aboutsummaryrefslogtreecommitdiff
path: root/networking/httpd.c
diff options
context:
space:
mode:
Diffstat (limited to 'networking/httpd.c')
-rw-r--r--networking/httpd.c37
1 files changed, 24 insertions, 13 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index 7f2594aca..2f76828c6 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1043,9 +1043,9 @@ static int sendCgi(const char *url,
xmove_fd(fromCgi.wr, 1); /* replace stdout with the pipe */
close(fromCgi.rd);
close(toCgi.wr);
- /* Huh? User seeing stderr can be a security problem...
- * and if CGI really wants that, it can always dup2(1,2)...
- * dup2(fromCgi.wr, 2); */
+ /* Huh? User seeing stderr can be a security problem.
+ * If CGI really wants that, it can always dup2(1,2). */
+ /* dup2(1, 2); */
/*
* Find PATH_INFO.
@@ -1247,7 +1247,7 @@ static int sendCgi(const char *url,
post_read_idx = 0;
bodyLen -= count;
} else {
- bodyLen = 0; /* closed */
+ bodyLen = 0; /* closed */
}
}
@@ -1274,32 +1274,43 @@ static int sendCgi(const char *url,
* CGI may output a few first bytes and then wait
* for POSTDATA without closing stdout.
* With full_read we may wait here forever. */
- count = safe_read(inFd, rbuf + buf_count, PIPESIZE - 4);
+ count = safe_read(inFd, rbuf + buf_count, PIPESIZE - 8);
if (count <= 0) {
/* eof (or error) and there was no "HTTP",
- * so add one and write out the received data */
+ * so write it, then write received data */
if (buf_count) {
full_write(s, HTTP_200, sizeof(HTTP_200)-1);
full_write(s, rbuf, buf_count);
}
- break; /* closed */
+ break; /* closed */
}
buf_count += count;
count = 0;
- if (buf_count >= 4) {
- /* check to see if CGI added "HTTP" */
+ /* "Status" header format is: "Status: 302 Redirected\r\n" */
+ if (buf_count >= 8) {
+ if (memcmp(rbuf, "Status: ", 8) == 0) {
+ /* send "HTTP/1.0 " */
+ if (full_write(s, HTTP_200, 9) != 9)
+ break;
+ rbuf += 8; /* skip "Status: " */
+ count -= 8;
+ buf_count = -1; /* buffering off */
+ }
+ } else if (buf_count >= 4) {
+ /* Did CGI add "HTTP"? */
if (memcmp(rbuf, HTTP_200, 4) != 0) {
/* there is no "HTTP", do it ourself */
if (full_write(s, HTTP_200, sizeof(HTTP_200)-1) != sizeof(HTTP_200)-1)
break;
}
- /* example of valid CGI without "Content-type:"
- * echo -en "HTTP/1.0 302 Found\r\n"
- * echo -en "Location: http://www.busybox.net\r\n"
- * echo -en "\r\n"
+ /* Commented out:
if (!strstr(rbuf, "ontent-")) {
full_write(s, "Content-type: text/plain\r\n\r\n", 28);
}
+ * Counter-example of valid CGI without Content-type:
+ * echo -en "HTTP/1.0 302 Found\r\n"
+ * echo -en "Location: http://www.busybox.net\r\n"
+ * echo -en "\r\n"
*/
count = buf_count;
buf_count = -1; /* buffering off */