[BusyBox] httpd w/ SSI support (full patch)

Vladimir N. Oleynik dzo at simtreas.ru
Sat Dec 25 09:33:40 UTC 2004 

jean-marc.morin3,

(Can I see your real name? ;-)

>>Your putCgiEnvVar() have buffer overflow problem, why you do not use 
>>my function addEnv() ?
>>

> This function was just an attempt to consolidate your sendCgi portion with
> my need concerning CGI variable, and get a more compact code. Sorry for the
> buffer issue. I'll take your code if you extract the CGI declaration from
> the sendCgi function.

Trivial changes:

 > +   const char *CgiVars[] =
 > +      {
 > +        //"PATH", "", "", getenv("PATH"),
 > +        "SERVER", "_", "PROTOCOL", "HTTP/1.0",   // FIX-ME:
 > +	"GATEWAY", "_", "INTERFACE", "CGI/1.1",  // FIX-ME:
 > +        "SERVER", "_", "SOFTWARE", httpdVersion, // FIX-ME:
 > +        "QUERY", "_", "STRING", config->query,
 > +        "REMOTE", "_", "ADDR", config->rmt_ip_str,
 > +        "PATH", "_", "INFO", path_info,
 > +        "REQUEST", "_", "URI", request_uri,
 > +        "REQUEST", "_", "METHOD", request_method,
 > +        "SCRIPT", "_", "NAME", script_name,
 > +        "CONTENT", "_", "LENGTH", content_length,
 > +        "CONTENT", "_", "TYPE", content_type,
 > +        "HTTP", "_", "COOKIE", http_cookie,
 > +        "HTTP", "_", "REFERER", config->referer,
 > +#ifdef CONFIG_FEATURE_HTTPD_BASIC_AUTH
 > +        "REMOTE", "_", "USER", config->remoteuser,
 > +        "AUTH", "_", "TYPE", config->remoteuser?"Basic":NULL,
 > +#endif
 > +        0,  0,  0,  0
 > +      };
 > +   const char ** curs;
 > +
 > +   for(curs = CgiVars;*curs;curs+=4)
 > +      {
 > +        char buf[MAX_MEMORY_BUFF]; // CAVEAT: buffer overflow
 > +
 > +        if(curs[3])
 > +          {
 > +            strcpy(buf,curs[0]);
 > +            strcat(buf,curs[1]);
 > +            strcat(buf,curs[2]);
 > +            strcat(buf,"=");
 > +            strcat(buf,curs[3]);
 > +            putenv( strdup( buf ) );
 > +         }
 > +      }

to:

+   const char *CgiVars[] =
+      {
+        //"PATH", "", getenv("PATH"),
+        "SERVER", "PROTOCOL", "HTTP/1.0",   // FIX-ME:
+        "GATEWAY","INTERFACE", "CGI/1.1",  // FIX-ME:
+        "SERVER", "SOFTWARE", httpdVersion, // FIX-ME:
+        "QUERY",  "STRING", config->query,
+        "REMOTE", "ADDR", config->rmt_ip_str,
+        "PATH",   "INFO", path_info,
+        "REQUEST", "URI", request_uri,
+        "REQUEST", "METHOD", request_method,
+        "SCRIPT",  "NAME", script_name,
+        "CONTENT", "LENGTH", content_length,
+        "CONTENT", "TYPE", content_type,
+        "HTTP",    "COOKIE", http_cookie,
+        "HTTP",    "REFERER", config->referer,
+#ifdef CONFIG_FEATURE_HTTPD_BASIC_AUTH
+        "REMOTE",  "USER", config->remoteuser,
+        "AUTH",    "TYPE", config->remoteuser?"Basic":NULL,
+#endif
+        0,  0,  0,  0
+      };
+   const char ** curs;
+
+   for(curs = CgiVars;*curs;curs+=3) {
+        if(curs[3]) {
+            addEnv(curs[0], curs[1], curs[2]);
+         }
+      }

>>I do not understand, what for you use "for" cycles in this code.
> 
> 
> I was too lazy to spend time to figure out what could be 0,1,2 in all
> configuration. This trick just take care that the nuls I use for dup to
> stdin, will never come from the range 0,1,2. Don't even mention it is bad
> coding technique, I admit it unreservedly. I have a rewrite of this in my
> plan. In the mean time, let says ... "it works" :-o

I think, it is necessary to make two variants:
1) for standalone daemon (not form inetd) daemon() always set 0,1,2
to /dev/null, and socket fd is > 2
2) for from inetd usage, 0,1,2 set to socket

#ifndef CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY
	/* standalone, set stdout and stderr
	   from /dev/null to accepted socket */
	fd1 = dup(1);
	dup2(a_c_w, 1);
	dup2(a_c_w, 2);
#else
	/* from inetd - set stdin from socket to /dev/null */
	close(0);
	open("/dev/null", O_RDONLY);	
#endif

	system(...);

#ifndef CONFIG_FEATURE_HTTPD_USAGE_FROM_INETD_ONLY
	dup2(fd1, 1);
	dup2(fd1, 2);
	close(fd1);
#else	
	dup2(a_c_w, 0);
#endif

Its easy for see. Right?

> 
>>I think, here too it is required to use path by default:
>>/var/run/httpd.pid
> 
> 
> I did not understand this one.

Always set s_pidfile.

 > +  const char *s_pidfile;
+  const char *s_pidfile = "/var/run/httpd.pid";

(hmm, and your patch have problem: forgoten set to NULL).


> BTW, my mail to your address (vodz) get bounced back undelivered. Is this on
> purpose or an issue due my ip range blocked at some point (get a dynamic
> french IP range).

Ok. I change REJECT:wanadoo.fr to REJECT:abo.wanadoo.fr
(ohh, many spam from this)


--w
vodz

More information about the busybox mailing list