<feed xmlns='http://www.w3.org/2005/Atom'>
<title>cgi-io, branch master</title>
<subtitle>CGI utility for handling up/downloading of files etc.</subtitle>
<id>https://git-03.infra.openwrt.org/project/cgi-io/atom?h=master</id>
<link rel='self' href='https://git-03.infra.openwrt.org/project/cgi-io/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/'/>
<updated>2026-06-27T22:59:55Z</updated>
<entry>
<title>main: canonicalize exec path before ACL check</title>
<updated>2026-06-27T22:59:55Z</updated>
<author>
<name>Hauke Mehrtens</name>
</author>
<published>2026-06-27T19:01:40Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=7314451cb99692c0862a70c3307ee08bd2fbd9c0'/>
<id>urn:sha1:7314451cb99692c0862a70c3307ee08bd2fbd9c0</id>
<content type='text'>
cgi-exec had the same canonicalization gap as cgi-download: the executable
token was passed to session_access(..., "exec") and execv() without being
canonicalized, and the whole-cmdline pre-check could likewise be matched by
a traversal. Because rpcd's ACL matcher uses fnmatch() without
FNM_PATHNAME, a session granted file/exec on a glob such as /usr/libexec/*
could run a binary outside that prefix, e.g. /usr/libexec/../../bin/sh.

Canonicalize the leading executable token before the ACL checks and the
execv(), and rebuild the whole-cmdline string from the canonical executable
so that exact-cmdline ACLs keep matching for canonical input.

Assisted-by: Claude:claude-opus-4-8
Link: https://github.com/openwrt/cgi-io/pull/4
Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</content>
</entry>
<entry>
<title>main: canonicalize download path before ACL check</title>
<updated>2026-06-27T22:59:43Z</updated>
<author>
<name>Hauke Mehrtens</name>
</author>
<published>2026-06-27T19:01:25Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=72990b7489872112df31c94032637c907760bae4'/>
<id>urn:sha1:72990b7489872112df31c94032637c907760bae4</id>
<content type='text'>
cgi-download passed the raw "path" POST field to session_access() and then
to open() without canonicalizing it first. rpcd's ACL matcher uses
fnmatch() without FNM_PATHNAME (session.c), so a "../" suffix matches an
allowed glob prefix during the ACL check while open() resolves the embedded
".." to a file outside that prefix. As cgi-io runs as root, a session
holding the cgi-io download permission plus any wildcard file-read grant
could read any root-readable file such as /etc/shadow, bypassing the rpcd
file ACL that denies the same read.

Canonicalize the requested path with canonicalize_path() before the ACL
check and use the result for session_access(), stat() and open(), as
cgi-upload and rpcd-mod-file already do.

Fixes: GHSA-jw5r-xhf5-2xcq
Reported-by: Jan Kahmen &lt;jan@turingpoint.de&gt;
Assisted-by: Claude:claude-opus-4-8
Link: https://github.com/openwrt/cgi-io/pull/4
Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</content>
</entry>
<entry>
<title>main: Add `stderr` option for cgi-exec to redirect stderr to stdout</title>
<updated>2025-12-11T11:15:13Z</updated>
<author>
<name>Richard Yu</name>
</author>
<published>2025-09-01T14:27:33Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=658b14bda2a0fb617fa456401daee61aae42c805'/>
<id>urn:sha1:658b14bda2a0fb617fa456401daee61aae42c805</id>
<content type='text'>
This feature is used by openwrt/luci#7920
It allows cgi processes to follow real-time output sent to stderr.

Closes #2

Signed-off-by: Richard Yu &lt;yurichard3839@gmail.com&gt;
Signed-off-by: Paul Donald &lt;newtwen+github@gmail.com&gt;
Link: https://github.com/openwrt/cgi-io/pull/3
Signed-off-by: Robert Marko &lt;robimarko@gmail.com&gt;
</content>
</entry>
<entry>
<title>build: require CMake &gt;= 3.10 due to dropped legacy support</title>
<updated>2025-10-04T11:44:48Z</updated>
<author>
<name>Hauke Mehrtens</name>
</author>
<published>2025-10-04T11:44:48Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=d4b9fb115c3d9fecb2ebde2fa7b4dd88aa856dff'/>
<id>urn:sha1:d4b9fb115c3d9fecb2ebde2fa7b4dd88aa856dff</id>
<content type='text'>
CMake version 4.0 and later require minimum version of 3.5 or later.
Update to minimum version 3.10 which is the last not deprecated minimum
version.

CMake 3.10 was released in November 2017 and is included in Ubuntu 18.04.

