summary refs log tree commit diff
diff options
context:
space:
mode:
authorÉrico Nogueira <erico.erc@gmail.com>2021-08-09 10:38:48 -0300
committerLeah Neukirchen <leah@vuxu.org>2021-08-09 15:45:11 +0200
commit9ef7db6ff9767a594869790f1868288a495d471a (patch)
treee703b000114ee7a59e1a3ef6a64bd48f6a873656
parentcdb096d59660c19d00f7326fd5afd31d8e1727d7 (diff)
downloadhittpd-9ef7db6ff9767a594869790f1868288a495d471a.tar.gz
hittpd-9ef7db6ff9767a594869790f1868288a495d471a.tar.xz
hittpd-9ef7db6ff9767a594869790f1868288a495d471a.zip
fix mimetype for "GET /" requests
index.html was being sent as "application/octet-stream", which broke it
for browsers. using strcat is safe, because we check the length before
writing. we can't use strcpy because subdirs can also be requested this
way.
-rw-r--r--hittpd.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/hittpd.c b/hittpd.c
index 2404e47..64e552a 100644
--- a/hittpd.c
+++ b/hittpd.c
@@ -93,6 +93,7 @@ char mimetypes[] =
     ":.ico=image/x-icon";
 
 const char *default_mimetype = "application/octet-stream";
+const char index_html[] = "index.html";
 char default_vhost[] = "_default";
 char default_port[] = "80";
 
@@ -599,7 +600,11 @@ on_message_complete(http_parser *p) {
 	if (S_ISDIR(st.st_mode)) {
 		int x;
 		if (path[strlen(path)-1] == '/' &&
-		    (x = openat(stream_fd, "index.html", O_RDONLY)) >= 0) {
+		    (x = openat(stream_fd, index_html, O_RDONLY)) >= 0) {
+			if (strlen(path) > PATH_MAX - sizeof index_html) {
+				return send_error(p, 413, "Payload Too Large");
+			}
+			strcat(path, index_html);
 			close(stream_fd);
 			stream_fd = x;
 			if (fstat(stream_fd, &st) < 0)