diff options
author | Eric Sauvageau <rmerl@lostrealm.ca> | 2018-01-22 22:25:41 +0300 |
---|---|---|
committer | Eric Sauvageau <rmerl@lostrealm.ca> | 2018-01-22 22:29:07 +0300 |
commit | e38bab2662f8ae58610be33ce8d823a4dc42efce (patch) | |
tree | b7a7ce77f91c685b6bc3e1ef2483627e39d9f723 /release | |
parent | b828c0916f141044dfb9ca2a027e61c9867733c1 (diff) |
httpd: backport handle_request() security fixes from 384_10007
Diffstat (limited to 'release')
-rw-r--r-- | release/src/router/httpd/httpd.c | 27 |
1 files changed, 10 insertions, 17 deletions
diff --git a/release/src/router/httpd/httpd.c b/release/src/router/httpd/httpd.c index df0aa67352..8c71a628e4 100644 --- a/release/src/router/httpd/httpd.c +++ b/release/src/router/httpd/httpd.c @@ -1238,11 +1238,9 @@ handle_request(void) nvram_set_int("httpd_handle_request_fromapp", fromapp); if(login_state==3 && !fromapp) { // few pages can be shown even someone else login if(!(mime_exception&MIME_EXCEPTION_MAINPAGE || (strncmp(file, "Main_Login.asp", 14)==0 && login_error_status == 9) || ((!handler->auth) && strncmp(file, "Main_Login.asp", 14) != 0))) { - if(strcasecmp(method, "post") == 0){ - if (handler->input) { - handler->input(file, conn_fp, cl, boundary); - } - } + if(strcasecmp(method, "post") == 0 && handler->input) //response post request + while (cl--) (void)fgetc(conn_fp); + send_login_page(fromapp, NOLOGIN, NULL, NULL, 0); return; } @@ -1257,11 +1255,9 @@ handle_request(void) if(do_referer&CHECK_REFERER){ referer_result = referer_check(referer, fromapp); if(referer_result != 0){ - if(strcasecmp(method, "post") == 0){ - if (handler->input) { - handler->input(file, conn_fp, cl, boundary); - } - } + if(strcasecmp(method, "post") == 0 && handler->input) //response post request + while (cl--) (void)fgetc(conn_fp); + send_login_page(fromapp, referer_result, NULL, NULL, 0); //if(!fromapp) http_logout(login_ip_tmp, cookies); return; @@ -1271,13 +1267,10 @@ handle_request(void) auth_result = auth_check(auth_realm, authorization, url, file, cookies, fromapp); if (auth_result != 0) { - if(strcasecmp(method, "post") == 0){ - if (handler->input) { - handler->input(file, conn_fp, cl, boundary); - } - send_login_page(fromapp, auth_result, NULL, NULL, 0); - } - //if(!fromapp) http_logout(login_ip_tmp, cookies); + if(strcasecmp(method, "post") == 0 && handler->input) //response post request + while (cl--) (void)fgetc(conn_fp); + + send_login_page(fromapp, auth_result, NULL, NULL, 0); return; } } |