#639 HTTP redirect for dir → dir/ causes endless loop
Reporter
Zash
Owner
Zash
Created
Updated
Stars
(0)
Tags
Status-Fixed
mod_http_files
Type-Defect
Priority-Medium
Milestone-0.9
Zash
on
What steps will reproduce the problem?
1. Enable mod_http_files and point to a directory that contains a subdirectory
2. GET /files/subdir/
What is the expected output?
200 OK and index.html or 403 if no index found
What do you see instead?
301 redirect to same path
What version of the product are you using?
Affects 0.9, 0.10 and trunk
The first bad revision is:
http://hg.prosody.im/0.9/rev/e9f07febafb3
mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability
The cause appears to be that <code>sanitize_path("subdir/")</code> returns "/subdir". Then the code that is meant to redirect /subdir to /subdir/ does its thing.
What steps will reproduce the problem? 1. Enable mod_http_files and point to a directory that contains a subdirectory 2. GET /files/subdir/ What is the expected output? 200 OK and index.html or 403 if no index found What do you see instead? 301 redirect to same path What version of the product are you using? Affects 0.9, 0.10 and trunk The first bad revision is: http://hg.prosody.im/0.9/rev/e9f07febafb3 mod_http_files: Santize the path relative to our base URL before translating it to a filesystem path, fixes a relative path traversal vulnerability The cause appears to be that <code>sanitize_path("subdir/")</code> returns "/subdir". Then the code that is meant to redirect /subdir to /subdir/ does its thing.
Fixed in http://hg.prosody.im/0.9/rev/20246b139607
Changes