diff options
| author | Denis Vlasenko <vda.linux@googlemail.com> | 2007-01-03 23:02:18 +0000 |
|---|---|---|
| committer | Denis Vlasenko <vda.linux@googlemail.com> | 2007-01-03 23:02:18 +0000 |
| commit | a773af3b1dad96808d794e12f0758dc0ba4502fa (patch) | |
| tree | 0ec979b37e51ea77cb3c9a6faf69f50a5b9dd461 /networking/httpd.c | |
| parent | a8951cbc34c83fc73e3a3e271e6026b43b51690b (diff) | |
| download | busybox-a773af3b1dad96808d794e12f0758dc0ba4502fa.tar.gz | |
httpd: read cgi output with full_read, not safe_read
(avoids mangling of HTTP headers)
Diffstat (limited to 'networking/httpd.c')
| -rw-r--r-- | networking/httpd.c | 21 |
1 files changed, 10 insertions, 11 deletions
diff --git a/networking/httpd.c b/networking/httpd.c index ff5c14672..bf3da36d9 100644 --- a/networking/httpd.c +++ b/networking/httpd.c @@ -91,10 +91,8 @@ * */ - #include "busybox.h" - static const char httpdVersion[] = "busybox httpd/1.35 6-Oct-2004"; static const char default_path_httpd_conf[] = "/etc"; static const char httpd_conf[] = "httpd.conf"; @@ -1065,7 +1063,7 @@ static int sendCgi(const char *url, * It should not be decoded in any fashion. This variable * should always be set when there is query information, * regardless of command line decoding. */ - /* (Older versions of bbox seemed to do some decoding) */ + /* (Older versions of bbox seem to do some decoding) */ setenv1("QUERY_STRING", config->query); setenv1("SERVER_SOFTWARE", httpdVersion); putenv("SERVER_PROTOCOL=HTTP/1.0"); @@ -1097,7 +1095,7 @@ static int sendCgi(const char *url, goto error_execing_cgi; *script = '\0'; if (chdir(realpath_buff) == 0) { - // now run the program. If it fails, + // Now run the program. If it fails, // use _exit() so no destructors // get called and make a mess. #if ENABLE_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR @@ -1210,21 +1208,22 @@ static int sendCgi(const char *url, #endif /* There is something to read */ - count = safe_read(inFd, rbuf, PIPESIZE); + /* NB: was safe_read. If it *has to be* safe_read, */ + /* please explain why in this comment... */ + count = full_read(inFd, rbuf, PIPESIZE); if (count == 0) break; /* closed */ if (count > 0) { if (firstLine) { + /* full_read (above) avoids + * "chopped up into small chunks" syndrome here */ rbuf[count] = 0; /* check to see if the user script added headers */ if (strncmp(rbuf, "HTTP/1.0 200 OK\r\n", 4) != 0) { + /* there is no "HTTP", do it ourself */ full_write(s, "HTTP/1.0 200 OK\r\n", 17); - } - /* Sometimes CGI is writing to pipe in small chunks - * and we don't see Content-type (because the read - * is too short) and we emit bogus "text/plain"! - * Is it a bug or CGI *has to* write it in one piece? */ - if (strstr(rbuf, "ontent-") == 0) { + } /* hmm, maybe 'else if'? */ + if (!strstr(rbuf, "ontent-")) { full_write(s, "Content-type: text/plain\r\n\r\n", 28); } firstLine = 0; |