From: single-right-quote <34298117+single-right-quote@users.noreply.github.com>
Date: Wed, 8 Sep 2021 00:32:50 +0000 (+0000)
Subject: adjust hiding client input to satisfy toybox
X-Git-Tag: v1.0.0~34
X-Git-Url: https://git.xn--scling-oua.cat.family/?a=commitdiff_plain;h=4bdf6c469143f404ba12b72aaadbe77d828d8c3b;p=httpd-execline.git

adjust hiding client input to satisfy toybox

when done reading from the client, we defensively close stdin, to
prevent potential bugs being exploitable to malicious input

toybox opens /dev/null if stdin does not exist, which crashes in a
chrooted evironment. piping in an empty string more or less
accomplishes the same thing as closing stdin would

i really do not know why toybox found this necessary.
---

diff --git a/visible-to-httpd/binaries/http-error-response.execline b/visible-to-httpd/binaries/http-error-response.execline
index 7add6c1..0311e21 100755
--- a/visible-to-httpd/binaries/http-error-response.execline
+++ b/visible-to-httpd/binaries/http-error-response.execline
@@ -4,7 +4,7 @@
 # if `configuration/status-code/table/${hostname}/${STATUS_CODE} exists, `cat(1)` that
 # otherwise, fall back on a very generic error message
 
-fdclose 0
+heredoc 0 ""
 foreground {
 	if -t { s6-test \${#} = 3 }
 		log.execline "fatal: ??"${1}"??: "${3}
diff --git a/visible-to-httpd/binaries/httpd.execline b/visible-to-httpd/binaries/httpd.execline
index 85903ea..86c7a9f 100755
--- a/visible-to-httpd/binaries/httpd.execline
+++ b/visible-to-httpd/binaries/httpd.execline
@@ -91,7 +91,7 @@ if -X -n -t {
  	importas -i hostname http_header_parse_Host
 
 	# we don’t need to read anything more from the client
-	fdclose 0
+	heredoc 0 ""
 
 	foreground {
 		log.execline