Signed-off-by: Hauke Mehrtens &lt;hauke@hauke-m.de&gt;
</content>
</entry>
<entry>
<title>main: fix two one-byte overreads in header_value()</title>
<updated>2022-08-10T19:43:34Z</updated>
<author>
<name>Jo-Philipp Wich</name>
</author>
<published>2022-08-10T19:43:08Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=901b0f0463c9d16a8cf5b9ed37118d8484bc9176'/>
<id>urn:sha1:901b0f0463c9d16a8cf5b9ed37118d8484bc9176</id>
<content type='text'>
By passing specially crafted header values, the skip loops in the
header_value() function may override the input buffer by one byte
each.

Reported-by: Jinwei Dong &lt;jwdong2000@qq.com&gt;
Signed-off-by: Jo-Philipp Wich &lt;jo@mein.io&gt;
</content>
</entry>
<entry>
<title>Retry splice() syscall on EINTR</title>
<updated>2021-09-08T19:48:35Z</updated>
<author>
<name>Jo-Philipp Wich</name>
</author>
<published>2021-09-08T19:23:49Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=98cef9dda63623eff07bd574ad7c98ef282af18d'/>
<id>urn:sha1:98cef9dda63623eff07bd574ad7c98ef282af18d</id>
<content type='text'>
The invoked child process might end before the I/O loop finished outputting
all data. In such a case, the splice() call might fail with -1/EINTR.

Continue looping in such a case.

Signed-off-by: Jo-Philipp Wich &lt;jo@mein.io&gt;
</content>
</entry>
<entry>
<title>tests: add cram based unit tests</title>
<updated>2020-10-27T22:03:04Z</updated>
<author>
<name>Petr Štetiar</name>
</author>
<published>2020-10-12T12:06:11Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=ab4c3471b26179b6e1decfb6ca27c4a87df9a0a4'/>
<id>urn:sha1:ab4c3471b26179b6e1decfb6ca27c4a87df9a0a4</id>
<content type='text'>
For the start with cgi-exec testing.

Signed-off-by: Petr Štetiar &lt;ynezz@true.cz&gt;
</content>
</entry>
<entry>
<title>tests: add cgi-io built with clang sanitizers</title>
<updated>2020-10-27T22:03:04Z</updated>
<author>
<name>Petr Štetiar</name>
</author>
<published>2020-10-12T12:03:59Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=7b4e3241e1bd3ea123b12a7b4d1754af9e1b5442'/>
<id>urn:sha1:7b4e3241e1bd3ea123b12a7b4d1754af9e1b5442</id>
<content type='text'>
Will be used later for testing.

Signed-off-by: Petr Štetiar &lt;ynezz@true.cz&gt;
</content>
</entry>
<entry>
<title>Disable session ACLs during unit testing</title>
<updated>2020-10-27T22:03:04Z</updated>
<author>
<name>Petr Štetiar</name>
</author>
<published>2020-10-12T11:30:18Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=21831f45d16d0e95102f0a9ffea2dfbafc9da6ce'/>
<id>urn:sha1:21831f45d16d0e95102f0a9ffea2dfbafc9da6ce</id>
<content type='text'>
Otherwise we would need to setup ubus infrastructure etc.

Signed-off-by: Petr Štetiar &lt;ynezz@true.cz&gt;
</content>
</entry>
<entry>
<title>Add initial GitLab CI support</title>
<updated>2020-10-27T22:03:04Z</updated>
<author>
<name>Petr Štetiar</name>
</author>
<published>2020-10-11T12:12:12Z</published>
<link rel='alternate' type='text/html' href='https://git-03.infra.openwrt.org/project/cgi-io/commit/?id=2f525417b5dfa2daa3d0f0f56dd1e619be34af53'/>
<id>urn:sha1:2f525417b5dfa2daa3d0f0f56dd1e619be34af53</id>
<content type='text'>
Uses currently proof-of-concept openwrt-ci[1] in order to:

 * improve the quality of the codebase in various areas
 * decrease code review time and help merging contributions faster
 * get automagic feedback loop on various platforms and tools
   - out of tree build with OpenWrt SDK on following targets:
     * ath79-generic
     * imx6-generic
     * malta-be
     * mvebu-cortexa53
   - out of tree native build on x86/64 with GCC (versions 8, 9, 10) and Clang 10
   - out of tree native x86/64 static code analysis with cppcheck and
     scan-build from Clang 10

1. https://gitlab.com/ynezz/openwrt-ci/

Signed-off-by: Petr Štetiar &lt;ynezz@true.cz&gt;
</content>
</entry>
</feed>
