diff options
| author | Stefan Boberg <[email protected]> | 2026-03-21 20:56:52 +0100 |
|---|---|---|
| committer | Stefan Boberg <[email protected]> | 2026-03-21 20:56:52 +0100 |
| commit | 40aa894401912a84a8d4f48de83f37a1b6c3801a (patch) | |
| tree | ec0efd6c0656bd44e01402de61464546ad3cf6d7 /src/zenhttp/httpserver.cpp | |
| parent | Fix ParsePackageMessage calls to allow local references where expected (diff) | |
| download | zen-40aa894401912a84a8d4f48de83f37a1b6c3801a.tar.xz zen-40aa894401912a84a8d4f48de83f37a1b6c3801a.zip | |
Add ILocalRefPolicy to validate local file reference paths against data root
Restrict local-ref file paths to the server's data directories to prevent
a local process from reading arbitrary files via crafted local references.
The policy uses weakly_canonical + prefix matching (fail-closed when no
policy is configured). Handle-based refs bypass the policy since they
rely on OS handle security.
Diffstat (limited to 'src/zenhttp/httpserver.cpp')
| -rw-r--r-- | src/zenhttp/httpserver.cpp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/src/zenhttp/httpserver.cpp b/src/zenhttp/httpserver.cpp index d15ef7a00..ead89eb58 100644 --- a/src/zenhttp/httpserver.cpp +++ b/src/zenhttp/httpserver.cpp @@ -485,6 +485,12 @@ HttpService::AcceptsLocalFileReferences() const return false; } +const ILocalRefPolicy* +HttpService::GetLocalRefPolicy() const +{ + return nullptr; +} + ////////////////////////////////////////////////////////////////////////// HttpServerRequest::HttpServerRequest(HttpService& Service) : m_Service(Service) @@ -713,7 +719,8 @@ HttpServerRequest::ReadPayloadPackage() { ParseFlags Flags = (IsLocalMachineRequest() && m_Service.AcceptsLocalFileReferences()) ? ParseFlags::kAllowLocalReferences : ParseFlags::kDefault; - return ParsePackageMessage(std::move(Payload), {}, Flags); + const ILocalRefPolicy* Policy = EnumHasAllFlags(Flags, ParseFlags::kAllowLocalReferences) ? m_Service.GetLocalRefPolicy() : nullptr; + return ParsePackageMessage(std::move(Payload), {}, Flags, Policy); } return {}; @@ -1267,10 +1274,12 @@ HandlePackageOffers(HttpService& Service, HttpServerRequest& Request, Ref<IHttpP return PackageHandlerRef->CreateTarget(Cid, Size); }; - ParseFlags PkgFlags = (Request.IsLocalMachineRequest() && Service.AcceptsLocalFileReferences()) - ? ParseFlags::kAllowLocalReferences - : ParseFlags::kDefault; - CbPackage Package = ParsePackageMessage(Request.ReadPayload(), CreateBuffer, PkgFlags); + ParseFlags PkgFlags = (Request.IsLocalMachineRequest() && Service.AcceptsLocalFileReferences()) + ? ParseFlags::kAllowLocalReferences + : ParseFlags::kDefault; + const ILocalRefPolicy* PkgPolicy = + EnumHasAllFlags(PkgFlags, ParseFlags::kAllowLocalReferences) ? Service.GetLocalRefPolicy() : nullptr; + CbPackage Package = ParsePackageMessage(Request.ReadPayload(), CreateBuffer, PkgFlags, PkgPolicy); PackageHandlerRef->OnRequestComplete(); } |