[PATCHv2] httpd: don't drop QUERY_STRING when /cgi-bin/index.cgi is used

Denys Vlasenko vda.linux at googlemail.com
Sun Dec 18 02:11:06 UTC 2011 

On Saturday 17 December 2011 00:26, Peter Korsgaard wrote:
> The memory pointed to by g_query gets overwritten when the index_page
> is used, causing  URL arguments to get dropped when we fall back to
> /cgi-bin/index.cgi.
> 
> Work around it by making g_query a deep copy of urlp when CGI support
> is enabled, rather than silently dropping them.
> 
> Signed-off-by: Peter Korsgaard <jacmet at sunsite.dk>
> ---
>  Changes since v1:
>  - Use xstrdup and extend comment as suggested by Denys.
> 
>  networking/httpd.c |   11 +++++++++--
>  1 files changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/networking/httpd.c b/networking/httpd.c
> index f52785b..61e06ff 100644a
> --- a/networking/httpd.c
> +++ b/networking/httpd.c
> @@ -1996,7 +1996,16 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
>  	tptr = strchr(urlcopy, '?');
>  	if (tptr) {
>  		*tptr++ = '\0';
> +#if ENABLE_FEATURE_HTTPD_CGI
> +		/* when index_page string is appended to <dir>/ URL, it overwrites
> +		   the query string. If we fallback to call /cgi-bin/index.cgi,
> +		   query string would be lost and not available to the CGI.
> +		   Work around it by making a deep copy instead.
> +		*/
> +		g_query = xstrdup(tptr);
> +#else
>  		g_query = tptr;
> +#endif
>  	}
>  

I propose to move it to the site of aforementioned appending:

-       if (urlp[-1] == '/')
+       if (urlp[-1] == '/') {
+               /* When "index.html" is appended to "DIR/" URL, it overwrites
+                * the query string. If we fallback to call /cgi-bin/index.cgi,
+                * query string would be lost and not available to the CGI.
+                * Work around it by making a copy of g_query before overwriting.
+                */
+               if (ENABLE_FEATURE_HTTPD_CGI)
+                       g_query = xstrdup(g_query); /* note: ok even for NULL */
                strcpy(urlp, index_page);
+       }

This way, it's more obvoius, and only done when needed (=> only for dirs).


However, there is another problem. Check
/usr/srcdevel/bbox/fix/busybox.3/networking/httpd_indexcgi.c
See how it is determining _which directory_ to list.
It looks at $QUERY_STRING.

IOW: "g_query = urlcopy;" assignment you nuked wasn't a quick fix
for "query string is overwritten" bug. It was a way to give
cgi-bin/index.cgi a way to find the directory it is meant to list.

-- 
vda

More information about the busybox mailing list