Skip to content

Commit

Permalink
Deny any directory traversal paths. README update
Browse files Browse the repository at this point in the history
  • Loading branch information
RamseyK committed Sep 8, 2019
1 parent 6eeb84a commit 1a0de56
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
5 changes: 4 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,16 @@
Ramsey Kant
https://github.com/RamseyK/httpserver

A high performance, single threaded, HTTP server written in C++ to serve as a kqueue socket management and HTTP protocol learning tool
A high performance, single threaded, HTTP server written in C++ to serve as a kqueue socket management and HTTP protocol learning tool on BSD systems

## Features
* Clean, documented code
* Efficient socket management with kqueue
* Easy to understand HTTP protocol parser (from my ByteBuffer project)
* Tested on FreeBSD and MacOS

## Compiling Notes
* On FreeBSD, compile with gmake

## License
See LICENSE.TXT
2 changes: 1 addition & 1 deletion src/HTTPServer.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,7 @@ void HTTPServer::handleRequest(Client *cl, HTTPRequest* req) {
std::cout << "[" << cl->getClientIP() << "] " << req->methodIntToStr(req->getMethod()) << " " << req->getRequestUri() << std::endl;
/*std::cout << "Headers:" << std::endl;
for(int i = 0; i < req->getNumHeaders(); i++) {
std::cout << req->getHeaderStr(i) << std::endl;
std::cout << "\t" << req->getHeaderStr(i) << std::endl;
}
std::cout << std::endl;*/

Expand Down
3 changes: 3 additions & 0 deletions src/ResourceHost.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -183,6 +183,9 @@ Resource* ResourceHost::getResource(std::string uri) {
if (uri.length() > 255 || uri.empty())
return NULL;

if (uri.find("../") != std::string::npos)
return NULL;

std::string path = baseDiskPath + uri;
Resource* res = NULL;

Expand Down

0 comments on commit 1a0de56

Please sign in to comment.