Must really be safe_read(),not full_read()? (was: [PATCH] fix httpd lockup in cgi POSTs)
Paul Albrecht
albrecht at rdi1.com
Mon Feb 12 12:38:16 PST 2007
On Mon, 2007-02-12 at 18:09 +0100, Matthias Reichl wrote:
> On Mon, Feb 12, 2007 at 10:25:09AM -0500, Paul Albrecht wrote:
> > Reverting the code back to using safe_read doesn't work if you don't fix
> > the way the first line is handled because you're not guaranteed a full
> > line with the safe_read.
>
> ACK, you are right.
>
> > An expedient way to fix the problem is to do the full_read, that is,
> > receive all the cgi output before handling the first line.
> >
> > If this is not sufficient then busybox httpd should line buffer standard
> > input so that it always handles the status line correctly.
>
> If I understand the code correctly, it would be sufficient to do
> something like
>
> if (firstline)
> count = full_read(inFd, rbuf, 4);
> /* read 4 bytes so we can check if the line begins with "HTTP" */
> } else {
> count = safe_read(inFd, rbuf, PIPESIZE);
> }
>
Yes, I think that's probably sufficient. The busybox httpd cgi program
interaction is obviously idiosyncratic in that it doesn't parse headers
and expects the cgi program to write the status line if it wants to
return something other than OK status. I think this is usually handled
by using the status header, but I guess I don't really care. As they
say, "When in Rome ..."
:)
> Better yet, do a full line read for the first line or completely
> switch to line buffered input, as you suggested.
>
> so long,
>
> Hias
> _______________________________________________
> busybox mailing list
> busybox at busybox.net
> http://busybox.net/cgi-bin/mailman/listinfo/busybox
More information about the busybox
mailing list