Transplant of rev 544b654d000c: directory traversal attack in CGIHttpRequestHandler.

author: Georg Brandl <georg@python.org> 2013-11-11 05:10:23 (GMT)
committer: Georg Brandl <georg@python.org> 2013-11-11 05:10:23 (GMT)
commit: b3acaccf273feb720df10c2890d6c35ca8b62acd (patch)
tree: 857388a2ce1d64761d9359bfff4e78422c481fa7 /Lib/http/server.py
parent: 85b8be1ac88de7b2bbe06c47e45b9c0087e8037d (diff)
download: cpython-b3acaccf273feb720df10c2890d6c35ca8b62acd.zip
cpython-b3acaccf273feb720df10c2890d6c35ca8b62acd.tar.gz
cpython-b3acaccf273feb720df10c2890d6c35ca8b62acd.tar.bz2
1 files changed, 4 insertions, 5 deletions
diff --git a/Lib/http/server.py b/Lib/http/server.py
index ebc2a8f..2bfda12 100644
--- a/Lib/http/server.py
+++ b/Lib/http/server.py
@@ -987,18 +987,17 @@ class CGIHTTPRequestHandler(SimpleHTTPRequestHandler):
 
     def run_cgi(self):
         """Execute a CGI script."""
-        path = self.path
         dir, rest = self.cgi_info
 
-        i = path.find('/', len(dir) + 1)
+        i = rest.find('/')
         while i >= 0:
-            nextdir = path[:i]
-            nextrest = path[i+1:]
+            nextdir = rest[:i]
+            nextrest = rest[i+1:]
 
             scriptdir = self.translate_path(nextdir)
             if os.path.isdir(scriptdir):
                 dir, rest = nextdir, nextrest
-                i = path.find('/', len(dir) + 1)
+                i = rest.find('/')
             else:
                 break
author	Georg Brandl <georg@python.org>	2013-11-11 05:10:23 (GMT)
committer	Georg Brandl <georg@python.org>	2013-11-11 05:10:23 (GMT)
commit	b3acaccf273feb720df10c2890d6c35ca8b62acd (patch)
tree	857388a2ce1d64761d9359bfff4e78422c481fa7 /Lib/http/server.py
parent	85b8be1ac88de7b2bbe06c47e45b9c0087e8037d (diff)
download	cpython-b3acaccf273feb720df10c2890d6c35ca8b62acd.zip cpython-b3acaccf273feb720df10c2890d6c35ca8b62acd.tar.gz cpython-b3acaccf273feb720df10c2890d6c35ca8b62acd.tar.bz2