[src/trunk]: src/libexec/httpd redo the fix for rev 1.26 - instead of getting...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/libexec/httpd redo the fix for rev 1.26 - instead of getting...
From: mrg <mrg%NetBSD.org@localhost>
Date: Tue, 31 Jul 2018 19:50:17 +0000

details:   https://anonhg.NetBSD.org/src/rev/534138e6dcfa
branches:  trunk
changeset: 342597:534138e6dcfa
user:      mrg <mrg%NetBSD.org@localhost>
date:      Thu Dec 31 04:39:16 2015 +0000

description:
redo the fix for rev 1.26 - instead of getting a new string wrong,
just delay the free until the parent has finished using them.
also, free query as well.

fixes PR#50374.

diffstat:

 libexec/httpd/cgi-bozo.c |  22 +++++++++-------------
 1 files changed, 9 insertions(+), 13 deletions(-)

diffs (80 lines):

diff -r f94670e37cc4 -r 534138e6dcfa libexec/httpd/cgi-bozo.c
--- a/libexec/httpd/cgi-bozo.c  Thu Dec 31 03:50:34 2015 +0000
+++ b/libexec/httpd/cgi-bozo.c  Thu Dec 31 04:39:16 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: cgi-bozo.c,v 1.31 2015/12/29 04:21:46 mrg Exp $        */
+/*     $NetBSD: cgi-bozo.c,v 1.32 2015/12/31 04:39:16 mrg Exp $        */
 
 /*     $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $        */
 
@@ -248,8 +248,7 @@
        char    date[40];
        bozoheaders_t *headp;
        const char *type, *clen, *info, *cgihandler;
-       char    *query, *s, *t, *path, *env, *file, *url;
-       char    command[MAXPATHLEN];
+       char    *query, *s, *t, *path, *env, *command, *file, *url;
        char    **envp, **curenvp, *argv[4];
        char    *uri;
        size_t  len;
@@ -275,8 +274,6 @@
                file = bozostrdup(httpd, request, uri);
        else
                bozoasprintf(httpd, &file, "/%s", uri);
-       if (file == NULL)
-               return 0;
 
        if (request->hr_query && strlen(request->hr_query))
                query = bozostrdup(httpd, request, request->hr_query);
@@ -287,13 +284,12 @@
                     file,
                     query ? "?" : "",
                     query ? query : "");
-       if (url == NULL)
-               goto out;
        debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: url `%s'", url));
 
        path = NULL;
        envp = NULL;
        cgihandler = NULL;
+       command = NULL;
        info = NULL;
 
        len = strlen(url);
@@ -318,13 +314,12 @@
 
        ix = 0;
        if (cgihandler) {
-               snprintf(command, sizeof(command), "%s", file + 1);
+               command = file + 1;
                path = bozostrdup(httpd, request, cgihandler);
                argv[ix++] = path;
                        /* argv[] = [ path, command, query, NULL ] */
        } else {
-               snprintf(command, sizeof(command), "%s",
-                   file + CGIBIN_PREFIX_LEN + 1);
+               command = file + CGIBIN_PREFIX_LEN + 1;
                if ((s = strchr(command, '/')) != NULL) {
                        info = bozostrdup(httpd, request, s);
                        *s = '\0';
@@ -430,9 +425,6 @@
                bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++);
        bozo_auth_cgi_setenv(request, &curenvp);
 
-       free(file);
-       free(url);
-
        debug((httpd, DEBUG_FAT, "bozo_process_cgi: going exec %s, %s %s %s",
            path, argv[0], strornull(argv[1]), strornull(argv[2])));
 
@@ -466,6 +458,10 @@
                bozoerr(httpd, 1, "child execve returned?!");
        }
 
+       free(query);
+       free(file);
+       free(url);
+
        close(sv[1]);
 
        /* parent: read from stdin (bozo_read()) write to sv[0] */

Prev by Date: [src/trunk]: src/external/bsd/atf/dist/tools Print symbolically why the proce...
Next by Date: [src/trunk]: src/sys/arch/arm/samsung XU4 gpio - get rid of annoying printf
Previous by Thread: [src/trunk]: src/external/bsd/atf/dist/tools Print symbolically why the proce...
Next by Thread: [src/trunk]: src/sys/arch/arm/samsung XU4 gpio - get rid of annoying printf
Indexes:

Home | Main Index | Thread Index | Old Index