Re: [PATCHv2] httpd: don't drop QUERY_STRING when /cgi-bin/index.cgi is used

Sat, 17 Dec 2011 18:11:21 -0800 

On Saturday 17 December 2011 00:26, Peter Korsgaard wrote:
> The memory pointed to by g_query gets overwritten when the index_page
> is used, causing  URL arguments to get dropped when we fall back to
> /cgi-bin/index.cgi.
> 
> Work around it by making g_query a deep copy of urlp when CGI support
> is enabled, rather than silently dropping them.
> 
> Signed-off-by: Peter Korsgaard <[email protected]>
> ---
>  Changes since v1:
>  - Use xstrdup and extend comment as suggested by Denys.
> 
>  networking/httpd.c |   11 +++++++++--
>  1 files changed, 9 insertions(+), 2 deletions(-)
> 
> diff --git a/networking/httpd.c b/networking/httpd.c
> index f52785b..61e06ff 100644a
> --- a/networking/httpd.c
> +++ b/networking/httpd.c
> @@ -1996,7 +1996,16 @@ static void handle_incoming_and_exit(const 
> len_and_sockaddr *fromAddr)
>       tptr = strchr(urlcopy, '?');
>       if (tptr) {
>               *tptr++ = '\0';
> +#if ENABLE_FEATURE_HTTPD_CGI
> +             /* when index_page string is appended to <dir>/ URL, it 
> overwrites
> +                the query string. If we fallback to call /cgi-bin/index.cgi,
> +                query string would be lost and not available to the CGI.
> +                Work around it by making a deep copy instead.
> +             */
> +             g_query = xstrdup(tptr);
> +#else
>               g_query = tptr;
> +#endif
>       }
>  

I propose to move it to the site of aforementioned appending:

-       if (urlp[-1] == '/')
+       if (urlp[-1] == '/') {
+               /* When "index.html" is appended to "DIR/" URL, it overwrites
+                * the query string. If we fallback to call /cgi-bin/index.cgi,
+                * query string would be lost and not available to the CGI.
+                * Work around it by making a copy of g_query before 
overwriting.
+                */
+               if (ENABLE_FEATURE_HTTPD_CGI)
+                       g_query = xstrdup(g_query); /* note: ok even for NULL */
                strcpy(urlp, index_page);
+       }

This way, it's more obvoius, and only done when needed (=> only for dirs).


However, there is another problem. Check
/usr/srcdevel/bbox/fix/busybox.3/networking/httpd_indexcgi.c
See how it is determining _which directory_ to list.
It looks at $QUERY_STRING.

IOW: "g_query = urlcopy;" assignment you nuked wasn't a quick fix
for "query string is overwritten" bug. It was a way to give
cgi-bin/index.cgi a way to find the directory it is meant to list.

-- 
vda
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox

Reply via email to