summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJo-Philipp Wich <jow@openwrt.org>2011-09-18 22:30:20 +0000
committerJo-Philipp Wich <jow@openwrt.org>2011-09-18 22:30:20 +0000
commit12bbe8b2af41a95514a40fc7acc604d1e906ae7e (patch)
tree5ec5c28ad0dcca6ae00fef709e7383e64a08858d
parentb81588bd0866017338b35434afa0232fd9df6ba7 (diff)
downloadmtk-20170518-12bbe8b2af41a95514a40fc7acc604d1e906ae7e.zip
mtk-20170518-12bbe8b2af41a95514a40fc7acc604d1e906ae7e.tar.gz
mtk-20170518-12bbe8b2af41a95514a40fc7acc604d1e906ae7e.tar.bz2
uhttpd: fix possible CGI header line parsing beyound the empty line, thanks Linus Luessing for spotting it
SVN-Revision: 28254
-rw-r--r--package/uhttpd/Makefile2
-rw-r--r--package/uhttpd/src/uhttpd-cgi.c8
2 files changed, 5 insertions, 5 deletions
diff --git a/package/uhttpd/Makefile b/package/uhttpd/Makefile
index 5fa12fc..4f29284 100644
--- a/package/uhttpd/Makefile
+++ b/package/uhttpd/Makefile
@@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=uhttpd
-PKG_RELEASE:=26
+PKG_RELEASE:=27
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
PKG_CONFIG_DEPENDS := \
diff --git a/package/uhttpd/src/uhttpd-cgi.c b/package/uhttpd/src/uhttpd-cgi.c
index ed68851..2f94fe26 100644
--- a/package/uhttpd/src/uhttpd-cgi.c
+++ b/package/uhttpd/src/uhttpd-cgi.c
@@ -1,7 +1,7 @@
/*
* uhttpd - Tiny single-threaded httpd - CGI handler
*
- * Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+ * Copyright (C) 2010-2011 Jo-Philipp Wich <xm@subsignal.org>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -42,7 +42,7 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off)
bufptr = &buf[0];
- for( pos = 0; pos < len; pos++ )
+ for( pos = 0; pos < off; pos++ )
{
if( !hdrname && (buf[pos] == ':') )
{
@@ -60,11 +60,11 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off)
else if( (buf[pos] == '\r') || (buf[pos] == '\n') )
{
- buf[pos++] = 0;
-
if( ! hdrname )
break;
+ buf[pos++] = 0;
+
if( (pos < len) && (buf[pos] == '\n') )
pos++;