From 26277f1c0976f1139b4ec2642b339a853b73ad4e Mon Sep 17 00:00:00 2001
From: liubing <liubing163@h-partners.com>
Date: Fri, 6 Sep 2024 07:31:12 +0000
Subject: [PATCH] update src/simplehttpd.c.

Signed-off-by: liubing <liubing163@h-partners.com>
---
 src/simplehttpd.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/simplehttpd.c b/src/simplehttpd.c
index f0a8271..336a8f6 100644
--- a/src/simplehttpd.c
+++ b/src/simplehttpd.c
@@ -117,6 +117,11 @@ void unimplemented(int client)
 
 int save_log_file(char *filename, char *buf, unsigned int len)
 {
+    char *result = strstr(filename, "/");
+    if (result != NULL) {
+        HTTPD_LOG_ERROR("filename is invalid.\n");
+        return -1;
+    }
     char path[2 * MAX_BUFFER_SIZE] = {0};
     sprintf(path, "%s%s", log_dir_path, filename);
     FILE *fp = fopen(path, "ab");
-- 
Gitee