annotate src/c/cgi.c @ 1078:b9321bcefb42

Fix new Especialize security bug: do not duplicate free variables as specialized arguments
author Adam Chlipala <adamc@hcoop.net>
date Tue, 15 Dec 2009 13:20:13 -0500
parents 305bc0a431de
children db52c32dbe42
rev   line source
adamc@856 1 #include <stdio.h>
adamc@856 2 #include <ctype.h>
adamc@856 3 #include <string.h>
adamc@856 4 #include <stdlib.h>
adamc@856 5 #include <unistd.h>
adamc@856 6 #include <stdarg.h>
adamc@856 7
adamc@856 8 #include "request.h"
adamc@856 9
adamc@856 10 static char *uppercased;
adamc@856 11 static size_t uppercased_len;
adamc@856 12
adamc@856 13 static char *get_header(void *data, const char *h) {
adamc@856 14 size_t len = strlen(h);
adamc@856 15 char *s, *r;
adamc@856 16 const char *saved_h = h;
adamc@856 17
adamc@856 18 if (len > uppercased_len) {
adamc@856 19 uppercased_len = len;
adamc@856 20 uppercased = realloc(uppercased, len + 6);
adamc@856 21 }
adamc@856 22
adamc@856 23 strcpy(uppercased, "HTTP_");
adamc@856 24 for (s = uppercased+5; *h; ++h)
adamc@856 25 *s++ = *h == '-' ? '_' : toupper(*h);
adamc@856 26 *s = 0;
adamc@856 27
adamc@856 28 if (r = getenv(uppercased))
adamc@856 29 return r;
adamc@856 30 else if (!strcasecmp(saved_h, "Content-length")
adamc@856 31 || !strcasecmp(saved_h, "Content-type"))
adamc@856 32 return getenv(uppercased + 5);
adamc@856 33 else
adamc@856 34 return NULL;
adamc@856 35 }
adamc@856 36
adamc@856 37 static void on_success(uw_context ctx) { }
adamc@856 38
adamc@856 39 static void on_failure(uw_context ctx) {
adamc@856 40 uw_write_header(ctx, "Status: 500 Internal Server Error\r\n");
adamc@856 41 }
adamc@856 42
adamc@856 43 static void log_error(void *data, const char *fmt, ...) {
adamc@856 44 va_list ap;
adamc@856 45 va_start(ap, fmt);
adamc@856 46
adamc@856 47 vfprintf(stderr, fmt, ap);
adamc@856 48 }
adamc@856 49
adamc@856 50 static void log_debug(void *data, const char *fmt, ...) {
adamc@856 51 }
adamc@856 52
adamc@856 53 int main(int argc, char *argv[]) {
adamc@856 54 uw_context ctx = uw_request_new_context(NULL, log_error, log_debug);
adamc@856 55 uw_request_context rc = uw_new_request_context();
adamc@856 56 request_result rr;
adamc@856 57 char *method = getenv("REQUEST_METHOD"),
adamc@856 58 *path = getenv("SCRIPT_NAME"), *path_info = getenv("PATH_INFO"),
adamc@856 59 *query_string = getenv("QUERY_STRING");
adamc@856 60 char *body = malloc(1);
adamc@856 61 ssize_t body_len = 1, body_pos = 0, res;
adamc@856 62
adamc@856 63 uppercased = malloc(6);
adamc@856 64
adamc@856 65 if (!method) {
adamc@856 66 log_error(NULL, "REQUEST_METHOD not set\n");
adamc@856 67 exit(1);
adamc@856 68 }
adamc@856 69
adamc@856 70 if (!path) {
adamc@856 71 log_error(NULL, "SCRIPT_NAME not set\n");
adamc@856 72 exit(1);
adamc@856 73 }
adamc@856 74
adamc@856 75 if (path_info) {
adamc@856 76 char *new_path = malloc(strlen(path) + strlen(path_info) + 1);
adamc@856 77 sprintf(new_path, "%s%s", path, path_info);
adamc@856 78 path = new_path;
adamc@856 79 }
adamc@856 80
adamc@856 81 if (!query_string)
adamc@856 82 query_string = "";
adamc@856 83
adamc@856 84 while ((res = read(0, body + body_pos, body_len - body_pos)) > 0) {
adamc@856 85 body_pos += res;
adamc@856 86
adamc@856 87 if (body_pos == body_len) {
adamc@856 88 body_len *= 2;
adamc@856 89 body = realloc(body, body_len);
adamc@856 90 }
adamc@856 91 }
adamc@856 92
adamc@856 93 if (res < 0) {
adamc@856 94 log_error(NULL, "Error reading stdin\n");
adamc@856 95 exit(1);
adamc@856 96 }
adamc@856 97
adamc@856 98 uw_set_on_success("");
adamc@856 99 uw_set_headers(ctx, get_header, NULL);
adamc@856 100 uw_request_init(NULL, log_error, log_debug);
adamc@856 101
adamc@856 102 body[body_pos] = 0;
adamc@856 103 rr = uw_request(rc, ctx, method, path, query_string, body, body_pos,
adamc@856 104 on_success, on_failure,
adamc@856 105 NULL, log_error, log_debug,
adamc@863 106 -1, NULL, NULL);
adamc@856 107 uw_print(ctx, 1);
adamc@856 108
adamc@856 109 if (rr == SERVED)
adamc@856 110 return 0;
adamc@856 111 else
adamc@856 112 return 1;
adamc@856 113 }