[mod_cgi] status 200 OK if no hdrs (deprecated) (#2786)

set status 200 OK if CGI does not return CGI headers

Note:
This mode in lighttpd is deprecated and may be removed in the next major
release of lighttpd.  CGI scripts should return a proper CGI header in
the response, even if that header is empty and followed by a blank line,
before return response body.

Without a proper CGI response header, the first line(s) of the response
might be incorrectly construed as being CGI response headers, especially
if they contain ':', and response may be corrupted.  That is why this
mode is deprecated (and not supported in numerous other web servers).

The minimal valid CGI response header is "\n", which lighttpd will treat
as equivalent to "Status: 200\n\n"

x-ref:
  "error 500 (mod_cgi.c.601) cgi died"
  https://redmine.lighttpd.net/issues/2786
personal/stbuehler/mod-csrf
Glenn Strauss 6 years ago
parent 1dd5cce3bc
commit 51ff7ac504
  1. 2
      src/mod_cgi.c

@ -509,6 +509,7 @@ static int cgi_demux_response(server *srv, handler_ctx *hctx) {
if (0 != http_chunk_append_buffer(srv, con, hctx->response_header)) {
return FDEVENT_HANDLED_ERROR;
}
if (0 == con->http_status) con->http_status = 200; /* OK */
} else {
const char *bstart;
size_t blen;
@ -853,6 +854,7 @@ static handler_t cgi_handle_fdevent(server *srv, void *ctx, int revents) {
cgi_connection_close(srv, hctx);
return HANDLER_ERROR;
}
if (0 == con->http_status) con->http_status = 200; /* OK */
} else {
# if 0
log_error_write(srv, __FILE__, __LINE__, "sddd", "got HUP from cgi", con->fd, hctx->fd, revents);

Loading…
Cancel
Save