1 files changed, 4 insertions, 2 deletions
diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c
index 94c6a692a..2605ad1bc 100644
--- a/networking/httpd_indexcgi.c
+++ b/networking/httpd_indexcgi.c
@@ -28,7 +28,8 @@ httpd_indexcgi.c -o index.cgi
 /* We don't use printf, as it pulls in >12 kb of code from uclibc (i386). */
 /* Currently malloc machinery is the biggest part of libc we pull in. */
 /* We have only one realloc and one strdup, any idea how to do without? */
-/* Size (i386, approximate):
+/* Size (i386, static uclibc, approximate):
 *   text    data     bss     dec     hex filename
 *  13036      44    3052   16132    3f04 index.cgi
 *   2576       4    2048    4628    1214 index.cgi.o
@@ -210,7 +211,7 @@ static void fmt_04u(/*char *dst,*/ unsigned n)
        fmt_02u(n % 100);
 }
-int main(void)
+int main(int argc, char *argv[])
 {
        dir_list_t *dir_list;
        dir_list_t *cdir;
@@ -225,6 +226,7 @@ int main(void)
        QUERY_STRING = getenv("QUERY_STRING");
        if (!QUERY_STRING
         || QUERY_STRING[0] != '/'
+         || strstr(QUERY_STRING, "//")
         || strstr(QUERY_STRING, "/../")
         || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
        ) {

diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c index 94c6a692a..2605ad1bc 100644 --- a/networking/httpd_indexcgi.c +++ b/networking/httpd_indexcgi.c
@@ -28,7 +28,8 @@ httpd_indexcgi.c -o index.cgi
28	/* We don't use printf, as it pulls in >12 kb of code from uclibc (i386). */	28	/* We don't use printf, as it pulls in >12 kb of code from uclibc (i386). */
29	/* Currently malloc machinery is the biggest part of libc we pull in. */	29	/* Currently malloc machinery is the biggest part of libc we pull in. */
30	/* We have only one realloc and one strdup, any idea how to do without? */	30	/* We have only one realloc and one strdup, any idea how to do without? */
31	/* Size (i386, approximate):	31
		32	/* Size (i386, static uclibc, approximate):
32	* text data bss dec hex filename	33	* text data bss dec hex filename
33	* 13036 44 3052 16132 3f04 index.cgi	34	* 13036 44 3052 16132 3f04 index.cgi
34	* 2576 4 2048 4628 1214 index.cgi.o	35	* 2576 4 2048 4628 1214 index.cgi.o
@@ -210,7 +211,7 @@ static void fmt_04u(/char dst,*/ unsigned n)
210	fmt_02u(n % 100);	211	fmt_02u(n % 100);
211	}	212	}
212		213
213	int main(void)	214	int main(int argc, char *argv[])
214	{	215	{
215	dir_list_t *dir_list;	216	dir_list_t *dir_list;
216	dir_list_t *cdir;	217	dir_list_t *cdir;
@@ -225,6 +226,7 @@ int main(void)
225	QUERY_STRING = getenv("QUERY_STRING");	226	QUERY_STRING = getenv("QUERY_STRING");
226	if (!QUERY_STRING	227	if (!QUERY_STRING
227	\|\| QUERY_STRING[0] != '/'	228	\|\| QUERY_STRING[0] != '/'
		229	\|\| strstr(QUERY_STRING, "//")
228	\|\| strstr(QUERY_STRING, "/../")	230	\|\| strstr(QUERY_STRING, "/../")
229	\|\| strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0	231	\|\| strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
230	) {	232	) {