Limit CGI processes to a particular path.
This commit is contained in:
Solderpunk
parent
cadb7b2ea5
commit
8239e7fd3f
2 changed files with 6 additions and 1 deletions
|
|
@ -12,6 +12,7 @@ type Config struct {
|
|||
DocBase string
|
||||
HomeDocBase string
|
||||
LogPath string
|
||||
CGIPath string
|
||||
}
|
||||
|
||||
func getConfig(filename string) (Config, error) {
|
||||
|
|
@ -26,6 +27,7 @@ func getConfig(filename string) (Config, error) {
|
|||
config.DocBase = "/var/gemini/"
|
||||
config.HomeDocBase = "users"
|
||||
config.LogPath = "molly.log"
|
||||
config.CGIPath = "^/var/gemini/cgi-bin/"
|
||||
|
||||
// Return defaults if no filename given
|
||||
if filename == "" {
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@ import (
|
|||
"os"
|
||||
"os/exec"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
|
@ -124,8 +125,10 @@ func handleGeminiRequest(conn net.Conn, config Config, logEntries chan LogEntry)
|
|||
log.Status = 20
|
||||
conn.Write([]byte(generateDirectoryListing(path)))
|
||||
return
|
||||
}
|
||||
// If this file is executable, get dynamic content
|
||||
} else if info.Mode().Perm() & 0111 == 0111 {
|
||||
inCGIPath, err := regexp.Match(config.CGIPath, []byte(path))
|
||||
if inCGIPath && info.Mode().Perm() & 0111 == 0111 {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||
defer cancel()
|
||||
cmd := exec.CommandContext(ctx, path)
|
||||
|
|
|
|||
Loading…
Reference in a new issue