getenv(QUERY_STRING) in C CGI_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-01-20 11:37 出处：网络

C file: #include <stdio.h> #include <stdlib.h> int main(int argc, char* argv[]) { FILE *ptr; char m[200];

相关专题：c cgi

C file:

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char* argv[])
{
  FILE *ptr;
  char m[200];
  char *data = malloc(200);
  data=getenv("QUERY_STRING");
  sscanf(data,"%s", m);
  printf("%s", m);
  ptr=fopen("c:/test.txt", "w");
  fprintf(ptr, "%s", m);
  fclose(ptr);
  return 0;
}

//gcc -g print.c -o print.exe

HTML file:

<html>
  <body>
    <h2>CGI Server</h2>
    <p>
      <form action="http://localhost/cgi-bin/print.exe">
    <div>&l开发者_C百科t;label>value: <input name="m" size="10"></label></div>
    <div><input type="submit" value="Run"></div>
      </form>
    </p>
  </body>
</html>

If the input into the webpage form is c:/data.txt then the result is: c%3A%2Fdata.txt

What happened? Why are the / and the : damaged in the output? it seems the problem is with QUERY_STRING because getenv("PATH") doesn't present this problem.

  char *data = malloc(200);
  data=getenv("QUERY_STRING");

Memory leak here. You're allocating 200 bytes you'll never use or be able to free(). (Or not, for malloc() may fail and return NULL.)

  char m[200];
  sscanf(data,"%s", m);

This is a crude replacement for strcpy()/strncpy(). Results in a buffer overflow if the query string is more than 200 characters long. Also terminates as soon as it finds a whitespace, but that's not a problem becuase they've been turned to + or %20 during URL encoding.

  ptr=fopen("c:/test.txt", "w");
  fprintf(ptr, "%s", m);

fopen() may fail, resulting in a return value of NULL.

I suggest you review pointers and memory allocation, look up some string manipulation functions other than printf/scanf and also make a habit of checking for errors, i.e. coding defensively. Even in small, example-quality code.

The "problem" is due to URL-encoding. You'll need to URL-decode the value you get from QUERY_STRING.

The %3A type stuff is the HTTP hexadecimal encoding of characters which may be special. It is just like escaping the quote character in a C string. "\""

The PATH environmental variable has nothing to do with HTTP, so it is not effected. Your web server program is setting the QUERY_STRING to what the web browser sent, which has the % hex encoding in it.