diff options
| -rw-r--r-- | networking/httpd.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/networking/httpd.c b/networking/httpd.c index 5df493b8e..70a024bc2 100644 --- a/networking/httpd.c +++ b/networking/httpd.c | |||
| @@ -1615,13 +1615,6 @@ BAD_REQUEST: | |||
| 1615 | *purl = ' '; | 1615 | *purl = ' '; |
| 1616 | count = sscanf(purl, " %[^ ] HTTP/%d.%*d", buf, &blank); | 1616 | count = sscanf(purl, " %[^ ] HTTP/%d.%*d", buf, &blank); |
| 1617 | 1617 | ||
| 1618 | test = decodeString(buf, 0); | ||
| 1619 | if(test == NULL) | ||
| 1620 | goto BAD_REQUEST; | ||
| 1621 | if(test == (buf+1)) { | ||
| 1622 | sendHeaders(HTTP_NOT_FOUND); | ||
| 1623 | break; | ||
| 1624 | } | ||
| 1625 | if (count < 1 || buf[0] != '/') { | 1618 | if (count < 1 || buf[0] != '/') { |
| 1626 | /* Garbled request/URL */ | 1619 | /* Garbled request/URL */ |
| 1627 | goto BAD_REQUEST; | 1620 | goto BAD_REQUEST; |
| @@ -1639,6 +1632,13 @@ BAD_REQUEST: | |||
| 1639 | config->query = test; | 1632 | config->query = test; |
| 1640 | } | 1633 | } |
| 1641 | 1634 | ||
| 1635 | test = decodeString(url, 0); | ||
| 1636 | if(test == NULL) | ||
| 1637 | goto BAD_REQUEST; | ||
| 1638 | if(test == (buf+1)) { | ||
| 1639 | sendHeaders(HTTP_NOT_FOUND); | ||
| 1640 | break; | ||
| 1641 | } | ||
| 1642 | /* algorithm stolen from libbb bb_simplify_path(), | 1642 | /* algorithm stolen from libbb bb_simplify_path(), |
| 1643 | but don`t strdup and reducing trailing slash and protect out root */ | 1643 | but don`t strdup and reducing trailing slash and protect out root */ |
| 1644 | purl = test = url; | 1644 | purl = test = url; |