1 files changed, 16 insertions, 11 deletions
diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c
index 7e0225e19..d732cd4f8 100644
--- a/networking/httpd_indexcgi.c
+++ b/networking/httpd_indexcgi.c
@@ -221,20 +221,25 @@ int main(int argc, char *argv[])
        unsigned long long size_total;
        int odd;
        DIR *dirp;
-        char *QUERY_STRING;
+        char *location;
-        QUERY_STRING = getenv("QUERY_STRING");
+        location = getenv("REQUEST_URI");
-        if (!QUERY_STRING
+        if (!location)
-         || QUERY_STRING[0] != '/'
+                return 1;
-         || strstr(QUERY_STRING, "//")
-         || strstr(QUERY_STRING, "/../")
+        /* drop URL arguments if any */
-         || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
+        strchrnul(location, '?')[0] = '\0';
+        if (location[0] != '/'
+         || strstr(location, "//")
+         || strstr(location, "/../")
+         || strcmp(strrchr(location, '/'), "/..") == 0
        ) {
                return 1;
        }
        if (chdir("..")
-         || (QUERY_STRING[1] && chdir(QUERY_STRING + 1))
+         || (location[1] && chdir(location + 1))
        ) {
                return 1;
        }
@@ -271,14 +276,14 @@ int main(int argc, char *argv[])
                "\r\n" /* Mandatory empty line after headers */
                "<html><head><title>Index of ");
        /* Guard against directories with &, > etc */
-        fmt_html(QUERY_STRING);
+        fmt_html(location);
        fmt_str(
                "</title>\n"
                STYLE_STR
                "</head>" "\n"
                "<body>" "\n"
                "<h1>Index of ");
-        fmt_html(QUERY_STRING);
+        fmt_html(location);
        fmt_str(
                "</h1>" "\n"
                "<table>" "\n"

diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c index 7e0225e19..d732cd4f8 100644 --- a/networking/httpd_indexcgi.c +++ b/networking/httpd_indexcgi.c
@@ -221,20 +221,25 @@ int main(int argc, char *argv[])
221	unsigned long long size_total;	221	unsigned long long size_total;
222	int odd;	222	int odd;
223	DIR *dirp;	223	DIR *dirp;
224	char *QUERY_STRING;	224	char *location;
225		225
226	QUERY_STRING = getenv("QUERY_STRING");	226	location = getenv("REQUEST_URI");
227	if (!QUERY_STRING	227	if (!location)
228	\|\| QUERY_STRING[0] != '/'	228	return 1;
229	\|\| strstr(QUERY_STRING, "//")	229
230	\|\| strstr(QUERY_STRING, "/../")	230	/* drop URL arguments if any */
231	\|\| strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0	231	strchrnul(location, '?')[0] = '\0';
		232
		233	if (location[0] != '/'
		234	\|\| strstr(location, "//")
		235	\|\| strstr(location, "/../")
		236	\|\| strcmp(strrchr(location, '/'), "/..") == 0
232	) {	237	) {
233	return 1;	238	return 1;
234	}	239	}
235		240
236	if (chdir("..")	241	if (chdir("..")
237	\|\| (QUERY_STRING[1] && chdir(QUERY_STRING + 1))	242	\|\| (location[1] && chdir(location + 1))
238	) {	243	) {
239	return 1;	244	return 1;
240	}	245	}
@@ -271,14 +276,14 @@ int main(int argc, char *argv[])
271	"\r\n" /* Mandatory empty line after headers */	276	"\r\n" /* Mandatory empty line after headers */
272	"<html><head><title>Index of ");	277	"<html><head><title>Index of ");
273	/* Guard against directories with &, > etc */	278	/* Guard against directories with &, > etc */
274	fmt_html(QUERY_STRING);	279	fmt_html(location);
275	fmt_str(	280	fmt_str(
276	"</title>\n"	281	"</title>\n"
277	STYLE_STR	282	STYLE_STR
278	"</head>" "\n"	283	"</head>" "\n"
279	"<body>" "\n"	284	"<body>" "\n"
280	"<h1>Index of ");	285	"<h1>Index of ");
281	fmt_html(QUERY_STRING);	286	fmt_html(location);
282	fmt_str(	287	fmt_str(
283	"</h1>" "\n"	288	"</h1>" "\n"
284	"<table>" "\n"	289	"<table>" "\n"