diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2017-03-05 15:39:45 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2017-03-08 11:42:59 -0500 |
commit | bd77abe0f81f196006dbd46d7be61e7cc36911be (patch) | |
tree | 8f3b4ca98ee0a1a5d5a17aea96bdfe536bd8839c /src/mod_alias.c | |
parent | 970f337c29e74b3e5f076cee105abc9739a9bd72 (diff) | |
download | lighttpd-git-bd77abe0f81f196006dbd46d7be61e7cc36911be.tar.gz |
[config] more specific checks for array lists
More specific checks on contents of array lists. Each module using
lists now does better checking on the types of values in the list
(strings, integers, arrays/lists)
This helps prevent misconfiguration of things like cgi.assign,
fastcgi.server, and scgi.server, where source code might be
served as static files if parenthesis are misplaced.
x-ref:
https://redmine.lighttpd.net/boards/2/topics/6571
Diffstat (limited to 'src/mod_alias.c')
-rw-r--r-- | src/mod_alias.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/mod_alias.c b/src/mod_alias.c index 0421d714..a19556db 100644 --- a/src/mod_alias.c +++ b/src/mod_alias.c @@ -89,6 +89,13 @@ SETDEFAULTS_FUNC(mod_alias_set_defaults) { if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { return HANDLER_ERROR; } + + if (!array_is_kvstring(s->alias)) { + log_error_write(srv, __FILE__, __LINE__, "s", + "unexpected value for alias.url; expected list of \"urlpath\" => \"filepath\""); + return HANDLER_ERROR; + } + if (s->alias->used >= 2) { const array *a = s->alias; size_t j, k; |