From 74f06e4062634fa4f8cb46915280dedf73d58c6f Mon Sep 17 00:00:00 2001
From: Andrew Tridgell <tridge@samba.org>
Date: Sun, 23 Nov 1997 02:42:22 +0000
Subject: minor wsmbconf and cgi changes (This used to be commit
 bca9c49e6f24c2ee79cbb9b6ebf69d6647146fc1)

---
 source3/web/cgi.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

(limited to 'source3/web/cgi.c')

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index 3739d712d3..f165c56110 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -501,9 +501,22 @@ static void cgi_download(char *file)
 {
 	struct stat st;
 	char buf[1024];
-	int fd, l;
+	int fd, l, i;
 	char *p;
 
+	/* sanitise the filename */
+	for (i=0;file[i];i++) {
+		if (!isalnum(file[i]) && !strchr("/.-_", file[i])) {
+			cgi_setup_error("404 File Not Found","",
+					"Illegal character in filename");
+		}
+	}
+
+	if (strstr(file,"..")) {
+		cgi_setup_error("404 File Not Found","",
+				"Relative paths not allowed");
+	}
+
 	if (!file_exist(file, &st)) {
 		cgi_setup_error("404 File Not Found","",
 				"The requested file was not found");
@@ -574,7 +587,7 @@ void cgi_setup(char *rootdir)
 
 	if (!authenticated) {
 		cgi_setup_error("401 Authorization Required", 
-				"WWW-Authenticate: Basic realm=\"samba\"\r\n",
+				"WWW-Authenticate: Basic realm=\"root\"\r\n",
 				"You must be authenticated to use this service");
 	}
 
@@ -604,3 +617,5 @@ void cgi_setup(char *rootdir)
 	printf("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n");
 	
 }
+
+
-- 
cgit