CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Sun Apr 28 17:12:30 UTC 2024 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c Log Message: Bump bozohttpd version to today for mobile-friendly directory listing To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/CHANGES cvs rdiff -u -r1.96 -r1.97 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.146 -r1.147 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.55 src/libexec/httpd/CHANGES:1.56 --- src/libexec/httpd/CHANGES:1.55 Fri Jan 26 23:19:44 2024 +++ src/libexec/httpd/CHANGES Sun Apr 28 17:12:30 2024 @@ -1,4 +1,7 @@ -$NetBSD: CHANGES,v 1.55 2024/01/26 23:19:44 mrg Exp $ +$NetBSD: CHANGES,v 1.56 2024/04/28 17:12:30 maya Exp $ + +changes in bozohttpd 20240428: + o make directory listings mobile friendly. from D. Bohdan. changes in bozohttpd 20240126: o add some more default mime types. Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.96 src/libexec/httpd/bozohttpd.8:1.97 --- src/libexec/httpd/bozohttpd.8:1.96 Sun Feb 4 05:54:20 2024 +++ src/libexec/httpd/bozohttpd.8 Sun Apr 28 17:12:30 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.96 2024/02/04 05:54:20 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.97 2024/04/28 17:12:30 maya Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd Jan 26, 2024 +.Dd Apr 28, 2024 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -664,7 +664,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20240126. +version 20240428. .Sh AUTHORS .An -nosplit .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.146 src/libexec/httpd/bozohttpd.c:1.147 --- src/libexec/httpd/bozohttpd.c:1.146 Fri Jan 26 23:19:44 2024 +++ src/libexec/httpd/bozohttpd.c Sun Apr 28 17:12:30 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.146 2024/01/26 23:19:44 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.147 2024/04/28 17:12:30 maya Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20240126" +#define SERVER_SOFTWARE "bozohttpd/20240428" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html"
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Sun Apr 28 17:12:30 UTC 2024 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c Log Message: Bump bozohttpd version to today for mobile-friendly directory listing To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/CHANGES cvs rdiff -u -r1.96 -r1.97 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.146 -r1.147 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Fri Apr 26 20:27:12 UTC 2024 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: Create mobile-friendly directory listings A typical mobile browser on a smartphone assumes a page without a "viewport" tag is designed for desktop browsers. It displays the page in a virtual window that simulates a wider screen and does not adjust it for the phone's pixel density. The usual result is that the content on the page looks small, and interacting with the page comfortably and precisely requires zoom. This is currently the case with bozohttpd directory listing pages. from D. Bohdan in PR bin/57962 To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.36 src/libexec/httpd/dir-index-bozo.c:1.37 --- src/libexec/httpd/dir-index-bozo.c:1.36 Wed May 18 00:37:11 2022 +++ src/libexec/httpd/dir-index-bozo.c Fri Apr 26 20:27:12 2024 @@ -1,4 +1,4 @@ -/* $NetBSD: dir-index-bozo.c,v 1.36 2022/05/18 00:37:11 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.37 2024/04/26 20:27:12 maya Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ @@ -123,6 +123,7 @@ bozo_dir_index(bozo_httpreq_t *request, bozo_printf(httpd, "\r\n" "\r\n" + "\r\n"
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Fri Apr 26 20:27:12 UTC 2024 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: Create mobile-friendly directory listings A typical mobile browser on a smartphone assumes a page without a "viewport" tag is designed for desktop browsers. It displays the page in a virtual window that simulates a wider screen and does not adjust it for the phone's pixel density. The usual result is that the content on the page looks small, and interacting with the page comfortably and precisely requires zoom. This is currently the case with bozohttpd directory listing pages. from D. Bohdan in PR bin/57962 To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 4 05:54:21 UTC 2024 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: note this documents bozohttpd 20240126. To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.96 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 4 05:54:21 UTC 2024 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: note this documents bozohttpd 20240126. To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.96 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.95 src/libexec/httpd/bozohttpd.8:1.96 --- src/libexec/httpd/bozohttpd.8:1.95 Fri Feb 2 20:50:28 2024 +++ src/libexec/httpd/bozohttpd.8 Sun Feb 4 05:54:20 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.95 2024/02/02 20:50:28 andvar Exp $ +.\" $NetBSD: bozohttpd.8,v 1.96 2024/02/04 05:54:20 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -664,7 +664,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20230602. +version 20240126. .Sh AUTHORS .An -nosplit .Nm
CVS commit: src/libexec/httpd
Module Name:src Committed By: andvar Date: Fri Feb 2 20:50:28 UTC 2024 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: s/supressing/suppressing/. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.94 src/libexec/httpd/bozohttpd.8:1.95 --- src/libexec/httpd/bozohttpd.8:1.94 Fri Jan 26 23:19:44 2024 +++ src/libexec/httpd/bozohttpd.8 Fri Feb 2 20:50:28 2024 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.94 2024/01/26 23:19:44 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.95 2024/02/02 20:50:28 andvar Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -79,7 +79,7 @@ using the ftp facility (but see the .Fl s option for testing and the .Fl q -option for supressing this.) +option for suppressing this.) .Nm is designed to be small, simple and relatively featureless, hopefully increasing its security.
CVS commit: src/libexec/httpd
Module Name:src Committed By: andvar Date: Fri Feb 2 20:50:28 UTC 2024 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: s/supressing/suppressing/. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Jan 26 23:19:44 UTC 2024 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c Log Message: add some missing changes and bump the version. To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/CHANGES cvs rdiff -u -r1.93 -r1.94 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.145 -r1.146 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.54 src/libexec/httpd/CHANGES:1.55 --- src/libexec/httpd/CHANGES:1.54 Wed Nov 2 20:38:21 2022 +++ src/libexec/httpd/CHANGES Fri Jan 26 23:19:44 2024 @@ -1,4 +1,12 @@ -$NetBSD: CHANGES,v 1.54 2022/11/02 20:38:21 andvar Exp $ +$NetBSD: CHANGES,v 1.55 2024/01/26 23:19:44 mrg Exp $ + +changes in bozohttpd 20240126: + o add some more default mime types. + o fix memory leaks. from shm. + o fix reading 2 bytes beyond '%', possibly not mapped. from shm. + o support openssl 3. from christos. + o add -q option to not log. from martin. + o fix default return value of bozo_set_defaults(), PR#54785. changes in bozohttpd 20220104: o remove obsolete .bzdirect handling. Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.93 src/libexec/httpd/bozohttpd.8:1.94 --- src/libexec/httpd/bozohttpd.8:1.93 Wed Jun 7 20:22:22 2023 +++ src/libexec/httpd/bozohttpd.8 Fri Jan 26 23:19:44 2024 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.93 2023/06/07 20:22:22 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.94 2024/01/26 23:19:44 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2023 Matthew R. Green +.\" Copyright (c) 1997-2024 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd Sep 12, 2023 +.Dd Jan 26, 2024 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -670,7 +670,7 @@ version 20230602. .Nm was written by .An Matthew R. Green -.Aq Mt m...@eterna.com.au . +.Aq Mt m...@eterna23.net . .Pp The large list of contributors includes: .Bl -dash @@ -805,7 +805,7 @@ provided several clean up fixes, and man provided various fixes .It .An Tyler Retzlaff -.Aq Mt r...@eterna.com.au +.Aq Mt r...@eterna23.net provided SSL support, cgi-bin fixes and much other random other stuff .It .An rudolf @@ -860,7 +860,9 @@ There are probably others I have forgott Please send all updates to .Nm to -.Aq Mt m...@eterna.com.au +.Aq Mt m...@eterna23.net +or +.Aq Mt netbsd-b...@netbsd.org for inclusion in future releases. .Sh BUGS .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.145 src/libexec/httpd/bozohttpd.c:1.146 --- src/libexec/httpd/bozohttpd.c:1.145 Wed Sep 20 07:13:35 2023 +++ src/libexec/httpd/bozohttpd.c Fri Jan 26 23:19:44 2024 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.145 2023/09/20 07:13:35 shm Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.146 2024/01/26 23:19:44 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2023 Matthew R. Green + * Copyright (c) 1997-2024 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20230602" +#define SERVER_SOFTWARE "bozohttpd/20240126" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html"
