From 12bbe8b2af41a95514a40fc7acc604d1e906ae7e Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jow@openwrt.org>
Date: Sun, 18 Sep 2011 22:30:20 +0000
Subject: uhttpd: fix possible CGI header line parsing beyound the empty line,
 thanks Linus Luessing for spotting it

SVN-Revision: 28254
---
 package/uhttpd/src/uhttpd-cgi.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'package/uhttpd/src')

diff --git a/package/uhttpd/src/uhttpd-cgi.c b/package/uhttpd/src/uhttpd-cgi.c
index ed68851..2f94fe26 100644
--- a/package/uhttpd/src/uhttpd-cgi.c
+++ b/package/uhttpd/src/uhttpd-cgi.c
@@ -1,7 +1,7 @@
 /*
  * uhttpd - Tiny single-threaded httpd - CGI handler
  *
- *   Copyright (C) 2010 Jo-Philipp Wich <xm@subsignal.org>
+ *   Copyright (C) 2010-2011 Jo-Philipp Wich <xm@subsignal.org>
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
@@ -42,7 +42,7 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off)
 
 		bufptr = &buf[0];
 
-		for( pos = 0; pos < len; pos++ )
+		for( pos = 0; pos < off; pos++ )
 		{
 			if( !hdrname && (buf[pos] == ':') )
 			{
@@ -60,11 +60,11 @@ static struct http_response * uh_cgi_header_parse(char *buf, int len, int *off)
 
 			else if( (buf[pos] == '\r') || (buf[pos] == '\n') )
 			{
-				buf[pos++] = 0;
-
 				if( ! hdrname )
 					break;
 
+				buf[pos++] = 0;
+
 				if( (pos < len) && (buf[pos] == '\n') )
 					pos++;
 
-- 
cgit v1.1