[BusyBox] httpd cgi execute patch for cvs

Peter Willis psyphreak at phreaker.net
Fri Feb 6 09:15:15 UTC 2004


On Fri, 06 Feb 2004 10:31:38 +0300
"Vladimir N. Oleynik" <dzo at simtreas.ru> wrote:

> Peter,
> 
> > hey all, i've updated my old busybox 1.00-pre5 patch to current CVS. to
> > recap, it's a compile-time option for the httpd applet that makes any
> > executable file run as a CGI script. this is similar to a feature in
> > thttpd that uses a regex to match files to execute; perhaps a similar
> > feature would be useful for busybox's httpd but for now this has the
> > same effect as matching all executable files.
> > 
> > if it needs cleaning up i'm all ears. patch should be following it some
> > time to allow for a specific default page instead of just index.html
> > (when combined with this page it will allow for an index.cgi script).
> 
> Your patch have small problem:
> 
> +       if (access(test, X_OK) == 0) { // if executable, sendCgi it 
> 
> +               if(test[7] == '/' && test[8] == 0) 
> 
> 
> Checking test[7] is valid for "/cgi-bin/" or bigger string.
> But you testing all url, may be shorted 7 bytes.
> 

aaaaahhhhh.... can't believe i missed that :-X right there i was trying to
check if it was a directory and if it was then say FORBIDDEN (like with
/cgi-bin/).

really to get a proper fix i need to write the "default file location"
patch, but i don't have time until the weekend. i'll try to have a patch
ready by sunday or so. from what i can tell theres no code to list a
directory if it doesn't have any index files so i'll write that in too.

> 
> PS: I think, must freeze adding feature. Busybox haven`t release VERY many
> time :(

i agree, it's not very important anyway so i guess after 1.00 the busybox
team can think about including it? :)

> 
> --w
> vodz
> 


-- 

'Twas midnight, and the UNIX hacks
Did gyre and gimble in their cave
All mimsy was the CS-VAX
And Cory raths outgrabe.
 
"Beware the software rot, my son!
The faults that bite, the jobs that thrash!
Beware the broken pipe, and shun
The frumious system crash!"



More information about the busybox mailing list