From 914dd35b375417a7da0d53ef3e053b6c31518980 Mon Sep 17 00:00:00 2001 From: hyung-hwan Date: Tue, 19 May 2020 18:07:28 +0000 Subject: [PATCH] checked if a file is executable in mio_svc_htts_docgi() --- mio/lib/http-svr.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mio/lib/http-svr.c b/mio/lib/http-svr.c index f635d1d..a89b0d4 100644 --- a/mio/lib/http-svr.c +++ b/mio/lib/http-svr.c @@ -1363,6 +1363,12 @@ int mio_svc_htts_docgi (mio_svc_htts_t* htts, mio_dev_sck_t* csck, mio_htre_t* r /* TODO: * never put Expect: 100-continue to environment variable */ + if (access(mi.cmd, X_OK) == -1) + { + cgi_state_send_final_status_to_client (cgi_state, 403); /* 403 Forbidden */ + goto oops; /* TODO: must not go to oops. just destroy the cgi_state and finalize the request .. */ + } + cgi_state->peer = mio_dev_pro_make(mio, MIO_SIZEOF(*cgi_peer), &mi); if (MIO_UNLIKELY(!cgi_state->peer)) goto oops; cgi_peer = mio_dev_pro_getxtn(cgi_state->peer);