From 009444ba3f4e53c695c5c7aaa89683864e379f8b Mon Sep 17 00:00:00 2001
From: Syndamia <kamen@syndamia.com>
Date: Wed, 27 Dec 2023 14:57:13 +0200
Subject: (server-connection) Added address sanitization

---
 server-connection.c | 24 ++++++++++++++++++++++++
 util.c              |  7 +++++++
 util.h              |  1 +
 3 files changed, 32 insertions(+)

diff --git a/server-connection.c b/server-connection.c
index f0ac1e6..9b06ede 100644
--- a/server-connection.c
+++ b/server-connection.c
@@ -5,6 +5,7 @@
 #include <fcntl.h>
 
 #include <string.h>
+#include <util.h>
 
 sds constructFilePath(const sds root, const char* file) {
 	sds path = sdsdup(root);
@@ -16,6 +17,28 @@ sds constructFilePath(const sds root, const char* file) {
 	return path;
 }
 
+void sanitizeAddress(char* address) {
+	/* Remove host and port */
+	char* startPath = strchr(address, '/');
+	if (startPath == NULL)
+		startPath = strchr(address, '\0');
+
+	char* startHost = strchr(address, '@');
+	shiftLeft(startHost + 1, address - startHost, startPath - startHost - 1);
+
+	/* Remove ../ */
+	for (char* prev = startHost+1, *i = startHost+1; i != NULL && *i != '\0';) {
+		if (i[1] == '.' && i[2] == '.' && i[3] == '/') {
+			shiftLeft(prev, strlen(prev), i - prev + 3);
+			i = prev;
+		}
+		else {
+			prev = i;
+			i = strchr(i+1, '/');
+		}
+	}
+}
+
 void on_connection(const char* client, const int fd_client, sds **vhosts, const int vhostsc) {
 	printf("[%s@%d] Connected successfully!\n", client, fd_client);
 
@@ -24,6 +47,7 @@ void on_connection(const char* client, const int fd_client, sds **vhosts, const
 	memset(address, 0, 256);
 
 	read(fd_client, address, 256);
+	sanitizeAddress(address);
 	printf("[%s@%d] Requested %s\n", client, fd_client, address);
 
 	/* Does vhosts contain an address with the username? */
diff --git a/util.c b/util.c
index 0d8f7c6..ca793ce 100644
--- a/util.c
+++ b/util.c
@@ -154,3 +154,10 @@ int digits(int num) {
 int streq(const char* first, const char* second) {
 	return strcmp(first, second) == 0;
 }
+
+void shiftLeft(char* str, size_t size, size_t shift) {
+	while (*(str + shift - 1) != '\0') {
+		*str = *(str + shift);
+		str++;
+	}
+}
diff --git a/util.h b/util.h
index d3e5168..8fa59c5 100644
--- a/util.h
+++ b/util.h
@@ -22,5 +22,6 @@ sds gsub_getm(sds str, const regex_t *regex, const char* repl, int* *matches, in
 #define clear_arr(arr) memset(arr, 0, sizeof(arr)/sizeof(*arr))
 int digits(int num);
 int streq(const char* first, const char* second);
+void shiftLeft(char* str, size_t size, size_t shift);
 
 #endif
-- 
cgit v1.2.3