X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=networking%2Fhttpd.c;h=cef9b8baf8de4c8e3717f2b60497308542b8cd47;hb=3b45801dc6e3484ffb2a86958fce587974842c6b;hp=f233cb0ba8035c095df213418f9b89dba0ff31f8;hpb=8cce1b3ad8c28b5c34c24d79b32b6cebb75ea2f5;p=oweals%2Fbusybox.git

diff --git a/networking/httpd.c b/networking/httpd.c
index f233cb0ba..cef9b8baf 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -796,9 +796,9 @@ static void parse_conf(const char *path, int flag)
 		/* the line is not recognized */
  config_error:
 		bb_error_msg("config error '%s' in '%s'", buf, filename);
-	 } /* while (fgets) */
+	} /* while (fgets) */
 
-	 fclose(f);
+	fclose(f);
 }
 
 #if ENABLE_FEATURE_HTTPD_ENCODE_URL_STR
@@ -1414,7 +1414,7 @@ static void send_cgi_and_exit(
 		if (script != url) { /* paranoia */
 			*script = '\0';
 			if (chdir(url + 1) != 0) {
-				bb_perror_msg("chdir(%s)", url + 1);
+				bb_perror_msg("can't change directory to '%s'", url + 1);
 				goto error_execing_cgi;
 			}
 			// not needed: *script = '/';
@@ -1594,7 +1594,7 @@ static NOINLINE void send_file_and_exit(const char *url, int what)
 	}
 	range_len = MAXINT(off_t);
 	if (range_start >= 0) {
-		if (!range_end) {
+		if (!range_end || range_end > file_size - 1) {
 			range_end = file_size - 1;
 		}
 		if (range_end < range_start
@@ -1676,7 +1676,7 @@ static int checkPermIP(void)
 
 #if ENABLE_FEATURE_HTTPD_BASIC_AUTH
 
-# if ENABLE_FEATURE_HTTPD_AUTH_MD5 && ENABLE_PAM
+# if ENABLE_PAM
 struct pam_userinfo {
 	const char *name;
 	const char *pw;
@@ -1708,9 +1708,9 @@ static int pam_talker(int num_msg,
 		case PAM_PROMPT_ECHO_OFF:
 			s = userinfo->pw;
 			break;
-	        case PAM_ERROR_MSG:
-        	case PAM_TEXT_INFO:
-        		s = "";
+		case PAM_ERROR_MSG:
+		case PAM_TEXT_INFO:
+			s = "";
 			break;
 		default:
 			free(response);
@@ -1842,7 +1842,9 @@ static int check_user_passwd(const char *path, char *user_and_passwd)
 
 			if (passwd[0] == '$' && isdigit(passwd[1])) {
 				char *encrypted;
+# if !ENABLE_PAM
  check_encrypted:
+# endif
 				/* encrypt pwd from peer and check match with local one */
 				encrypted = pw_encrypt(
 					/* pwd (from peer): */  colon_after_user + 1,
@@ -1962,7 +1964,9 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
 		send_headers_and_exit(HTTP_BAD_REQUEST);
 
 	/* Determine type of request (GET/POST) */
-	urlp = strpbrk(iobuf, " \t");
+	// rfc2616: method and URI is separated by exactly one space
+	//urlp = strpbrk(iobuf, " \t"); - no, tab isn't allowed
+	urlp = strchr(iobuf, ' ');
 	if (urlp == NULL)
 		send_headers_and_exit(HTTP_BAD_REQUEST);
 	*urlp++ = '\0';
@@ -1980,7 +1984,8 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
 	if (strcasecmp(iobuf, request_GET) != 0)
 		send_headers_and_exit(HTTP_NOT_IMPLEMENTED);
 #endif
-	urlp = skip_whitespace(urlp);
+	// rfc2616: method and URI is separated by exactly one space
+	//urlp = skip_whitespace(urlp); - should not be necessary
 	if (urlp[0] != '/')
 		send_headers_and_exit(HTTP_BAD_REQUEST);