diff options
| author | Érico Nogueira <erico.erc@gmail.com> | 2021-08-09 10:38:48 -0300 |
|---|---|---|
| committer | Leah Neukirchen <leah@vuxu.org> | 2021-08-09 15:45:11 +0200 |
| commit | 9ef7db6ff9767a594869790f1868288a495d471a (patch) | |
| tree | e703b000114ee7a59e1a3ef6a64bd48f6a873656 /hittpd.c | |
| parent | cdb096d59660c19d00f7326fd5afd31d8e1727d7 (diff) | |
| download | hittpd-9ef7db6ff9767a594869790f1868288a495d471a.tar.gz hittpd-9ef7db6ff9767a594869790f1868288a495d471a.tar.xz hittpd-9ef7db6ff9767a594869790f1868288a495d471a.zip | |
fix mimetype for "GET /" requests
index.html was being sent as "application/octet-stream", which broke it for browsers. using strcat is safe, because we check the length before writing. we can't use strcpy because subdirs can also be requested this way.
Diffstat (limited to 'hittpd.c')
| -rw-r--r-- | hittpd.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/hittpd.c b/hittpd.c index 2404e47..64e552a 100644 --- a/hittpd.c +++ b/hittpd.c @@ -93,6 +93,7 @@ char mimetypes[] = ":.ico=image/x-icon"; const char *default_mimetype = "application/octet-stream"; +const char index_html[] = "index.html"; char default_vhost[] = "_default"; char default_port[] = "80"; @@ -599,7 +600,11 @@ on_message_complete(http_parser *p) { if (S_ISDIR(st.st_mode)) { int x; if (path[strlen(path)-1] == '/' && - (x = openat(stream_fd, "index.html", O_RDONLY)) >= 0) { + (x = openat(stream_fd, index_html, O_RDONLY)) >= 0) { + if (strlen(path) > PATH_MAX - sizeof index_html) { + return send_error(p, 413, "Payload Too Large"); + } + strcat(path, index_html); close(stream_fd); stream_fd = x; if (fstat(stream_fd, &st) < 0) |