fix possible out-of-bound access

While computing the parent directory it an out-of-bound access can
occur, which usually means the server process dies.

In particular, it can be triggered by making a request for a
non-existent file in the root of a virtual host if the path matches
the `cgi` pattern.

Thanks cage for helping in debugging!

2 files changed, 15 insertions, 1 deletions

diff --git a/regress/runtime b/regress/runtime
index cec1d6d..cf96d9b 100755
--- a/regress/runtime
+++ b/regress/runtime
@@ -385,3 +385,13 @@ restart
 eq "$(head /)"		"20 text/gemini"	"Unexpected head for /"
 eq "$(get /)"		"# hello world$ln"	"Unexpected body for /"
 echo OK GET / with macro expansion
+
+
+# 1.7.4 bugfix: check_for_cgi goes out-of-bound processing a string
+# that doesn't contain a '/'
+config '' 'cgi "*"'
+checkconf
+restart
+
+eq "$(head /favicon.txt)"	"51 not found"	"Unexpected head for /"
+echo OK GET /favicon.txt with cgi
diff --git a/server.c b/server.c
index 18fdb6e..ddf003a 100644
--- a/server.c
+++ b/server.c
@@ -406,8 +406,12 @@ check_for_cgi(struct client *c)
 		 * dirname, with its ambiguities on if the given
 		 * pointer is changed or not, gives me headaches.
 		 */
-		while (*end != '/')
+		while (*end != '/' && end > path)
 			end--;
+
+		if (end == path)
+			break;
+
 		*end = '\0';
 
 		switch (check_path(c, path, &c->pfd)) {