Fossil SCM

Improved robustness in CGI variable parsing.

drh 2022-02-13 19:14 cgi-compliance

Commit b8973500074aafd8b21cc13e2937f09a900c8882548ea63a7dea3f3045834093

Parent fd1c9b090ac53c3…

1 file changed +15 -20

M src/cgi.c

+15 -20

		--- src/cgi.c
		+++ src/cgi.c
		@@ -1196,18 +1196,20 @@
1196	1196	** SCGI typically omits PATH_INFO. CGI sometimes omits REQUEST_URI and
1197	1197	** PATH_INFO when it is empty.
1198	1198	**
1199	1199	** CGI Parameter quick reference:
1200	1200	**
1201		-** REQUEST_URI
1202		-** _____________\|________________
1203		-** / \
1204		-** https://www.fossil-scm.org/forum/info/12736b30c072551a?t=c
1205		-** \________________/\____/\____________________/ \_/
1206		-** \| \| \| \|
1207		-** HTTP_HOST \| PATH_INFO QUERY_STRING
1208		-** SCRIPT_NAME
	1201	+** REQUEST_URI
	1202	+** _____________\|________________
	1203	+** / \
	1204	+** https://fossil-scm.org/forum/info/12736b30c072551a?t=c
	1205	+** \___/ \____________/\____/\____________________/ \_/
	1206	+** \| \| \| \| \|
	1207	+** \| HTTP_HOST \| PATH_INFO QUERY_STRING
	1208	+** \| \|
	1209	+** REQUEST_SCHEMA SCRIPT_NAME
	1210	+**
1209	1211	*/
1210	1212	void cgi_init(void){
1211	1213	char *z;
1212	1214	const char *zType;
1213	1215	char *zSemi;
		@@ -1226,25 +1228,18 @@
1226	1228	cgi_destination(CGI_BODY);
1227	1229
1228	1230	/* We must have SCRIPT_NAME. If the web server did not supply it, try
1229	1231	** to compute it from REQUEST_URI and PATH_INFO. */
1230	1232	if( zScriptName==0 ){
1231		- size_t nRU, nPI;
1232	1233	if( zRequestUri==0 \|\| zPathInfo==0 ){
1233	1234	malformed_request("missing SCRIPT_NAME"); /* Does not return */
1234	1235	}
1235		- z = strchr(zRequestUri,'?');
1236		- if( z ){
1237		- nRU = (int)(z - zRequestUri);
1238		- }else{
1239		- nRU = strlen(zRequestUri);
1240		- }
1241		- nPI = strlen(zPathInfo);
1242		- if( nRU<nPI ){
1243		- malformed_request("PATH_INFO is longer than REQUEST_URI");
1244		- }
1245		- zScriptName = fossil_strndup(zRequestUri,(int)(nRU-nPI));
	1236	+ z = strstr(zRequestUri,zPathInfo);
	1237	+ if( z==0 ){
	1238	+ malformed_request("PATH_INFO not found in REQUEST_URI");
	1239	+ }
	1240	+ zScriptName = fossil_strndup(zRequestUri,(int)(z-zRequestUri));
1246	1241	cgi_set_parameter("SCRIPT_NAME", zScriptName);
1247	1242	}
1248	1243
1249	1244	#ifdef _WIN32
1250	1245	/* The Microsoft IIS web server does not define REQUEST_URI, instead it uses
1251	1246

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1196,18 +1196,20 @@
1196	** SCGI typically omits PATH_INFO. CGI sometimes omits REQUEST_URI and
1197	** PATH_INFO when it is empty.
1198	**
1199	** CGI Parameter quick reference:
1200	**
1201	** REQUEST_URI
1202	** _____________\|________________
1203	** / \
1204	** https://www.fossil-scm.org/forum/info/12736b30c072551a?t=c
1205	** \________________/\____/\____________________/ \_/
1206	** \| \| \| \|
1207	** HTTP_HOST \| PATH_INFO QUERY_STRING
1208	** SCRIPT_NAME


1209	*/
1210	void cgi_init(void){
1211	char *z;
1212	const char *zType;
1213	char *zSemi;
	@@ -1226,25 +1228,18 @@
1226	cgi_destination(CGI_BODY);
1227
1228	/* We must have SCRIPT_NAME. If the web server did not supply it, try
1229	** to compute it from REQUEST_URI and PATH_INFO. */
1230	if( zScriptName==0 ){
1231	size_t nRU, nPI;
1232	if( zRequestUri==0 \|\| zPathInfo==0 ){
1233	malformed_request("missing SCRIPT_NAME"); /* Does not return */
1234	}
1235	z = strchr(zRequestUri,'?');
1236	if( z ){
1237	nRU = (int)(z - zRequestUri);
1238	}else{
1239	nRU = strlen(zRequestUri);
1240	}
1241	nPI = strlen(zPathInfo);
1242	if( nRU<nPI ){
1243	malformed_request("PATH_INFO is longer than REQUEST_URI");
1244	}
1245	zScriptName = fossil_strndup(zRequestUri,(int)(nRU-nPI));
1246	cgi_set_parameter("SCRIPT_NAME", zScriptName);
1247	}
1248
1249	#ifdef _WIN32
1250	/* The Microsoft IIS web server does not define REQUEST_URI, instead it uses
1251

	--- src/cgi.c
	+++ src/cgi.c
	@@ -1196,18 +1196,20 @@
1196	** SCGI typically omits PATH_INFO. CGI sometimes omits REQUEST_URI and
1197	** PATH_INFO when it is empty.
1198	**
1199	** CGI Parameter quick reference:
1200	**
1201	** REQUEST_URI
1202	** _____________\|________________
1203	** / \
1204	** https://fossil-scm.org/forum/info/12736b30c072551a?t=c
1205	** \___/ \____________/\____/\____________________/ \_/
1206	** \| \| \| \| \|
1207	** \| HTTP_HOST \| PATH_INFO QUERY_STRING
1208	** \| \|
1209	** REQUEST_SCHEMA SCRIPT_NAME
1210	**
1211	*/
1212	void cgi_init(void){
1213	char *z;
1214	const char *zType;
1215	char *zSemi;
	@@ -1226,25 +1228,18 @@
1228	cgi_destination(CGI_BODY);
1229
1230	/* We must have SCRIPT_NAME. If the web server did not supply it, try
1231	** to compute it from REQUEST_URI and PATH_INFO. */
1232	if( zScriptName==0 ){

1233	if( zRequestUri==0 \|\| zPathInfo==0 ){
1234	malformed_request("missing SCRIPT_NAME"); /* Does not return */
1235	}
1236	z = strstr(zRequestUri,zPathInfo);
1237	if( z==0 ){
1238	malformed_request("PATH_INFO not found in REQUEST_URI");
1239	}
1240	zScriptName = fossil_strndup(zRequestUri,(int)(z-zRequestUri));






1241	cgi_set_parameter("SCRIPT_NAME", zScriptName);
1242	}
1243
1244	#ifdef _WIN32
1245	/* The Microsoft IIS web server does not define REQUEST_URI, instead it uses
1246

Fossil SCM

Keyboard Shortcuts