Chdir to script's directory before exec (per CGI spec)

author: Furkan Sahin <furkan-dev@proton.me> 2008-03-16 17:13:54 +0100
committer: Furkan Sahin <furkan-dev@proton.me> 2008-03-16 17:13:54 +0100
commit: 369997e2fba4b2400c18419a63dee99a232de2b3 (patch)
tree: 0770fc135196733406d22ec04932984a52a534d8
parent: 601dd7dc0d1347b2ab541993febd30104a954478 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/fcgiwrap.c b/fcgiwrap.c
index c65f240..626518f 100644
--- a/fcgiwrap.c
+++ b/fcgiwrap.c
@@ -236,6 +236,7 @@ static void handle_fcgi_request()
 	int pipe_out[2];
 	int pipe_err[2];
 	char *filename;
+	char *last_slash;
 	pid_t pid;
 
 	struct fcgi_context fc;
@@ -254,6 +255,20 @@ static void handle_fcgi_request()
 				puts("Status: 403 Forbidden\nContent-type: text/plain\n\n403");
 				exit(99);
 			}
+
+			last_slash = strrchr(filename, '/');
+			if (!last_slash) {
+				puts("Status: 403 Forbidden\nContent-type: text/plain\n\n403");
+				exit(99);
+			}
+
+			*last_slash = 0;
+			if (chdir(filename) < 0) {
+				puts("Status: 403 Forbidden\nContent-type: text/plain\n\n403");
+				exit(99);
+			}
+			*last_slash = '/';
+
 			close(pipe_in[1]);
 			close(pipe_out[0]);
 			close(pipe_err[0]);
author	Furkan Sahin <furkan-dev@proton.me>	2008-03-16 17:13:54 +0100
committer	Furkan Sahin <furkan-dev@proton.me>	2008-03-16 17:13:54 +0100
commit	369997e2fba4b2400c18419a63dee99a232de2b3 (patch)
tree	0770fc135196733406d22ec04932984a52a534d8
parent	601dd7dc0d1347b2ab541993febd30104a954478 (diff)