This change replaces the execv in the CGI execution code to bb_execv. A configuration requirement is added to enforce that applets will NOT be executed by bb_execv, as this could cause regular requests to execute unwanted applets instead of regular CGI binaries.
This bb_execv call only serves as a proxy to execv. Signed-off-by: Nadav Tasher <[email protected]> --- networking/httpd.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/networking/httpd.c b/networking/httpd.c index ddcb03bca..115999fd1 100644 --- a/networking/httpd.c +++ b/networking/httpd.c @@ -154,7 +154,7 @@ //config:config FEATURE_HTTPD_CGI //config: bool "Support Common Gateway Interface (CGI)" //config: default y -//config: depends on HTTPD +//config: depends on HTTPD && !FEATURE_PREFER_APPLETS //config: help //config: This option allows scripts and executables to be invoked //config: when specific URLs are requested. @@ -1703,10 +1703,14 @@ static void send_cgi_and_exit( | (1 << SIGHUP) , SIG_DFL); - /* _NOT_ execvp. We do not search PATH. argv[0] is a filename - * without any dir components and will only match a file - * in the current directory */ - execv(argv[0], argv); + /* _NOT_ execvp (or bb_execv). + * We do not search PATH, or prefer applet executions. + * argv[0] is a filename without any dir components and will + * only match a file in the current directory. + * This feature depends on FEATURE_FORCE_APPLETS being disabled, + * since FEATURE_FORCE_APPLETS forbids external binary executions. + * bb_execv is used as a proxy to execv. */ + bb_execv(argv[0], argv); if (verbose) bb_perror_msg("can't execute '%s'", argv[0]); error_execing_cgi: -- 2.43.0 _______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
