aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--networking/httpd_post_upload.txt63
1 files changed, 26 insertions, 37 deletions
diff --git a/networking/httpd_post_upload.txt b/networking/httpd_post_upload.txt
index fd7fc2be4..9d504f484 100644
--- a/networking/httpd_post_upload.txt
+++ b/networking/httpd_post_upload.txt
@@ -24,53 +24,42 @@ post_upload.cgi
# ^M <--------- extra empty line
# -----------------------------29995809218093749221856446032--^M
-# Beware: bashism $'\r' is used to handle ^M
-
file=/tmp/$$-$RANDOM
+CR=`printf '\r'`
+
# CGI output must start with at least empty line (or headers)
printf '\r\n'
-IFS=$'\r'
+IFS="$CR"
read -r delim_line
-
-IFS=''
-delim_line="${delim_line}--"$'\r'
+IFS=""
while read -r line; do
- test "$line" = '' && break
- test "$line" = $'\r' && break
+ test x"$line" = x"" && break
+ test x"$line" = x"$CR" && break
done
-# This will not work well for binary files: bash 3.2 is upset
-# by reading NUL bytes and loses chunks of data.
-# If you are not bothered by having junk appended to the uploaded file,
-# consider using simple "cat >file" instead of the entire
-# fragment below.
+cat >"$file"
-while read -r line; do
+# We need to delete the tail of "\r\ndelim_line--\r\n"
+tail_len=$((${#delim_line} + 6))
- while test "$line" = $'\r'; do
- read -r line
- test "$line" = "$delim_line" && {
- # Aha! Empty line + delimiter! All done
- cat <<EOF
-<html>
-<body>
-File upload has been accepted
-EOF
- exit 0
- }
- # Empty line + NOT delimiter. Save empty line,
- # and go check next line
- printf "%s\n" $'\r' >&3
- done
- # Not empty line - just save
- printf "%s\n" "$line" >&3
-done 3>"$file"
+# Get and check file size
+filesize=`stat -c"%s" "$file"`
+test "$filesize" -lt "$tail_len" && exit 1
-cat <<EOF
-<html>
-<body>
-File upload was not terminated with '$delim_line' - ??!
-EOF
+# Check that tail is correct
+dd if="$file" skip=$((filesize - tail_len)) bs=1 count=1000 >"$file.tail" 2>/dev/null
+printf "\r\n%s--\r\n" "$delim_line" >"$file.tail.expected"
+if ! diff -q "$file.tail" "$file.tail.expected" >/dev/null; then
+ printf "<html>\n<body>\nMalformed file upload"
+ exit 1
+fi
+rm "$file.tail"
+rm "$file.tail.expected"
+
+# Truncate the file
+dd of="$file" seek=$((filesize - tail_len)) bs=1 count=0 >/dev/null 2>/dev/null
+
+printf "<html>\n<body>\nFile upload has been accepted"