/* the line is not recognized */
config_error:
bb_error_msg("config error '%s' in '%s'", buf, filename);
- } /* while (fgets) */
+ } /* while (fgets) */
- fclose(f);
+ fclose(f);
}
#if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR
if (script != url) { /* paranoia */
*script = '\0';
if (chdir(url + 1) != 0) {
- bb_perror_msg("chdir(%s)", url + 1);
+ bb_perror_msg("can't change directory to '%s'", url + 1);
goto error_execing_cgi;
}
// not needed: *script = '/';
}
range_len = MAXINT(off_t);
if (range_start >= 0) {
- if (!range_end) {
+ if (!range_end || range_end > file_size - 1) {
range_end = file_size - 1;
}
if (range_end < range_start
#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
-# if ENABLE_FEATURE_HTTPD_AUTH_MD5 && ENABLE_PAM
+# if ENABLE_PAM
struct pam_userinfo {
const char *name;
const char *pw;
case PAM_PROMPT_ECHO_OFF:
s = userinfo->pw;
break;
- case PAM_ERROR_MSG:
- case PAM_TEXT_INFO:
- s = "";
+ case PAM_ERROR_MSG:
+ case PAM_TEXT_INFO:
+ s = "";
break;
default:
free(response);
if (passwd[0] == '$' && isdigit(passwd[1])) {
char *encrypted;
+# if !ENABLE_PAM
check_encrypted:
+# endif
/* encrypt pwd from peer and check match with local one */
encrypted = pw_encrypt(
/* pwd (from peer): */ colon_after_user + 1,
send_headers_and_exit(HTTP_BAD_REQUEST);
/* Determine type of request (GET/POST) */
- urlp = strpbrk(iobuf, " \t");
+ // rfc2616: method and URI is separated by exactly one space
+ //urlp = strpbrk(iobuf, " \t"); - no, tab isn't allowed
+ urlp = strchr(iobuf, ' ');
if (urlp == NULL)
send_headers_and_exit(HTTP_BAD_REQUEST);
*urlp++ = '\0';
if (strcasecmp(iobuf, request_GET) != 0)
send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
#endif
- urlp = skip_whitespace(urlp);
+ // rfc2616: method and URI is separated by exactly one space
+ //urlp = skip_whitespace(urlp); - should not be necessary
if (urlp[0] != '/')
send_headers_and_exit(HTTP_BAD_REQUEST);
projects / oweals / busybox.git / blobdiff