| Age | Commit message (Collapse) | Author |
|---|
|
When we're starting a deferred request, the related input ustream might
have gone into read_blocked mode because incoming client request data
exhausted the ustreams internal buffer space. When this happens, edge
triggered uloop read events are "lost" and never re-triggered causing
the script input to never complete.
In order to avoid that deadlock situation, manually poke the input
ustream using ustream_poll() after invoking client_poll_post_data()
which should have drained (some) of the buffered input ustream contents.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Fixes: 77b774b ("build: avoid redefining _DEFAULT_SOURCE")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Work around further glibc toolchain annoyances.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Add _DEFAULT_SOURCE FTM in order to avoid warnings with recent glibc.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Escape untrusted input like the request URL or filesystem paths in HTML
outputs such as the directory listing or 404 error messages.
This fixes certain XSS vulnerabilities which can be leveraged to further
exploit the system.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Instead of storing a pointer to the beginning of the query string within the
request url, store a copy in a static buffer instead. This aligns handling
the query string portion of the url with other elements like physical path
or path info information.
Since the URL is usually kept in the per-client blob buffer which might
change its memory location due to reallocations triggered by blobmsg_add_*,
it is not safe to point to it early in the request life cycle.
This fixes invalid memory access usually manifesting itself as corrupted
query string data in CGI scripts.
Reported-by: P. Wassi <p.wassi@gmx.at>
Suggested-by: Felix Fietkau <nbd@nbd.name>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Previous refactoring of the basic auth handling code broke the logic in
such a way that basic auth was only performed if a client sent an
Authorization header in its request, but it was never prompted for by
the server.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
Store the parsed username and password information as HTTP headers in the
clients header blob buffer for later use by proc.c
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
This allows the request handler to add extra headers to the response
even in the redirect case.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
transfer
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
In a json_script file you can specify rules for rewriting the URL or
redirecting the browser either unconditionally, or as a fallback where
it would otherwise print a 404 error
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
the path compare return code was not honoured properly
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
this allows an alias entry inside the root folder point at a cgi-bin script
-y foo=bar will redirect /foo to /cgi-bin/bar
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
The two commits
5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291
"allow request handlers to disable chunked reponses"
and
618493e378e2239f0d30902e47adfa134e649fdc
"file: disable chunked encoding for file responses"
broke the chunked transfer encoding handling for proc responses in keep-alive
connections that followed a file response with http status 204 or 304.
The effect of this bug is that cgi responses following a 204 or 304 one where
sent neither in chunked encoding nor with a content-length header, causing
browsers to stall until the keep alive timeout was reached.
Fix the logic flaw by inverting the chunk prevention flag in the client state
and by testing the chunked encoding preconditions every time instead of
once upon client (re-)initialization.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Andrej Krpic <ak77@tnode.com>
|
|
Fixes https://dev.openwrt.org/ticket/20458
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
scandir() call requires free() of each returned dirent structure
and parent list. Code constructing HTML response of directory
listing is missing a call to free in some cases.
Signed-off-by: Andrej Krpic <ak77@tnode.com>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
calls to 3, maximum number of connections to 100
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
|
|
|
|
|
|
request anyway
|
|
|
|
directories before files ahead of time)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
