package/uhttpd: fix string out of buffer range on uh_defer_script

Return-Path: 
 <openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=none (no SPF record) smtp.mailfrom=lists.openwrt.org
 (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;
 envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org;
 receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=pass (2048-bit key;
 secure) header.d=lists.infradead.org header.i=@lists.infradead.org
 header.a=rsa-sha256 header.s=bombadil.20210309 header.b=W8HxJjtr;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20221208 header.b=Y0RRDIOQ;
	dkim-atps=neutral
Received: from bombadil.infradead.org (bombadil.infradead.org
 [IPv6:2607:7c80:54:3::133])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4Q4VqS08r1z23td
	for <incoming@patchwork.ozlabs.org>; Mon, 24 Apr 2023 13:24:35 +1000 (AEST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=lists.infradead.org; s=bombadil.20210309; h=Sender:
	Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:
	List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc
	:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From:
	Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:
	List-Owner; bh=DWWMd6TEyH4nJUbhjbXO32dTdIkQFUooe2/U/VTWuZ0=; b=W8HxJjtrjP0TDA
	G9HfXSbc+kA7otRgIs2MVw2A3D5fABzrHrqvt72tQkMwRDaTWpfLBE0g1Kc0uWWlkB/7d856lJvbp
	4Dwb4TYpu627VqtF7r48qbLdgGTZQEq5QcSz2Uyq/MNamRRCVd8DYm/vIpNO0uVcjN6gMWFvXkcH3
	rq12wjTcVohvoZDK4f3nVcokw4dUSKQIG3zCpGiJf3y+uX5twTtjmQM7MGrNpXeRrwHa9hKLxvBIX
	Mag3pKIcUHGutVx7lp1B6gzRdnfvwEDmolnkCZuk0V1Ks4jCj0tQNfYY2OeMzIUU0jjiVAZvHUcOg
	dUD7DqRNsiiFMmbyS7Hw==;
Received: from localhost ([::1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.96 #2 (Red Hat Linux))
	id 1pqmmR-00FBso-1G;
	Mon, 24 Apr 2023 03:22:19 +0000
Received: from mail-pl1-x634.google.com ([2607:f8b0:4864:20::634])
	by bombadil.infradead.org with esmtps (Exim 4.96 #2 (Red Hat Linux))
	id 1pqmmO-00FBow-1G
	for openwrt-devel@lists.openwrt.org;
	Mon, 24 Apr 2023 03:22:17 +0000
Received: by mail-pl1-x634.google.com with SMTP id
 d9443c01a7336-1a5197f00e9so32731815ad.1
        for <openwrt-devel@lists.openwrt.org>;
 Sun, 23 Apr 2023 20:22:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1682306533; x=1684898533;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=AUpkdMKeosIQcUNAnE03n94ye/9SPHuJf0dD18NwoL8=;
        b=Y0RRDIOQMDNuqRN7L7xnagUce47Tv0lVeNNEnPYLhMY92fQddOHp+JjHxrnMG0ViQq
         OuehM4uBqJWXN28yshLq0GcQvyu68N9FKMHIhP0eV/fRPkfEeYzbCYXEu45M0JUZpaZW
         MInzDJ6H3zMhKtZuQZPgKGZzBewm/ovOOuhc7YRyZBlfARXZB+VX5ZsFXFtxKhflIKct
         fUAOnp4kRTM601OOKdF3uTBpq7IpmjJCjoDxrdnJTXhAa1uXlhHUd8ES0DVbP/q75bk8
         u0DGlzGJQJmtR0hpkBKc1Fm06BW3EKEaEojgRl8rG21z3YYiLO9Dag9MDt5xXO0vfNdP
         stSw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1682306533; x=1684898533;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=AUpkdMKeosIQcUNAnE03n94ye/9SPHuJf0dD18NwoL8=;
        b=XmqCiX/imYXvH7m4LArFYMOcKxknAEQkJ3/EIu0xiqs7FwH9UADmWc7i6jFCv1oyUc
         oMcRWSWbRvzlIGX8N3aheIO9m9vaeIsR+3/uqBT2b93cX3/zZcXcLNUDdin7cfliSxdQ
         +2qlyLV323j3mLCNp+W/fTGlKFxxv87EDMIncYvq050nnUf1+on/ClZu7aoeSwR8vytL
         SGeTe1lYU90inJFnSnWm5+lLqr78tdb85FoZDvsh0asJJ+iVqRuW/3IC/7X18rSjweGh
         WUuAlGzXqCJkWNoXD0hCLv7nSOhzekDDIdCge/EPT9ymgED7Y0sxJEAWj2JsdI7dtZjW
         H1HA==
X-Gm-Message-State: AAQBX9dkDjcKRTBW6BVEOVXnAu68GZbQJbDDKYHIoz7ixwFimvXB3E51
