[cfe-commits] r165839 - /cfe/trunk/tools/scan-view/ScanView.py
Ted Kremenek
kremenek at apple.com
Fri Oct 12 15:56:38 PDT 2012
Author: kremenek
Date: Fri Oct 12 17:56:38 2012
New Revision: 165839
URL: http://llvm.org/viewvc/llvm-project?rev=165839&view=rev
Log:
Further harden checking that scan-view isn't serving up pages outside
the server root.
Modified:
cfe/trunk/tools/scan-view/ScanView.py
Modified: cfe/trunk/tools/scan-view/ScanView.py
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/tools/scan-view/ScanView.py?rev=165839&r1=165838&r2=165839&view=diff
==============================================================================
--- cfe/trunk/tools/scan-view/ScanView.py (original)
+++ cfe/trunk/tools/scan-view/ScanView.py Fri Oct 12 17:56:38 2012
@@ -708,8 +708,8 @@
def send_path(self, path):
# If the requested path is outside the root directory, do not open it
- rel = os.path.relpath(path, self.server.root)
- if rel.startswith(os.pardir + os.sep):
+ rel = os.path.abspath(os.path.join(self.server.root, path))
+ if not rel.startswith(os.path.abspath(self.server.root) ):
return self.send_404()
ctype = self.guess_type(path)
More information about the cfe-commits
mailing list