[PATCH] httpd: don't drop QUERY_STRING when /cgi-bin/index.cgi is used

walter harms wharms at bfs.de
Thu Dec 15 16:17:28 UTC 2011



Am 15.12.2011 16:50, schrieb Paulius Zaleckas:
> On 12/15/2011 05:44 PM, Peter Korsgaard wrote:
>> The memory pointed to by g_query gets overwritten when the index_page
>> is used, causing URL arguments to get dropped when we fall back to
>> /cgi-bin/index.cgi.
>>
>> Work around it by making g_query a deep copy of urlp when CGI support
>> is enabled, rather than silently dropping them.
>>
>> Signed-off-by: Peter Korsgaard<jacmet at sunsite.dk>
>> ---
>>   networking/httpd.c |    9 +++++++--
>>   1 files changed, 7 insertions(+), 2 deletions(-)
>>
>> diff --git a/networking/httpd.c b/networking/httpd.c
>> index 0356e4c..37d6577 100644
>> --- a/networking/httpd.c
>> +++ b/networking/httpd.c
>> @@ -1996,7 +1996,14 @@ static void handle_incoming_and_exit(const
>> len_and_sockaddr *fromAddr)
>>       tptr = strchr(urlcopy, '?');
>>       if (tptr) {
>>           *tptr++ = '\0';
>> +#if ENABLE_FEATURE_HTTPD_CGI
>> +        /* tptr gets overwritten by index_page, so do deep copy
>> +           for /cgi-bin/index.cgi */
>> +        g_query = alloca(strlen(tptr) + 1);
>> +        strcpy((char *)g_query, tptr);
> 
> Why not use strdup() instead?

Why not use strdupa() instead?

re,
 wh
> 
>> +#else
>>           g_query = tptr;
>> +#endif
>>       }
>>
>>       /* Decode URL escape sequences */
>> @@ -2265,8 +2272,6 @@ static void handle_incoming_and_exit(const
>> len_and_sockaddr *fromAddr)
>>           /* It's a dir URL and there is no index.html
>>            * Try cgi-bin/index.cgi */
>>           if (access("/cgi-bin/index.cgi"+1, X_OK) == 0) {
>> -            urlp[0] = '\0';
>> -            g_query = urlcopy;
>>               send_cgi_and_exit("/cgi-bin/index.cgi", prequest,
>> length, cookie, content_type);
>>           }
>>       }
> 
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://lists.busybox.net/mailman/listinfo/busybox
> 
> 


More information about the busybox mailing list