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Jan 26 23:19:44 UTC 2024 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c Log Message: add some missing changes and bump the version. To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/CHANGES cvs rdiff -u -r1.93 -r1.94 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.145 -r1.146 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: riastradh Date: Mon Dec 18 03:48:57 UTC 2023 Modified Files: src/libexec/httpd: ssl-bozo.c Log Message: httpd(8): Add missing newline to `SSL Error' messages. Matches the pattern in all other printf/syslog calls. XXX pullup-10 XXX pullup-9 XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/ssl-bozo.c diff -u src/libexec/httpd/ssl-bozo.c:1.33 src/libexec/httpd/ssl-bozo.c:1.34 --- src/libexec/httpd/ssl-bozo.c:1.33 Wed Jun 7 20:12:31 2023 +++ src/libexec/httpd/ssl-bozo.c Mon Dec 18 03:48:57 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: ssl-bozo.c,v 1.33 2023/06/07 20:12:31 mrg Exp $ */ +/* $NetBSD: ssl-bozo.c,v 1.34 2023/12/18 03:48:57 riastradh Exp $ */ /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ @@ -129,6 +129,7 @@ bozo_clear_ssl_queue(bozohttpd_t *httpd) ERR_lib_error_string(sslcode), ERR_func_error_string(sslcode), ERR_reason_error_string(sslcode)); + fputs("\n", stderr); } else { syslog(LOG_ERR, sslfmt, ERR_lib_error_string(sslcode),
CVS commit: src/libexec/httpd
Module Name:src Committed By: riastradh Date: Mon Dec 18 03:48:57 UTC 2023 Modified Files: src/libexec/httpd: ssl-bozo.c Log Message: httpd(8): Add missing newline to `SSL Error' messages. Matches the pattern in all other printf/syslog calls. XXX pullup-10 XXX pullup-9 XXX pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 08:41:35 UTC 2023 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Removed unnecessary comment Thanks leot@ for pointing this out To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.55 src/libexec/httpd/cgi-bozo.c:1.56 --- src/libexec/httpd/cgi-bozo.c:1.55 Wed Sep 20 07:09:14 2023 +++ src/libexec/httpd/cgi-bozo.c Wed Sep 20 08:41:35 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.55 2023/09/20 07:09:14 shm Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.56 2023/09/20 08:41:35 shm Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -654,7 +654,6 @@ bozo_process_cgi(bozo_httpreq_t *request /* CGI programs should perform their own timeouts */ while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) { ssize_t wbytes; - /* char *bp = buf; */ while (rbytes) { wbytes = write(sv[0], buf, (size_t)rbytes);
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 08:41:35 UTC 2023 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Removed unnecessary comment Thanks leot@ for pointing this out To generate a diff of this commit: cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 07:13:35 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix off-by-one in bozo_decode_url_percent In case of strings that end with '%', debug function was reading past buffer. To generate a diff of this commit: cvs rdiff -u -r1.144 -r1.145 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.144 src/libexec/httpd/bozohttpd.c:1.145 --- src/libexec/httpd/bozohttpd.c:1.144 Thu Sep 7 06:40:56 2023 +++ src/libexec/httpd/bozohttpd.c Wed Sep 20 07:13:35 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.144 2023/09/07 06:40:56 shm Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.145 2023/09/20 07:13:35 shm Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1564,9 +1564,14 @@ bozo_decode_url_percent(bozo_httpreq_t * *t++ = *s++; break; } - debug((httpd, DEBUG_EXPLODING, - "fu_%%: got s == %%, s[1]s[2] == %c%c", - s[1], s[2])); + if ([2] < end) + debug((httpd, DEBUG_EXPLODING, +"fu_%%: got s == %%, s[1]s[2] == %c%c", +s[1], s[2])); + else + debug((httpd, DEBUG_EXPLODING, + "fu_%%: got s == %%, s[1] == %c s[2] is not set", +s[1])); if (s[1] == '\0' || s[2] == '\0') return bozo_http_error(httpd, 400, request, "percent hack missing two chars afterwards");
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 07:13:35 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix off-by-one in bozo_decode_url_percent In case of strings that end with '%', debug function was reading past buffer. To generate a diff of this commit: cvs rdiff -u -r1.144 -r1.145 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 07:09:14 UTC 2023 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Remove unused variable (bp) To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Wed Sep 20 07:09:14 UTC 2023 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Remove unused variable (bp) To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.54 src/libexec/httpd/cgi-bozo.c:1.55 --- src/libexec/httpd/cgi-bozo.c:1.54 Thu Apr 8 07:02:12 2021 +++ src/libexec/httpd/cgi-bozo.c Wed Sep 20 07:09:14 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.54 2021/04/08 07:02:12 rillig Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.55 2023/09/20 07:09:14 shm Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -185,15 +185,13 @@ finish_cgi_output(bozohttpd_t *httpd, bo /* CGI programs should perform their own timeouts */ while ((rbytes = read(in, buf, sizeof buf)) > 0) { ssize_t wbytes; - char *bp = buf; while (rbytes) { wbytes = bozo_write(httpd, STDOUT_FILENO, buf, (size_t)rbytes); - if (wbytes > 0) { + if (wbytes > 0) rbytes -= wbytes; -bp += wbytes; - } else + else bozoerr(httpd, 1, "cgi output write failed: %s", strerror(errno)); @@ -656,14 +654,13 @@ bozo_process_cgi(bozo_httpreq_t *request /* CGI programs should perform their own timeouts */ while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) { ssize_t wbytes; - char *bp = buf; + /* char *bp = buf; */ while (rbytes) { wbytes = write(sv[0], buf, (size_t)rbytes); - if (wbytes > 0) { + if (wbytes > 0) rbytes -= wbytes; -bp += wbytes; - } else + else bozoerr(httpd, 1, "write failed: %s", strerror(errno)); }
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Tue Sep 19 07:51:43 UTC 2023 Modified Files: src/libexec/httpd: auth-bozo.c Log Message: Fix hr_authrealm memory leak hr_authrealm might be already set, so we need to free it before overwriting the value To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/auth-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.27 src/libexec/httpd/auth-bozo.c:1.28 --- src/libexec/httpd/auth-bozo.c:1.27 Wed May 5 07:41:48 2021 +++ src/libexec/httpd/auth-bozo.c Tue Sep 19 07:51:43 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bozo.c,v 1.27 2021/05/05 07:41:48 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.28 2023/09/19 07:51:43 shm Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -67,6 +67,11 @@ bozo_auth_check(bozo_httpreq_t *request, if (bozo_check_special_files(request, basename, true)) return 1; } + + /* we might be called from cgi code again with the hr_authrealm + * already set */ + if (request->hr_authrealm) + free(request->hr_authrealm); request->hr_authrealm = bozostrdup(httpd, request, dir); if ((size_t)snprintf(authfile, sizeof(authfile), "%s/%s", dir,
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Tue Sep 19 07:51:43 UTC 2023 Modified Files: src/libexec/httpd: auth-bozo.c Log Message: Fix hr_authrealm memory leak hr_authrealm might be already set, so we need to free it before overwriting the value To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/auth-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Thu Sep 7 06:40:56 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix memory leaks in bozo_cleanup To generate a diff of this commit: cvs rdiff -u -r1.143 -r1.144 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.143 src/libexec/httpd/bozohttpd.c:1.144 --- src/libexec/httpd/bozohttpd.c:1.143 Wed Jun 7 20:12:31 2023 +++ src/libexec/httpd/bozohttpd.c Thu Sep 7 06:40:56 2023 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.143 2023/06/07 20:12:31 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.144 2023/09/07 06:40:56 shm Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2728,6 +2728,11 @@ bozo_cleanup(bozohttpd_t *httpd, bozopre free(httpd->errorbuf); free(httpd->getln_buffer); free(httpd->slashdir); + free(httpd->bindport); + free(httpd->pidfile); + free(httpd->cgibin); + free(httpd->virtbase); + free(httpd->dynamic_content_map); #define bozo_unconst(x) ((void *)(uintptr_t)x) free(bozo_unconst(httpd->server_software)); free(bozo_unconst(httpd->index_html));
CVS commit: src/libexec/httpd
Module Name:src Committed By: shm Date: Thu Sep 7 06:40:56 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix memory leaks in bozo_cleanup To generate a diff of this commit: cvs rdiff -u -r1.143 -r1.144 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Jun 7 20:22:22 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: add a note about how to setup http -> https redirection. bump documented version. To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Jun 7 20:22:22 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: add a note about how to setup http -> https redirection. bump documented version. To generate a diff of this commit: cvs rdiff -u -r1.92 -r1.93 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.92 src/libexec/httpd/bozohttpd.8:1.93 --- src/libexec/httpd/bozohttpd.8:1.92 Mon Sep 12 10:34:20 2022 +++ src/libexec/httpd/bozohttpd.8 Wed Jun 7 20:22:22 2023 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.92 2022/09/12 10:34:20 martin Exp $ +.\" $NetBSD: bozohttpd.8,v 1.93 2023/06/07 20:22:22 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2022 Matthew R. Green +.\" Copyright (c) 1997-2023 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd Sep 12, 22 +.Dd Sep 12, 2023 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -524,6 +524,11 @@ To disable SSL SUPPORT compile with .Dq -DNO_SSL_SUPPORT on the compiler command line. +.Pp +To have an enforced redirect, such as http to https, create a shadow +directory root that contains a +.Pa .bzabsredirect +file that points to the real target. .Ss COMPRESSION .Nm supports a very basic form of compression. @@ -641,6 +646,7 @@ fi exit 1 .Ed + .Sh SEE ALSO .Xr inetd.conf 5 , .Xr inetd 8 @@ -658,7 +664,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20220517. +version 20230602. .Sh AUTHORS .An -nosplit .Nm
