From 5d2c87b978900bb04fac5c68ef5d5334e31b779b Mon Sep 17 00:00:00 2001 From: liubing Date: Tue, 3 Sep 2024 02:00:17 +0000 Subject: [PATCH 1/3] update src/simplehttpd.c. Signed-off-by: liubing --- src/simplehttpd.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/simplehttpd.c b/src/simplehttpd.c index f0a8271..c31c5fa 100644 --- a/src/simplehttpd.c +++ b/src/simplehttpd.c @@ -119,20 +119,27 @@ int save_log_file(char *filename, char *buf, unsigned int len) { char path[2 * MAX_BUFFER_SIZE] = {0}; sprintf(path, "%s%s", log_dir_path, filename); - FILE *fp = fopen(path, "ab"); + char realpathbuf[2 * MAX_BUFFER_SIZE] = {0}; + realpath(path, realpathbuf); + if (strstr(realpathbuf, log_dir_path) != realpathbuf) { + HTTPD_LOG_ERROR("realpathbuf is not exist or invalid."); + return -1; + } + FILE *fp = fopen(realpathbuf, "ab"); if (fp == NULL) { - HTTPD_LOG_ERROR("open log file %s failed, %d, %s.", path, errno, strerror(errno)); + HTTPD_LOG_ERROR("open log file %s failed, %d, %s.", realpathbuf, errno, strerror(errno)); return -1; } if (fwrite(buf, 1, len, fp) != len) { - HTTPD_LOG_ERROR("write log file %s failed, %d, %s.", path, errno, strerror(errno)); + HTTPD_LOG_ERROR("write log file %s failed, %d, %s.", realpathbuf, errno, strerror(errno)); + fclose(fp); return -1; } if (fclose(fp) != 0) { - HTTPD_LOG_ERROR("close log file %s failed, %d, %s.", path, errno, strerror(errno)); + HTTPD_LOG_ERROR("close log file %s failed, %d, %s.", realpathbuf, errno, strerror(errno)); return -1; } return 0; -- Gitee From bd09f8e8ca0fe1a064e3e4c2692be9e9da69dd3f Mon Sep 17 00:00:00 2001 From: liubing Date: Fri, 6 Sep 2024 07:25:58 +0000 Subject: [PATCH 2/3] Revert "update src/simplehttpd.c." This reverts commit 5d2c87b978900bb04fac5c68ef5d5334e31b779b. --- src/simplehttpd.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/src/simplehttpd.c b/src/simplehttpd.c index c31c5fa..f0a8271 100644 --- a/src/simplehttpd.c +++ b/src/simplehttpd.c @@ -119,27 +119,20 @@ int save_log_file(char *filename, char *buf, unsigned int len) { char path[2 * MAX_BUFFER_SIZE] = {0}; sprintf(path, "%s%s", log_dir_path, filename); - char realpathbuf[2 * MAX_BUFFER_SIZE] = {0}; - realpath(path, realpathbuf); - if (strstr(realpathbuf, log_dir_path) != realpathbuf) { - HTTPD_LOG_ERROR("realpathbuf is not exist or invalid."); - return -1; - } - FILE *fp = fopen(realpathbuf, "ab"); + FILE *fp = fopen(path, "ab"); if (fp == NULL) { - HTTPD_LOG_ERROR("open log file %s failed, %d, %s.", realpathbuf, errno, strerror(errno)); + HTTPD_LOG_ERROR("open log file %s failed, %d, %s.", path, errno, strerror(errno)); return -1; } if (fwrite(buf, 1, len, fp) != len) { - HTTPD_LOG_ERROR("write log file %s failed, %d, %s.", realpathbuf, errno, strerror(errno)); - fclose(fp); + HTTPD_LOG_ERROR("write log file %s failed, %d, %s.", path, errno, strerror(errno)); return -1; } if (fclose(fp) != 0) { - HTTPD_LOG_ERROR("close log file %s failed, %d, %s.", realpathbuf, errno, strerror(errno)); + HTTPD_LOG_ERROR("close log file %s failed, %d, %s.", path, errno, strerror(errno)); return -1; } return 0; -- Gitee From 4df85d6825bbb437cc677a0ba74fe0224e868716 Mon Sep 17 00:00:00 2001 From: liubing Date: Fri, 6 Sep 2024 07:55:32 +0000 Subject: [PATCH 3/3] update src/simplehttpd.c. Signed-off-by: liubing --- src/simplehttpd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/simplehttpd.c b/src/simplehttpd.c index f0a8271..336a8f6 100644 --- a/src/simplehttpd.c +++ b/src/simplehttpd.c @@ -117,6 +117,11 @@ void unimplemented(int client) int save_log_file(char *filename, char *buf, unsigned int len) { + char *result = strstr(filename, "/"); + if (result != NULL) { + HTTPD_LOG_ERROR("filename is invalid.\n"); + return -1; + } char path[2 * MAX_BUFFER_SIZE] = {0}; sprintf(path, "%s%s", log_dir_path, filename); FILE *fp = fopen(path, "ab"); -- Gitee