问题:实现具有一些基本功能的Web服务器。但是,使用此Web服务器,您不应允许任何访问当前目录上方的目录。这很明显,因为没有人能够访问当前目录,否则会引发很多安全问题。我的问题是如何在我的程序运行时进行检查或阻止更改当前目录。目前,这就是我解析收到的请求的方式。
使用当前实现,用户可以切换到当前目录上方的目录,因为没有检查。但我无法找到一种有效的方法。
void handle_request(char * request, int fd)
{
/* Request is processed elsewhere, an example of a request is:
* GET ./a.out
* GET /a.out
* HEAD ./index.html
* GET /cgi-like/ls?-l&some_file.txt
*
* These are basic requests, that are all in the current directory or
* the cgi-like sub-directory.
*/
char * token_request;
char * token_filename;
token_request = strtok(request," "); // Determine if GET or HEAD
token_filename = strtok(NULL," ");
/* This is where the check should be
* Check if user is trying to access above the current working dir
* (e.g GET ../filename) */
if(strcmp(token_request, "GET") == 0 && check_cgi(token_filename))
{
run_cgi(token_filename,fd);
}
else if(strcmp(token_request, "GET") == 0)
{
run_get(token_filename,fd);
exit(1);
}
else if(strcmp(token_request,"HEAD") == 0)
{
run_head(token_filename ,fd);
exit(1);
}
else
{
printf("501 Not Implemented\n");
return;
}
}