[Redbutton-devel] SF.net SVN: redbutton: [195] redbutton-download/trunk/command.c
Brought to you by:
skilvington
Menu
▾
▴
[Redbutton-devel] SF.net SVN: redbutton: [195] redbutton-download/trunk/command.c
|
From: <ski...@us...> - 2007-01-24 17:28:18
|
Revision: 195
http://svn.sourceforge.net/redbutton/?rev=195&view=rev
Author: skilvington
Date: 2007-01-24 09:28:12 -0800 (Wed, 24 Jan 2007)
Log Message:
-----------
only send regular files from the carousel
Modified Paths:
--------------
redbutton-download/trunk/command.c
Modified: redbutton-download/trunk/command.c
===================================================================
--- redbutton-download/trunk/command.c 2007-01-24 16:51:56 UTC (rev 194)
+++ redbutton-download/trunk/command.c 2007-01-24 17:28:12 UTC (rev 195)
@@ -9,6 +9,8 @@
#include <stdint.h>
#include <fcntl.h>
#include <signal.h>
+#include <sys/types.h>
+#include <sys/stat.h>
#include "command.h"
#include "assoc.h"
@@ -456,6 +458,7 @@
cmd_file(struct listen_data *listen_data, FILE *client, int argc, char *argv[])
{
char *filename;
+ struct stat info;
FILE *file;
long size;
char hdr[64];
@@ -471,6 +474,14 @@
return false;
}
+ /* check it is a regular file */
+ if(stat(filename, &info) < 0
+ || !S_ISREG(info.st_mode))
+ {
+ SEND_RESPONSE(500, "Invalid file");
+ return false;
+ }
+
if((file = fopen(filename, "r")) == NULL)
{
SEND_RESPONSE(404, "Not found");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
