Mirrors/overte
3
0
Fork 0
mirror of https://github.com/overte-org/overte.git synced 2025-08-10 14:52:46 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

404 malformed agent script requests, check doc root

Browse source
This commit is contained in:
Stephen Birarda 2018-07-18 15:17:19 -07:00
parent b29044fd7e
commit 499aa4ad13
2 changed files with 32 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
domain-server/src/DomainServer.cpp
View file

@ -1916,14 +1916,16 @@ bool DomainServer::handleHTTPRequest(HTTPConnection* connection, const QUrl& url
// don't handle if we don't have a matching node // don't handle if we don't have a matching node
if (!matchingNode) { if (!matchingNode) {
return false; connection->respond(HTTPConnection::StatusCode404, "Resource not found.");
return true;
} }
auto nodeData = static_cast<DomainServerNodeData*>(matchingNode->getLinkedData()); auto nodeData = static_cast<DomainServerNodeData*>(matchingNode->getLinkedData());
// don't handle if we don't have node data for this node // don't handle if we don't have node data for this node
if (!nodeData) { if (!nodeData) {
return false; connection->respond(HTTPConnection::StatusCode404, "Resource not found.");
return true;
} }
SharedAssignmentPointer matchingAssignment = _allAssignments.value(nodeData->getAssignmentUUID()); SharedAssignmentPointer matchingAssignment = _allAssignments.value(nodeData->getAssignmentUUID());
@ -1944,7 +1946,8 @@ bool DomainServer::handleHTTPRequest(HTTPConnection* connection, const QUrl& url
} }
// request not handled // request not handled
return false; connection->respond(HTTPConnection::StatusCode404, "Resource not found.");
return true;
} }
// check if this is a request for our domain ID // check if this is a request for our domain ID

34
libraries/embedded-webserver/src/HTTPManager.cpp
View file

@ -48,6 +48,13 @@ void HTTPManager::incomingConnection(qintptr socketDescriptor) {
} }
bool HTTPManager::handleHTTPRequest(HTTPConnection* connection, const QUrl& url, bool skipSubHandler) { bool HTTPManager::handleHTTPRequest(HTTPConnection* connection, const QUrl& url, bool skipSubHandler) {
// Reject paths with embedded NULs
if (url.path().contains(QChar(0x00))) {
connection->respond(HTTPConnection::StatusCode400, "Embedded NULs not allowed in requests");
qCWarning(embeddedwebserver) << "Received a request with embedded NULs";
return true;
}
if (!skipSubHandler && requestHandledByRequestHandler(connection, url)) { if (!skipSubHandler && requestHandledByRequestHandler(connection, url)) {
// this request was handled by our request handler object // this request was handled by our request handler object
// so we don't need to attempt to do so in the document root // so we don't need to attempt to do so in the document root
@ -57,17 +64,27 @@ bool HTTPManager::handleHTTPRequest(HTTPConnection* connection, const QUrl& url,
if (!_documentRoot.isEmpty()) { if (!_documentRoot.isEmpty()) {
// check to see if there is a file to serve from the document root for this path // check to see if there is a file to serve from the document root for this path
QString subPath = url.path(); QString subPath = url.path();
// remove any slash at the beginning of the path // remove any slash at the beginning of the path
if (subPath.startsWith('/')) { if (subPath.startsWith('/')) {
subPath.remove(0, 1); subPath.remove(0, 1);
} }
QString absoluteDocumentRoot { QFileInfo(_documentRoot).absolutePath() };
QString filePath; QString filePath;
QFileInfo pathFileInfo { _documentRoot + subPath };
if (QFileInfo(_documentRoot + subPath).isFile()) { QString absoluteFilePath { pathFileInfo.absoluteFilePath() };
filePath = _documentRoot + subPath;
} else if (subPath.size() > 0 && !subPath.endsWith('/')) { // The absolute path for this file isn't under the document root
if (absoluteFilePath.indexOf(absoluteDocumentRoot) != 0) {
qCWarning(embeddedwebserver) << absoluteFilePath << "is outside the document root";
connection->respond(HTTPConnection::StatusCode400, "Requested path outside document root");
return true;
}
if (pathFileInfo.isFile()) {
filePath = absoluteFilePath;
} else if (subPath.size() > 0 && !subPath.endsWith('/') && pathFileInfo.isDir()) {
// this could be a directory with a trailing slash // this could be a directory with a trailing slash
// send a redirect to the path with a slash so we can // send a redirect to the path with a slash so we can
QString redirectLocation = '/' + subPath + '/'; QString redirectLocation = '/' + subPath + '/';
@ -80,6 +97,7 @@ bool HTTPManager::handleHTTPRequest(HTTPConnection* connection, const QUrl& url,
redirectHeader.insert(QByteArray("Location"), redirectLocation.toUtf8()); redirectHeader.insert(QByteArray("Location"), redirectLocation.toUtf8());
connection->respond(HTTPConnection::StatusCode302, "", HTTPConnection::DefaultContentType, redirectHeader); connection->respond(HTTPConnection::StatusCode302, "", HTTPConnection::DefaultContentType, redirectHeader);
return true;
} }
// if the last thing is a trailing slash then we want to look for index file // if the last thing is a trailing slash then we want to look for index file
@ -87,8 +105,8 @@ bool HTTPManager::handleHTTPRequest(HTTPConnection* connection, const QUrl& url,
QStringList possibleIndexFiles = QStringList() << "index.html" << "index.shtml"; QStringList possibleIndexFiles = QStringList() << "index.html" << "index.shtml";
foreach (const QString& possibleIndexFilename, possibleIndexFiles) { foreach (const QString& possibleIndexFilename, possibleIndexFiles) {
if (QFileInfo(_documentRoot + subPath + possibleIndexFilename).exists()) { if (QFileInfo(absoluteFilePath + possibleIndexFilename).exists()) {
filePath = _documentRoot + subPath + possibleIndexFilename; filePath = absoluteFilePath + possibleIndexFilename;
break; break;
} }
} }