X-Git-Url: https://git.rohieb.name/openwrt.git/blobdiff_plain/8618e98eabec2b5677698daa631f195cae92c30b..957731ef89fc1876a0ab8c56d50001011b20abb0:/package/uhttpd/src/uhttpd-cgi.c?ds=sidebyside diff --git a/package/uhttpd/src/uhttpd-cgi.c b/package/uhttpd/src/uhttpd-cgi.c index 8c17251b3..16bfda7db 100644 --- a/package/uhttpd/src/uhttpd-cgi.c +++ b/package/uhttpd/src/uhttpd-cgi.c @@ -1,7 +1,7 @@ /* * uhttpd - Tiny single-threaded httpd - CGI handler * - * Copyright (C) 2010 Jo-Philipp Wich + * Copyright (C) 2010-2011 Jo-Philipp Wich * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,7 +42,7 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off) bufptr = &buf[0]; - for( pos = 0; pos < len; pos++ ) + for( pos = 0; pos < *off; pos++ ) { if( !hdrname && (buf[pos] == ':') ) { @@ -60,11 +60,11 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off) else if( (buf[pos] == '\r') || (buf[pos] == '\n') ) { - buf[pos++] = 0; - if( ! hdrname ) break; + buf[pos++] = 0; + if( (pos < len) && (buf[pos] == '\n') ) pos++; @@ -157,6 +157,8 @@ void uh_cgi_request( fd_set reader; fd_set writer; + sigset_t ss; + struct sigaction sa; struct timeval timeout; struct http_response *res; @@ -187,6 +189,10 @@ void uh_cgi_request( /* exec child */ case 0: + /* unblock signals */ + sigemptyset(&ss); + sigprocmask(SIG_SETMASK, &ss, NULL); + /* restore SIGTERM */ sa.sa_flags = 0; sa.sa_handler = SIG_DFL; @@ -201,6 +207,10 @@ void uh_cgi_request( dup2(rfd[1], 1); dup2(wfd[0], 0); + /* avoid leaking our pipe into child-child processes */ + fd_cloexec(rfd[1]); + fd_cloexec(wfd[0]); + /* check for regular, world-executable file _or_ interpreter */ if( ((pi->stat.st_mode & S_IFREG) && (pi->stat.st_mode & S_IXOTH)) || (ip != NULL)