[libsoup] SoupServer: fix to not allow smuggling ".." into path

[Dan Winship <danw src gnome org>]

commit cbeeb7a0f7f0e8b16f2d382157496f9100218dea
Author: Dan Winship <danw gnome org>
Date:   Wed Jun 29 10:04:06 2011 -0400

    SoupServer: fix to not allow smuggling ".." into path
    
    When SoupServer:raw-paths was set (the default), it was possible to
    sneak ".." segments into the path passed to the SoupServerHandler,
    which could then end up tricking some handlers into retrieving
    arbitrary files from the filesystem. Fix that.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=653258

 libsoup/soup-server.c |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)
---
diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
index d56efd1..7225337 100644
--- a/libsoup/soup-server.c
+++ b/libsoup/soup-server.c
@@ -779,6 +779,15 @@ got_headers (SoupMessage *req, SoupClientContext *client)
 
 		uri = soup_message_get_uri (req);
 		decoded_path = soup_uri_decode (uri->path);
+
+		if (strstr (decoded_path, "/../") ||
+		    g_str_has_suffix (decoded_path, "/..")) {
+			/* Introducing new ".." segments is not allowed */
+			g_free (decoded_path);
+			soup_message_set_status (req, SOUP_STATUS_BAD_REQUEST);
+			return;
+		}
+
 		soup_uri_set_path (uri, decoded_path);
 		g_free (decoded_path);
 	}