	1k0T9r9VitTpAXhTX2XlZovj9tvw/6NqW2lq
X-Google-Smtp-Source: 
 AKy350Y0AgEjjLVgx6XThVtEpQa6Jb/xbJhy+Fnlu0fL7SHTfs8i4gEQH7AdkKoRwSD+PMSGhzCSYg==
X-Received: by 2002:a17:902:a989:b0:1a6:5575:9059 with SMTP id
 bh9-20020a170902a98900b001a655759059mr12023534plb.62.1682306532647;
        Sun, 23 Apr 2023 20:22:12 -0700 (PDT)
Received: from macbook-pro.lan ([119.123.60.73])
        by smtp.gmail.com with ESMTPSA id
 jg20-20020a17090326d400b001a1a82fc6d3sm5593215plb.268.2023.04.23.20.22.11
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sun, 23 Apr 2023 20:22:12 -0700 (PDT)
From: Liangbin Lian <jjm2473@gmail.com>
To: openwrt-devel@lists.openwrt.org
Cc: Liangbin Lian <jjm2473@gmail.com>
Subject: [PATCH] package/uhttpd: fix string out of buffer range on
 uh_defer_script
Date: Mon, 24 Apr 2023 11:20:12 +0800
Message-Id: <20230424032012.96710-1-jjm2473@gmail.com>
X-Mailer: git-send-email 2.37.1 (Apple Git-137.1)
MIME-Version: 1.0
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20230423_202216_428007_9AA0F0FA 
X-CRM114-Status: GOOD (  17.35  )
X-Spam-Score: 0.1 (/)
X-Spam-Report: Spam detection software,
 running on the system "bombadil.infradead.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview:  if a url path length is multiple of 8, tailing zero will be
    trimed out on uh_defer_script,
 cause a strangle error. it's simple to reproduce.
    1. create a luci controller, register a entry with path length multiple of
    8 (including '/cgi-bin/'), for example,
 '/cgi-bin/luci/admin/system/admin'.
    2. set uhttpd max_requests to 1, and restart uhtt [...]
 Content analysis details:   (0.1 points, 5.0 required)
  pts rule name              description
 ---- ----------------------
 --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at https://www.dnswl.org/,
                              no trust
                             [2607:f8b0:4864:20:0:0:0:634 listed in]
                             [list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
                             provider
                             [jjm2473[at]gmail.com]
  0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
                             in digit
                             [jjm2473[at]gmail.com]
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
                             author's domain
 -0.1 DKIM_VALID             Message has at least one valid DKIM or DK
 signature
  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily
                             valid
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
                             envelope-from domain
X-BeenThere: openwrt-devel@lists.openwrt.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: OpenWrt Development List <openwrt-devel.lists.openwrt.org>
List-Unsubscribe: <https://lists.openwrt.org/mailman/options/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=unsubscribe>
List-Archive: <http://lists.openwrt.org/pipermail/openwrt-devel/>
List-Post: <mailto:openwrt-devel@lists.openwrt.org>
List-Help: <mailto:openwrt-devel-request@lists.openwrt.org?subject=help>
List-Subscribe: <https://lists.openwrt.org/mailman/listinfo/openwrt-devel>,
 <mailto:openwrt-devel-request@lists.openwrt.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "openwrt-devel" <openwrt-devel-bounces@lists.openwrt.org>
Errors-To: 
 openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org