From 03411d9cc82b785893e261bf3f276ce016a2b5c7 Mon Sep 17 00:00:00 2001
From: =?utf8?q?cat=20=C3=A6scling?=
 <11325618-aescling@users.noreply.gitlab.com>
Date: Thu, 27 Jul 2023 03:53:41 -0400
Subject: [PATCH] clean-dot-directories: fix: clear arg envvars on loop

Otherwise, with mischevious client requests, we run out of room for all
the cut up versions of the requested resource we store copies of. This
actually crashes in a way the client does not notice, though all the
extra string processing does have a noticable performance cost.

It is possible that the result of crashing could be a request that
exposes files outside subdirectories of supported_domains, as the
remaining dot-dots would be interpreted literally. Instead of attempting
this exploit I have simply fixed the bug.

Perhaps we *should* have been using sed(1) all along...
---
 visible-to-httpd/binaries/clean-dot-directories.execline | 1 +
 1 file changed, 1 insertion(+)

diff --git a/visible-to-httpd/binaries/clean-dot-directories.execline b/visible-to-httpd/binaries/clean-dot-directories.execline
index 3a3117e..99e80ea 100755
--- a/visible-to-httpd/binaries/clean-dot-directories.execline
+++ b/visible-to-httpd/binaries/clean-dot-directories.execline
@@ -8,6 +8,7 @@ importas given 1
 case -N -- ${given} {
     "(.*)/\\.\\.?(/.*)?" {
         elgetpositionals
+        emptyenv -P
         clean-dot-directories.execline ${1}${2}
     }
 }
-- 
2.47.3