Skip to content
Snippets Groups Projects
Commit 6623cff0 authored by Deucе's avatar Deucе :ok_hand_tone4:
Browse files

Always return 403 to requests for access.ars or webctrl.ini

Previously, 403 was only returned if they existed, and 404 if they
didn't.
parent 22c6721d
No related branches found
No related tags found
1 merge request!463MRC mods by Codefenix (2024-10-20)
Pipeline #1349 passed
...@@ -3602,14 +3602,16 @@ static BOOL check_request(http_session_t * session) ...@@ -3602,14 +3602,16 @@ static BOOL check_request(http_session_t * session)
/* Terminate the path after the slash */ /* Terminate the path after the slash */
*(last_slash+1)=0; *(last_slash+1)=0;
SAFEPRINTF(str,"%saccess.ars",curdir); SAFEPRINTF(str,"%saccess.ars",curdir);
if(!stat(str,&sb)) {
/* NEVER serve up an access.ars file */ /* NEVER serve up an access.ars file */
if(!strcmp(path,str)) {
if(!stat(str,&sb)) {
lprintf(LOG_WARNING,"%04d !WARNING! access.ars support is deprecated and will be REMOVED very soon.",session->socket); lprintf(LOG_WARNING,"%04d !WARNING! access.ars support is deprecated and will be REMOVED very soon.",session->socket);
lprintf(LOG_WARNING,"%04d !WARNING! access.ars found at %s.",session->socket,str); lprintf(LOG_WARNING,"%04d !WARNING! access.ars found at %s.",session->socket,str);
if(!strcmp(path,str)) { }
send_error(session,__LINE__,"403 Forbidden"); send_error(session,__LINE__,"403 Forbidden");
return(FALSE); return(FALSE);
} }
if(!stat(str,&sb)) {
/* Read access.ars file */ /* Read access.ars file */
if((file=fopen(str,"r"))!=NULL) { if((file=fopen(str,"r"))!=NULL) {
fgets(session->req.ars,sizeof(session->req.ars),file); fgets(session->req.ars,sizeof(session->req.ars),file);
...@@ -3624,12 +3626,12 @@ static BOOL check_request(http_session_t * session) ...@@ -3624,12 +3626,12 @@ static BOOL check_request(http_session_t * session)
truncsp(session->req.ars); truncsp(session->req.ars);
} }
SAFEPRINTF(str,"%swebctrl.ini",curdir); SAFEPRINTF(str,"%swebctrl.ini",curdir);
if(!stat(str,&sb)) {
/* NEVER serve up a webctrl.ini file */ /* NEVER serve up a webctrl.ini file */
if(!strcmp(path,str)) { if(!strcmp(path,str)) {
send_error(session,__LINE__,"403 Forbidden"); send_error(session,__LINE__,"403 Forbidden");
return(FALSE); return(FALSE);
} }
if(!stat(str,&sb)) {
/* Read webctrl.ini file */ /* Read webctrl.ini file */
if((file=fopen(str,"r"))!=NULL) { if((file=fopen(str,"r"))!=NULL) {
/* FREE()d in this block */ /* FREE()d in this block */
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment