commit 91e76659458849a184f7862504943d9cc2012206
parent 9a5dece83e262732280730c7aa3a56cc4a62fe85
Author: Christian Grothoff <christian@grothoff.org>
Date: Mon, 18 Jan 2016 20:48:52 +0000
avoid stat/open race, and actually check for regular file (in demo)
Diffstat:
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/src/examples/demo_https.c b/src/examples/demo_https.c
@@ -693,12 +693,19 @@ generate_page (void *cls,
if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
return MHD_NO; /* unexpected method (we're not polite...) */
- if ( (0 == stat (&url[1], &buf)) &&
- (NULL == strstr (&url[1], "..")) &&
- ('/' != url[1]))
- fd = open (&url[1], O_RDONLY);
- else
- fd = -1;
+ fd = -1;
+
+ if ( (NULL == strstr (&url[1], "..")) &&
+ ('/' != url[1]) )
+ {
+ fd = open (&url[1], O_RDONLY);
+ if ( (0 != fstat (fd, &buf)) ||
+ (! S_ISREG (buf.st_mode)) )
+ {
+ (void) close (fd);
+ fd = -1;
+ }
+ }
if (-1 == fd)
return MHD_queue_response (connection,
MHD_HTTP_NOT_FOUND,
