[LEDE-DEV] uhttpd problems with env variable in cgi

Felix Fietkau nbd at nbd.name
Tue Oct 24 06:15:38 PDT 2017 

On 2017-10-22 14:19, p.wassi at gmx.at wrote:
> Hi Karl,
>  
>> There's really been very few commits to uhttpd, it shouldn't be
>> hard to bisect to the specific one that causes this.
> 
> Ok, I tracked it down to 88c0b4b6d00152c54a0f1367ae839c71547281e1 commited
> by Jo-Philipp. Before that commit, everything is fine to me.
> However, IMHO this commit is totaly unrelated to what my problems are, so I
> investigated further (in the meantime also on brmc47xx).
> 
> I've traced it up to uh_create_process() in proc.c where it forks a new process.
> When entering the uh_create_process(), everything is still fine (i.e. pi->query is still
> holding the correct value).
> However, after doing blob_buf_init(&proc->hdr, 0); the value of pi->query is gone.
> So neither the parent nor the child process have the value then.
> If the QUERY_STRING is long enough (>= 8 chars), it will survive blob_buf_init().
> Interesting to me: when using another user/pswd, that border is at >= 16 chars.
> Anyway, I've landed at libubox - is this a libubox issue, is the blob_buf_init
> not used as intended, or am I foolish when interpreting pi's member variables
> after doing blob_buf_init?
Previous blob_buf contents should not be used after blob_buf_init, so 
it's not a libubox bug. Please try this patch:

diff --git a/file.c b/file.c
index a1775f5..b3702c8 100644
--- a/file.c
+++ b/file.c
@@ -132,6 +132,7 @@ uh_path_lookup(struct client *cl, const char *url)
 {
 	static char path_phys[PATH_MAX];
 	static char path_info[PATH_MAX];
+	static char path_query[PATH_MAX];
 	static struct path_info p;
 
 	const char *docroot = conf.docroot;
@@ -156,7 +157,11 @@ uh_path_lookup(struct client *cl, const char *url)
 
 	/* separate query string from url */
 	if ((pathptr = strchr(url, '?')) != NULL) {
-		p.query = pathptr[1] ? pathptr + 1 : NULL;
+		if (pathptr[1]) {
+			p.query = path_query;
+			snprintf(path_query, sizeof(path_query), "%s",
+				 pathptr + 1);
+		}
 
 		/* urldecode component w/o query */
 		if (pathptr > url) {

More information about the Lede-dev mailing list