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Jun 7 20:12:32 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c content-bozo.c main.c ssl-bozo.c Log Message: serve .iso as "application/octet-stream". bump version & copyright. To generate a diff of this commit: cvs rdiff -u -r1.142 -r1.143 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/content-bozo.c cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/main.c cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Jun 7 20:12:32 UTC 2023 Modified Files: src/libexec/httpd: bozohttpd.c content-bozo.c main.c ssl-bozo.c Log Message: serve .iso as "application/octet-stream". bump version & copyright. To generate a diff of this commit: cvs rdiff -u -r1.142 -r1.143 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/content-bozo.c cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/main.c cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.142 src/libexec/httpd/bozohttpd.c:1.143 --- src/libexec/httpd/bozohttpd.c:1.142 Mon Sep 12 10:30:39 2022 +++ src/libexec/httpd/bozohttpd.c Wed Jun 7 20:12:31 2023 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.142 2022/09/12 10:30:39 martin Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.143 2023/06/07 20:12:31 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2022 Matthew R. Green + * Copyright (c) 1997-2023 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20220517" +#define SERVER_SOFTWARE "bozohttpd/20230602" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.21 src/libexec/httpd/content-bozo.c:1.22 --- src/libexec/httpd/content-bozo.c:1.21 Tue May 31 06:34:33 2022 +++ src/libexec/httpd/content-bozo.c Wed Jun 7 20:12:31 2023 @@ -1,9 +1,9 @@ -/* $NetBSD: content-bozo.c,v 1.21 2022/05/31 06:34:33 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.22 2023/06/07 20:12:31 mrg Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2021 Matthew R. Green + * Copyright (c) 1997-2023 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -198,6 +198,7 @@ static bozo_content_map_t static_content { ".vrml", "x-world/x-vrml", "", "", NULL }, { ".svg", "image/svg+xml", "", "", NULL }, { ".mobi", "application/x-mobipocket-ebook", "", "", NULL }, + { ".iso", "application/octet-stream", "", "", NULL }, { NULL, NULL, NULL, NULL, NULL } }; Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.30 src/libexec/httpd/main.c:1.31 --- src/libexec/httpd/main.c:1.30 Mon Sep 12 10:30:39 2022 +++ src/libexec/httpd/main.c Wed Jun 7 20:12:31 2023 @@ -1,10 +1,10 @@ -/* $NetBSD: main.c,v 1.30 2022/09/12 10:30:39 martin Exp $ */ +/* $NetBSD: main.c,v 1.31 2023/06/07 20:12:31 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ /* - * Copyright (c) 1997-2021 Matthew R. Green + * Copyright (c) 1997-2023 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/ssl-bozo.c diff -u src/libexec/httpd/ssl-bozo.c:1.32 src/libexec/httpd/ssl-bozo.c:1.33 --- src/libexec/httpd/ssl-bozo.c:1.32 Mon Sep 12 10:30:39 2022 +++ src/libexec/httpd/ssl-bozo.c Wed Jun 7 20:12:31 2023 @@ -1,9 +1,9 @@ -/* $NetBSD: ssl-bozo.c,v 1.32 2022/09/12 10:30:39 martin Exp $ */ +/* $NetBSD: ssl-bozo.c,v 1.33 2023/06/07 20:12:31 mrg Exp $ */ /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2023 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without
CVS commit: src/libexec/httpd/libbozohttpd
Module Name:src Committed By: christos Date: Tue May 9 13:07:44 UTC 2023 Modified Files: src/libexec/httpd/libbozohttpd: Makefile Log Message: Deal with OpenSSL-3.x To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/libbozohttpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/libbozohttpd/Makefile diff -u src/libexec/httpd/libbozohttpd/Makefile:1.3 src/libexec/httpd/libbozohttpd/Makefile:1.4 --- src/libexec/httpd/libbozohttpd/Makefile:1.3 Sun May 21 11:28:41 2017 +++ src/libexec/httpd/libbozohttpd/Makefile Tue May 9 09:07:43 2023 @@ -24,4 +24,6 @@ INCSDIR= /usr/include LDADD+= -lssl -lcrypto DPADD+= ${LIBSSL} ${LIBCRYPTO} +COPTS.ssl-bozo.c+= -Wno-error=deprecated-declarations + .include
CVS commit: src/libexec/httpd/libbozohttpd
Module Name:src Committed By: christos Date: Tue May 9 13:07:44 UTC 2023 Modified Files: src/libexec/httpd/libbozohttpd: Makefile Log Message: Deal with OpenSSL-3.x To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/libbozohttpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Tue May 9 01:47:21 UTC 2023 Modified Files: src/libexec/httpd: Makefile Log Message: accommodate OpenSSL-3.x To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.31 src/libexec/httpd/Makefile:1.32 --- src/libexec/httpd/Makefile:1.31 Sat Feb 27 23:18:46 2021 +++ src/libexec/httpd/Makefile Mon May 8 21:47:21 2023 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.31 2021/02/28 04:18:46 mrg Exp $ +# $NetBSD: Makefile,v 1.32 2023/05/09 01:47:21 christos Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -33,6 +33,8 @@ SRCS= bozohttpd.c ssl-bozo.c auth-bozo.c tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c SRCS+= main.c +COPTS.ssl-bozo.c+=-Wno-error=deprecated-declarations + LDADD= -lblocklist -lcrypt -llua -lm DPADD= ${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM}
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Tue May 9 01:47:21 UTC 2023 Modified Files: src/libexec/httpd: Makefile Log Message: accommodate OpenSSL-3.x To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Mon Sep 12 10:34:20 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: Document the -q option. To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.91 src/libexec/httpd/bozohttpd.8:1.92 --- src/libexec/httpd/bozohttpd.8:1.91 Wed May 18 00:37:11 2022 +++ src/libexec/httpd/bozohttpd.8 Mon Sep 12 10:34:20 2022 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.91 2022/05/18 00:37:11 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.92 2022/09/12 10:34:20 martin Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd May 24, 17 +.Dd Sep 12, 22 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -34,7 +34,7 @@ .Nd hyper text transfer protocol version 1.1 daemon .Sh SYNOPSIS .Nm -.Op Fl EGHVXdefhnsu +.Op Fl EGHVXdefhnqsu .Op Fl C Ar suffix cgihandler .Op Fl I Ar port .Op Fl L Ar prefix script @@ -77,7 +77,9 @@ writes logs to .Xr syslog 3 using the ftp facility (but see the .Fl s -option for testing.) +option for testing and the +.Fl q +option for supressing this.) .Nm is designed to be small, simple and relatively featureless, hopefully increasing its security. @@ -256,6 +258,8 @@ translations from .Dq public_html to .Ar pubdir . +.It Fl q +Quiet mode - no log entries generated. .It Fl R Ar readme When directory indexing is enabled, include the contents of the file .Ar readme
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Mon Sep 12 10:34:20 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: Document the -q option. To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Mon Sep 12 10:30:39 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h main.c ssl-bozo.c Log Message: Add a -q option to make http quiet (no log messages). Usefull when running multiple instances and some for (high traffic) APIs e.g. to receive log data from appliences - it makes not sense to duplicate the whole log in the xferlog file (but we can't configure that at the syslog level due to other httpd instances using that). To generate a diff of this commit: cvs rdiff -u -r1.141 -r1.142 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/main.c cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.141 src/libexec/httpd/bozohttpd.c:1.142 --- src/libexec/httpd/bozohttpd.c:1.141 Wed May 18 00:37:11 2022 +++ src/libexec/httpd/bozohttpd.c Mon Sep 12 10:30:39 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.141 2022/05/18 00:37:11 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.142 2022/09/12 10:30:39 martin Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2022,11 +2022,13 @@ debug__(bozohttpd_t *httpd, int level, c savederrno = errno; va_start(ap, fmt); - if (httpd->logstderr) { - vfprintf(stderr, fmt, ap); - fputs("\n", stderr); - } else - vsyslog(LOG_DEBUG, fmt, ap); + if (!httpd->nolog) { + if (httpd->logstderr) { + vfprintf(stderr, fmt, ap); + fputs("\n", stderr); + } else + vsyslog(LOG_DEBUG, fmt, ap); + } va_end(ap); errno = savederrno; } @@ -2039,12 +2041,14 @@ bozowarn(bozohttpd_t *httpd, const char va_list ap; va_start(ap, fmt); - if (httpd->logstderr || isatty(STDERR_FILENO)) { - //fputs("warning: ", stderr); - vfprintf(stderr, fmt, ap); - fputs("\n", stderr); - } else - vsyslog(LOG_INFO, fmt, ap); + if (!httpd->nolog) { + if (httpd->logstderr || isatty(STDERR_FILENO)) { + //fputs("warning: ", stderr); + vfprintf(stderr, fmt, ap); + fputs("\n", stderr); + } else + vsyslog(LOG_INFO, fmt, ap); + } va_end(ap); } @@ -2054,12 +2058,14 @@ bozoerr(bozohttpd_t *httpd, int code, co va_list ap; va_start(ap, fmt); - if (httpd->logstderr || isatty(STDERR_FILENO)) { - //fputs("error: ", stderr); - vfprintf(stderr, fmt, ap); - fputs("\n", stderr); - } else - vsyslog(LOG_ERR, fmt, ap); + if (!httpd->nolog) { + if (httpd->logstderr || isatty(STDERR_FILENO)) { + //fputs("error: ", stderr); + vfprintf(stderr, fmt, ap); + fputs("\n", stderr); + } else + vsyslog(LOG_ERR, fmt, ap); + } va_end(ap); exit(code); } @@ -2591,6 +2597,10 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs strcmp(cp, "true") == 0) { httpd->logstderr = 1; } + if ((cp = bozo_get_pref(prefs, "no log")) != NULL && + strcmp(cp, "true") == 0) { + httpd->nolog = 1; + } if ((cp = bozo_get_pref(prefs, "bind address")) != NULL) { httpd->bindaddress = bozostrdup(httpd, NULL, cp); } Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.72 src/libexec/httpd/bozohttpd.h:1.73 --- src/libexec/httpd/bozohttpd.h:1.72 Wed May 18 00:37:11 2022 +++ src/libexec/httpd/bozohttpd.h Mon Sep 12 10:30:39 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.72 2022/05/18 00:37:11 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.73 2022/09/12 10:30:39 martin Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -103,6 +103,7 @@ typedef struct bozohttpd_t { char *virtbase; /* virtual directory base */ int unknown_slash; /* unknown vhosts go to normal slashdir */ int logstderr; /* log to stderr (even if not tty) */ + int nolog; /* do not log anything */ int background; /* drop into daemon mode */ int foreground; /* keep daemon mode in foreground */ char *pidfile; /* path to the pid file, if any */ Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.29 src/libexec/httpd/main.c:1.30 --- src/libexec/httpd/main.c:1.29 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/main.c Mon Sep 12 10:30:39 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.29 2021/08/24 09:47:36 mrg Exp $ */ +/* $NetBSD: main.c,v 1.30 2022/09/12 10:30:39 martin Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -102,6 +102,8 @@ usage(bozohttpd_t *httpd, char *progname bozowarn(httpd, " -P pidfile\t\tpid file path"); if (have_user) bozowarn(httpd, " -p dir\t\t\"public_html\" directory name"); + if (have_core) + bozowarn(httpd, " -q\t\tquiet mode, no logging"); if (have_dirindex) bozowarn(httpd, " -R readme\t\tput readme file in footer " "of directory index"); @@ -164,7 +166,7 @@ main(int argc, char **argv) */ while ((c =
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Mon Sep 12 10:30:39 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h main.c ssl-bozo.c Log Message: Add a -q option to make http quiet (no log messages). Usefull when running multiple instances and some for (high traffic) APIs e.g. to receive log data from appliences - it makes not sense to duplicate the whole log in the xferlog file (but we can't configure that at the syslog level due to other httpd instances using that). To generate a diff of this commit: cvs rdiff -u -r1.141 -r1.142 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/main.c cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue May 31 06:34:33 UTC 2022 Modified Files: src/libexec/httpd: content-bozo.c Log Message: add .mobi / application/x-mobipocket-ebook. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.20 src/libexec/httpd/content-bozo.c:1.21 --- src/libexec/httpd/content-bozo.c:1.20 Sat Feb 27 12:55:25 2021 +++ src/libexec/httpd/content-bozo.c Tue May 31 06:34:33 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: content-bozo.c,v 1.20 2021/02/27 12:55:25 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.21 2022/05/31 06:34:33 mrg Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -197,6 +197,7 @@ static bozo_content_map_t static_content { ".wrl", "x-world/x-vrml", "", "", NULL }, { ".vrml", "x-world/x-vrml", "", "", NULL }, { ".svg", "image/svg+xml", "", "", NULL }, + { ".mobi", "application/x-mobipocket-ebook", "", "", NULL }, { NULL, NULL, NULL, NULL, NULL } };
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue May 31 06:34:33 UTC 2022 Modified Files: src/libexec/httpd: content-bozo.c Log Message: add .mobi / application/x-mobipocket-ebook. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 18 00:37:11 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c Log Message: call this bozohttpd 20220517. To generate a diff of this commit: cvs rdiff -u -r1.90 -r1.91 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.140 -r1.141 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.71 -r1.72 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.90 src/libexec/httpd/bozohttpd.8:1.91 --- src/libexec/httpd/bozohttpd.8:1.90 Tue Jan 4 06:08:14 2022 +++ src/libexec/httpd/bozohttpd.8 Wed May 18 00:37:11 2022 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.90 2022/01/04 06:08:14 kim Exp $ +.\" $NetBSD: bozohttpd.8,v 1.91 2022/05/18 00:37:11 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2021 Matthew R. Green +.\" Copyright (c) 1997-2022 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 24, 2021 +.Dd May 24, 17 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -654,7 +654,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20220104. +version 20220517. .Sh AUTHORS .An -nosplit .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.140 src/libexec/httpd/bozohttpd.c:1.141 --- src/libexec/httpd/bozohttpd.c:1.140 Sun Apr 10 09:50:44 2022 +++ src/libexec/httpd/bozohttpd.c Wed May 18 00:37:11 2022 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.140 2022/04/10 09:50:44 andvar Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.141 2022/05/18 00:37:11 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2021 Matthew R. Green + * Copyright (c) 1997-2022 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20220104" +#define SERVER_SOFTWARE "bozohttpd/20220517" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.71 src/libexec/httpd/bozohttpd.h:1.72 --- src/libexec/httpd/bozohttpd.h:1.71 Tue Jan 4 06:08:14 2022 +++ src/libexec/httpd/bozohttpd.h Wed May 18 00:37:11 2022 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.h,v 1.71 2022/01/04 06:08:14 kim Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.72 2022/05/18 00:37:11 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2021 Matthew R. Green + * Copyright (c) 1997-2022 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.35 src/libexec/httpd/dir-index-bozo.c:1.36 --- src/libexec/httpd/dir-index-bozo.c:1.35 Mon Mar 14 05:06:59 2022 +++ src/libexec/httpd/dir-index-bozo.c Wed May 18 00:37:11 2022 @@ -1,9 +1,9 @@ -/* $NetBSD: dir-index-bozo.c,v 1.35 2022/03/14 05:06:59 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.36 2022/05/18 00:37:11 mrg Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2022 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 18 00:37:11 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c Log Message: call this bozohttpd 20220517. To generate a diff of this commit: cvs rdiff -u -r1.90 -r1.91 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.140 -r1.141 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.71 -r1.72 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Mar 14 05:58:36 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: in bozo_init_prefs(), default to returning 1 (success) and if a bozo_set_pref() fails, return 0 instead. fixes PR#54785 but with a different patch. To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.139 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Mar 14 05:58:36 UTC 2022 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: in bozo_init_prefs(), default to returning 1 (success) and if a bozo_set_pref() fails, return 0 instead. fixes PR#54785 but with a different patch. To generate a diff of this commit: cvs rdiff -u -r1.138 -r1.139 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.138 src/libexec/httpd/bozohttpd.c:1.139 --- src/libexec/httpd/bozohttpd.c:1.138 Tue Jan 4 06:08:14 2022 +++ src/libexec/httpd/bozohttpd.c Mon Mar 14 05:58:36 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.138 2022/01/04 06:08:14 kim Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.139 2022/03/14 05:58:36 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2520,26 +2520,26 @@ bozo_init_httpd(bozohttpd_t *httpd) int bozo_init_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs) { - int rv = 0; + int rv = 1; /* make sure everything is clean */ (void) memset(prefs, 0x0, sizeof(*prefs)); /* set up default values */ if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "ssl timeout", SSL_TIMEOUT)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "initial timeout", INITIAL_TIMEOUT)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME)) - rv = 1; + rv = 0; if (!bozo_set_pref(httpd, prefs, "request timeout", TOTAL_MAX_REQ_TIME)) - rv = 1; + rv = 0; return rv; }
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Mar 14 05:06:59 UTC 2022 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: check for scandir() returning -1. should handle PR#56358. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.34 src/libexec/httpd/dir-index-bozo.c:1.35 --- src/libexec/httpd/dir-index-bozo.c:1.34 Thu Oct 15 02:19:23 2020 +++ src/libexec/httpd/dir-index-bozo.c Mon Mar 14 05:06:59 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: dir-index-bozo.c,v 1.34 2020/10/15 02:19:23 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.35 2022/03/14 05:06:59 mrg Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ @@ -141,7 +141,7 @@ bozo_dir_index(bozo_httpreq_t *request, "\r\n"); for (j = k = scandir(dirpath, , NULL, alphasort), deo = de; - j--; de++) { + j-- > 0; de++) { int nostat = 0; char *name = (*de)->d_name; char *urlname, *htmlname;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Mar 14 05:06:59 UTC 2022 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: check for scandir() returning -1. should handle PR#56358. To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: kim Date: Tue Jan 4 06:08:14 UTC 2022 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h Log Message: bozohttpd: remove obsolete .bzdirect handling OK mrg@ To generate a diff of this commit: cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/CHANGES cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.137 -r1.138 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.70 -r1.71 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.52 src/libexec/httpd/CHANGES:1.53 --- src/libexec/httpd/CHANGES:1.52 Fri Sep 3 21:54:59 2021 +++ src/libexec/httpd/CHANGES Tue Jan 4 06:08:14 2022 @@ -1,4 +1,7 @@ -$NetBSD: CHANGES,v 1.52 2021/09/03 21:54:59 andvar Exp $ +$NetBSD: CHANGES,v 1.53 2022/01/04 06:08:14 kim Exp $ + +changes in bozohttpd 20220104: + o remove obsolete .bzdirect handling. changes in bozohttpd 20210824: o new "-m tlsversion" option to set the minimum TLS version Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.89 src/libexec/httpd/bozohttpd.8:1.90 --- src/libexec/httpd/bozohttpd.8:1.89 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/bozohttpd.8 Tue Jan 4 06:08:14 2022 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.89 2021/08/24 09:47:36 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.90 2022/01/04 06:08:14 kim Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -532,14 +532,9 @@ the client did not make a ranged request .Nm looks for a couple of special files in directories that allow certain features to be provided on a per-directory basis. -In addition to the +The .Pa .htpasswd -used by HTTP basic authorization, -if a -.Pa .bzdirect -file is found (contents are irrelevant) -.Nm -will allow direct access. +file is used by HTTP basic authorization. If a .Pa .bzredirect symbolic link is found, @@ -659,7 +654,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20210824. +version 20220104. .Sh AUTHORS .An -nosplit .Nm @@ -826,6 +821,12 @@ enhanced cgi-bin support .Aq Mt jo...@netbsd.org implemented If-Modified-Since support .It +.An Kimmo Suominen +.Aq Mt k...@netbsd.org +removed obsolete +.Pa .bzdirect +handling +.It .An ISIHARA Takanori .Aq Mt is...@oak.dti.ne.jp provided a man page fix Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.137 src/libexec/httpd/bozohttpd.c:1.138 --- src/libexec/httpd/bozohttpd.c:1.137 Fri Dec 10 20:36:02 2021 +++ src/libexec/httpd/bozohttpd.c Tue Jan 4 06:08:14 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.137 2021/12/10 20:36:02 andvar Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.138 2022/01/04 06:08:14 kim Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210824" +#define SERVER_SOFTWARE "bozohttpd/20220104" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -177,7 +177,6 @@ struct { const char *file; const char *name; } specials[] = { - { DIRECT_ACCESS_FILE, "rejected direct access request" }, { REDIRECT_FILE, "rejected redirect request" }, { ABSREDIRECT_FILE, "rejected absredirect request" }, { REMAP_FILE, "rejected remap request" }, Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.70 src/libexec/httpd/bozohttpd.h:1.71 --- src/libexec/httpd/bozohttpd.h:1.70 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/bozohttpd.h Tue Jan 4 06:08:14 2022 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.70 2021/08/24 09:47:36 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.71 2022/01/04 06:08:14 kim Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -267,9 +267,6 @@ void debug__(bozohttpd_t *, int, const c * bozo_check_special_files() */ -#ifndef DIRECT_ACCESS_FILE -#define DIRECT_ACCESS_FILE ".bzdirect" -#endif #ifndef REDIRECT_FILE #define REDIRECT_FILE ".bzredirect" #endif
CVS commit: src/libexec/httpd
Module Name:src Committed By: kim Date: Tue Jan 4 06:08:14 UTC 2022 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h Log Message: bozohttpd: remove obsolete .bzdirect handling OK mrg@ To generate a diff of this commit: cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/CHANGES cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.137 -r1.138 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.70 -r1.71 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 09:53:26 UTC 2021 Modified Files: src/libexec/httpd: CHANGES ssl-bozo.c Log Message: extend the list of available ciphers to include most of the openssl "HIGH" with some additional disables. retain the current list of bad options. should deal with PR#51278. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/CHANGES cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.50 src/libexec/httpd/CHANGES:1.51 --- src/libexec/httpd/CHANGES:1.50 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/CHANGES Tue Aug 24 09:53:26 2021 @@ -1,8 +1,11 @@ -$NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $ +$NetBSD: CHANGES,v 1.51 2021/08/24 09:53:26 mrg Exp $ changes in bozohttpd 20210824: o new "-m tlsversion" option to set the minimum TLS version available. partially from . + o extend the list of available ciphers to include most of the + openssl "HIGH" with some additional disables. retain the current + list of bad options. should deal with PR#51278. changes in bozohttpd 20210504: o don't assume host BUFSIZ is sufficent. small BUFSIZ leads to Index: src/libexec/httpd/ssl-bozo.c diff -u src/libexec/httpd/ssl-bozo.c:1.30 src/libexec/httpd/ssl-bozo.c:1.31 --- src/libexec/httpd/ssl-bozo.c:1.30 Tue Aug 24 09:47:36 2021 +++ src/libexec/httpd/ssl-bozo.c Tue Aug 24 09:53:26 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: ssl-bozo.c,v 1.30 2021/08/24 09:47:36 mrg Exp $ */ +/* $NetBSD: ssl-bozo.c,v 1.31 2021/08/24 09:53:26 mrg Exp $ */ /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ @@ -51,10 +51,15 @@ #ifndef BOZO_SSL_CIPHERS #define BOZO_SSL_CIPHERS \ - "AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:" \ - "AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:" \ - "AES:" \ - "-SHA:" \ + "HIGH:" \ + "-SHA:-ADH:" \ + "-PSK-AES128-CCM:-PSK-AES256-CCM:" \ + "-DHE-PSK-AES128-CCM8:-DHE-PSK-AES256-CCM8:" \ + "-AES128-CCM8:-AES256-CCM8:"\ + "-DHE-RSA-AES128-CCM8:-DHE-RSA-AES256-CCM8:" \ + "-PSK-AES128-CCM8:-PSK-AES256-CCM8:" \ + "-CAMELLIA128:-CAMELLIA256:"\ + "-RSA-PSK-CHACHA20-POLY1305:"\ "!aNULL:!eNULL:" \ "!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:" \ "!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:" \
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 09:53:26 UTC 2021 Modified Files: src/libexec/httpd: CHANGES ssl-bozo.c Log Message: extend the list of available ciphers to include most of the openssl "HIGH" with some additional disables. retain the current list of bad options. should deal with PR#51278. To generate a diff of this commit: cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/CHANGES cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 09:47:36 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h main.c ssl-bozo.c Log Message: implement tls minimum version setting. mostly from su...@nimmagadda.net in PR#55830, though i moved the member into the main http structure, so that it doesn't trigger sslinfo being allocated via command line without the rest of the ssl being setup (which then leads to crashes.) To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/CHANGES cvs rdiff -u -r1.88 -r1.89 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.135 -r1.136 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.69 -r1.70 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/main.c cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.49 src/libexec/httpd/CHANGES:1.50 --- src/libexec/httpd/CHANGES:1.49 Wed May 5 07:41:48 2021 +++ src/libexec/httpd/CHANGES Tue Aug 24 09:47:36 2021 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.49 2021/05/05 07:41:48 mrg Exp $ +$NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $ + +changes in bozohttpd 20210824: + o new "-m tlsversion" option to set the minimum TLS version + available. partially from . changes in bozohttpd 20210504: o don't assume host BUFSIZ is sufficent. small BUFSIZ leads to Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.88 src/libexec/httpd/bozohttpd.8:1.89 --- src/libexec/httpd/bozohttpd.8:1.88 Sun Feb 28 05:19:52 2021 +++ src/libexec/httpd/bozohttpd.8 Tue Aug 24 09:47:36 2021 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.88 2021/02/28 05:19:52 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.89 2021/08/24 09:47:36 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 27, 2021 +.Dd August 24, 2021 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -39,6 +39,7 @@ .Op Fl I Ar port .Op Fl L Ar prefix script .Op Fl M Ar suffix type encoding encoding11 +.Op Fl m Ar version .Op Fl P Ar pidfile .Op Fl R Ar readme .Op Fl S Ar version @@ -221,6 +222,18 @@ the empty string is used instead. Multiple .Fl M options may be passed. +.It Fl m Ar version +Set the minimum supported SSL protocol +.Ar version . +The valid values of +.Ar version +are +.Dq TLSv1.1 , +.Dq TLSv1.2 , +and +.Dq TLSv1.3 . +The default version is +.Dq TLSv1.1 . .It Fl n Stops .Nm @@ -646,7 +659,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20210227. +version 20210824. .Sh AUTHORS .An -nosplit .Nm @@ -769,6 +782,10 @@ option (pidfile support) and provided so provided many various fixes, including cgi-bin fixes and enhancements, HTTP basic authorization support and much code clean up .It +.An Sunil Nimmagadda +.Aq Mt su...