diff options
author | Jo-Philipp Wich <jow@openwrt.org> | 2011-09-18 22:30:20 +0000 |
---|---|---|
committer | Jo-Philipp Wich <jow@openwrt.org> | 2011-09-18 22:30:20 +0000 |
commit | 12bbe8b2af41a95514a40fc7acc604d1e906ae7e (patch) | |
tree | 5ec5c28ad0dcca6ae00fef709e7383e64a08858d | |
parent | b81588bd0866017338b35434afa0232fd9df6ba7 (diff) | |
download | mtk-20170518-12bbe8b2af41a95514a40fc7acc604d1e906ae7e.zip mtk-20170518-12bbe8b2af41a95514a40fc7acc604d1e906ae7e.tar.gz mtk-20170518-12bbe8b2af41a95514a40fc7acc604d1e906ae7e.tar.bz2 |
uhttpd: fix possible CGI header line parsing beyound the empty line, thanks Linus Luessing for spotting it
SVN-Revision: 28254
-rw-r--r-- | package/uhttpd/Makefile | 2 | ||||
-rw-r--r-- | package/uhttpd/src/uhttpd-cgi.c | 8 |
2 files changed, 5 insertions, 5 deletions
diff --git a/package/uhttpd/Makefile b/package/uhttpd/Makefile index 5fa12fc..4f29284 100644 --- a/package/uhttpd/Makefile +++ b/package/uhttpd/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=uhttpd -PKG_RELEASE:=26 +PKG_RELEASE:=27 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) PKG_CONFIG_DEPENDS := \ diff --git a/package/uhttpd/src/uhttpd-cgi.c b/package/uhttpd/src/uhttpd-cgi.c index ed68851..2f94fe26 100644 --- a/package/uhttpd/src/uhttpd-cgi.c +++ b/package/uhttpd/src/uhttpd-cgi.c @@ -1,7 +1,7 @@ /* * uhttpd - Tiny single-threaded httpd - CGI handler * - * Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org> + * Copyright (C) 2010-2011 Jo-Philipp Wich <xm@subsignal.org> * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,7 +42,7 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off) bufptr = &buf[0]; - for( pos = 0; pos < len; pos++ ) + for( pos = 0; pos < off; pos++ ) { if( !hdrname && (buf[pos] == ':') ) { @@ -60,11 +60,11 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off) else if( (buf[pos] == '\r') || (buf[pos] == '\n') ) { - buf[pos++] = 0; - if( ! hdrname ) break; + buf[pos++] = 0; + if( (pos < len) && (buf[pos] == '\n') ) pos++; |