int n;
char cbuf[128];
n = evbuffer_remove(buf, cbuf, sizeof(buf)-1);
- fwrite(cbuf, 1, n, stdout);
+ if (n > 0)
+ (void) fwrite(cbuf, 1, n, stdout);
}
puts(">>>");
/* We need to decode it, to see what path the user really wanted. */
decoded_path = evhttp_uridecode(path, 0, NULL);
+ if (decoded_path == NULL)
+ goto err;
/* Don't allow any ".."s in the path, to avoid exposing stuff outside
* of the docroot. This test is both overzealous and underzealous:
* it forbids aceptable paths like "/this/one..here", but it doesn't