httpd: skip "Status: " from CGI, including space. Closes 10291

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2017-09-01 17:06:12 +0200
committer: Denys Vlasenko <vda.linux@googlemail.com> 2017-09-01 17:06:12 +0200
commit: 94aaf4b5d3c649a281299aedba08ce1939780fb4 (patch)
tree: 8320cc26d31a1ad2975e3728ddb3b1f2703c9591 /networking/httpd.c
parent: e39da802dd6d3ccfb95865139f98b184db0e175b (diff)
download: busybox-94aaf4b5d3c649a281299aedba08ce1939780fb4.tar.gz
1 files changed, 4 insertions, 3 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index 9369de824..c82383507 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1371,12 +1371,13 @@ static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post
 				out_cnt += count;
 				count = 0;
 				/* "Status" header format is: "Status: 302 Redirected\r\n" */
-				if (out_cnt >= 7 && memcmp(rbuf, "Status:", 7) == 0) {
+				if (out_cnt >= 8 && memcmp(rbuf, "Status: ", 8) == 0) {
 					/* send "HTTP/1.0 " */
 					if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9)
 						break;
-					rbuf += 7; /* skip "Status:" */
-					count = out_cnt - 7;
+					/* skip "Status: " (including space, sending "HTTP/1.0  NNN" is wrong) */
+					rbuf += 8;
+					count = out_cnt - 8;
 					out_cnt = -1; /* buffering off */
 				} else if (out_cnt >= 4) {
 					/* Did CGI add "HTTP"? */
author	Denys Vlasenko <vda.linux@googlemail.com>	2017-09-01 17:06:12 +0200
committer	Denys Vlasenko <vda.linux@googlemail.com>	2017-09-01 17:06:12 +0200
commit	94aaf4b5d3c649a281299aedba08ce1939780fb4 (patch)
tree	8320cc26d31a1ad2975e3728ddb3b1f2703c9591 /networking/httpd.c
parent	e39da802dd6d3ccfb95865139f98b184db0e175b (diff)
download	busybox-94aaf4b5d3c649a281299aedba08ce1939780fb4.tar.gz