@nimmagadda.net +provided runtime TLS version control +.It .An Rajeev V. Pillai .Aq Mt rajeev_v_pil...@yahoo.com provided several fixes for virtual hosting and directory indexing and @@ -819,7 +836,6 @@ provided http authorization fixes .It .Aq Mt x...@kittenz.org provided chroot and change-to-user support, and other various fixes - .It .An S.P.Zeidler .Aq Mt s...@netbsd.org Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.135 src/libexec/httpd/bozohttpd.c:1.136 --- src/libexec/httpd/bozohttpd.c:1.135 Tue Aug 24 05:39:39 2021 +++ src/libexec/httpd/bozohttpd.c Tue Aug 24 09:47:36 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.135 2021/08/24 05:39:39 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.136 2021/08/24 09:47:36 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210504" +#define SERVER_SOFTWARE "bozohttpd/20210824" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.69 src/libexec/httpd/bozohttpd.h:1.70 --- src/libexec/httpd/bozohttpd.h:1.69 Wed May 5 07:41:48 2021 +++ src/libexec/httpd/bozohttpd.h Tue Aug 24 09:47:36 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.69 2021/05/05 07:41:48 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.70 2021/08/24 09:47:36 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -130,6 +130,7 @@ typedef struct bozohttpd_t { unsigned initial_timeout;/* first line timeout */ unsigned header_timeout; /* header lines timeout */ unsigned request_timeout;/* total session timeout */ + char *ssl_min_proto; /* minimum ssl protocol level */ #ifndef NO_LUA_SUPPORT int
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 09:47:36 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h main.c ssl-bozo.c Log Message: implement tls minimum version setting. mostly from su...@nimmagadda.net in PR#55830, though i moved the member into the main http structure, so that it doesn't trigger sslinfo being allocated via command line without the rest of the ssl being setup (which then leads to crashes.) To generate a diff of this commit: cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/CHANGES cvs rdiff -u -r1.88 -r1.89 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.135 -r1.136 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.69 -r1.70 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/main.c cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 05:39:39 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: rework the bindport setting, inspired by part of the patch from PR#56367 (thanks JP.) To generate a diff of this commit: cvs rdiff -u -r1.134 -r1.135 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.134 src/libexec/httpd/bozohttpd.c:1.135 --- src/libexec/httpd/bozohttpd.c:1.134 Tue Aug 24 05:29:27 2021 +++ src/libexec/httpd/bozohttpd.c Tue Aug 24 05:39:39 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.134 2021/08/24 05:29:27 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.135 2021/08/24 05:39:39 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -148,7 +148,7 @@ #include "bozohttpd.h" #ifndef SSL_TIMEOUT -#define SSL_TIMEOUT "30" /* wait for 30 seconds for ssl handshake */ +#define SSL_TIMEOUT "30" /* ssl handshake: 30 seconds timeout */ #endif #ifndef INITIAL_TIMEOUT #define INITIAL_TIMEOUT "30" /* wait for 30 seconds initially */ @@ -670,23 +670,14 @@ bozo_read_request(bozohttpd_t *httpd) * Override the bound port from the request value, so it works even * if passed through a proxy that doesn't rewrite the port. */ + port = NULL; if (httpd->bindport) { if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0) port = httpd->bindport; - else - port = NULL; - } else { - if (getsockname(0, (struct sockaddr *)(void *), ) < 0) - port = NULL; - else { - if (getnameinfo((struct sockaddr *)(void *), slen, - NULL, 0, bufport, sizeof bufport, - NI_NUMERICSERV) == 0) -port = bufport; - else -port = NULL; - } - } + } else if (getsockname(0, (struct sockaddr *)(void *), ) == 0 && + getnameinfo((struct sockaddr *)(void *), slen, NULL, 0, + bufport, sizeof bufport, NI_NUMERICSERV) == 0) + port = bufport; if (port != NULL) request->hr_serverport = bozostrdup(httpd, request, port);
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 05:39:39 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: rework the bindport setting, inspired by part of the patch from PR#56367 (thanks JP.) To generate a diff of this commit: cvs rdiff -u -r1.134 -r1.135 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 05:29:27 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c main.c Log Message: remove unused parameters, and clean up incompatible options. from To generate a diff of this commit: cvs rdiff -u -r1.133 -r1.134 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.133 src/libexec/httpd/bozohttpd.c:1.134 --- src/libexec/httpd/bozohttpd.c:1.133 Sat Aug 21 11:55:24 2021 +++ src/libexec/httpd/bozohttpd.c Tue Aug 24 05:29:27 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.133 2021/08/21 11:55:24 andvar Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.134 2021/08/24 05:29:27 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -241,7 +241,7 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr } static void -bozo_clear_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs) +bozo_clear_prefs(bozoprefs_t *prefs) { size_t i; @@ -2722,7 +2722,7 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs void bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs) { - bozo_clear_prefs(httpd, prefs); + bozo_clear_prefs(prefs); free(httpd->virthostname); free(httpd->errorbuf); Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.27 src/libexec/httpd/main.c:1.28 --- src/libexec/httpd/main.c:1.27 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/main.c Tue Aug 24 05:29:27 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.27 2021/02/27 12:36:46 mrg Exp $ */ +/* $NetBSD: main.c,v 1.28 2021/08/24 05:29:27 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -102,7 +102,9 @@ usage(bozohttpd_t *httpd, char *progname bozowarn(httpd, " -P pidfile\t\tpid file path"); if (have_user) bozowarn(httpd, " -p dir\t\t\"public_html\" directory name"); - + if (have_dirindex) + bozowarn(httpd, " -R readme\t\tput readme file in footer " +"of directory index"); if (have_core) { bozowarn(httpd, " -S version\t\tset server version string"); bozowarn(httpd, " -s\t\t\talways log to stderr"); @@ -113,20 +115,17 @@ usage(bozohttpd_t *httpd, char *progname } if (have_user) bozowarn(httpd, " -u\t\t\tenable ~user/public_html support"); - if (have_core) { bozowarn(httpd, " -V\t\t\tUnknown virtual hosts go to " "`slashdir'"); bozowarn(httpd, " -v virtualroot\tenable virtual host " "support in this directory"); } - if (have_dirindex) bozowarn(httpd, " -X\t\t\tdirectory index support"); if (have_core) bozowarn(httpd, " -x index\t\tdefault \"index.html\" " "file name"); - if (have_ssl) { bozowarn(httpd, " -Z cert privkey\tspecify path to server " "certificate and private key file\n" @@ -303,6 +302,9 @@ main(int argc, char **argv) break; case 'R': + if (!have_dirindex) +goto no_dirindex_support; + bozo_set_pref(, , "directory index readme", optarg); break;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Aug 24 05:29:27 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c main.c Log Message: remove unused parameters, and clean up incompatible options. from To generate a diff of this commit: cvs rdiff -u -r1.133 -r1.134 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 5 07:41:48 UTC 2021 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h src/libexec/httpd/testsuite: t10.out Log Message: don't assume host BUFSIZ is sufficent. small BUFSIZ leads to always happens errors in the testsuite. switch all these buffers to be 4KiB sized. reported by embr To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 src/libexec/httpd/CHANGES cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.131 -r1.132 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.68 -r1.69 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.2 -r1.3 src/libexec/httpd/testsuite/t10.