aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/plugins/http_static/static_server.c57
1 files changed, 56 insertions, 1 deletions
diff --git a/src/plugins/http_static/static_server.c b/src/plugins/http_static/static_server.c
index 4d0373a31b6..040cdca9d7a 100644
--- a/src/plugins/http_static/static_server.c
+++ b/src/plugins/http_static/static_server.c
@@ -145,6 +145,44 @@ hss_session_send_data (hss_url_handler_args_t *args)
start_send_data (hs, args->sc);
}
+/*
+ * path_has_known_suffix()
+ * Returns 1 if the request ends with a known suffix, like .htm or .ico
+ * Used to avoid looking for "/favicon.ico/index.html" or similar.
+ */
+
+static int
+path_has_known_suffix (u8 *request)
+{
+ u8 *ext;
+ uword *p;
+
+ if (vec_len (request) == 0)
+ {
+ return 0;
+ }
+
+ ext = request + vec_len (request) - 1;
+
+ while (ext > request && ext[0] != '.')
+ ext--;
+
+ if (ext == request)
+ return 0;
+
+ p = hash_get_mem (hss_main.mime_type_indices_by_file_extensions, ext);
+ if (p)
+ return 1;
+
+ return 0;
+}
+
+/*
+ * content_type_from_request
+ * Returns the index of the request's suffix in the
+ * http-layer http_content_type_str[] array.
+ */
+
static http_content_type_t
content_type_from_request (u8 *request)
{
@@ -185,6 +223,12 @@ try_url_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt,
if (!hsm->enable_url_handlers || !request)
return -1;
+ /* zero-length? try "index.html" */
+ if (vec_len (request) == 0)
+ {
+ request = format (request, "index.html");
+ }
+
type = content_type_from_request (request);
/* Look for built-in GET / POST handlers */
@@ -340,7 +384,6 @@ try_file_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt,
if (hs->data && hs->free_data)
vec_free (hs->data);
- hs->path = path;
hs->data_offset = 0;
ce_index =
@@ -349,6 +392,17 @@ try_file_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt,
{
if (!file_path_is_valid (path))
{
+ /*
+ * Generate error 404 right now if we can't find a path with
+ * a known file extension. It's silly to look for
+ * "favicon.ico/index.html" if you can't find
+ * "favicon.ico"; realistic example which used to happen.
+ */
+ if (path_has_known_suffix (path))
+ {
+ sc = HTTP_STATUS_NOT_FOUND;
+ goto done;
+ }
sc = try_index_file (hsm, hs, path);
goto done;
}
@@ -361,6 +415,7 @@ try_file_handler (hss_main_t *hsm, hss_session_t *hs, http_req_method_t rt,
}
}
+ hs->path = path;
hs->cache_pool_index = ce_index;
done: