tls: format and send CLIENT_KEY_EXCHANGE

[oweals/busybox.git] / networking / httpd_indexcgi.c

diff --git a/networking/httpd_indexcgi.c b/networking/httpd_indexcgi.c
index 2605ad1bcb5e5064118e9bc15eefc661489076c3..562cd7fbef495b0102763bf032cb5134833937b4 100644 (file)
--- a/networking/httpd_indexcgi.c
+++ b/networking/httpd_indexcgi.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (c) 2007 Denys Vlasenko <vda.linux@googlemail.com>
  *
- * Licensed under GPLv2, see file LICENSE in this tarball for details.
+ * Licensed under GPLv2, see file LICENSE in this source tree.
  */
 
 /*
@@ -35,6 +35,7 @@ httpd_indexcgi.c -o index.cgi
  *   2576       4    2048    4628    1214 index.cgi.o
  */
 
+#define _GNU_SOURCE 1  /* for strchrnul */
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <errno.h>
@@ -149,7 +150,7 @@ static void fmt_url(/*char *dst,*/ const char *name)
                guarantee(3);
                *dst = c;
                if ((c - '0') > 9 /* not a digit */
-                && ((c|0x20) - 'a') > 26 /* not A-Z or a-z */
+                && ((c|0x20) - 'a') > ('z' - 'a') /* not A-Z or a-z */
                 && !strchr("._-+@", c)
                ) {
                        *dst++ = '%';
@@ -221,20 +222,25 @@ int main(int argc, char *argv[])
        unsigned long long size_total;
        int odd;
        DIR *dirp;
-       char *QUERY_STRING;
-
-       QUERY_STRING = getenv("QUERY_STRING");
-       if (!QUERY_STRING
-        || QUERY_STRING[0] != '/'
-        || strstr(QUERY_STRING, "//")
-        || strstr(QUERY_STRING, "/../")
-        || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0
+       char *location;
+
+       location = getenv("REQUEST_URI");
+       if (!location)
+               return 1;
+
+       /* drop URL arguments if any */
+       strchrnul(location, '?')[0] = '\0';
+
+       if (location[0] != '/'
+        || strstr(location, "//")
+        || strstr(location, "/../")
+        || strcmp(strrchr(location, '/'), "/..") == 0
        ) {
                return 1;
        }
 
        if (chdir("..")
-        || (QUERY_STRING[1] && chdir(QUERY_STRING + 1))
+        || (location[1] && chdir(location + 1))
        ) {
                return 1;
        }
@@ -271,14 +277,14 @@ int main(int argc, char *argv[])
                "\r\n" /* Mandatory empty line after headers */
                "<html><head><title>Index of ");
        /* Guard against directories with &, > etc */
-       fmt_html(QUERY_STRING);
+       fmt_html(location);
        fmt_str(
                "</title>\n"
                STYLE_STR
                "</head>" "\n"
                "<body>" "\n"
                "<h1>Index of ");
-       fmt_html(QUERY_STRING);
+       fmt_html(location);
        fmt_str(
                "</h1>" "\n"
                "<table>" "\n"
@@ -291,7 +297,7 @@ int main(int argc, char *argv[])
        size_total = 0;
        cdir = dir_list;
        while (dir_list_count--) {
-               struct tm *tm;
+               struct tm *ptm;
 
                if (S_ISDIR(cdir->dl_mode)) {
                        count_dirs++;
@@ -315,13 +321,13 @@ int main(int argc, char *argv[])
                if (S_ISREG(cdir->dl_mode))
                        fmt_ull(cdir->dl_size);
                fmt_str("<td class=dt>");
-               tm = gmtime(&cdir->dl_mtime);
-               fmt_04u(1900 + tm->tm_year); *dst++ = '-';
-               fmt_02u(tm->tm_mon + 1); *dst++ = '-';
-               fmt_02u(tm->tm_mday); *dst++ = ' ';
-               fmt_02u(tm->tm_hour); *dst++ = ':';
-               fmt_02u(tm->tm_min); *dst++ = ':';
-               fmt_02u(tm->tm_sec);
+               ptm = gmtime(&cdir->dl_mtime);
+               fmt_04u(1900 + ptm->tm_year); *dst++ = '-';
+               fmt_02u(ptm->tm_mon + 1); *dst++ = '-';
+               fmt_02u(ptm->tm_mday); *dst++ = ' ';
+               fmt_02u(ptm->tm_hour); *dst++ = ':';
+               fmt_02u(ptm->tm_min); *dst++ = ':';
+               fmt_02u(ptm->tm_sec);
                *dst++ = '\n';
 
                odd = 1 - odd;