X-Git-Url: http://git.openwrt.org/?p=project%2Fuhttpd.git;a=blobdiff_plain;f=cgi.c;h=13a0bc480b633cbfdd2f10565595a2a33dd2367c;hp=02665d8b01ae1858a1851d60f91012b063b93b04;hb=5f9ae5738372aaa3a6be2f0a278933563d3f191a;hpb=b016f111233e840da8879b1fe933b72aa8ac625f diff --git a/cgi.c b/cgi.c index 02665d8..13a0bc4 100644 --- a/cgi.c +++ b/cgi.c @@ -1,22 +1,23 @@ /* * uhttpd - Tiny single-threaded httpd * - * Copyright (C) 2010-2012 Jo-Philipp Wich - * Copyright (C) 2012 Felix Fietkau + * Copyright (C) 2010-2013 Jo-Philipp Wich + * Copyright (C) 2013 Felix Fietkau * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#define _GNU_SOURCE #include #include "uhttpd.h" @@ -36,14 +37,11 @@ void uh_interpreter_add(const char *ext, const char *path) list_add_tail(&in->list, &interpreters); } -static void cgi_main(struct client *cl, struct path_info *pi, int fd) +static void cgi_main(struct client *cl, struct path_info *pi, char *url) { const struct interpreter *ip = pi->ip; struct env_var *var; - dup2(fd, 0); - dup2(fd, 1); - close(fd); clearenv(); setenv("PATH", conf.cgi_path, 1); @@ -54,30 +52,37 @@ static void cgi_main(struct client *cl, struct path_info *pi, int fd) setenv(var->name, var->value, 1); } - chdir(pi->root); - - if (ip) - execl(ip->path, ip->path, pi->phys, NULL); - else - execl(pi->phys, pi->phys, NULL); + if (!chdir(pi->root)) { + if (ip) + execl(ip->path, ip->path, pi->phys, NULL); + else + execl(pi->phys, pi->phys, NULL); + } printf("Status: 500 Internal Server Error\r\n\r\n" "Unable to launch the requested CGI program:\n" " %s: %s\n", ip ? ip->path : pi->phys, strerror(errno)); } -static void cgi_handle_request(struct client *cl, const char *url, struct path_info *pi) +static void cgi_handle_request(struct client *cl, char *url, struct path_info *pi) { unsigned int mode = S_IFREG | S_IXOTH; + char *escaped_url; if (!pi->ip && !((pi->stat.st_mode & mode) == mode)) { + escaped_url = uh_htmlescape(url); + uh_client_error(cl, 403, "Forbidden", "You don't have permission to access %s on this server.", - url); + escaped_url ? escaped_url : "the url"); + + if (escaped_url) + free(escaped_url); + return; } - if (!uh_create_process(cl, pi, cgi_main)) { + if (!uh_create_process(cl, pi, url, cgi_main)) { uh_client_error(cl, 500, "Internal Server Error", "Failed to create CGI process: %s", strerror(errno)); return; @@ -106,10 +111,15 @@ static bool check_cgi_path(struct path_info *pi, const char *url) } pi->ip = NULL; - return uh_path_match(conf.cgi_prefix, url); + + if (conf.cgi_docroot_path) + return uh_path_match(conf.cgi_docroot_path, pi->phys); + + return false; } struct dispatch_handler cgi_dispatch = { + .script = true, .check_path = check_cgi_path, .handle_request = cgi_handle_request, };