diff options
| author | Ansuel Smith <ansuelsmth@gmail.com> | 2019-10-08 22:34:11 +0200 |
|---|---|---|
| committer | Ansuel Smith <ansuelsmth@gmail.com> | 2019-10-10 20:02:30 +0200 |
| commit | 535b2b6bd8a7f7a0a7a6914c8091619ea6f8961f (patch) | |
| tree | 02b0b153964e1673a5119872d64563f3740af28d /net | |
| parent | 7a5326dd29fabf2d405603e24159323b4f792759 (diff) | |
cgi-io: fix read after end errors
Currently cgi-io try to read data after the data ended.
- Adds "-" to whitelist char
- In main_upload is tried to consume the buffer while it's already readed by the while loop before
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/cgi-io/Makefile | 2 | ||||
| -rw-r--r-- | net/cgi-io/src/main.c | 23 |
2 files changed, 12 insertions, 13 deletions
diff --git a/net/cgi-io/Makefile b/net/cgi-io/Makefile index 211360905..6bc906ec5 100644 --- a/net/cgi-io/Makefile +++ b/net/cgi-io/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cgi-io -PKG_RELEASE:=12 +PKG_RELEASE:=13 PKG_LICENSE:=GPL-2.0-or-later diff --git a/net/cgi-io/src/main.c b/net/cgi-io/src/main.c index ca1575842..e4d0b212f 100644 --- a/net/cgi-io/src/main.c +++ b/net/cgi-io/src/main.c @@ -37,6 +37,7 @@ #include "multipart_parser.h" +#define READ_BLOCK 4096 enum part { PART_UNKNOWN, @@ -389,7 +390,7 @@ static int filecopy(void) { int len; - char buf[4096]; + char buf[READ_BLOCK]; if (!st.filedata) { @@ -625,7 +626,8 @@ static int main_upload(int argc, char *argv[]) { int rem, len; - char buf[4096]; + bool done = false; + char buf[READ_BLOCK]; multipart_parser *p; p = init_parser(); @@ -638,17 +640,14 @@ main_upload(int argc, char *argv[]) while ((len = read(0, buf, sizeof(buf))) > 0) { - rem = multipart_parser_execute(p, buf, len); - - if (rem < len) - break; + if (!done) { + rem = multipart_parser_execute(p, buf, len); + done = (rem < len); + } } multipart_parser_free(p); - /* read remaining post data */ - while ((len = read(0, buf, sizeof(buf))) > 0); - return 0; } @@ -657,7 +656,7 @@ main_download(int argc, char **argv) { char *fields[] = { "sessionid", NULL, "path", NULL, "filename", NULL, "mimetype", NULL }; unsigned long long size = 0; - char *p, buf[4096]; + char *p, buf[READ_BLOCK]; ssize_t len = 0; struct stat s; int rfd; @@ -677,7 +676,7 @@ main_download(int argc, char **argv) return failure(403, 0, "Requested path is not a regular file or block device"); for (p = fields[5]; p && *p; p++) - if (!isalnum(*p) && !strchr(" ()<>@,;:[]?.=%", *p)) + if (!isalnum(*p) && !strchr(" ()<>@,;:[]?.=%-", *p)) return failure(400, 0, "Invalid characters in filename"); for (p = fields[7]; p && *p; p++) @@ -783,7 +782,7 @@ main_backup(int argc, char **argv) fflush(stdout); do { - len = splice(fds[0], NULL, 1, NULL, 4096, SPLICE_F_MORE); + len = splice(fds[0], NULL, 1, NULL, READ_BLOCK, SPLICE_F_MORE); } while (len > 0); waitpid(pid, &status, 0); |