pimhwang
/
mediamtx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

hls, webrtc: prevent XSS attack when appending slash to paths (#2766) (#2767) (#2772)

pull/2773/head
Alessandro Ros 1 year ago committed by GitHub
parent
4ccb245feb
commit
aade2eedb9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 10 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      internal/core/hls_http_server.go
  2. 6
      internal/core/webrtc_http_server.go
  3. 12
      internal/protocols/httpserv/location_with_trailing_slash.go
  4. 36
      internal/protocols/httpserv/location_with_trailing_slash_test.go

6
internal/core/hls_http_server.go
Unescape View File

@ -146,11 +146,7 @@ func (s *hlsHTTPServer) onRequest(ctx *gin.Context) {
dir, fname = pa, "" dir, fname = pa, ""
if !strings.HasSuffix(dir, "/") { if !strings.HasSuffix(dir, "/") {
l := ctx.Request.URL.Path[1:] + "/" ctx.Writer.Header().Set("Location", httpserv.LocationWithTrailingSlash(ctx.Request.URL))
if ctx.Request.URL.RawQuery != "" {
l += "?" + ctx.Request.URL.RawQuery
}
ctx.Writer.Header().Set("Location", l)
ctx.Writer.WriteHeader(http.StatusMovedPermanently) ctx.Writer.WriteHeader(http.StatusMovedPermanently)
return return
} }

6
internal/core/webrtc_http_server.go
Unescape View File

@ -352,11 +352,7 @@ func (s *webRTCHTTPServer) onRequest(ctx *gin.Context) {
s.onPage(ctx, ctx.Request.URL.Path[1:len(ctx.Request.URL.Path)-len("/publish")], true) s.onPage(ctx, ctx.Request.URL.Path[1:len(ctx.Request.URL.Path)-len("/publish")], true)
case ctx.Request.URL.Path[len(ctx.Request.URL.Path)-1] != '/': case ctx.Request.URL.Path[len(ctx.Request.URL.Path)-1] != '/':
l := ctx.Request.URL.Path[1:] + "/" ctx.Writer.Header().Set("Location", httpserv.LocationWithTrailingSlash(ctx.Request.URL))
if ctx.Request.URL.RawQuery != "" {
l += "?" + ctx.Request.URL.RawQuery
}
ctx.Writer.Header().Set("Location", l)
ctx.Writer.WriteHeader(http.StatusMovedPermanently) ctx.Writer.WriteHeader(http.StatusMovedPermanently)
default: default:

12
internal/protocols/httpserv/location_with_trailing_slash.go
Unescape View File

@ -0,0 +1,12 @@
package httpserv
import "net/url"
// LocationWithTrailingSlash returns the URL in a relative format, with a trailing slash.
func LocationWithTrailingSlash(u *url.URL) string {
l := "./" + u.Path[1:] + "/"
if u.RawQuery != "" {
l += "?" + u.RawQuery
}
return l
}

36
internal/protocols/httpserv/location_with_trailing_slash_test.go
Unescape View File

@ -0,0 +1,36 @@
package httpserv
import (
"net/url"
"testing"
"github.com/stretchr/testify/require"
)
func TestLocationWithTrailingSlash(t *testing.T) {
for _, ca := range []struct {
name string
url *url.URL
loc string
}{
{
"with query",
&url.URL{
Path: "/test",
RawQuery: "key=value",
},
"./test/?key=value",
},
{
"xss",
&url.URL{
Path: "/www.example.com",
},
"./www.example.com/",
},
} {
t.Run(ca.name, func(t *testing.T) {
require.Equal(t, ca.loc, LocationWithTrailingSlash(ca.url))
})
}
}
Write Preview
Loading…
Cancel
Save