From 472ee5381996a2d32137102ba0fc191e1ae4850f Mon Sep 17 00:00:00 2001
From: Ansuel Smith <ansuelsmth@gmail.com>
Date: Tue, 8 Oct 2019 22:34:11 +0200
Subject: [PATCH] cgi-io: fix read after end errors

Currently cgi-io try to read data after the data ended.
- Adds "-" to whitelist char
- In main_upload is tried to consume the buffer while it's already readed by the while loop before

Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
---
 Makefile   |  2 +-
 src/main.c | 23 +++++++++++------------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/Makefile b/Makefile
index 2113609..6bc906e 100644
--- a/Makefile
+++ b/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=cgi-io
-PKG_RELEASE:=12
+PKG_RELEASE:=13
 
 PKG_LICENSE:=GPL-2.0-or-later
 
diff --git a/src/main.c b/src/main.c
index ca15758..e4d0b21 100644
--- a/src/main.c
+++ b/src/main.c
@@ -37,6 +37,7 @@
 
 #include "multipart_parser.h"
 
+#define READ_BLOCK 4096
 
 enum part {
 	PART_UNKNOWN,
@@ -389,7 +390,7 @@ static int
 filecopy(void)
 {
 	int len;
-	char buf[4096];
+	char buf[READ_BLOCK];
 
 	if (!st.filedata)
 	{
@@ -625,7 +626,8 @@ static int
 main_upload(int argc, char *argv[])
 {
 	int rem, len;
-	char buf[4096];
+	bool done = false;
+	char buf[READ_BLOCK];
 	multipart_parser *p;
 
 	p = init_parser();
@@ -638,17 +640,14 @@ main_upload(int argc, char *argv[])
 
 	while ((len = read(0, buf, sizeof(buf))) > 0)
 	{
-		rem = multipart_parser_execute(p, buf, len);
-
-		if (rem < len)
-			break;
+		if (!done) {
+			rem = multipart_parser_execute(p, buf, len);
+			done = (rem < len);
+		}
 	}
 
 	multipart_parser_free(p);
 
-	/* read remaining post data */
-	while ((len = read(0, buf, sizeof(buf))) > 0);
-
 	return 0;
 }
 
@@ -657,7 +656,7 @@ main_download(int argc, char **argv)
 {
 	char *fields[] = { "sessionid", NULL, "path", NULL, "filename", NULL, "mimetype", NULL };
 	unsigned long long size = 0;
-	char *p, buf[4096];
+	char *p, buf[READ_BLOCK];
 	ssize_t len = 0;
 	struct stat s;
 	int rfd;
@@ -677,7 +676,7 @@ main_download(int argc, char **argv)
 		return failure(403, 0, "Requested path is not a regular file or block device");
 
 	for (p = fields[5]; p && *p; p++)
-		if (!isalnum(*p) && !strchr(" ()<>@,;:[]?.=%", *p))
+		if (!isalnum(*p) && !strchr(" ()<>@,;:[]?.=%-", *p))
 			return failure(400, 0, "Invalid characters in filename");
 
 	for (p = fields[7]; p && *p; p++)
@@ -783,7 +782,7 @@ main_backup(int argc, char **argv)
 		fflush(stdout);
 
 		do {
-			len = splice(fds[0], NULL, 1, NULL, 4096, SPLICE_F_MORE);
+			len = splice(fds[0], NULL, 1, NULL, READ_BLOCK, SPLICE_F_MORE);
 		} while (len > 0);
 
 		waitpid(pid, &status, 0);
-- 
2.30.2