From 4bdf6c469143f404ba12b72aaadbe77d828d8c3b Mon Sep 17 00:00:00 2001
From: single-right-quote
 <34298117+single-right-quote@users.noreply.github.com>
Date: Wed, 8 Sep 2021 00:32:50 +0000
Subject: [PATCH] adjust hiding client input to satisfy toybox

when done reading from the client, we defensively close stdin, to
prevent potential bugs being exploitable to malicious input

toybox opens /dev/null if stdin does not exist, which crashes in a
chrooted evironment. piping in an empty string more or less
accomplishes the same thing as closing stdin would

i really do not know why toybox found this necessary.
---
 visible-to-httpd/binaries/http-error-response.execline | 2 +-
 visible-to-httpd/binaries/httpd.execline               | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/visible-to-httpd/binaries/http-error-response.execline b/visible-to-httpd/binaries/http-error-response.execline
index 7add6c1..0311e21 100755
--- a/visible-to-httpd/binaries/http-error-response.execline
+++ b/visible-to-httpd/binaries/http-error-response.execline
@@ -4,7 +4,7 @@
 # if `configuration/status-code/table/${hostname}/${STATUS_CODE} exists, `cat(1)` that
 # otherwise, fall back on a very generic error message
 
-fdclose 0
+heredoc 0 ""
 foreground {
 	if -t { s6-test \${#} = 3 }
 		log.execline "fatal: ??"${1}"??: "${3}
diff --git a/visible-to-httpd/binaries/httpd.execline b/visible-to-httpd/binaries/httpd.execline
index 85903ea..86c7a9f 100755
--- a/visible-to-httpd/binaries/httpd.execline
+++ b/visible-to-httpd/binaries/httpd.execline
@@ -91,7 +91,7 @@ if -X -n -t {
  	importas -i hostname http_header_parse_Host
 
 	# we don’t need to read anything more from the client
-	fdclose 0
+	heredoc 0 ""
 
 	foreground {
 		log.execline
-- 
2.47.3