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.48 src/libexec/httpd/CHANGES:1.49 --- src/libexec/httpd/CHANGES:1.48 Sun Apr 4 18:14:26 2021 +++ src/libexec/httpd/CHANGES Wed May 5 07:41:48 2021 @@ -1,4 +1,9 @@ -$NetBSD: CHANGES,v 1.48 2021/04/04 18:14:26 mrg Exp $ +$NetBSD: CHANGES,v 1.49 2021/05/05 07:41:48 mrg Exp $ + +changes in bozohttpd 20210504: + o don't assume host BUFSIZ is sufficent. small BUFSIZ leads to + always happens errors in the testsuite. switch all these buffers + to be 4KiB sized. reported by embr changes in bozohttpd 20210403: o fix a denial of service attack against initial request contents, Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.26 src/libexec/httpd/auth-bozo.c:1.27 --- src/libexec/httpd/auth-bozo.c:1.26 Thu Oct 15 02:19:23 2020 +++ src/libexec/httpd/auth-bozo.c Wed May 5 07:41:48 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.27 2021/05/05 07:41:48 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -54,7 +54,7 @@ bozo_auth_check(bozo_httpreq_t *request, bozohttpd_t *httpd = request->hr_httpd; struct stat sb; char dir[MAXPATHLEN], authfile[MAXPATHLEN], *basename; - char user[BUFSIZ], *pass; + char user[BOZO_MINBUFSIZE], *pass; FILE *fp; int len; @@ -144,7 +144,7 @@ bozo_auth_check_headers(bozo_httpreq_t * if (strcasecmp(val, "authorization") == 0 && strncasecmp(str, "Basic ", 6) == 0) { - char authbuf[BUFSIZ]; + char authbuf[BOZO_MINBUFSIZE]; char *pass = NULL; ssize_t alen; Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.131 src/libexec/httpd/bozohttpd.c:1.132 --- src/libexec/httpd/bozohttpd.c:1.131 Wed May 5 07:09:19 2021 +++ src/libexec/httpd/bozohttpd.c Wed May 5 07:41:48 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.131 2021/05/05 07:09:19 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.132 2021/05/05 07:41:48 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210403" +#define SERVER_SOFTWARE "bozohttpd/20210504" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -2275,7 +2275,7 @@ bozo_http_error(bozohttpd_t *httpd, int } #endif /* !NO_USER_SUPPORT */ - size = snprintf(httpd->errorbuf, BUFSIZ, + size = snprintf(httpd->errorbuf, BOZO_MINBUFSIZE, "%s\n" "%s\n" "%s%s: %s\n" @@ -2285,10 +2285,10 @@ bozo_http_error(bozohttpd_t *httpd, int user ? user : "", file, reason, hostname, portbuf, hostname, portbuf); free(user); - if (size >= (int)BUFSIZ) { + if (size >= (int)BOZO_MINBUFSIZE) { bozowarn(httpd, "bozo_http_error buffer too small, truncated"); - size = (int)BUFSIZ; + size = (int)BOZO_MINBUFSIZE; } if (file_alloc) @@ -2515,7 +2515,7 @@ bozo_init_httpd(bozohttpd_t *httpd) httpd->mmapsz = BOZO_MMAPSZ; /* error buffer for bozo_http_error() */ - if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) { + if ((httpd->errorbuf = malloc(BOZO_MINBUFSIZE)) == NULL) { fprintf(stderr, "bozohttpd: memory_allocation failure\n"); return 0; Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.68 src/libexec/httpd/bozohttpd.h:1.69 --- src/libexec/httpd/bozohttpd.h:1.68 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/bozohttpd.h Wed May 5 07:41:48 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.68 2021/02/27 12:36:46 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.69 2021/05/05 07:41:48 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -227,6 +227,8 @@ typedef struct bozoprefs_t { /* only allow this many total headers bytes */ #define BOZO_HEADERS_MAX_SIZE (16 * 1024) +#define BOZO_MINBUFSIZE (4 * 1024) + /* debug flags
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 5 07:41:48 UTC 2021 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h src/libexec/httpd/testsuite: t10.out Log Message: don't assume host BUFSIZ is sufficent. small BUFSIZ leads to always happens errors in the testsuite. switch all these buffers to be 4KiB sized. reported by embr To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 src/libexec/httpd/CHANGES cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.131 -r1.132 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.68 -r1.69 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.2 -r1.3 src/libexec/httpd/testsuite/t10.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 5 07:09:19 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: include . bozo_unconst() uses uintptr_t defined here. from embr . To generate a diff of this commit: cvs rdiff -u -r1.130 -r1.131 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.130 src/libexec/httpd/bozohttpd.c:1.131 --- src/libexec/httpd/bozohttpd.c:1.130 Thu Apr 8 07:02:11 2021 +++ src/libexec/httpd/bozohttpd.c Wed May 5 07:09:19 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.130 2021/04/08 07:02:11 rillig Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.131 2021/05/05 07:09:19 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -138,6 +138,7 @@ #include #include #include +#include #include #include #include
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 5 07:09:19 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: include . bozo_unconst() uses uintptr_t defined here. from embr . To generate a diff of this commit: cvs rdiff -u -r1.130 -r1.131 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: rillig Date: Thu Apr 8 07:02:12 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c cgi-bozo.c Log Message: bozohttpd: fix argument type for functions from Found by the recently added check to lint (message 342). ok mrg@ To generate a diff of this commit: cvs rdiff -u -r1.129 -r1.130 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.53 -r1.54 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.129 src/libexec/httpd/bozohttpd.c:1.130 --- src/libexec/httpd/bozohttpd.c:1.129 Sun Apr 4 18:14:26 2021 +++ src/libexec/httpd/bozohttpd.c Thu Apr 8 07:02:11 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.129 2021/04/04 18:14:26 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.130 2021/04/08 07:02:11 rillig Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1110,7 +1110,7 @@ handle_redirect(bozo_httpreq_t *request, */ if (sep) { for (s = url; s != sep;) { -if (!isalnum((int)*s) && +if (!isalnum((unsigned char)*s) && *s != '+' && *s != '-' && *s != '.') break; if (++s == sep) { Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.53 src/libexec/httpd/cgi-bozo.c:1.54 --- src/libexec/httpd/cgi-bozo.c:1.53 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/cgi-bozo.c Thu Apr 8 07:02:12 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.53 2021/02/27 12:36:46 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.54 2021/04/08 07:02:12 rillig Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -289,7 +289,8 @@ parse_search_string(bozo_httpreq_t *requ goto parse_err; while (*s) { /* check if it's unreserved */ - if (isalpha((int)*s) || isdigit((int)*s) || + if (isalpha((unsigned char)*s) || + isdigit((unsigned char)*s) || strchr(UNRESERVED_CHAR, *s)) { s++; continue; @@ -299,8 +300,8 @@ parse_search_string(bozo_httpreq_t *requ if (*s == '%') { if (s[1] == '\0' || s[2] == '\0') goto parse_err; -if (!isxdigit((int)s[1]) || -!isxdigit((int)s[2])) +if (!isxdigit((unsigned char)s[1]) || +!isxdigit((unsigned char)s[2])) goto parse_err; s += 3; continue; @@ -517,8 +518,8 @@ bozo_process_cgi(bozo_httpreq_t *request strcpy(t, "HTTP_"); t += strlen(t); for (s2 = headp->h_header; *s2; t++, s2++) - if (islower((unsigned)*s2)) -*t = toupper((unsigned)*s2); + if (islower((unsigned char)*s2)) +*t = toupper((unsigned char)*s2); else if (*s2 == '-') *t = '_'; else
CVS commit: src/libexec/httpd
Module Name:src Committed By: rillig Date: Thu Apr 8 07:02:12 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c cgi-bozo.c Log Message: bozohttpd: fix argument type for functions from Found by the recently added check to lint (message 342). ok mrg@ To generate a diff of this commit: cvs rdiff -u -r1.129 -r1.130 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.53 -r1.54 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd/small
Module Name:src Committed By: rillig Date: Thu Apr 8 06:52:42 UTC 2021 Modified Files: src/libexec/httpd/small: Makefile Log Message: bozohttpd-small: fix typo in SRCS, fix targets dependall and lint The additional ':' after 'main.c' had no effect on the compilation since the suffix is removed when computing the list of object files. The ':' excluded main.c from the dependency computation and from lint. By defining CPPFLAGS instead of CFLAGS, the default "-O2" steps in again, and the proper flags are passed to lint, which did not work before at all because it could not find an included file. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/small/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/small/Makefile diff -u src/libexec/httpd/small/Makefile:1.5 src/libexec/httpd/small/Makefile:1.6 --- src/libexec/httpd/small/Makefile:1.5 Thu Apr 8 06:44:55 2021 +++ src/libexec/httpd/small/Makefile Thu Apr 8 06:52:42 2021 @@ -1,9 +1,10 @@ +# $NetBSD: Makefile,v 1.6 2021/04/08 06:52:42 rillig Exp $ # $eterna: Makefile,v 1.1 2009/05/22 21:51:39 mrg Exp $ # build a 100% lean bozohttpd-small.c PROG= bozohttpd-small NOMAN= # defined -SRCS= bozohttpd-small.c content-bozo-small.c ssl-bozo.c main.c: +SRCS= bozohttpd-small.c content-bozo-small.c ssl-bozo.c main.c LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPPORT \ -DNO_CGIBIN_SUPPORT -DNO_DIRINDEX_SUPPORT \ @@ -11,7 +12,7 @@ LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPP -DNO_SSL_SUPPORT -UDO_HTPASSWD \ -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -CFLAGS= -I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS} +CPPFLAGS= -I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS} bozohttpd-small.c: bozohttpd.c unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp; \
CVS commit: src/libexec/httpd/small
Module Name:src Committed By: rillig Date: Thu Apr 8 06:52:42 UTC 2021 Modified Files: src/libexec/httpd/small: Makefile Log Message: bozohttpd-small: fix typo in SRCS, fix targets dependall and lint The additional ':' after 'main.c' had no effect on the compilation since the suffix is removed when computing the list of object files. The ':' excluded main.c from the dependency computation and from lint. By defining CPPFLAGS instead of CFLAGS, the default "-O2" steps in again, and the proper flags are passed to lint, which did not work before at all because it could not find an included file. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/small/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd/small
