Luna/web_serv
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added some security features

Browse source
This commit is contained in:
Luna 2025-05-17 03:33:02 +02:00
parent c0e798996b
commit a123d0a22d
1 changed files with 15 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

15
main.cpp
View file

@ -126,6 +126,16 @@ std::map<std::string, std::string> parse_headers(const std::vector<std::string>
return ret; return ret;
} }
std::string filename_sanitation(std::string filename)
{
std::filesystem::path p(filename);
std::string ret = p.filename().string();
if (ret == "" || ret == "." || ret == "..")
return "generic_file.txt";
return ret;
}
std::string get_filename(std::string data) std::string get_filename(std::string data)
{ {
bool started_quote = false; bool started_quote = false;
@ -139,6 +149,7 @@ std::string get_filename(std::string data)
else if (started_quote) else if (started_quote)
ret.push_back(x); ret.push_back(x);
} }
ret = filename_sanitation(ret);
return ret; return ret;
} }
@ -181,6 +192,8 @@ char *search_substring(char *start_data, const char *substring, size_t size)
return NULL; return NULL;
} }
int main() int main()
{ {
netlib::server_raw server(150000000); netlib::server_raw server(150000000);
@ -243,6 +256,8 @@ int main()
else if (h.contains("Content-Length:")) else if (h.contains("Content-Length:"))
{ {
file_size = atoi_newline(h["Content-Length:"].c_str()); file_size = atoi_newline(h["Content-Length:"].c_str());
if (file_size > 1000000000) //1GB
server.disconnect_user(user);
} }
else if (line_str.contains(boundary) && boundary.contains("----")) else if (line_str.contains(boundary) && boundary.contains("----"))
{ {