aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2017-09-01 17:06:12 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2017-09-01 17:06:12 +0200
commit94aaf4b5d3c649a281299aedba08ce1939780fb4 (patch)
tree8320cc26d31a1ad2975e3728ddb3b1f2703c9591
parente39da802dd6d3ccfb95865139f98b184db0e175b (diff)
downloadbusybox-w32-94aaf4b5d3c649a281299aedba08ce1939780fb4.tar.gz
busybox-w32-94aaf4b5d3c649a281299aedba08ce1939780fb4.tar.bz2
busybox-w32-94aaf4b5d3c649a281299aedba08ce1939780fb4.zip
httpd: skip "Status: " from CGI, including space. Closes 10291
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat
-rw-r--r--networking/httpd.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index 9369de824..c82383507 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1371,12 +1371,13 @@ static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post
1371 out_cnt += count; 1371 out_cnt += count;
1372 count = 0; 1372 count = 0;
1373 /* "Status" header format is: "Status: 302 Redirected\r\n" */ 1373 /* "Status" header format is: "Status: 302 Redirected\r\n" */
1374 if (out_cnt >= 7 && memcmp(rbuf, "Status:", 7) == 0) { 1374 if (out_cnt >= 8 && memcmp(rbuf, "Status: ", 8) == 0) {
1375 /* send "HTTP/1.0 " */ 1375 /* send "HTTP/1.0 " */
1376 if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9) 1376 if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9)
1377 break; 1377 break;
1378 rbuf += 7; /* skip "Status:" */ 1378 /* skip "Status: " (including space, sending "HTTP/1.0 NNN" is wrong) */
1379 count = out_cnt - 7; 1379 rbuf += 8;
1380 count = out_cnt - 8;
1380 out_cnt = -1; /* buffering off */ 1381 out_cnt = -1; /* buffering off */
1381 } else if (out_cnt >= 4) { 1382 } else if (out_cnt >= 4) {
1382 /* Did CGI add "HTTP"? */ 1383 /* Did CGI add "HTTP"? */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 07:38:22 +0000