From 07800d69c08d91b9ad25d94ce7ba3c3a397b7775 Mon Sep 17 00:00:00 2001
From: Xory <xorycode@shuriken.pm>
Date: Sun, 29 Sep 2024 12:16:13 +0300
Subject: [PATCH] fix: hard patch that CVE O1 found

---
 src/lib.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/lib.rs b/src/lib.rs
index 0b58d6f..6b84028 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -14,6 +14,11 @@ pub fn handle_client(mut connection: TcpStream, target_dir: &String) -> std::io:
         return Ok(())
     }
     let client_desired_file_path = format!("{}/{}", target_dir, &header.split(" ").collect::<Vec<&str>>()[1][1..]); // Your code is not optimised if it doesn't make an inexperienced rustdev have a heart attack.
+    if client_desired_file_path.contains("..") {
+        connection.shutdown(Shutdown::Both)?;
+        println!("You should kill yourself... NOW!");
+        return Ok(())
+    }
     dbg!(&client_desired_file_path);
     // let file_size: usize = fs::metadata(client_desired_file_path)?.len().try_into().unwrap();
     // let mut buffer = vec![0 as u8; file_size]; // Nuke the buffer.