diff options
| author |   schwarze <schwarze@openbsd.org> | 2014-07-25 19:36:02 +0000 |
|---|---|---|
| committer | schwarze <schwarze@openbsd.org> | 2014-07-25 19:36:02 +0000 |
| commit | b16bb5ddcfd1e9f8e3f35c51100a6de58642ffdc (patch) | |
| tree | b85bdd233f7629a7abd0cb9a5c78d0553a6c3249 /usr.bin/mandoc/cgi.c | |
| parent | We cannot easily control the order of the QUERY_STRING keys generated (diff) | |
| download | wireguard-openbsd-b16bb5ddcfd1e9f8e3f35c51100a6de58642ffdc.tar.xz wireguard-openbsd-b16bb5ddcfd1e9f8e3f35c51100a6de58642ffdc.zip | |
oops, we must not try to validate a manpath we don't have;
fixing an oversight introduced in rev. 1.17
Diffstat (limited to 'usr.bin/mandoc/cgi.c')
| -rw-r--r-- | usr.bin/mandoc/cgi.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/usr.bin/mandoc/cgi.c b/usr.bin/mandoc/cgi.c index 8f89965c55d..2c0b8c2aebe 100644 --- a/usr.bin/mandoc/cgi.c +++ b/usr.bin/mandoc/cgi.c @@ -1,4 +1,4 @@ -/* $Id: cgi.c,v 1.28 2014/07/25 18:19:33 schwarze Exp $ */ +/* $Id: cgi.c,v 1.29 2014/07/25 19:36:02 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de> @@ -1082,7 +1082,8 @@ main(void) if (NULL != (querystring = getenv("QUERY_STRING"))) http_parse(&req, querystring); - if ( ! validate_manpath(&req, req.q.manpath)) { + if ( ! (NULL == req.q.manpath || + validate_manpath(&req, req.q.manpath))) { pg_error_badrequest( "You specified an invalid manpath."); return(EXIT_FAILURE); |