Merge branch 'bugfix/KASM-6090_directory_traversal' into 'master'

Fix dir traversal by percent-encoding dots

Closes KASM-6090

See merge request kasm-technologies/internal/KasmVNC!136
This commit is contained in:
Matthew McClaskey 2024-06-18 19:38:17 +00:00
commit 202ac98cf4

View File

@ -917,6 +917,12 @@ static void servefile(ws_ctx_t *ws_ctx, const char *in, const char * const user,
percent_decode(path, buf, 1); percent_decode(path, buf, 1);
// in case they percent-encoded dots
if (strstr(buf, "../")) {
handler_msg("Attempted dir traversal attack, rejecting\n", len);
goto nope;
}
handler_msg("Requested file '%s'\n", buf); handler_msg("Requested file '%s'\n", buf);
sprintf(fullpath, "%s/%s", settings.httpdir, buf); sprintf(fullpath, "%s/%s", settings.httpdir, buf);