cpq
commented
3 years ago Closing this, as the latest code does not support CGI anymore.
Closed IshAlexander closed 3 years ago
cpq
commented
3 years ago Closing this, as the latest code does not support CGI anymore.
Mongoose doesnt correct form command for proccess creation.
file mongoose.cpp function mg_start_process line 7966
if (interp == NULL && (fp = mg_fopen(cmd, "r")) != NULL) { buf[0] = buf[1] = '\0'; fgets(buf, sizeof(buf), fp); buf[sizeof(buf) - 1] = '\0'; if (buf[0] == '#' && buf[1] == '!') { interp = buf + 2; // Trim leading spaces: https://github.com/cesanta/mongoose/issues/489 while (interp != '\0' && isspace((unsigned char ) interp)) { interp++; } } fclose(fp); }/
snprintf(buf, sizeof(buf), "%s/%s", dir, cmd);
the same buffer buf for interp and snprintf.
We neen another buffer for interp, and check for control char at the end.
I have rewrite this part of programm:
char buf_int[MAX_PATH_SIZE]; if (interp == NULL && (fp = mg_fopen(cmd, "r")) != NULL) { buf_int[0] = buf_int[1] = '\0'; fgets(buf_int, sizeof(buf_int), fp); buf_int[sizeof(buf_int) - 1] = '\0'; if (buf_int[0] == '#' && buf_int[1] == '!') { interp = buf_int + 2; / Trim leading spaces: https://github.com/cesanta/mongoose/issues/489 / while (interp != '\0' && isspace((unsigned char ) interp)) { interp++; } char trim_end=(char)interp; while (trim_end!='\0') { if (iscntrl((unsigned char )trim_end)) { *trim_end='\0'; break; } ++trim_end; } } fclose(fp); }
Best regards