Deal with unsupported methods sent to the CGI pages by discarding any data following...

author Fabian Keil <fk@fabiankeil.de>

Sun, 21 Oct 2012 12:54:15 +0000 (12:54 +0000)

committer Fabian Keil <fk@fabiankeil.de>

Sun, 21 Oct 2012 12:54:15 +0000 (12:54 +0000)
author Fabian Keil <fk@fabiankeil.de>
Sun, 21 Oct 2012 12:54:15 +0000 (12:54 +0000)
committer Fabian Keil <fk@fabiankeil.de>
Sun, 21 Oct 2012 12:54:15 +0000 (12:54 +0000)
diff --git a/cgi.c b/cgi.c

index d39e4a0..9e1e8e4 100644 (file)
--- a/cgi.c
+++ b/cgi.c
@@ -1,4 +1,4 @@
-const char cgi_rcs[] = "$Id: cgi.c,v 1.154 2012/07/23 12:42:53 fabiankeil Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.155 2012/09/18 18:29:55 fabiankeil Exp $";
  /*********************************************************************
   *
   * File        :  $Source: /cvsroot/ijbswa/current/cgi.c,v $
  /*********************************************************************
   *
   * File        :  $Source: /cvsroot/ijbswa/current/cgi.c,v $
@@ -346,6 +346,21 @@ struct http_response *dispatch_cgi(struct client_state *csp)
        return NULL;
     }
  
        return NULL;
     }
  
+   if (strcmpic(csp->http->gpc, "GET")
+    && strcmpic(csp->http->gpc, "HEAD"))
+   {
+      log_error(LOG_LEVEL_ERROR,
+         "CGI request with unsupported method received: %s", csp->http->gpc);
+      /*
+       * The CGI pages currently only support GET and HEAD requests.
+       *
+       * If the client used a different method, ditch any data following
+       * the current headers to reduce the likelihood of parse errors
+       * with the following request.
+       */
+      csp->client_iob->eod = csp->client_iob->cur;
+   }
+
     /*
      * This is a CGI call.
      */
     /*
      * This is a CGI call.
      */
author	Fabian Keil <fk@fabiankeil.de>
	Sun, 21 Oct 2012 12:54:15 +0000 (12:54 +0000)
committer	Fabian Keil <fk@fabiankeil.de>
	Sun, 21 Oct 2012 12:54:15 +0000 (12:54 +0000)