Ticket #520 (closed defect: fixed)
Null string bug in mod_cgi introduced in 1.4.10; patch attached
| Reported by: | chris@… | Owned by: | jan |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | mod_cgi | Version: | 1.4.10 |
| Severity: | normal | Keywords: | mod_cgi |
| Cc: | Blocked By: | ||
| Need User Feedback: | Blocking: |
Description
mod_cgi in 1.4.10 doesn't handle empty QUERY_STRING properly. Whilst 1.4.9 did something like this:
cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), con->uri.query->used ? con->uri.query->ptr : "");
cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), con->request.orig_uri->used ? con->request.orig_uri->ptr : "");
you changed this to
cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query));
cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri));
in 1.4.10. These need if (!buffer_is_empty(...) wrappers to avoid passing junk QUERY_STRING through to CGI scripts. (I was getting random characters in my QUERY_STRING, presumably from other lighttpd buffers.)
Here is a patch:
--- src/mod_cgi.c.orig 2006-02-12 11:41:50.352826163 +0000
+++ src/mod_cgi.c 2006-02-12 11:44:25.174070800 +0000
@@ -809,8 +809,12 @@
cgi_env_add(&env, CONST_STR_LEN("PATH_INFO"), CONST_BUF_LEN(con->request.pathinfo));
}
cgi_env_add(&env, CONST_STR_LEN("REDIRECT_STATUS"), CONST_STR_LEN("200"));
- cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query));
- cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri));
+ if (!buffer_is_empty(con->uri.query)) {
+ cgi_env_add(&env, CONST_STR_LEN("QUERY_STRING"), CONST_BUF_LEN(con->uri.query));
+ }
+ if (!buffer_is_empty(con->request.orig_uri)) {
+ cgi_env_add(&env, CONST_STR_LEN("REQUEST_URI"), CONST_BUF_LEN(con->request.orig_uri));
+ }
#ifdef HAVE_IPV6
Attachments
Change History
Note: See
TracTickets for help on using
tickets.
