathname)
, type;
- // strip null byte(s)
- path = path.replace(/\0/g, '');
+ // null byte(s)
+ if (~path.indexOf('\0')) return utils.badRequest(res);
// when root is not given, consider .. malicious
if (!root && ~path.indexOf('..')) return utils.forbidden(res);

0 comments on commit 3cc6be9

Please sign in to comment.