[git commit] httpd: skip "Status: " from CGI, including space. Closes 10291

Denys Vlasenko vda.linux at googlemail.com
Fri Sep 1 15:06:12 UTC 2017


commit: https://git.busybox.net/busybox/commit/?id=94aaf4b5d3c649a281299aedba08ce1939780fb4
branch: https://git.busybox.net/busybox/commit/?id=refs/heads/master

Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
---
 networking/httpd.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/networking/httpd.c b/networking/httpd.c
index 9369de8..c823835 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1371,12 +1371,13 @@ static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post
 				out_cnt += count;
 				count = 0;
 				/* "Status" header format is: "Status: 302 Redirected\r\n" */
-				if (out_cnt >= 7 && memcmp(rbuf, "Status:", 7) == 0) {
+				if (out_cnt >= 8 && memcmp(rbuf, "Status: ", 8) == 0) {
 					/* send "HTTP/1.0 " */
 					if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9)
 						break;
-					rbuf += 7; /* skip "Status:" */
-					count = out_cnt - 7;
+					/* skip "Status: " (including space, sending "HTTP/1.0  NNN" is wrong) */
+					rbuf += 8;
+					count = out_cnt - 8;
 					out_cnt = -1; /* buffering off */
 				} else if (out_cnt >= 4) {
 					/* Did CGI add "HTTP"? */


More information about the busybox-cvs mailing list