sendCgi() forked child needs to close opened server socket and accepted socket
Denis Vlasenko
vda.linux at googlemail.com
Sun Nov 5 11:53:43 PST 2006
On Sunday 05 November 2006 17:22, Min Hsu wrote:
> Hi List,
>
> I have tried to use busybox httpd CGI to launch busybox telnetd and
> found
> that telnetd inherits httpd's opend server socket and accepted socket,
> I
> checked the source code of httpd.c and found sendCgi() forked child
> does
> NOT close these sockets. The following patch will fix this issue.
Applied, thanks.
httpd needs much more love. At least this needs improving:
* audit/fix /../ style attacks
* reduce #ifdef forest
* make standalone/inetd a runtime, not compile-time option.
--
vda
More information about the busybox
mailing list