From 58a7565a2bc3097f6f264e877ece06ceb30925a7 Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Wed, 17 Sep 2014 23:14:22 +0100 Subject: [PATCH] Check http request directories on Windows. --- src/websockets.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/websockets.c b/src/websockets.c index 2bdd33fb..cbab3d00 100644 --- a/src/websockets.c +++ b/src/websockets.c @@ -35,6 +35,7 @@ POSSIBILITY OF SUCH DAMAGE. #include "mqtt3_protocol.h" #include "memory_mosq.h" +#include #include #include @@ -388,8 +389,12 @@ static int callback_http(struct libwebsocket_context *context, /* Get canonical path and check it is within our http_dir */ #ifdef WIN32 -#error FIXME - /* FIXME - implement for Windows */ + filename_canonical = _fullpath(NULL, filename, 0); + if(!filename_canonical){ + _mosquitto_free(filename); + libwebsockets_return_http_status(context, wsi, HTTP_STATUS_INTERNAL_SERVER_ERROR, NULL); + return -1; + } #else filename_canonical = realpath(filename, NULL); if(!filename_canonical){ @@ -405,6 +410,7 @@ static int callback_http(struct libwebsocket_context *context, } return -1; } +#endif if(strncmp(http_dir, filename_canonical, strlen(http_dir))){ /* Requested file isn't within http_dir, deny access. */ free(filename_canonical); @@ -413,7 +419,6 @@ static int callback_http(struct libwebsocket_context *context, return -1; } free(filename_canonical); -#endif _mosquitto_log_printf(NULL, MOSQ_LOG_DEBUG, "http serving file \"%s\".", filename); u->fptr = fopen(filename, "rb"); @@ -531,18 +536,19 @@ struct libwebsocket_context *mosq_websockets_init(struct _mqtt3_listener *listen return NULL; } + if(listener->http_dir){ #ifdef WIN32 -#error FIXME + user->http_dir = _fullpath(NULL, listener->http_dir, 0); #else - if(listener->http_dir){ user->http_dir = realpath(listener->http_dir, NULL); +#endif if(!user->http_dir){ _mosquitto_free(user); _mosquitto_free(p); return NULL; } } -#endif + info.user = user; listener->ws_protocol = p;