File bsc1122623.patch of Package openwsman.10653

Index: openwsman-2.4.11/src/server/shttpd/shttpd.c
===================================================================
--- openwsman-2.4.11.orig/src/server/shttpd/shttpd.c
+++ openwsman-2.4.11/src/server/shttpd/shttpd.c
@@ -337,10 +337,12 @@ date_to_epoch(const char *s)
 }
 
 static void
-remove_double_dots(char *s)
+remove_all_leading_dots(char *s)
 {
 	char	*p = s;
 
+	while (*s != '\0' && *s == '.') s++;
+
 	while (*s != '\0') {
 		*p++ = *s++;
 		if (s[-1] == '/' || s[-1] == '\\')
@@ -469,7 +471,7 @@ decide_what_to_do(struct conn *c)
 		*c->query++ = '\0';
 
 	url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
-	remove_double_dots(c->uri);
+	remove_all_leading_dots(c->uri);
 
 	if (strlen(c->uri) + strlen(c->ctx->document_root) >= sizeof(path)) {
 		send_server_error(c, 400, "URI is too long");
@@ -479,6 +481,7 @@ decide_what_to_do(struct conn *c)
 	(void) snprintf(path, sizeof(path), "%s%s",
 	    c->ctx->document_root, c->uri);
 
+	DBG(("decide_what_to_do -> processed path: [%s]", path));
 	/* User may use the aliases - check URI for mount point */
 	if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
 		(void) snprintf(path, sizeof(path), "%.*s%s",
@@ -500,6 +503,10 @@ decide_what_to_do(struct conn *c)
 		setup_embedded_stream(c, ruri->callback, ruri->callback_data);
 	} else
 #endif /* EMBEDDED */
+	{
+		send_server_error(c, 403, "Forbidden");
+	}
+#if 0
 	if (strstr(path, HTPASSWD)) {
 		/* Do not allow to view passwords files */
 		send_server_error(c, 403, "Forbidden");
@@ -579,6 +586,7 @@ decide_what_to_do(struct conn *c)
 	} else {
 		send_server_error(c, 500, "Internal Error");
 	}
+#endif
 }
 
 static int
@@ -621,6 +629,8 @@ parse_http_request(struct conn *c)
 	else if ((c->request = u_strndup(s, req_len)) == NULL)
 		send_server_error(c, 500, "Cannot allocate request");
 
+	io_inc_tail(&c->rem.io, req_len);
+
 	if (c->loc.flags & FLAG_CLOSED)
 		return;
 
@@ -689,7 +699,6 @@ parse_http_request(struct conn *c)
 		c->rem.io.total -= req_len;
 
 		c->rem.content_len = c->ch.cl.v_big_int;
-		io_inc_tail(&c->rem.io, req_len);
 
 		decide_what_to_do(c);
 	}
@@ -956,7 +965,7 @@ write_stream(struct stream *from, struct
 
 
 
-static void
+static int
 disconnect(struct llhead *lp)
 {
 	struct conn		*c = LL_ENTRY(lp, struct conn, link);
@@ -1000,7 +1009,7 @@ disconnect(struct llhead *lp)
 		(void) memset(&c->ch, 0, sizeof(c->ch));
 		io_clear(&c->loc.io);
 		if (io_data_len(&c->rem.io) > 0)
-			process_connection(c, 0, 0);
+			return 1;
 	} else {
 		if (c->rem.io_class != NULL)
 			c->rem.io_class->close(&c->rem);
@@ -1019,6 +1028,8 @@ disconnect(struct llhead *lp)
 
 		free(c);
 	}
+
+	return 0;
 }
 
 static int
@@ -1062,6 +1073,7 @@ process_connection(struct conn *c, int r
 		DBG(("locf=%x,remf=%x", c->loc.flags,c->rem.flags));
 #endif
 
+again:
 	/* Read from remote end if it is ready */
 		if(c->loc.flags & FLAG_RESPONSE_COMPLETE)
 				c->rem.flags &= ~ FLAG_HEADERS_PARSED;
@@ -1091,7 +1103,11 @@ process_connection(struct conn *c, int r
 	if ((current_time > c->expire_time) ||
 	    (c->rem.flags & FLAG_CLOSED) ||
 	    ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
-		disconnect(&c->link);
+		if (disconnect(&c->link)) {
+			remote_ready = 0;
+			local_ready = 0;
+			goto again;
+		}
 }
 
 /*
@@ -1306,7 +1322,7 @@ void
 shttpd_fini(struct shttpd_ctx *ctx)
 {
 	free_list(&ctx->mime_types, mime_type_destructor);
-	free_list(&ctx->connections, disconnect);
+	free_list(&ctx->connections, (void (*)(struct llhead *))disconnect);
 	free_list(&ctx->registered_uris, registered_uri_destructor);
  	free_list(&ctx->uri_auths, protected_uri_destructor);
 	free_list(&ctx->acl, acl_destructor);
Index: openwsman-2.4.11/src/server/wsmand.c
===================================================================
--- openwsman-2.4.11.orig/src/server/wsmand.c
+++ openwsman-2.4.11/src/server/wsmand.c
@@ -198,6 +198,11 @@ static void daemonize(void)
 	int fd;
 	char *pid;
 
+	/* Change our CWD to service_path */
+	i=chdir("/");
+	// i=chdir(wsmand_options_get_service_path());
+        assert(i == 0);
+
 	if (wsmand_options_get_foreground_debug() > 0) {
 		return;
 	}
@@ -214,10 +219,6 @@ static void daemonize(void)
 	log_pid = 0;
 	setsid();
 
-	/* Change our CWD to / */
-	i=chdir("/");
-        assert(i == 0);
-
 	/* Close all file descriptors. */
 	for (i = getdtablesize(); i >= 0; --i)
 		close(i);