tags:

views:

59

answers:

3
Q: 

getenv(QUERY_STRING) in C CGI

C file:

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char* argv[])
{
  FILE *ptr;
  char m[200];
  char *data = malloc(200);
  data=getenv("QUERY_STRING");
  sscanf(data,"%s", m);
  printf("%s", m);
  ptr=fopen("c:/test.txt", "w");
  fprintf(ptr, "%s", m);
  fclose(ptr);
  return 0;
}

//gcc -g print.c -o print.exe

HTML file:

<html>
  <body>
    <h2>CGI Server</h2>
    <p>
      <form action="http://localhost/cgi-bin/print.exe"&gt;
    <div><label>value: <input name="m" size="10"></label></div>
    <div><input type="submit" value="Run"></div>
      </form>
    </p>
  </body>
</html>

If the input into the webpage form is c:/data.txt then the result is: c%3A%2Fdata.txt

What happened? Why are the / and the : damaged in the output? it seems the problem is with QUERY_STRING because getenv("PATH") doesn't present this problem.

+3  A: 

The "problem" is due to URL-encoding. You'll need to URL-decode the value you get from QUERY_STRING.

LarsH  2010-10-12 22:35:06
Like @nategoose said, the "damage" was done by the browser before your server ever received it. (Check the access logs and you'll see.)
LarsH  2010-10-12 22:42:45
+1  A: 

The %3A type stuff is the HTTP hexadecimal encoding of characters which may be special. It is just like escaping the quote character in a C string. "\""

The PATH environmental variable has nothing to do with HTTP, so it is not effected. Your web server program is setting the QUERY_STRING to what the web browser sent, which has the % hex encoding in it.

nategoose  2010-10-12 22:36:38
+2  A:  
  char *data = malloc(200);
  data=getenv("QUERY_STRING");

Memory leak here. You're allocating 200 bytes you'll never use or be able to free(). (Or not, for malloc() may fail and return NULL.)

  char m[200];
  sscanf(data,"%s", m);

This is a crude replacement for strcpy()/strncpy(). Results in a buffer overflow if the query string is more than 200 characters long. Also terminates as soon as it finds a whitespace, but that's not a problem becuase they've been turned to + or %20 during URL encoding.

  ptr=fopen("c:/test.txt", "w");
  fprintf(ptr, "%s", m);

fopen() may fail, resulting in a return value of NULL.

I suggest you review pointers and memory allocation, look up some string manipulation functions other than printf/scanf and also make a habit of checking for errors, i.e. coding defensively. Even in small, example-quality code.

aib  2010-10-12 23:16:18

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?