prosody
bc1b375f379e

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Changeset

7063:bc1b375f379e

Merge 0.10->trunk
author Kim Alvefur <zash@zash.se>
date Fri, 08 Jan 2016 16:21:05 +0100
parents 7048:b58fd349ddfe (current diff) 7062:90e8bbfbaabd (diff)
children 7074:3ff83773ffc0
files
diffstat 7 files changed, 53 insertions(+), 31 deletions(-) [+]
line wrap: on
line diff
--- a/.hgtags	Mon Jan 04 09:14:57 2016 +0000
+++ b/.hgtags	Fri Jan 08 16:21:05 2016 +0100
@@ -56,3 +56,4 @@
 e4b998ffc92249ea96716ab878f961f03769339d 0.9.6
 9030b056bd4a5b8402c9b1e1cd65dd35f046032f 0.9.7
 b1c84d220c409b7b17cd41e850576db253406b0a 0.9.8
+7ec52755622f1009aaf7b02fc9bc91e8ad9974be 0.9.9
--- a/net/dns.lua	Mon Jan 04 09:14:57 2016 +0000
+++ b/net/dns.lua	Fri Jan 08 16:21:05 2016 +0100
@@ -591,7 +591,7 @@
 		if resolv_conf then
 			for line in resolv_conf:lines() do
 				line = line:gsub("#.*$", "")
-					:match('^%s*nameserver%s+([%x:%.]*)%s*$');
+					:match('^%s*nameserver%s+([%x:%.]*%%?%S*)%s*$');
 				if line then
 					local ip = new_ip(line);
 					if ip then
@@ -853,7 +853,9 @@
 					--self.print(response);
 
 					for j,rr in pairs(response.answer) do
-						self:remember(rr, response.question[1].type)
+						if rr.name:sub(-#response.question[1].name, -1) == response.question[1].name then
+							self:remember(rr, response.question[1].type)
+						end
 					end
 
 					-- retire the query
--- a/plugins/mod_http_files.lua	Mon Jan 04 09:14:57 2016 +0000
+++ b/plugins/mod_http_files.lua	Fri Jan 08 16:21:05 2016 +0100
@@ -49,6 +49,34 @@
 	end
 end
 
+local forbidden_chars_pattern = "[/%z]";
+if prosody.platform == "windows" then
+	forbidden_chars_pattern = "[/%z\001-\031\127\"*:<>?|]"
+end
+
+local urldecode = require "util.http".urldecode;
+function sanitize_path(path)
+	local out = {};
+
+	local c = 0;
+	for component in path:gmatch("([^/]+)") do
+		component = urldecode(component);
+		if component:find(forbidden_chars_pattern) then
+			return nil;
+		elseif component == ".." then
+			if c <= 0 then
+				return nil;
+			end
+			out[c] = nil;
+			c = c - 1;
+		elseif component ~= "." then
+			c = c + 1;
+			out[c] = component;
+		end
+	end
+	return "/"..table.concat(out, "/");
+end
+
 local cache = setmetatable({}, { __mode = "kv" }); -- Let the garbage collector have it if it wants to.
 
 function serve(opts)
@@ -60,7 +88,11 @@
 	local directory_index = opts.directory_index;
 	local function serve_file(event, path)
 		local request, response = event.request, event.response;
-		local orig_path = request.path;
+		path = sanitize_path(path);
+		if not path then
+			return 400;
+		end
+		local orig_path = sanitize_path(request.path);
 		local full_path = base_path .. (path and "/"..path or ""):gsub("/", path_sep);
 		local attr = stat(full_path:match("^.*[^\\/]")); -- Strip trailing path separator because Windows
 		if not attr then
--- a/tests/test.lua	Mon Jan 04 09:14:57 2016 +0000
+++ b/tests/test.lua	Fri Jan 08 16:21:05 2016 +0100
@@ -140,9 +140,12 @@
 	end
 
 	local oldmodule, old_M = _fakeG.module, _fakeG._M;
-	_fakeG.module = function () _M = unit end
+	_fakeG.module = function ()
+		setmetatable(unit, nil);
+		unit._M = unit;
+	end
 	setfenv(chunk, unit);
-	local success, ret = pcall(chunk);
+	local success, err = pcall(chunk);
 	_fakeG.module, _fakeG._M = oldmodule, old_M;
 	if not success then
 		print("WARNING: ", "Failed to initialise module: "..unitname, err);
--- a/util/ip.lua	Mon Jan 04 09:14:57 2016 +0000
+++ b/util/ip.lua	Fri Jan 08 16:21:05 2016 +0100
@@ -25,6 +25,10 @@
 	elseif proto ~= "IPv4" and proto ~= "IPv6" then
 		return nil, "invalid protocol";
 	end
+	local zone;
+	if proto == "IPv6" and ipStr:find('%', 1, true) then
+		ipStr, zone = ipStr:match("^(.-)%%(.*)");
+	end
 	if proto == "IPv6" and ipStr:find('.', 1, true) then
 		local changed;
 		ipStr, changed = ipStr:gsub(":(%d+)%.(%d+)%.(%d+)%.(%d+)$", function(a,b,c,d)
@@ -33,7 +37,7 @@
 		if changed ~= 1 then return nil, "invalid-address"; end
 	end
 
-	return setmetatable({ addr = ipStr, proto = proto }, ip_mt);
+	return setmetatable({ addr = ipStr, proto = proto, zone = zone }, ip_mt);
 end
 
 local function toBits(ip)
--- a/util/random.lua	Mon Jan 04 09:14:57 2016 +0000
+++ b/util/random.lua	Fri Jan 08 16:21:05 2016 +0100
@@ -6,35 +6,15 @@
 -- COPYING file in the source package for more information.
 --
 
-local tostring = tostring;
-local os_time = os.time;
-local os_clock = os.clock;
-local ceil = math.ceil;
-local H = require "util.hashes".sha512;
-
-local last_uniq_time = 0;
-local function uniq_time()
-	local new_uniq_time = os_time();
-	if last_uniq_time >= new_uniq_time then new_uniq_time = last_uniq_time + 1; end
-	last_uniq_time = new_uniq_time;
-	return new_uniq_time;
-end
-
-local function new_random(x)
-	return H(x..os_clock()..tostring({}));
-end
-
-local buffer = new_random(uniq_time());
+local urandom = assert(io.open("/dev/urandom", "r+"));
 
 local function seed(x)
-	buffer = new_random(buffer..x);
+	urandom:write(x);
+	urandom:flush();
 end
 
 local function bytes(n)
-	if #buffer < n+4 then seed(uniq_time()); end
-	local r = buffer:sub(1, n);
-	buffer = buffer:sub(n+1);
-	return r;
+	return urandom:read(n);
 end
 
 return {
--- a/util/uuid.lua	Mon Jan 04 09:14:57 2016 +0000
+++ b/util/uuid.lua	Fri Jan 08 16:21:05 2016 +0100
@@ -16,7 +16,7 @@
 end
 
 local function get_twobits()
-	return ("%x"):format(get_nibbles(1):byte() % 4 + 8);
+	return ("%x"):format(random_bytes(1):byte() % 4 + 8);
 end
 
 local function generate()