zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

* HTTP Proxy: Limit proxy.i2p to /themes/ directory

Browse Source
This commit is contained in:
zzz
2009-07-01 16:50:35 +00:00
parent abc23e9a49
commit 59105a9ad6
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPClient.java
View File

@@ -811,11 +811,14 @@ public class I2PTunnelHTTPClient extends I2PTunnelClientBase implements Runnable
* but inproxy/gateway ops would be wise to block proxy.i2p to prevent * but inproxy/gateway ops would be wise to block proxy.i2p to prevent
* exposing the docs/ directory or perhaps other issues through * exposing the docs/ directory or perhaps other issues through
* uncaught vulnerabilities. * uncaught vulnerabilities.
* Restrict to the /themes/ directory for now.
* *
* @param targetRequest "proxy.i2p/foo.png HTTP/1.1" * @param targetRequest "proxy.i2p/themes/foo.png HTTP/1.1"
*/ */
private static void serveLocalFile(OutputStream out, String method, String targetRequest) { private static void serveLocalFile(OutputStream out, String method, String targetRequest) {
if (method.equals("GET") || method.equals("HEAD")) { if ((method.equals("GET") || method.equals("HEAD")) &&
targetRequest.startsWith("proxy.i2p/themes/") &&
!targetRequest.contains("..")) {
int space = targetRequest.indexOf(' '); int space = targetRequest.indexOf(' ');
String filename = null; String filename = null;
try { try {