uhttpd problems
In CGI scripts, the QUERY_STRING variable is not always set correctly.
Steps to reproduce
- Foreword: tested on multiple ar71xx devices with uhttpd from 17.01.4
- Enable cgi and HTTP authentication
Without authentication, everything seems to be fine.
You can use this /etc/config/uhttpd config file:
config uhttpd 'main'
list listen_http '0.0.0.0:80'
# list listen_http '[::]:80'
# list listen_https '0.0.0.0:443'
# list listen_https '[::]:443'
# option redirect_https '1'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
option realm 'demo'
list httpauth 'prefix_user'
config cert 'defaults'
option days '730'
option bits '2048'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'LEDE'
config httpauth 'prefix_user'
option prefix '/'
option username 'asdf'
option password '$1$$c5nwjO0v8rrAmMj4JqTUC0'
# password is 'asdf'
-
Add CGI script for testing in /www/cgi-bin/querystring.sh:
#!/bin/sh
echo "Content-type: text/plain"
echo
echo "begin"
echo "${QUERY_STRING}"
echo "end"
-
Check delivered content:
http://192.168.1.1/cgi-bin/querystring.sh?asdf
Expected:
begin
asdf
end
Observed Behaviour / Results
With Firefox 56 as HTTP client, the first response looks like:
begin
end
All subsequent requests will be answered correctly.
Wait 5 minutes, do another request; this 'first' request will be empty again,
then, everything is fine.
In another script I saw this list of strings for QUERY_STRING where the request was "?status"
HTTP_ACCEPT_LANGUAGE=de,en;q=0.5
.sh
te
n/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Deterministic Reproduction
With wget, we get deterministic results:
wget --user=asdf --password=asdf -O - -q http://192.168.1.1/cgi-bin/querystring.sh?asdf
wget --user=asdf --password=asdf -O - -q http://192.168.1.1/cgi-bin/querystring.sh?asdfasdf
wget --user=asdf --password=asdf -O - -q http://192.168.1.1/cgi-bin/querystring.sh?asdfasdfasdf
wget --user=asdf --password=asdf -O - -q http://192.168.1.1/cgi-bin/querystring.sh?asdfasdfasdfasdf
Here, the response is either missing the QUERY_STRING (=empty), or correctly visible.
This is dependent on the length of the query string.
With a changed password (hash) in the configuration, that specific length changes!
For the examples above, the first three result in an empty response; only the last one
returns the expected behaviour.