diff options
author | Denis Vlasenko <vda.linux@googlemail.com> | 2007-01-03 23:02:18 +0000 |
---|---|---|
committer | Denis Vlasenko <vda.linux@googlemail.com> | 2007-01-03 23:02:18 +0000 |
commit | a773af3b1dad96808d794e12f0758dc0ba4502fa (patch) | |
tree | 0ec979b37e51ea77cb3c9a6faf69f50a5b9dd461 /networking | |
parent | a8951cbc34c83fc73e3a3e271e6026b43b51690b (diff) | |
download | busybox-w32-a773af3b1dad96808d794e12f0758dc0ba4502fa.tar.gz busybox-w32-a773af3b1dad96808d794e12f0758dc0ba4502fa.tar.bz2 busybox-w32-a773af3b1dad96808d794e12f0758dc0ba4502fa.zip |
httpd: read cgi output with full_read, not safe_read
(avoids mangling of HTTP headers)
Diffstat (limited to 'networking')
-rw-r--r-- | networking/httpd.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/networking/httpd.c b/networking/httpd.c index ff5c14672..bf3da36d9 100644 --- a/networking/httpd.c +++ b/networking/httpd.c | |||
@@ -91,10 +91,8 @@ | |||
91 | * | 91 | * |
92 | */ | 92 | */ |
93 | 93 | ||
94 | |||
95 | #include "busybox.h" | 94 | #include "busybox.h" |
96 | 95 | ||
97 | |||
98 | static const char httpdVersion[] = "busybox httpd/1.35 6-Oct-2004"; | 96 | static const char httpdVersion[] = "busybox httpd/1.35 6-Oct-2004"; |
99 | static const char default_path_httpd_conf[] = "/etc"; | 97 | static const char default_path_httpd_conf[] = "/etc"; |
100 | static const char httpd_conf[] = "httpd.conf"; | 98 | static const char httpd_conf[] = "httpd.conf"; |
@@ -1065,7 +1063,7 @@ static int sendCgi(const char *url, | |||
1065 | * It should not be decoded in any fashion. This variable | 1063 | * It should not be decoded in any fashion. This variable |
1066 | * should always be set when there is query information, | 1064 | * should always be set when there is query information, |
1067 | * regardless of command line decoding. */ | 1065 | * regardless of command line decoding. */ |
1068 | /* (Older versions of bbox seemed to do some decoding) */ | 1066 | /* (Older versions of bbox seem to do some decoding) */ |
1069 | setenv1("QUERY_STRING", config->query); | 1067 | setenv1("QUERY_STRING", config->query); |
1070 | setenv1("SERVER_SOFTWARE", httpdVersion); | 1068 | setenv1("SERVER_SOFTWARE", httpdVersion); |
1071 | putenv("SERVER_PROTOCOL=HTTP/1.0"); | 1069 | putenv("SERVER_PROTOCOL=HTTP/1.0"); |
@@ -1097,7 +1095,7 @@ static int sendCgi(const char *url, | |||
1097 | goto error_execing_cgi; | 1095 | goto error_execing_cgi; |
1098 | *script = '\0'; | 1096 | *script = '\0'; |
1099 | if (chdir(realpath_buff) == 0) { | 1097 | if (chdir(realpath_buff) == 0) { |
1100 | // now run the program. If it fails, | 1098 | // Now run the program. If it fails, |
1101 | // use _exit() so no destructors | 1099 | // use _exit() so no destructors |
1102 | // get called and make a mess. | 1100 | // get called and make a mess. |
1103 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR | 1101 | #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR |
@@ -1210,21 +1208,22 @@ static int sendCgi(const char *url, | |||
1210 | #endif | 1208 | #endif |
1211 | 1209 | ||
1212 | /* There is something to read */ | 1210 | /* There is something to read */ |
1213 | count = safe_read(inFd, rbuf, PIPESIZE); | 1211 | /* NB: was safe_read. If it *has to be* safe_read, */ |
1212 | /* please explain why in this comment... */ | ||
1213 | count = full_read(inFd, rbuf, PIPESIZE); | ||
1214 | if (count == 0) | 1214 | if (count == 0) |
1215 | break; /* closed */ | 1215 | break; /* closed */ |
1216 | if (count > 0) { | 1216 | if (count > 0) { |
1217 | if (firstLine) { | 1217 | if (firstLine) { |
1218 | /* full_read (above) avoids | ||
1219 | * "chopped up into small chunks" syndrome here */ | ||
1218 | rbuf[count] = 0; | 1220 | rbuf[count] = 0; |
1219 | /* check to see if the user script added headers */ | 1221 | /* check to see if the user script added headers */ |
1220 | if (strncmp(rbuf, "HTTP/1.0 200 OK\r\n", 4) != 0) { | 1222 | if (strncmp(rbuf, "HTTP/1.0 200 OK\r\n", 4) != 0) { |
1223 | /* there is no "HTTP", do it ourself */ | ||
1221 | full_write(s, "HTTP/1.0 200 OK\r\n", 17); | 1224 | full_write(s, "HTTP/1.0 200 OK\r\n", 17); |
1222 | } | 1225 | } /* hmm, maybe 'else if'? */ |
1223 | /* Sometimes CGI is writing to pipe in small chunks | 1226 | if (!strstr(rbuf, "ontent-")) { |
1224 | * and we don't see Content-type (because the read | ||
1225 | * is too short) and we emit bogus "text/plain"! | ||
1226 | * Is it a bug or CGI *has to* write it in one piece? */ | ||
1227 | if (strstr(rbuf, "ontent-") == 0) { | ||
1228 | full_write(s, "Content-type: text/plain\r\n\r\n", 28); | 1227 | full_write(s, "Content-type: text/plain\r\n\r\n", 28); |
1229 | } | 1228 | } |
1230 | firstLine = 0; | 1229 | firstLine = 0; |