http_static: squash subsequent forward slashes in request target path

In the file handler, squash groups of forward slashes during path sanitation to minify the risk of running out of memory. Type: fix Change-Id: Ic29d691f876b891ff588157851334162b4e3c5e3 Signed-off-by: Semir Sionek <ssionek@cisco.com>
author: Semir Sionek <ssionek@cisco.com> 2025-02-21 09:09:29 -0500
committer: Florin Coras <florin.coras@gmail.com> 2025-02-25 18:03:33 +0000
commit: 1cdebd8ca18bdf38af95047b1e9daf520e03030c (patch)
tree: f5f9dcaab67c1e0bd1f54d588abad022e5e8e1fd /src/plugins/http_static
parent: 58b6c4e6bdfba7c2a652e121c1c4e907df685780 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/plugins/http_static/static_server.c b/src/plugins/http_static/static_server.c
index 074416873e3..fb0878c7a7e 100644
--- a/src/plugins/http_static/static_server.c
+++ b/src/plugins/http_static/static_server.c
@@ -406,8 +406,8 @@ try_file_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt,
   if (!hsm->www_root)
     return -1;
 
-  /* Remove dot segments to prevent path traversal */
-  sanitized_path = http_path_remove_dot_segments (target);
+  /* Sanitize received path */
+  sanitized_path = http_path_sanitize (target);
 
   /*
    * Construct the file to open
author	Semir Sionek <ssionek@cisco.com>	2025-02-21 09:09:29 -0500
committer	Florin Coras <florin.coras@gmail.com>	2025-02-25 18:03:33 +0000
commit	1cdebd8ca18bdf38af95047b1e9daf520e03030c (patch)
tree	f5f9dcaab67c1e0bd1f54d588abad022e5e8e1fd /src/plugins/http_static
parent	58b6c4e6bdfba7c2a652e121c1c4e907df685780 (diff)