From 94aaf4b5d3c649a281299aedba08ce1939780fb4 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Fri, 1 Sep 2017 17:06:12 +0200
Subject: httpd: skip "Status: " from CGI, including space. Closes 10291

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 networking/httpd.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'networking/httpd.c')

diff --git a/networking/httpd.c b/networking/httpd.c
index 9369de824..c82383507 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1371,12 +1371,13 @@ static NOINLINE void cgi_io_loop_and_exit(int fromCgi_rd, int toCgi_wr, int post
 				out_cnt += count;
 				count = 0;
 				/* "Status" header format is: "Status: 302 Redirected\r\n" */
-				if (out_cnt >= 7 && memcmp(rbuf, "Status:", 7) == 0) {
+				if (out_cnt >= 8 && memcmp(rbuf, "Status: ", 8) == 0) {
 					/* send "HTTP/1.0 " */
 					if (full_write(STDOUT_FILENO, HTTP_200, 9) != 9)
 						break;
-					rbuf += 7; /* skip "Status:" */
-					count = out_cnt - 7;
+					/* skip "Status: " (including space, sending "HTTP/1.0  NNN" is wrong) */
+					rbuf += 8;
+					count = out_cnt - 8;
 					out_cnt = -1; /* buffering off */
 				} else if (out_cnt >= 4) {
 					/* Did CGI add "HTTP"? */
-- 
cgit v1.2.3