package/busybox/patches/460-httpd_cgi_bin.patch

   1 Index: busybox-1.4.2/networking/httpd.c
   2 ===================================================================
   3 --- busybox-1.4.2.orig/networking/httpd.c       2007-06-21 18:12:06.791080496 +0200
   4 +++ busybox-1.4.2/networking/httpd.c    2007-06-21 18:14:48.914434000 +0200
   5 @@ -1715,8 +1715,8 @@
   6                 test = url + 1;      /* skip first '/' */
   7
   8  #if ENABLE_FEATURE_HTTPD_CGI
   9 -               if (strncmp(test, "cgi-bin", 7) == 0) {
  10 -                       if (test[7] == '/' && test[8] == 0)
  11 +               if (strncmp(test, "cgi-bin/", 8) == 0) {
  12 +                       if (test[8] == 0)
  13                                 goto FORBIDDEN;     /* protect listing cgi-bin/ */
  14                         sendCgi(url, prequest, length, cookie, content_type);
  15                         break;