httpd: don't drop/abuse QUERY_STRING when /cgi-bin/index.cgi is used

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>

1 files changed, 16 insertions, 11 deletions

diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c
index 7e0225e19..d732cd4f8 100644
--- a/networking/httpd_indexcgi.c
+++ b/networking/httpd_indexcgi.c
@@ -221,20 +221,25 @@ int main(int argc, char *argv[])
         unsigned long long size_total;
         int odd;
         DIR *dirp;
-        char *QUERY_STRING;
-
-        QUERY_STRING = getenv("QUERY_STRING");
-        if (!QUERY_STRING
-         || QUERY_STRING[0] != '/'
-         || strstr(QUERY_STRING, "//")
-         || strstr(QUERY_STRING, "/../")
-         || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
+        char *location;
+
+        location = getenv("REQUEST_URI");
+        if (!location)
+                return 1;
+
+        /* drop URL arguments if any */
+        strchrnul(location, '?')[0] = '\0';
+
+        if (location[0] != '/'
+         || strstr(location, "//")
+         || strstr(location, "/../")
+         || strcmp(strrchr(location, '/'), "/..") == 0
         ) {
                 return 1;
         }
 
         if (chdir("..")
-         || (QUERY_STRING[1] && chdir(QUERY_STRING + 1))
+         || (location[1] && chdir(location + 1))
         ) {
                 return 1;
         }
@@ -271,14 +276,14 @@ int main(int argc, char *argv[])
                 "\r\n" /* Mandatory empty line after headers */
                 "<html><head><title>Index of ");
         /* Guard against directories with &, > etc */
-        fmt_html(QUERY_STRING);
+        fmt_html(location);
         fmt_str(
                 "</title>\n"
                 STYLE_STR
                 "</head>" "\n"
                 "<body>" "\n"
                 "<h1>Index of ");
-        fmt_html(QUERY_STRING);
+        fmt_html(location);
         fmt_str(
                 "</h1>" "\n"
                 "<table>" "\n"