/* WARNING: Heritage AFTER dead removal. Example location: r0x00484044 : 0x00405fe2 */ /* WARNING: Type propagation algorithm not settling */ /* WARNING: Globals starting with '_' overlap smaller symbols at the same address */ /* WARNING: Restarted to delay deadcode elimination for space: ram */ undefined4 webcfg_main(void) { undefined3 extraout_var; int iVar1; uint uVar2; undefined *puVar3; code *pcVar4; size_t sVar5; bool bVar10; undefined **ppuVar6; time_t tVar7; char *pcVar8; ssize_t sVar9; char *pcVar11; undefined4 uVar21; int iVar22; char *pcVar23; undefined1 *puVar24; char local_4c00 [16384]; undefined4 uStack_c00; char local_bfc [1020]; char acStack_800 [1024]; char acStack_400 [256]; undefined *apuStack_300 [64]; char acStack_200 [80]; undefined *local_1b0; char *local_1ac; char *local_1a4; undefined4 local_1a0; undefined *apuStack_164 [16]; undefined *apuStack_124 [2]; undefined **local_11c; char *local_118; char acStack_ec [36]; char acStack_c8 [32]; undefined *local_a8; undefined4 local_a4; undefined4 local_a0; undefined4 local_9c; undefined4 local_98; undefined4 local_94; undefined4 local_90; undefined4 local_8c; char local_88 [16]; undefined *local_78; undefined4 local_74; undefined4 local_70; undefined4 local_6c; undefined **local_68; undefined **cgi_func; undefined1 *local_60; undefined **local_5c; undefined **local_58; char *local_54; char *local_50; undefined **local_4c; uint session_valid; char *local_44; FILE *local_40; FILE *local_3c; FILE *local_38; FILE *local_34; FILE *local_30; undefined4 local_2c; char *local_28; FILE *local_24; undefined **local_20; char *local_1c; char *local_18; local_60 = &stack0xffefb400; memset(acStack_200,0,0x50); local_78 = (undefined *)0x0; local_74 = 0; local_70 = 0; local_6c = 0; local_88[0] = '\0'; local_88[1] = '\0'; local_88[2] = '\0'; local_88[3] = '\0'; local_88[4] = '\0'; local_88[5] = '\0'; local_88[6] = '\0'; local_88[7] = '\0'; local_88[8] = '\0'; local_88[9] = '\0'; local_88[10] = '\0'; local_88[0xb] = '\0'; local_88[0xc] = '\0'; local_88[0xd] = '\0'; local_88[0xe] = '\0'; local_88[0xf] = '\0'; memset(apuStack_164,0,0x40); memset(acStack_c8,0,0x20); local_4c00[0] = '{'; local_4c00[1] = '}'; local_4c00[2] = 0; memset(local_4c00 + 3,0,0x3ffd); memset(apuStack_300,0,0x100); memset(acStack_ec,0,0x21); memset(&stack0xffefb400,0,0x100000); local_40 = _stderr; local_68 = (undefined **)0x44d110; cgi_func = (undefined **)0x44869c; fprintf(_stderr,"[%s,%s,%d]: Starting web-management CGI server...","cgi_main.c","webcfg_main"); fputc(10,_stderr); syslog(6,"Starting web-management CGI server...",&_mips_gp0_value); pcVar11 = "/tmp/sysinfo/unregister"; uVar21 = 0; /* This file does exist on the device, contains two characters "ef" So the below block will always eexcute it seems, "however /www-comfast/unregistered" does not seem to exist So, I don't expect this really does anything */ iVar1 = access("/tmp/sysinfo/unregister",0); if (iVar1 == 0) { registered_flag = 0; pcVar11 = "cp /www-comfast/unregistered/* /www-comfast/ -r"; system("cp /www-comfast/unregistered/* /www-comfast/ -r"); } uci_start(pcVar11,uVar21); iVar1 = uci_config_get_single_int("mbox.management.config_done"); config_done = iVar1 != 0; uci_end(); /* PGM_INIT: explicitly ZERO out session ID */ cgi_func = (undefined **)&authenticated_COMFAST_session_id; memset(&authenticated_COMFAST_session_id,0,0x90); iVar1 = FCGX_Init(); if (iVar1 < 0) { local_3c = _stderr; fprintf(_stderr,"[%s,%s,%d]: fcgi initialization fail, can not continue!","cgi_main.c", "webcfg_main"); fputc(10,_stderr); pcVar11 = "[%s,%s,%d]: fcgi initialization fail, can not continue!"; } else { /* First block of code that runs after successful fcgi init */ cgi_func = (undefined **)acStack_200; /* Listen on localhost:9002 NGINX proxies all requests to /cgi-bin/* to this process This is why you'll get 502 for trying to request endpoints that don't exist */ sprintf((char *)cgi_func,"127.0.0.1:%d",9002); local_38 = _stderr; fprintf(_stderr,"[%s,%s,%d]: fcgi listening to %s","cgi_main.c","webcfg_main"); fputc(10,_stderr); syslog(6,"fcgi listening to %s",cgi_func); cgi_func = (undefined **)FCGX_OpenSocket(cgi_func,0xffffffff,&_mips_gp0_value); /* FCGI_OpenSocket() returns -1 on error so IF SOCKET OPENED { ... } */ if (-1 < (int)cgi_func) { uVar2 = fcntl((int)cgi_func,1); fcntl((int)cgi_func,2,uVar2 | 1); FCGX_InitRequest(apuStack_124,cgi_func,0); /* Beginning of web request handler loop */ session_valid = 0; do { local_98 = 0; local_94 = 0; local_90 = 0; local_8c = 0; blob_buf_init(&local_98,0); local_5c = &local_a8; local_a8 = (undefined *)0x0; local_a4 = 0; local_a0 = 0; local_9c = 0; blob_buf_init(local_5c,0,&_mips_gp0_value); local_58 = apuStack_124; iVar1 = FCGX_Accept_r(local_58,local_58,&_mips_gp0_value); if (iVar1 < 0) { return 0; } cgi_func = &local_1b0; local_68 = (undefined **)local_58[5]; memset(cgi_func,0,0x4c); puVar3 = (undefined *)FCGX_GetParam("QUERY_STRING",local_68); cgi_func[1] = puVar3; puVar3 = (undefined *)FCGX_GetParam("REQUEST_METHOD",local_68,&_mips_gp0_value); cgi_func[2] = puVar3; puVar3 = (undefined *)FCGX_GetParam("CONTENT_TYPE",local_68); cgi_func[3] = puVar3; puVar3 = (undefined *)FCGX_GetParam("CONTENT_LENGTH",local_68,&_mips_gp0_value); cgi_func[4] = puVar3; puVar3 = (undefined *)FCGX_GetParam("SCRIPT_NAME",local_68); cgi_func[5] = puVar3; puVar3 = (undefined *)FCGX_GetParam("REQUEST_URI",local_68,&_mips_gp0_value); cgi_func[6] = puVar3; puVar3 = (undefined *)FCGX_GetParam("DOCUMENT_URI",local_68); cgi_func[7] = puVar3; puVar3 = (undefined *)FCGX_GetParam("DOCUMENT_ROOT",local_68,&_mips_gp0_value); cgi_func[8] = puVar3; puVar3 = (undefined *)FCGX_GetParam("SERVER_PROTOCOL",local_68); cgi_func[9] = puVar3; puVar3 = (undefined *)FCGX_GetParam("HTTPS",local_68,&_mips_gp0_value); cgi_func[10] = puVar3; puVar3 = (undefined *)FCGX_GetParam("REMOTE_ADDR",local_68); cgi_func[11] = puVar3; puVar3 = (undefined *)FCGX_GetParam("REMOTE_PORT",local_68,&_mips_gp0_value); cgi_func[12] = puVar3; puVar3 = (undefined *)FCGX_GetParam("SERVER_ADDR",local_68); cgi_func[13] = puVar3; puVar3 = (undefined *)FCGX_GetParam("SERVER_PORT",local_68,&_mips_gp0_value); cgi_func[14] = puVar3; puVar3 = (undefined *)FCGX_GetParam("SERVER_NAME",local_68); cgi_func[15] = puVar3; puVar3 = (undefined *)FCGX_GetParam("HTTP_HOST",local_68,&_mips_gp0_value); cgi_func[16] = puVar3; puVar3 = (undefined *)FCGX_GetParam("USER_AGENT",local_68); cgi_func[17] = puVar3; puVar3 = (undefined *)FCGX_GetParam("HTTP_COOKIE",local_68,&_mips_gp0_value); cgi_func[18] = puVar3; pcVar11 = local_118; /* element 11 = "REMOTE_ADDR" element 7 = "DOCUMENT_URI" This is checking IF the IP address of the requester = NULL/empty string -- OR -- if the DOCUMENT URI = NULL/empty string */ if ((((cgi_func[11] == (char *)0x0) || (*cgi_func[11] == '\0')) || (local_50 = cgi_func[7], local_50 == (char *)0x0)) || (*local_50 == '\0')) { LAB_0040654a: /* Loads a pointer to the response_400() function and then executes it */ pcVar4 = (code *)0x4055b5; LAB_0040654e: /* This branch is for explicit handling of the "/cgi-bin/iswifi" path which so far I haven't recorded any use of in this environment. In any case it seems to simply return a 200 response with the COMFAST_SESSION set as a cookie. It's worth noting that it does conditionally set the cookie value to "DELETED" based on the state of local_48 which apears to be a boolean, likely something like "is_logged_in" */ (*pcVar4)(pcVar11); } else { *cgi_func = (undefined *)local_58; iVar1 = strncmp(local_50,"/cgi-bin/iswifi",0xf); if (iVar1 == 0) { local_68 = (undefined **)acStack_ec; iVar1 = deal_iswifi(cgi_func[1],(char *)apuStack_300,(char *)local_68); if (iVar1 == 0) { iswifi_output(local_5c,(char *)local_68); local_5c = (undefined **)blobmsg_format_json_with_cb(*local_5c,1,0,0); local_50 = local_58[3]; if (session_valid == 0) { local_68 = (undefined **)0x44881c; pcVar11 = "Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; Version=1"; } else { local_68 = (undefined **)&authenticated_COMFAST_session_id; pcVar11 = "Path=/; Version=1"; } cgi_func = (undefined **)pcVar11; local_54 = (char *)strlen((char *)local_5c); local_58 = apuStack_300; strlen((char *)local_58); FCGX_FPrintF(local_50, "Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: text/javascript; charset=utf-8\r\n\r\n%s(%s);\r\n" ,"COMFAST_SESSIONID",local_68); free(local_5c); } } else { iVar1 = strncmp(local_50,"/cgi-bin/",9); if (iVar1 != 0) { pcVar11 = local_58[3]; LAB_00407552: pcVar4 = (code *)0x405589; goto LAB_0040654e; } local_68 = (undefined **)cgi_func[2]; iVar1 = strcmp((char *)local_68,"GET"); if (iVar1 == 0) { local_5c = (undefined **)cgi_func[6]; cgi_func = (undefined **)0x448b28; pcVar11 = strstr((char *)local_5c,"height="); if (pcVar11 == (char *)0x0) { local_4c = (undefined **)&DAT_00000001; } else { cgi_func = (undefined **)0x448b30; pcVar11 = strstr((char *)local_5c,"width="); if (pcVar11 != (char *)0x0) { cgi_func = (undefined **)(local_88 + 0x10); local_68 = (undefined **)local_88; local_88[0] = '\0'; local_88[1] = '\0'; local_88[2] = '\0'; local_88[3] = '\0'; local_88[4] = '\0'; local_88[5] = '\0'; local_88[6] = '\0'; local_88[7] = '\0'; local_88[8] = '\0'; local_88[9] = '\0'; local_88[10] = '\0'; local_88[0xb] = '\0'; local_88[0xc] = '\0'; local_88[0xd] = '\0'; local_88[0xe] = '\0'; local_88[0xf] = '\0'; local_58 = apuStack_164; local_78 = (undefined *)0x0; local_74 = 0; local_70 = 0; local_6c = 0; memset(local_58,0,0x40); local_50 = acStack_c8; memset(local_50,0,0x20); pcVar11 = strstr((char *)local_5c,"height="); get_para_from_uri(pcVar11,(int)cgi_func); pcVar11 = strstr((char *)local_5c,"width="); get_para_from_uri(pcVar11,(int)local_68); get_css_path_from_uri((char *)((int)local_5c + 9),(int)local_50); sprintf((char *)local_58,"/www-comfast/%s",local_50); memset(&stack0xffefb400,0,0x100000); local_68 = (undefined **)atoi((char *)local_68); iVar1 = atoi((char *)cgi_func); modify_css(local_68,iVar1,&stack0xffefb400,(char *)local_58); sVar5 = strlen(&stack0xffefb400); FCGX_FPrintF(local_118, "HTTP/1.1 200 OK\r\nServer: nginx/1.4.7\r\nDate: Mon, 17 Jun 2019 10:42:35 GMT\r\nContent-Type: text/css\r\nContent-Length: %d\r\nLast-Modified: Thu, 01-Jan-1970 00:00:01 GMT\r\nConnection: keep-alive\r\nETag: \"5c666a67-1acd\"\r\nAccept-Ranges: bytes\r\n\r\n%s" ,sVar5,&stack0xffefb400); goto LAB_00406556; } local_4c = (undefined **)&DAT_00000001; } } else { iVar1 = strcmp((char *)local_68,"POST"); if (iVar1 != 0) { pcVar11 = local_58[3]; goto LAB_00407552; } cgi_func = (undefined **)strtoul(cgi_func[4],(char **)0x0,0); if ((char *)0xffffff < (char *)((int)cgi_func + -1)) { local_30 = _stderr; local_68 = &local_1b0; local_2c = local_1a0; fprintf(_stderr,"[%s,%s,%d]: Invalid request of content length: %s cl=%d", "cgi_main.c","webcfg_main"); fputc(10,_stderr); syslog(3,"Invalid request of content length: %s cl=%d",local_68[4],cgi_func); } local_68 = (undefined **)local_1ac; pcVar11 = strstr(local_1ac,"section=system_"); if (pcVar11 == (char *)0x0) { system_state = (char *)0x0; } else { pcVar11 = strstr((char *)local_68,"system_config_backup"); if (((pcVar11 == (char *)0x0) && (pcVar11 = strstr((char *)local_68,"system_account_download"), pcVar11 == (char *)0x0)) && (pcVar11 = strstr((char *)local_68,"system_passwd_download"), pcVar11 == (char *)0x0)) { pcVar11 = strstr((char *)local_68,"system_load_config"); if (pcVar11 == (char *)0x0) { pcVar11 = strstr((char *)local_68,"system_upgrade"); if ((pcVar11 == (char *)0x0) && (pcVar11 = strstr((char *)local_68,"system_upgrade_keep"), pcVar11 == (char *)0x0)) { pcVar11 = strstr((char *)local_68,"system_upload_file"); if (((((pcVar11 == (char *)0x0) && (pcVar11 = strstr((char *)local_68,"system_upload_account"), pcVar11 == (char *)0x0)) && (pcVar11 = strstr((char *)local_68,"system_upload_passwd"), pcVar11 == (char *)0x0)) && ((pcVar11 = strstr((char *)local_68,"system_upload_wxpay_cert_pem"), pcVar11 == (char *)0x0 && (pcVar11 = strstr((char *)local_68,"system_upload_wxpay_key_pem"), pcVar11 == (char *)0x0)))) && ((pcVar11 = strstr((char *)local_68,"system_upload_radius_template"), pcVar11 == (char *)0x0 && (pcVar11 = strstr((char *)local_68,"system_cluster_upgrade_file"), pcVar11 == (char *)0x0)))) { pcVar11 = strstr((char *)local_68,"system_wl_upload_pic_file"); if (pcVar11 == (char *)0x0) { system_state = strstr((char *)local_68,"system_suite_upgrade_file_upload") ; if (system_state != (char *)0x0) { system_state = (char *)0x6; } } else { system_state = (char *)0x5; } } else { system_state = (char *)0x4; } } else { system_state = (char *)0x3; } } else { system_state = &DAT_00000002; } } else { system_state = &DAT_00000001; } if (((local_1a4 != (char *)0x0) && (pcVar11 = strstr(local_1a4,"multipart/form-data"), pcVar11 != (char *)0x0)) && (local_28 = system_state, 1 < (int)system_state)) { local_58 = local_11c; memset(acStack_800,0,0x400); memset(acStack_400,0,0x100); do { if ((int)cgi_func < 1) goto LAB_00406fa2; local_68 = (undefined **)acStack_800; memset(local_68,0,0x400); pcVar11 = (char *)((int)cgi_func + 1); if (0x400 < (int)pcVar11) { pcVar11 = (char *)0x400; } iVar1 = FCGX_GetLine(local_68,pcVar11,local_58); if (iVar1 == 0) goto LAB_00407400; local_68 = (undefined **)acStack_800; sVar5 = strlen((char *)local_68); cgi_func = (undefined **)((int)cgi_func - sVar5); iVar1 = strncasecmp((char *)local_68,"Content-Disposition:",0x14); } while (iVar1 != 0); local_68 = (undefined **)strstr((char *)local_68,"filename="); if (local_68 != (undefined **)0x0) { local_5c = (undefined **)((int)local_68 + 10); local_54 = strchr((char *)local_5c,0x22); if (local_54 != (char *)0x0) { memset(upload_filename,0,0x100); strncpy(upload_filename,(char *)local_5c, (size_t)(local_54 + (-10 - (int)local_68))); } } for (; 0 < (int)cgi_func; cgi_func = (undefined **)((int)cgi_func - sVar5)) { local_68 = (undefined **)acStack_800; iVar1 = strcmp((char *)local_68,"\n"); if ((iVar1 == 0) || (iVar1 = strcmp((char *)local_68,"\r\n"), iVar1 == 0)) break; memset(local_68,0,0x400); pcVar11 = (char *)((int)cgi_func + 1); if (0x400 < (int)pcVar11) { pcVar11 = (char *)0x400; } iVar1 = FCGX_GetLine(local_68,pcVar11,local_58); if (iVar1 == 0) goto LAB_00407400; sVar5 = strlen(acStack_800); } LAB_00406fa2: pcVar11 = strstr(upload_filename,".png"); if ((((pcVar11 == (char *)0x0) && (pcVar11 = strstr(upload_filename,".PNG"), pcVar11 == (char *)0x0)) && (pcVar11 = strstr(upload_filename,".jpg"), pcVar11 == (char *)0x0)) && (((pcVar11 = strstr(upload_filename,".JPG"), pcVar11 == (char *)0x0 && (pcVar11 = strstr(upload_filename,".jpeg"), pcVar11 == (char *)0x0)) && (pcVar11 = strstr(upload_filename,".JPEG"), pcVar11 == (char *)0x0)))) { puVar24 = (undefined1 *)0x104800; pcVar11 = "/tmp/bakup.file"; strcpy(acStack_400,"/tmp/bakup.file"); } else { local_68 = (undefined **)0x448e6c; iVar1 = access("/tmp/img",0); if ((iVar1 != 0) && (iVar1 = mkdir("/tmp/img",0x1ff), iVar1 != 0)) goto LAB_00407400; puVar24 = upload_filename; pcVar11 = "%s/%s"; sprintf(acStack_400,"%s/%s","/tmp/img"); } local_5c = (undefined **)0x448e80; bVar10 = file_exists("/tmp/bakup.file",pcVar11,&_mips_gp0_value,puVar24); if (CONCAT31(extraout_var,bVar10) == 0) { memset(&uStack_c00,0,0x400); local_54 = (char *)open(acStack_400,0x302,0x1ff); if (-1 < (int)local_54) { local_68 = (undefined **)0x0; for (; 0 < (int)cgi_func; cgi_func = (undefined **)((int)cgi_func - (int)ppuVar6)) { local_4c = cgi_func; if (0x400 < (int)cgi_func) { local_4c = (undefined **)0x400; } local_5c = (undefined **)FCGX_GetStr(&uStack_c00,local_4c,local_58); if (local_5c != local_4c) break; if ((int)cgi_func < 0x400) { for (; (int)local_68 < (int)(cgi_func + -1); local_68 = (undefined **)((int)local_68 + 1)) { if ((((*(char *)((int)&uStack_c00 + (int)local_68) == '\r') && (*(char *)((int)&uStack_c00 + 1 + (int)local_68) == '\n')) && (*(char *)((int)&uStack_c00 + 2 + (int)local_68) == '-')) && ((*(char *)((int)&uStack_c00 + 3 + (int)local_68) == '-' && (local_bfc[(int)local_68] == '-')))) { *(char *)((int)&uStack_c00 + (int)local_68) = '\0'; cgi_func = (undefined **) ((int)cgi_func + ((int)local_68 - (int)local_5c)); local_5c = local_68; break; } } } ppuVar6 = (undefined **)write((int)local_54,&uStack_c00,(size_t)local_5c); if (ppuVar6 != local_5c) break; } close((int)local_54); } } else { local_58 = (undefined **)&uStack_c00; memset(local_58,0,0x80); local_68 = (undefined **)open("/tmp/bakup.file",2); if ((int)local_68 < 0) { unlink((char *)local_5c); } else { local_5c = (undefined **)lseek((int)local_68,0,2); lseek((int)local_68,(__off_t)((int)local_5c + -0x7f),0); read((int)local_68,local_58,0x7f); iVar1 = 0; do { iVar22 = iVar1; if (iVar22 == 0x7c) { iVar22 = 0x7c; break; } iVar1 = iVar22 + 1; } while (((*(char *)((int)&uStack_c00 + iVar22 + 1) != '\r') || (*(char *)((int)&uStack_c00 + iVar22 + 2) != '\n')) || ((*(char *)((int)&uStack_c00 + iVar22 + 3) != '-' || (local_bfc[iVar22] != '-')))); ftruncate((int)local_68,(__off_t)((int)local_5c + iVar22 + -0x7e)); close((int)local_68); local_68 = (undefined **)acStack_400; iVar1 = strcmp("/tmp/bakup.file",(char *)local_68); if (iVar1 != 0) { rename("/tmp/bakup.file",(char *)local_68); } } } } } LAB_00407400: if ((undefined **)0x4000 < cgi_func) { cgi_func = (undefined **)0x3fff; } local_68 = (undefined **)local_4c00; memset(local_68,0,0x4000); local_5c = apuStack_124; FCGX_GetStr(local_68,cgi_func,local_11c); *(char *)((int)local_68 + (int)cgi_func) = '\0'; if ((system_state == (char *)0x0) && (iVar1 = blobmsg_add_json_from_string(&local_98,local_68), iVar1 == 0)) { local_24 = _stderr; fprintf(_stderr,"[%s,%s,%d]: Fail to parse JSON from post data: %s","cgi_main.c", "webcfg_main"); fputc(10,_stderr); syslog(3,"Fail to parse JSON from post data: %s",local_68); pcVar11 = local_5c[3]; goto LAB_0040654a; } local_4c = (undefined **)&DAT_00000002; } cgi_func = (undefined **)authenticated_session_expiration_time; tVar7 = time((time_t *)0x0); cgi_func = (undefined **)((int)cgi_func - tVar7); if ((int)cgi_func < 0) { iVar1 = uptime_timeout(); if (iVar1 == 0) { memset(&authenticated_COMFAST_session_id,0,0x90); } else { tVar7 = time((time_t *)0x0); authenticated_session_expiration_time = tVar7 + 600; } } else { tVar7 = time((time_t *)0x0); authenticated_session_expiration_time = tVar7 + 600; } session_valid = 0; if (is_logged_in != '\0') { session_valid = (int)cgi_func < 1 ^ 1; } /* Figure out how to dispatch incoming request Loops over cgi_functions in &cgi_functions which is itself an array of data structures */ for (cgi_func = &cgi_functions; cgi_func != (undefined **)&DAT_00464bf4; cgi_func = cgi_func + 5) { local_20 = (undefined **)cgi_func[1]; if ((local_20 == local_4c) && (iVar1 = strcmp(*cgi_func,local_50 + 9), iVar1 == 0)) { /* Here's the auth check Every CGI entry in cgi_functions[] has a one-byte “needs-auth” flag (offset +2). If that flag is zero or the session is valid */ if ((*(char *)(cgi_func + 2) == '\0') || (session_valid != 0)) { local_68 = &local_1b0; pcVar23 = "ac_list_get"; pcVar11 = local_1ac; pcVar8 = strstr(local_1ac,"ac_list_get"); if (pcVar8 == (char *)0x0) { uci_start(pcVar11,pcVar23); local_68 = (undefined **)(*(code *)cgi_func[3])(local_68,&local_98,&local_a8); uci_end(); } else { ac_list_get(&local_98,&local_a8); local_68 = (undefined **)0x0; } local_1c = system_state; if (system_state != &DAT_00000001) { ppuVar6 = local_68; if ((int)local_68 < 0) { ppuVar6 = (undefined **)-(int)local_68; } goto LAB_004077ae; } } else { ppuVar6 = (undefined **)(char *)0x4; LAB_004077ae: cgi_gen_error(&local_a8,(int)ppuVar6); } local_18 = system_state; if (system_state == &DAT_00000001) { local_68 = (undefined **)local_118; memset(&uStack_c00,0,0x400); if (download_filename == '\0') { strcpy(&download_filename,"bakup.file"); } FCGX_FPrintF(local_68,"Content-Disposition: attachment; filename=\"%s\"\r\n", &download_filename); FCGX_FPrintF(local_68,"Content-Type: application/x-targz\r\n"); FCGX_FPrintF(local_68,"Cache-Control: no-cache\r\n",&_mips_gp0_value); FCGX_FPrintF(local_68,"Expires: 0\r\n",&_mips_gp0_value); FCGX_FPrintF(local_68,"\r\n",&_mips_gp0_value); local_54 = (char *)0x3; while( true ) { local_58 = (undefined **)0x448e80; local_5c = (undefined **)open("/tmp/bakup.file",2); if (local_5c != (undefined **)0xffffffff) break; local_54 = local_54 + -1; if (local_54 == (char *)0x0) goto LAB_00407956; sleep(1); } ppuVar6 = (undefined **)&uStack_c00; while( true ) { memset(ppuVar6,0,0x400); local_58 = (undefined **)&uStack_c00; sVar9 = read((int)local_5c,local_58,0x3ff); if (sVar9 < 1) break; *(char *)((int)local_58 + sVar9) = '\0'; FCGX_PutStr(local_58,sVar9,local_68); ppuVar6 = local_58; } LAB_00407956: memset(&download_filename,0,0x100); if (-1 < (int)local_5c) { close((int)local_5c); } unlink("/tmp/bakup.file"); } else { if (*(char *)(cgi_func + 4) != '\0') break; local_5c = (undefined **)blobmsg_format_json_with_cb(local_a8,1,0,0); local_54 = "COMFAST_SESSIONID"; if ((int)system_state < 2) { local_44 = local_118; if (session_valid == 0) { local_58 = (undefined **)0x44881c; local_68 = (undefined **)0x448824; } else { local_58 = (undefined **)&authenticated_COMFAST_session_id; local_68 = (undefined **)0x448808; } strlen((char *)local_5c); pcVar11 = "Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: application/json\r\n\r\n%s\r\n" ; } else { local_44 = local_118; if (session_valid == 0) { local_58 = (undefined **)0x44881c; local_68 = (undefined **)0x448824; } else { local_58 = (undefined **)&authenticated_COMFAST_session_id; local_68 = (undefined **)0x448808; } strlen((char *)local_5c); pcVar11 = "Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: text/html\r\n\r\n%s\r\n" ; } FCGX_FPrintF(local_44,pcVar11,local_54,local_58); free(local_5c); } } } } } LAB_00406556: blob_buf_free(&local_98); blob_buf_free(&local_a8); FCGX_Finish_r(apuStack_124); iVar1 = config_action_get(); if (iVar1 != 0) { apply_settings(); } } while( true ); } /* This is the end of the IF FCGI_OPEN_SOCKET() succeeded block */ local_34 = _stderr; fprintf(_stderr,"[%s,%s,%d]: Fail to open fcgi socket, can not continue!","cgi_main.c", "webcfg_main"); fputc(10,_stderr); pcVar11 = "[%s,%s,%d]: Fail to open fcgi socket, can not continue!"; } syslog(3,pcVar11 + 0xc,&_mips_gp0_value); return 0xffffffff; }