Skip to content

Commit

Permalink
add more checks
Browse files Browse the repository at this point in the history
  • Loading branch information
@ispysoftware
ispysoftware committed Apr 26, 2022
1 parent e3ce630 commit c791116
Showing 1 changed file with 16 additions and 6 deletions.
22 changes: 16 additions & 6 deletions Server/LocalServer.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1229,6 +1229,7 @@ private void ParseRequest(string sMyWebServerRoot, string sBuffer, out string sR
ParseMimeType(sRequestedFile, out sFileName, out sMimeType);

sPhysicalFilePath = (sLocalDir + sRequestedFile).Replace("%20", " ").ToLower();

bool bHasAuth = sRequestedFile.ToLower() == "crossdomain.xml" || CheckAuth(sPhysicalFilePath);


Expand Down Expand Up @@ -1808,26 +1809,35 @@ private string DoCommand(string sRequest, int otid, string resp, string cmd, int
{
try
{
if (fn.Contains("../"))

if (fn.Contains("../") || fn.Contains(@"..\"))
{
throw new Exception("Request blocked (directory traversal)");
}
string d = Helper.GetMediaDirectory(otid, oid);
string subdir = Helper.GetDirectory(otid, oid);
string filename = Helper.GetMediaDirectory(otid, oid);
if (!File.Exists(fn))
throw new Exception("File does not exist");

var file = new FileInfo(fn);
if (!file.DirectoryName.ToLower().StartsWith(d.ToLower()))
throw new Exception("Request blocked (outside media directory)");


switch (otid)
{
case 1:
filename = filename + "audio\\";
d = d + "audio\\";
break;
case 2:
filename = filename + "video\\";
d = d + "video\\";
break;
}
filename += subdir + @"\" + fn;
d += subdir;

try
{
Process.Start(filename);
Process.Start(d + @"\" + fn);
}
catch (Exception ex)
{
Expand Down

0 comments on commit c791116

Please sign in to comment.