From: cat æscling <11325618-aescling@users.noreply.gitlab.com>
Date: Thu, 27 Jul 2023 07:53:41 +0000 (-0400)
Subject: clean-dot-directories: fix: clear arg envvars on loop
X-Git-Tag: v1.0.0~13
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=03411d9cc82b785893e261bf3f276ce016a2b5c7;p=httpd-execline.git

clean-dot-directories: fix: clear arg envvars on loop

Otherwise, with mischevious client requests, we run out of room for all
the cut up versions of the requested resource we store copies of. This
actually crashes in a way the client does not notice, though all the
extra string processing does have a noticable performance cost.

It is possible that the result of crashing could be a request that
exposes files outside subdirectories of supported_domains, as the
remaining dot-dots would be interpreted literally. Instead of attempting
this exploit I have simply fixed the bug.

Perhaps we *should* have been using sed(1) all along...
---

diff --git a/visible-to-httpd/binaries/clean-dot-directories.execline b/visible-to-httpd/binaries/clean-dot-directories.execline
index 3a3117e..99e80ea 100755
--- a/visible-to-httpd/binaries/clean-dot-directories.execline
+++ b/visible-to-httpd/binaries/clean-dot-directories.execline
@@ -8,6 +8,7 @@ importas given 1
 case -N -- ${given} {
     "(.*)/\\.\\.?(/.*)?" {
         elgetpositionals
+        emptyenv -P
         clean-dot-directories.execline ${1}${2}
     }
 }