OpenWrt http server does not detect cgi-get ? query delimiter


I am new to Openwrt platform and face issues with working with uhttpd server for running REST based cgi get/post calls ported from tinyhttp server.
My problem is cgi-get call query delimiter ? is not working in openwrt uhttpd server.

returns as
{"result":1,"reason":5,"errorstr":"pre_login_status_app.cgi:argc:1 argv[0]:/www/cgi-bin/pre_login_status_app.cgi argv[1]:(null)"}

=> ?sts is not being detected as separate string and only obtained as null

Other different combintions return error by http server itself
<>Not Found<>The requested URL /cgi-bin/pre_login_status_app.cgi;sts was not found on this server.

:// sts
<>Not Found<>The requested URL /cgi-bin/pre_login_status_app.cgi%20sts was not found on this server.

<>Not Found<>The requested URL /cgi-bin/pre_login_status_app.cgi:sts was not found on this server.

Hardware/software details:

Model Qualcomm Technologies, Inc. IPQ807x/AP-HK01-C1
Firmware Version OpenWrt Chaos Calmer 15.05.1 d0dab90+r49254 / LuCI hb_common_stream branch (git-19.256.36379-d0dab90)
Kernel Version 4.4.60

Console Logs:

root@OpenWrt:~# uname -a
Linux OpenWrt 4.4.60 #1 SMP PREEMPT Fri Sep 13 22:46:54 CST 2019 armv7l GNU/Linux

root@OpenWrt:~# ps | grep http
 1981 root      1400 S    /usr/sbin/uhttpd -f -h /www -r OpenWrt -x /cgi-bin -u /ub

root@OpenWrt:/www/cgi-bin# cat /etc/config/uhttpd

config uhttpd 'main'
        list listen_http ''
        list listen_http '[::]:80'
        list listen_https ''
        list listen_https '[::]:443'
        option redirect_https '1'
        option home '/www'
        option rfc1918_filter '1'
        option max_requests '3'
        option max_connections '100'
        option cert '/etc/uhttpd.crt'
        option key '/etc/uhttpd.key'
        option cgi_prefix '/cgi-bin'
        option script_timeout '60'
        option network_timeout '30'
        option http_keepalive '20'
        option tcp_keepalive '1'
        option ubus_prefix '/ubus'

config cert 'px5g'
        option days '730'
        option bits '1024'
        option country 'ZZ'
        option state 'Somewhere'
        option location 'Uknown'
        option commonname 'OpenWrt'

root@OpenWrt:/www/cgi-bin# ls -l
-rwxr-xr-x    1 root     root           135 Sep 13 13:44 luci
-rwxr-xr-x    1 root     root          8696 Sep 13 14:58 pre_login_status_app.cgi

Code Snippet:

int CGIMain(int argc,char* argv[])
    int result = 0;
    int reason = 0;

char errorbuff[120]={0};
        if(argc != 2)
            reason = 5;
    return 0;

My two cents:

  • 15.05 is way too old, you should seriously consider upgrading.
  • Are HTTP parameters supposed to reach the CGI as call parameters? I could be wrong, but I had the idea those arrived as environment variables.

I'd go beyond "seriously consider" and into "must" on upgrade to a more secure version, as well as one that is supported (meaning v18, v19, or master at this point).

Also, be aware that uhttpd is a very lightweight server that

  • Should never be exposed to the Internet
  • Lacks features that some might consider "basic"

With nginx and Apache available as packages, either could be a more appropriate server to use.

The uhttpd does not expose query string parameters arguments via the argv vector as specified by - instead you need to parse to parse QUERY_STRING environment variable.

1 Like

Yes, now i am able to get the sts string by reading the QUERY_STRING env variable.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.