SoupServer: fix to not allow smuggling ".." into path
authorDan Winship <danw@gnome.org>
Wed, 29 Jun 2011 14:04:06 +0000 (10:04 -0400)
committerDan Winship <danw@gnome.org>
Thu, 28 Jul 2011 12:49:42 +0000 (08:49 -0400)
commitcbeeb7a0f7f0e8b16f2d382157496f9100218dea
treed16120180dd80df07e3116123a4df050ab6ba036
parent48da81884eb7ce926eb34b8ba337ab099f5a59bc
SoupServer: fix to not allow smuggling ".." into path

When SoupServer:raw-paths was set (the default), it was possible to
sneak ".." segments into the path passed to the SoupServerHandler,
which could then end up tricking some handlers into retrieving
arbitrary files from the filesystem. Fix that.

https://bugzilla.gnome.org/show_bug.cgi?id=653258
libsoup/soup-server.c