From a9941855b2e9a1858786734148f6c3ff28f39b69 Mon Sep 17 00:00:00 2001
From: schwarze <schwarze@openbsd.org>
Date: Wed, 19 Apr 2017 00:59:32 +0000
Subject: [PATCH] More thoroughly reject direct access to unintended files,
 such that URIs like http://man.openbsd.org/OpenBSD-current/mandoc.db and
 http://man.openbsd.org/OpenBSD-current/man1/ do not cause display of garbage.

---
 usr.bin/mandoc/cgi.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/usr.bin/mandoc/cgi.c b/usr.bin/mandoc/cgi.c
index 6b4b5dea679..8de67ca9121 100644
--- a/usr.bin/mandoc/cgi.c
+++ b/usr.bin/mandoc/cgi.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cgi.c,v 1.91 2017/03/18 16:48:07 schwarze Exp $ */
+/*	$OpenBSD: cgi.c,v 1.92 2017/04/19 00:59:32 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@usta.de>
@@ -1067,7 +1067,8 @@ main(void)
 
 	if (*path != '\0') {
 		parse_path_info(&req, path);
-		if (req.q.manpath == NULL || access(path, F_OK) == -1)
+		if (req.q.manpath == NULL || req.q.sec == NULL ||
+		    *req.q.query == '\0' || access(path, F_OK) == -1)
 			path = "";
 	} else if ((querystring = getenv("QUERY_STRING")) != NULL)
 		parse_query_string(&req, querystring);
-- 
2.20.1