diff options
| author | Denis Vlasenko <vda.linux@googlemail.com> | 2007-08-11 20:20:02 +0000 |
|---|---|---|
| committer | Denis Vlasenko <vda.linux@googlemail.com> | 2007-08-11 20:20:02 +0000 |
| commit | e5d37ccb6e7ea12b61f1063fec13b2e9abbfcb84 (patch) | |
| tree | 3b34351acd2a0abc52a086a30ddac908d346f30e /networking/httpd.c | |
| parent | f893da875a24138fac30f070c7101b5330f0fef0 (diff) | |
| download | busybox-w32-e5d37ccb6e7ea12b61f1063fec13b2e9abbfcb84.tar.gz busybox-w32-e5d37ccb6e7ea12b61f1063fec13b2e9abbfcb84.tar.bz2 busybox-w32-e5d37ccb6e7ea12b61f1063fec13b2e9abbfcb84.zip | |
httpd: fix CGI handling bug (we were closing wrong fd).
Diffstat (limited to '')
| -rw-r--r-- | networking/httpd.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/networking/httpd.c b/networking/httpd.c index 7c91bd597..7f2594aca 100644 --- a/networking/httpd.c +++ b/networking/httpd.c | |||
| @@ -989,8 +989,8 @@ static int sendCgi(const char *url, | |||
| 989 | const char *request, int bodyLen, const char *cookie, | 989 | const char *request, int bodyLen, const char *cookie, |
| 990 | const char *content_type) | 990 | const char *content_type) |
| 991 | { | 991 | { |
| 992 | int fromCgi[2]; /* pipe for reading data from CGI */ | 992 | struct { int rd; int wr; } fromCgi; /* CGI -> httpd pipe */ |
| 993 | int toCgi[2]; /* pipe for sending data to CGI */ | 993 | struct { int rd; int wr; } toCgi; /* httpd -> CGI pipe */ |
| 994 | char *fullpath; | 994 | char *fullpath; |
| 995 | char *argp[] = { NULL, NULL }; | 995 | char *argp[] = { NULL, NULL }; |
| 996 | int pid = 0; | 996 | int pid = 0; |
| @@ -1000,9 +1000,9 @@ static int sendCgi(const char *url, | |||
| 1000 | int status; | 1000 | int status; |
| 1001 | size_t post_read_size, post_read_idx; | 1001 | size_t post_read_size, post_read_idx; |
| 1002 | 1002 | ||
| 1003 | if (pipe(fromCgi) != 0) | 1003 | if (pipe(&fromCgi.rd) != 0) |
| 1004 | return 0; | 1004 | return 0; |
| 1005 | if (pipe(toCgi) != 0) | 1005 | if (pipe(&toCgi.rd) != 0) |
| 1006 | return 0; | 1006 | return 0; |
| 1007 | 1007 | ||
| 1008 | /* | 1008 | /* |
| @@ -1039,13 +1039,13 @@ static int sendCgi(const char *url, | |||
| 1039 | if (server_socket > 1) | 1039 | if (server_socket > 1) |
| 1040 | close(server_socket); | 1040 | close(server_socket); |
| 1041 | 1041 | ||
| 1042 | xmove_fd(toCgi[0], 0); /* replace stdin with the pipe */ | 1042 | xmove_fd(toCgi.rd, 0); /* replace stdin with the pipe */ |
| 1043 | xmove_fd(fromCgi[1], 1); /* replace stdout with the pipe */ | 1043 | xmove_fd(fromCgi.wr, 1); /* replace stdout with the pipe */ |
| 1044 | close(fromCgi[0]); | 1044 | close(fromCgi.rd); |
| 1045 | close(fromCgi[1]); | 1045 | close(toCgi.wr); |
| 1046 | /* Huh? User seeing stderr can be a security problem... | 1046 | /* Huh? User seeing stderr can be a security problem... |
| 1047 | * and if CGI really wants that, it can always dup2(1,2)... | 1047 | * and if CGI really wants that, it can always dup2(1,2)... |
| 1048 | * dup2(fromCgi[1], 2); */ | 1048 | * dup2(fromCgi.wr, 2); */ |
| 1049 | 1049 | ||
| 1050 | /* | 1050 | /* |
| 1051 | * Find PATH_INFO. | 1051 | * Find PATH_INFO. |
| @@ -1175,10 +1175,10 @@ static int sendCgi(const char *url, | |||
| 1175 | buf_count = 0; | 1175 | buf_count = 0; |
| 1176 | post_read_size = 0; | 1176 | post_read_size = 0; |
| 1177 | post_read_idx = 0; /* for gcc */ | 1177 | post_read_idx = 0; /* for gcc */ |
| 1178 | inFd = fromCgi[0]; | 1178 | inFd = fromCgi.rd; |
| 1179 | outFd = toCgi[1]; | 1179 | outFd = toCgi.wr; |
| 1180 | close(fromCgi[1]); | 1180 | close(fromCgi.wr); |
| 1181 | close(toCgi[0]); | 1181 | close(toCgi.rd); |
| 1182 | signal(SIGPIPE, SIG_IGN); | 1182 | signal(SIGPIPE, SIG_IGN); |
| 1183 | 1183 | ||
| 1184 | while (1) { | 1184 | while (1) { |
| @@ -1262,7 +1262,14 @@ static int sendCgi(const char *url, | |||
| 1262 | 1262 | ||
| 1263 | /* Are we still buffering CGI output? */ | 1263 | /* Are we still buffering CGI output? */ |
| 1264 | if (buf_count >= 0) { | 1264 | if (buf_count >= 0) { |
| 1265 | /* According to http://hoohoo.ncsa.uiuc.edu/cgi/out.html, | ||
| 1266 | * CGI scripts MUST send their own header terminated by | ||
| 1267 | * empty line, then data. That's why we have only one | ||
| 1268 | * <cr><lf> pair here. We will output "200 OK" line | ||
| 1269 | * if needed, but CGI still has to provide blank line | ||
| 1270 | * between header and body */ | ||
| 1265 | static const char HTTP_200[] = "HTTP/1.0 200 OK\r\n"; | 1271 | static const char HTTP_200[] = "HTTP/1.0 200 OK\r\n"; |
| 1272 | |||
| 1266 | /* Must use safe_read, not full_read, because | 1273 | /* Must use safe_read, not full_read, because |
| 1267 | * CGI may output a few first bytes and then wait | 1274 | * CGI may output a few first bytes and then wait |
| 1268 | * for POSTDATA without closing stdout. | 1275 | * for POSTDATA without closing stdout. |