Currently cgi-io try to read data after the data ended.
- Adds "-" to whitelist char
- In main_upload is tried to consume the buffer while it's already readed by the while loop before
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=cgi-io
include $(TOPDIR)/rules.mk
PKG_NAME:=cgi-io
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE:=GPL-2.0-or-later
#include "multipart_parser.h"
#include "multipart_parser.h"
enum part {
PART_UNKNOWN,
enum part {
PART_UNKNOWN,
filecopy(void)
{
int len;
filecopy(void)
{
int len;
main_upload(int argc, char *argv[])
{
int rem, len;
main_upload(int argc, char *argv[])
{
int rem, len;
+ bool done = false;
+ char buf[READ_BLOCK];
multipart_parser *p;
p = init_parser();
multipart_parser *p;
p = init_parser();
while ((len = read(0, buf, sizeof(buf))) > 0)
{
while ((len = read(0, buf, sizeof(buf))) > 0)
{
- rem = multipart_parser_execute(p, buf, len);
-
- if (rem < len)
- break;
+ if (!done) {
+ rem = multipart_parser_execute(p, buf, len);
+ done = (rem < len);
+ }
}
multipart_parser_free(p);
}
multipart_parser_free(p);
- /* read remaining post data */
- while ((len = read(0, buf, sizeof(buf))) > 0);
-
{
char *fields[] = { "sessionid", NULL, "path", NULL, "filename", NULL, "mimetype", NULL };
unsigned long long size = 0;
{
char *fields[] = { "sessionid", NULL, "path", NULL, "filename", NULL, "mimetype", NULL };
unsigned long long size = 0;
+ char *p, buf[READ_BLOCK];
ssize_t len = 0;
struct stat s;
int rfd;
ssize_t len = 0;
struct stat s;
int rfd;
return failure(403, 0, "Requested path is not a regular file or block device");
for (p = fields[5]; p && *p; p++)
return failure(403, 0, "Requested path is not a regular file or block device");
for (p = fields[5]; p && *p; p++)
- if (!isalnum(*p) && !strchr(" ()<>@,;:[]?.=%", *p))
+ if (!isalnum(*p) && !strchr(" ()<>@,;:[]?.=%-", *p))
return failure(400, 0, "Invalid characters in filename");
for (p = fields[7]; p && *p; p++)
return failure(400, 0, "Invalid characters in filename");
for (p = fields[7]; p && *p; p++)
- len = splice(fds[0], NULL, 1, NULL, 4096, SPLICE_F_MORE);
+ len = splice(fds[0], NULL, 1, NULL, READ_BLOCK, SPLICE_F_MORE);
} while (len > 0);
waitpid(pid, &status, 0);
} while (len > 0);
waitpid(pid, &status, 0);