From eae42d02d5cc6ce4ca7227054b9866b52af28551 Mon Sep 17 00:00:00 2001 From: oliverschmidt Date: Sun, 11 Apr 2010 19:18:47 +0000 Subject: [PATCH] Added optional URL filtering code to the CFS web server contributed by Kajtar Zsolt (and activated it by default). --- apps/webserver/httpd-cfs.c | 14 +++- apps/webserver/urlconv.c | 134 ++++++++++++++++++++++++++++++++++++ apps/webserver/urlconv.h | 40 +++++++++++ examples/webserver/Makefile | 2 +- 4 files changed, 188 insertions(+), 2 deletions(-) create mode 100644 apps/webserver/urlconv.c create mode 100644 apps/webserver/urlconv.h diff --git a/apps/webserver/httpd-cfs.c b/apps/webserver/httpd-cfs.c index f24f497f0..d3113ba80 100644 --- a/apps/webserver/httpd-cfs.c +++ b/apps/webserver/httpd-cfs.c @@ -30,7 +30,7 @@ * * Author: Adam Dunkels * - * $Id: httpd-cfs.c,v 1.20 2010/04/11 15:19:34 oliverschmidt Exp $ + * $Id: httpd-cfs.c,v 1.21 2010/04/11 19:18:47 oliverschmidt Exp $ */ #include @@ -45,6 +45,7 @@ int snprintf(char *str, size_t size, const char *format, ...); #include "cfs/cfs.h" #include "lib/petsciiconv.h" #include "http-strings.h" +#include "urlconv.h" #include "httpd-cfs.h" @@ -54,6 +55,12 @@ int snprintf(char *str, size_t size, const char *format, ...); #define CONNS WEBSERVER_CONF_CFS_CONNS #endif /* WEBSERVER_CONF_CFS_CONNS */ +#ifndef WEBSERVER_CONF_CFS_URLCONV +#define URLCONV 1 +#else /* WEBSERVER_CONF_CFS_URLCONV */ +#define URLCONV WEBSERVER_CONF_CFS_URLCONV +#endif /* WEBSERVER_CONF_CFS_URLCONV */ + #define STATE_WAITING 0 #define STATE_OUTPUT 1 @@ -174,12 +181,17 @@ PT_THREAD(handle_input(struct httpd_state *s)) PSOCK_CLOSE_EXIT(&s->sin); } +#if URLCONV + s->inputbuf[PSOCK_DATALEN(&s->sin) - 1] = 0; + urlconv_tofilename(s->filename, s->inputbuf, sizeof(s->filename)); +#else /* URLCONV */ if(s->inputbuf[1] == ISO_space) { strncpy(s->filename, http_index_html, sizeof(s->filename)); } else { s->inputbuf[PSOCK_DATALEN(&s->sin) - 1] = 0; strncpy(s->filename, s->inputbuf, sizeof(s->filename)); } +#endif /* URLCONV */ petsciiconv_topetscii(s->filename, sizeof(s->filename)); webserver_log_file(&uip_conn->ripaddr, s->filename); diff --git a/apps/webserver/urlconv.c b/apps/webserver/urlconv.c new file mode 100644 index 000000000..22d5010df --- /dev/null +++ b/apps/webserver/urlconv.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2010, Kajtar Zsolt . + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file is part of the Contiki operating system. + * + * Author: Kajtar Zsolt + * + * $Id: urlconv.c,v 1.1 2010/04/11 19:18:47 oliverschmidt Exp $ + */ + +#include + +#include "http-strings.h" + +#define ISO_number 0x23 +#define ISO_percent 0x25 +#define ISO_period 0x2e +#define ISO_slash 0x2f +#define ISO_question 0x3f + +/*---------------------------------------------------------------------------*/ +/* URL to filename conversion + * + * normalizes path by removing "/./" + * interprets "/../" and calculates path accordingly + * resulting path is always absolute + * replaces "%AB" notation with characters + * strips "#fragment" and "?query" from end + * replaces multiple slashes with a single one + * rejects non-ASCII characters + * + * MAXLEN is including trailing zero! + * input and output is ASCII + */ +void +urlconv_tofilename(char *dest, char *source, unsigned char maxlen) +{ + static unsigned char len; + static unsigned char c, hex1; + static unsigned char *from, *to; + + len = 0; + from = source; to = dest; + *to = ISO_slash; + maxlen -= 2; + do { + c = *(from++); + switch(c) { + case ISO_number: + case ISO_question: + c = 0; + break; + case ISO_percent: + c = 0; + hex1 = (*(from++) | 0x20) ^ 0x30; // ascii only! + if(hex1 > 0x50 && hex1 < 0x57) + hex1 -= 0x47; + else + if(hex1 > 9) + break; // invalid hex + c = (*(from++) | 0x20) ^ 0x30; // ascii only! + if(c > 0x50 && c < 0x57) + c -= 0x47; + else + if(c > 9) + break; // invalid hex + c |= hex1 << 4; + } + + if(c < 0x20 || c > 0x7e) + c = 0; // non ascii?! + if(len >= maxlen) + c = 0; // too long? + + if(c == ISO_slash || !c) { + switch(*to) { + case ISO_slash: + continue; // no repeated slash + case ISO_period: + switch(to[-1]) { + case ISO_slash: // handle "./" + --to; --len; + continue; + case ISO_period: + if(to[-2] == ISO_slash) { + to -= 2; len -= 2; + if(len) { + do { + --to; --len; + } while(*to != ISO_slash); + } + continue; + } + } + } + } + if(c) { + ++to; ++len; + *to = c; + } + } while(c); + if(*to == ISO_slash && (len + sizeof(http_index_html) - 3) < maxlen) { + strcpy(to, http_index_html); // add index.html + } else { + ++to; + *to = 0; + } +} +/*---------------------------------------------------------------------------*/ diff --git a/apps/webserver/urlconv.h b/apps/webserver/urlconv.h new file mode 100644 index 000000000..e17da97f2 --- /dev/null +++ b/apps/webserver/urlconv.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2010, Kajtar Zsolt . + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * This file is part of the Contiki operating system. + * + * $Id: urlconv.h,v 1.1 2010/04/11 19:18:47 oliverschmidt Exp $ + * + */ + +#ifndef __URLCONV_H__ +#define __URLCONV_H__ + +void urlconv_tofilename(char *dest, char *source, unsigned char maxlen); + +#endif /* __URLCONV_H__ */ \ No newline at end of file diff --git a/examples/webserver/Makefile b/examples/webserver/Makefile index 4d8052c59..a5d599b93 100644 --- a/examples/webserver/Makefile +++ b/examples/webserver/Makefile @@ -12,7 +12,7 @@ APPS = webserver ifeq ($(HTTPD-CFS),1) override webserver_src = webserver-nogui.c http-strings.c psock.c memb.c \ - httpd-cfs.c + httpd-cfs.c urlconv.c endif CONTIKI = ../..