NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/52194: httpd fails to exec cgi scripts outside of cgi-bin
The following reply was made to PR bin/52194; it has been noted by GNATS.
From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc:
Subject: Re: bin/52194: httpd fails to exec cgi scripts outside of cgi-bin
Date: Wed, 26 Apr 2017 15:18:12 +0200
--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Here is a patch that seems to fix the issue for me. I increased the
number of environment string pointers allocated to enforce a NULL termination.
The other change adds the script name as argv[1] to the interpreter invocation
if not running in /cgi-bin/ where the files are supposedly self-executable.
Its not clear to me if the addeded strdup() causes a memory leak.
Martin
--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=patch
Index: cgi-bozo.c
===================================================================
RCS file: /cvsroot/src/libexec/httpd/cgi-bozo.c,v
retrieving revision 1.37
diff -u -p -r1.37 cgi-bozo.c
--- cgi-bozo.c 31 Jan 2017 14:36:09 -0000 1.37
+++ cgi-bozo.c 26 Apr 2017 13:15:05 -0000
@@ -456,6 +456,8 @@ bozo_process_cgi(bozo_httpreq_t *request
"search_string[%zu]: `%s'", i, search_string_argv[i]));
}
+ debug((httpd, DEBUG_FAT, "allocating %zu argv pointers",
+ 3 + search_string_argc));
argv = bozomalloc(httpd, sizeof(*argv) * (3 + search_string_argc));
ix = 0;
@@ -476,6 +478,9 @@ bozo_process_cgi(bozo_httpreq_t *request
}
argv[ix++] = path;
+ if (cgihandler) {
+ argv[ix++] = bozostrdup(httpd, request, command);
+ }
/* copy search-string args */
for (i = 0; i < search_string_argc; i++)
@@ -487,7 +492,7 @@ bozo_process_cgi(bozo_httpreq_t *request
type = request->hr_content_type;
clen = request->hr_content_length;
- envpsize = 13 + request->hr_nheaders +
+ envpsize = 14 + request->hr_nheaders +
(info && *info ? 1 : 0) +
(query && *query ? 1 : 0) +
(type && *type ? 1 : 0) +
--pf9I7BMVVzbSWLtt--
Home |
Main Index |
Thread Index |
Old Index