Actions
Bug #520
closedNull string bug in mod_cgi introduced in 1.4.10; patch attached
Status:
Fixed
Priority:
High
Category:
mod_cgi
Target version:
-
ASK QUESTIONS IN Forums:
Description
mod_cgi in 1.4.10 doesn't handle empty QUERY_STRING properly. Whilst 1.4.9 did something like this:
cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), con->uri.query->used ? con->uri.query->ptr : ""); cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), con->request.orig_uri->used ? con->request.orig_uri->ptr : "");
you changed this to
cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query)); cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri));
in 1.4.10. These need {{{if (!buffer_is_empty(...)}}} wrappers to avoid passing junk QUERY_STRING through to CGI scripts. (I was getting random characters in my QUERY_STRING, presumably from other lighttpd buffers.)
Here is a patch:
--- src/mod_cgi.c.orig 2006-02-12 11:41:50.352826163 +0000 +++ src/mod_cgi.c 2006-02-12 11:44:25.174070800 +0000 @@ -809,8 +809,12 @@ cgi_env_add(&env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo)); } cgi_env_add(&env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200")); - cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query)); - cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)); + if (!buffer_is_empty(con->uri.query)) { + cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query)); + } + if (!buffer_is_empty(con->request.orig_uri)) { + cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri)); + } #ifdef HAVE_IPV6
Updated by jan about 18 years ago
- Status changed from New to Fixed
- Resolution set to fixed
applied in r1006
Actions
Also available in: Atom