Bug 601

Summary: httpd fails to interpret index.php when referred to via http://ip
Product: Busybox Reporter: Michael Iedema <michael>
Component: NetworkingAssignee: unassigned
Status: RESOLVED FIXED    
Severity: normal CC: busybox-cvs
Priority: P5    
Version: 1.14.x   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Host: T2 Custom Distribution Target: x86
Build: 1.14.3
Attachments: Fix

Description Michael Iedema 2009-09-07 15:24:02 UTC 
I may have found a bug in Busybox 1.14.3 involving index.php pages. The httpd process tries to send me an unprocessed php file when I access the server via http://ip/ (no index.php). If, however, I access it via http://ip/index.php, things work fine.

My httpd.conf is here:
http://pastebin.ca/1557112

Index.php is here:
https://wush.net/trac/askozia/browser/trunk/package/overlays/pbx/rootfs/usr/www/index.php

Busybox.conf is here:
http://pastebin.ca/1557217

Wireshark trace '/':
http://pastebin.ca/1557234

Wireshark trace '/index.php':
http://pastebin.ca/1557237


The index.php file is not interpreted and is simply sent as a file to the client. The source of httpd.c seems to point to an unmatched condition near line 2139. Currently, a cgi-bin/index.cgi file is checked for and executed if present. However, I believe this bit should also check for an index.php and pass it to the interpreter.

I'm not sure how I can implement this as I'm still familiarizing myself with the use and purpose of urlp and tptr. Perhaps since this index_page string overrites urlp on line 2123 simply executing the conditional interpreter bits between 2104 and 2116 is enough?

Any feedback is greatly appreciated. If any additional information is needed I'll gladly provide it. Sorry I couldn't post up a patch right away!
Comment 1 Denys Vlasenko 2009-09-08 19:05:48 UTC 
Created attachment 643 [details]
Fix

Please try attached patch
Comment 2 Michael Iedema 2009-09-09 09:53:01 UTC 
(In reply to comment #1)
> Created an attachment (id=643) [details]
> Fix
> 
> Please try attached patch
> 

Tested:
 - / access (now working)
 - /index.php access (still working)
 - cgi binaries (still working)
 - accessing cgi-bin/ directly (still forbidden)

Working nicely! Thank you very much for your time looking at this.
Comment 3 Michael Iedema 2009-09-09 11:09:14 UTC 
I just noticed that POSTs now fail with a "501 not implemented."

Sorry this was not in my original testing...
Comment 4 Denys Vlasenko 2009-09-09 20:30:42 UTC 
Yeah, I noticed that it _maybe_ will do it, and reworked the fix a bit.
Now it is in "hotfix" directory:

http://busybox.net/downloads/fixes-1.15.0/busybox-1.15.0-httpd.patch

I did a simple POST upload test and it worked.

Please let me know if it still doesnt work for you.
Comment 5 Michael Iedema 2009-09-10 11:49:25 UTC 
(In reply to comment #4)
> Yeah, I noticed that it _maybe_ will do it, and reworked the fix a bit.
> Now it is in "hotfix" directory:
> 
> http://busybox.net/downloads/fixes-1.15.0/busybox-1.15.0-httpd.patch
> 
> I did a simple POST upload test and it worked.
> 
> Please let me know if it still doesnt work for you.
> 

Working great on all tests. Thanks for your continued quick response.
Comment 6 Denys Vlasenko 2009-09-12 13:57:39 UTC 
Fixed in git, also will be in 1.15.1