fix possible out-of-bound access

While computing the parent directory it an out-of-bound access can occur, which usually means the server process dies. In particular, it can be triggered by making a request for a non-existent file in the root of a virtual host if the path matches the `cgi` pattern. Thanks cage for helping in debugging!
author: Omar Polo <op@omarpolo.com> 2021-09-24 10:48:51 +0000
committer: Omar Polo <op@omarpolo.com> 2021-09-24 10:48:51 +0000
commit: 3571854e942b2354ae216f340add076d71d0776a (patch)
tree: 7a55d4488634c59b063f14b00cc94f8304b0e73a /server.c
parent: 353e3c8ebe516943a38d051a0bf390bb6116574c (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/server.c b/server.c
index 473e111..e07d6bc 100644
--- a/server.c
+++ b/server.c
@@ -406,8 +406,12 @@ check_for_cgi(struct client *c)
 		 * dirname, with its ambiguities on if the given
 		 * pointer is changed or not, gives me headaches.
 		 */
-		while (*end != '/')
+		while (*end != '/' && end > path)
 			end--;
+
+		if (end == path)
+			break;
+
 		*end = '\0';
 
 		switch (check_path(c, path, &c->pfd)) {
author	Omar Polo <op@omarpolo.com>	2021-09-24 10:48:51 +0000
committer	Omar Polo <op@omarpolo.com>	2021-09-24 10:48:51 +0000
commit	3571854e942b2354ae216f340add076d71d0776a (patch)
tree	7a55d4488634c59b063f14b00cc94f8304b0e73a /server.c
parent	353e3c8ebe516943a38d051a0bf390bb6116574c (diff)