Skip to content

Commit e38bab2

Browse files
RMerlRMerl
committed
httpd: backport handle_request() security fixes from 384_10007
1 parent b828c09 commit e38bab2

File tree

1 file changed

+10
-17
lines changed

1 file changed

+10
-17
lines changed

release/src/router/httpd/httpd.c

+10-17
Original file line numberDiff line numberDiff line change
@@ -1238,11 +1238,9 @@ handle_request(void)
12381238
nvram_set_int("httpd_handle_request_fromapp", fromapp);
12391239
if(login_state==3 && !fromapp) { // few pages can be shown even someone else login
12401240
if(!(mime_exception&MIME_EXCEPTION_MAINPAGE || (strncmp(file, "Main_Login.asp", 14)==0 && login_error_status == 9) || ((!handler->auth) && strncmp(file, "Main_Login.asp", 14) != 0))) {
1241-
if(strcasecmp(method, "post") == 0){
1242-
if (handler->input) {
1243-
handler->input(file, conn_fp, cl, boundary);
1244-
}
1245-
}
1241+
if(strcasecmp(method, "post") == 0 && handler->input) //response post request
1242+
while (cl--) (void)fgetc(conn_fp);
1243+
12461244
send_login_page(fromapp, NOLOGIN, NULL, NULL, 0);
12471245
return;
12481246
}
@@ -1257,11 +1255,9 @@ handle_request(void)
12571255
if(do_referer&CHECK_REFERER){
12581256
referer_result = referer_check(referer, fromapp);
12591257
if(referer_result != 0){
1260-
if(strcasecmp(method, "post") == 0){
1261-
if (handler->input) {
1262-
handler->input(file, conn_fp, cl, boundary);
1263-
}
1264-
}
1258+
if(strcasecmp(method, "post") == 0 && handler->input) //response post request
1259+
while (cl--) (void)fgetc(conn_fp);
1260+
12651261
send_login_page(fromapp, referer_result, NULL, NULL, 0);
12661262
//if(!fromapp) http_logout(login_ip_tmp, cookies);
12671263
return;
@@ -1271,13 +1267,10 @@ handle_request(void)
12711267
auth_result = auth_check(auth_realm, authorization, url, file, cookies, fromapp);
12721268
if (auth_result != 0)
12731269
{
1274-
if(strcasecmp(method, "post") == 0){
1275-
if (handler->input) {
1276-
handler->input(file, conn_fp, cl, boundary);
1277-
}
1278-
send_login_page(fromapp, auth_result, NULL, NULL, 0);
1279-
}
1280-
//if(!fromapp) http_logout(login_ip_tmp, cookies);
1270+
if(strcasecmp(method, "post") == 0 && handler->input) //response post request
1271+
while (cl--) (void)fgetc(conn_fp);
1272+
1273+
send_login_page(fromapp, auth_result, NULL, NULL, 0);
12811274
return;
12821275
}
12831276
}

0 commit comments

Comments
 (0)