[BusyBox 0001184]: httpd cgi implementation broken by cset 17196
bugs at busybox.net
bugs at busybox.net
Mon Jan 29 14:54:05 UTC 2007
The following issue has been SUBMITTED.
======================================================================
http://busybox.net/bugs/view.php?id=1184
======================================================================
Reported By: aschultz
Assigned To: BusyBox
======================================================================
Project: BusyBox
Issue ID: 1184
Category: Networking Support
Reproducibility: always
Severity: major
Priority: normal
Status: assigned
======================================================================
Date Submitted: 01-29-2007 06:54 PST
Last Modified: 01-29-2007 06:54 PST
======================================================================
Summary: httpd cgi implementation broken by cset 17196
Description:
cset 17196 contains this beauty (slightly edited to highlight my point):
- if (strncmp(rbuf, "HTTP/1.0 200 OK\r\n", 4) != 0) {
- /* there is no "HTTP", do it ourself */
- full_write(s, "HTTP/1.0 200 OK\r\n", 17);
- } /* hmm, maybe 'else if'? */
- if (!strstr(rbuf, "ontent-")) {
- full_write(s, "Content-type: text/plain\r\n\r\n", 28);
- }
- firstLine = 0;
+#define HTTP_200 "HTTP/1.0 200 OK\r\n\r\n"
+ if (memcmp(rbuf, HTTP_200, 4) != 0) {
+ /* there is no "HTTP", do it ourself */
+ full_write(s, HTTP_200, sizeof(HTTP_200)-1);
+ }
+#undef HTTP_200
This breaks cgi scripts that omit to send a HTTP/1.0 header but continue
to send other headers. The fix is simple, change the #define HTTP_200 to:
#define HTTP_200 "HTTP/1.0 200 OK\r\n"
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
01-29-07 06:54 aschultz New Issue
01-29-07 06:54 aschultz Status new => assigned
01-29-07 06:54 aschultz Assigned To => BusyBox
======================================================================
More information about the busybox-cvs
mailing list