libcgi icon indicating copy to clipboard operation
libcgi copied to clipboard
verified publisher icon rafaelsteil

cgi_param_multiple() is broken, potentially causing endless loop in actual usage

Open kennyk-peplink opened this issue 8 years ago • 3 comments

It's typical (if not only) use case:

while ((value = cgi_param_multiple(name)) != NULL) { // processing here... }

will cause endless loop when name is found at the end of the CGI parameter list.

kennyk-peplink avatar Jun 22 '17 03:06 kennyk-peplink

https://github.com/rafaelsteil/libcgi/commit/66915238b0236055164ee2bab3910b8d87493f7d

Currently cgi_param_multiple() stored the "next iterator" for repeated usage. When the last CGI parameter is match and fetched, however, we've got a value and "next iteration" is NULL; subsequently call will redo a fetching from the start, falling into endless loop.

kennyk-peplink avatar Jun 22 '17 03:06 kennyk-peplink

Suggested fix: Simply store the 'iterator', not the 'next iterator'; if there is a next fetch, start from that iterator's next.

  1. Replace "if (!iter) iter = formvars_start" with, iter = iter ? iter->next : formvars_start;

  2. Remove "iter = iter->next;" before break;

kennyk-peplink avatar Jun 22 '17 03:06 kennyk-peplink

Personally I have currently no usecase for cgi_param_multiple(), but I would be happy if you could provide a patch and a testcase.

LeSpocky avatar Jul 23 '18 07:07 LeSpocky