[PATCHv3] httpd: don't drop/abuse QUERY_STRING when /cgi-bin/index.cgi is used
Denys Vlasenko
vda.linux at googlemail.com
Mon Dec 19 11:33:08 UTC 2011
On Mon, Dec 19, 2011 at 10:56 AM, Peter Korsgaard <jacmet at sunsite.dk> wrote:
> The memory pointed to by g_query gets overwritten when the index_page
> is used, causing URL arguments to get dropped when we fall back to
> /cgi-bin/index.cgi. QUERY_STRING if furthermore hijacked to pass the
> original (<DIR>/) URI to the CGI script, which is quite non-standard
> and disallows use of URL arguments.
>
> Fix it by instead passing the original URI in REQUEST_URI, and make a
> deep copy of the URL arguments before they get overwritten, if needed.
>
> Also update httpd_indexcgi to take the directory location from
> REQUEST_URI instead.
Applied, thanks!
--
vda
More information about the busybox
mailing list