NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/52194: httpd fails to exec cgi scripts outside of cgi-bin



The following reply was made to PR bin/52194; it has been noted by GNATS.

From: Martin Husemann <martin%duskware.de@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: bin/52194: httpd fails to exec cgi scripts outside of cgi-bin
Date: Wed, 26 Apr 2017 15:18:12 +0200

 --pf9I7BMVVzbSWLtt
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Here is a patch that seems to fix the issue for me. I increased the
 number of environment string pointers allocated to enforce a NULL termination.
 The other change adds the script name as argv[1] to the interpreter invocation
 if not running in /cgi-bin/ where the files are supposedly self-executable.
 
 Its not clear to me if the addeded strdup() causes a memory leak.
 
 Martin
 
 --pf9I7BMVVzbSWLtt
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename=patch
 
 Index: cgi-bozo.c
 ===================================================================
 RCS file: /cvsroot/src/libexec/httpd/cgi-bozo.c,v
 retrieving revision 1.37
 diff -u -p -r1.37 cgi-bozo.c
 --- cgi-bozo.c	31 Jan 2017 14:36:09 -0000	1.37
 +++ cgi-bozo.c	26 Apr 2017 13:15:05 -0000
 @@ -456,6 +456,8 @@ bozo_process_cgi(bozo_httpreq_t *request
  		    "search_string[%zu]: `%s'", i, search_string_argv[i]));
  	}
  
 +	debug((httpd, DEBUG_FAT, "allocating %zu argv pointers",
 +	    3 + search_string_argc));
  	argv = bozomalloc(httpd, sizeof(*argv) * (3 + search_string_argc));
  
  	ix = 0;
 @@ -476,6 +478,9 @@ bozo_process_cgi(bozo_httpreq_t *request
  	}
  
  	argv[ix++] = path;
 +	if (cgihandler) {
 +		argv[ix++] = bozostrdup(httpd, request, command);
 +	}
  
  	/* copy search-string args */
  	for (i = 0; i < search_string_argc; i++)
 @@ -487,7 +492,7 @@ bozo_process_cgi(bozo_httpreq_t *request
  	type = request->hr_content_type;
  	clen = request->hr_content_length;
  
 -	envpsize = 13 + request->hr_nheaders + 
 +	envpsize = 14 + request->hr_nheaders + 
  	    (info && *info ? 1 : 0) +
  	    (query && *query ? 1 : 0) +
  	    (type && *type ? 1 : 0) +
 
 --pf9I7BMVVzbSWLtt--
 


Home | Main Index | Thread Index | Old Index