Module Name:src Committed By: rillig Date: Thu Apr 8 06:44:55 UTC 2021 Modified Files: src/libexec/httpd/small: Makefile Log Message: bozohttpd-small: fix error handling for unifdef The second of the '$$?' was spelled only '$?'. At the time where this shell expression was evaluated, it had already been overwritten by the preceding command '['. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/small/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd/small
Module Name:src Committed By: rillig Date: Thu Apr 8 06:44:55 UTC 2021 Modified Files: src/libexec/httpd/small: Makefile Log Message: bozohttpd-small: fix error handling for unifdef The second of the '$$?' was spelled only '$?'. At the time where this shell expression was evaluated, it had already been overwritten by the preceding command '['. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/small/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/small/Makefile diff -u src/libexec/httpd/small/Makefile:1.4 src/libexec/httpd/small/Makefile:1.5 --- src/libexec/httpd/small/Makefile:1.4 Mon Jul 13 10:35:17 2020 +++ src/libexec/httpd/small/Makefile Thu Apr 8 06:44:55 2021 @@ -14,13 +14,21 @@ LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPP CFLAGS= -I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS} bozohttpd-small.c: bozohttpd.c - unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp ;\ - if [ $$? -ne 1 ]; then echo "unifdef returned $?, expecting 1" 2>&1; false; fi + unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp; \ + status=$$?; \ + if [ $$status -ne 1 ]; then \ + echo "unifdef returned $$status, expecting 1" 2>&1; \ + false; \ + fi mv -f $@.tmp $@ content-bozo-small.c: content-bozo.c - unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp ;\ - if [ $$? -ne 1 ]; then echo "unifdef returned $?, expecting 1" 2>&1; false; fi + unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp; \ + status=$$?; \ + if [ $$status -ne 1 ]; then \ + echo "unifdef returned $$status, expecting 1" 2>&1; \ + false; \ + fi mv -f $@.tmp $@ CLEANFILES+= content-bozo-small.c bozohttpd-small.c
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Apr 4 18:14:27 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c Log Message: avoid DoS in initial request size, which is now bounded at 16KiB. reported by Justin Parrott in PR#56085. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/libexec/httpd/CHANGES cvs rdiff -u -r1.128 -r1.129 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.47 src/libexec/httpd/CHANGES:1.48 --- src/libexec/httpd/CHANGES:1.47 Sat Feb 27 12:55:25 2021 +++ src/libexec/httpd/CHANGES Sun Apr 4 18:14:26 2021 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.47 2021/02/27 12:55:25 mrg Exp $ +$NetBSD: CHANGES,v 1.48 2021/04/04 18:14:26 mrg Exp $ + +changes in bozohttpd 20210403: + o fix a denial of service attack against initial request contents, + now bounded at 16KiB. reported by Justin Parrott in PR#56085 changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.128 src/libexec/httpd/bozohttpd.c:1.129 --- src/libexec/httpd/bozohttpd.c:1.128 Sat Feb 27 12:55:25 2021 +++ src/libexec/httpd/bozohttpd.c Sun Apr 4 18:14:26 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.128 2021/02/27 12:55:25 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.129 2021/04/04 18:14:26 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210227" +#define SERVER_SOFTWARE "bozohttpd/20210403" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -852,6 +852,10 @@ bozo_read_request(bozohttpd_t *httpd) next_header: alarm(httpd->header_timeout); } + if (str == NULL) { + bozo_http_error(httpd, 413, request, "request too large"); + goto cleanup; + } /* now, clear it all out */ alarm(0); @@ -2124,7 +2128,7 @@ bozo_escape_html(bozohttpd_t *httpd, con if (httpd) tmp = bozomalloc(httpd, len); else if ((tmp = malloc(len)) == 0) - return NULL; + return NULL; for (i = 0, j = 0; url[i]; i++) { switch (url[i]) { @@ -2373,6 +2377,9 @@ bozostrnsep(char **strp, const char *del * inspired by fgetln(3), but works for fd's. should work identically * except it, however, does *not* return the newline, and it does nul * terminate the string. + * + * returns NULL if the line grows too large. empty lines will be + * returned with *lenp set to 0. */ char * bozodgetln(bozohttpd_t *httpd, int fd, ssize_t *lenp, @@ -2386,11 +2393,8 @@ bozodgetln(bozohttpd_t *httpd, int fd, s if (httpd->getln_buflen == 0) { /* should be plenty for most requests */ httpd->getln_buflen = 128; - httpd->getln_buffer = malloc((size_t)httpd->getln_buflen); - if (httpd->getln_buffer == NULL) { - httpd->getln_buflen = 0; - return NULL; - } + httpd->getln_buffer = + bozomalloc(httpd, (size_t)httpd->getln_buflen); } len = 0; @@ -2406,6 +2410,9 @@ bozodgetln(bozohttpd_t *httpd, int fd, s for (; readfn(httpd, fd, , 1) == 1; ) { debug((httpd, DEBUG_EXPLODING, "bozodgetln read %c", c)); + if (httpd->getln_buflen > BOZO_HEADERS_MAX_SIZE) + return NULL; + if (len >= httpd->getln_buflen - 1) { httpd->getln_buflen *= 2; debug((httpd, DEBUG_EXPLODING, "bozodgetln: "
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Apr 4 18:14:27 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c Log Message: avoid DoS in initial request size, which is now bounded at 16KiB. reported by Justin Parrott in PR#56085. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/libexec/httpd/CHANGES cvs rdiff -u -r1.128 -r1.129 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: rillig Date: Sun Feb 28 16:10:00 UTC 2021 Modified Files: src/libexec/httpd: printenv.lua Log Message: libexec/httpd: fix cross-site scripting in Lua example curl \ --header 'NAME: ' \ 'http://127.0.0.1:8080/test/printenv?=' To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/printenv.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/printenv.lua diff -u src/libexec/httpd/printenv.lua:1.4 src/libexec/httpd/printenv.lua:1.5 --- src/libexec/httpd/printenv.lua:1.4 Tue Aug 25 20:02:33 2020 +++ src/libexec/httpd/printenv.lua Sun Feb 28 16:10:00 2021 @@ -1,4 +1,4 @@ --- $NetBSD: printenv.lua,v 1.4 2020/08/25 20:02:33 leot Exp $ +-- $NetBSD: printenv.lua,v 1.5 2021/02/28 16:10:00 rillig Exp $ -- this small Lua script demonstrates the use of Lua in (bozo)httpd -- it will simply output the "environment" @@ -14,6 +14,10 @@ local httpd = require 'httpd' +function escape_html(s) + return s:gsub('&', ''):gsub('<', ''):gsub('>', ''):gsub('"', '') +end + function printenv(env, headers, query) -- we get the "environment" in the env table, the values are more @@ -40,18 +44,18 @@ function printenv(env, headers, query) httpd.print('Server Environment') -- print the list of "environment" variables for k, v in pairs(env) do - httpd.print(k .. '=' .. v .. '') + httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '') end httpd.print('Request Headers') for k, v in pairs(headers) do - httpd.print(k .. '=' .. v .. '') + httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '') end if query ~= nil then httpd.print('Query Variables') for k, v in pairs(query) do - httpd.print(k .. '=' .. v .. '') + httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '') end end @@ -83,7 +87,7 @@ function form(env, header, query) end for k, v in pairs(query) do - httpd.print(k .. '=' .. v .. '') + httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '') end else httpd.print('No values')
CVS commit: src/libexec/httpd
Module Name:src Committed By: rillig Date: Sun Feb 28 16:10:00 UTC 2021 Modified Files: src/libexec/httpd: printenv.lua Log Message: libexec/httpd: fix cross-site scripting in Lua example curl \ --header 'NAME: ' \ 'http://127.0.0.1:8080/test/printenv?=' To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/printenv.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 05:19:52 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: update version, dates, add emily to list of contributors. sort list. To generate a diff of this commit: cvs rdiff -u -r1.87 -r1.88 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.87 src/libexec/httpd/bozohttpd.8:1.88 --- src/libexec/httpd/bozohttpd.8:1.87 Thu Oct 15 09:54:22 2020 +++ src/libexec/httpd/bozohttpd.8 Sun Feb 28 05:19:52 2021 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.87 2020/10/15 09:54:22 wiz Exp $ +.\" $NetBSD: bozohttpd.8,v 1.88 2021/02/28 05:19:52 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2020 Matthew R. Green +.\" Copyright (c) 1997-2021 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 14, 2020 +.Dd February 27, 2021 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -646,7 +646,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20201014. +version 20210227. .Sh AUTHORS .An -nosplit .Nm @@ -699,6 +699,9 @@ added support for serving gzipped files .Aq Mt p...@pdc.kth.se provided a fix for a minor (non-security) buffer overflow condition .It +.Aq Mt emily@ingalls.rocks +provided fixes for some bad request parsing +.It .An Jun-ichiro itojun Hagino, KAME .Aq Mt ito...@iijlab.net provided initial IPv6 support @@ -751,6 +754,10 @@ provided man page fixes .Aq Mt dena...@gmail.com provided a cgi-bin fix .It +.An Jared McNeill +.Aq Mt jmcne...@netbsd.org +added support for readme in directory indexing +.It .An Julio Merino .Aq Mt j...@netbsd.org Added the @@ -789,6 +796,11 @@ provided the .Fl V option .It +.An Jukka Ruohonen +.Aq Mt jru...@netbsd.org +provided support for +.Xr blocklistd 8 +.It .An Thor Lancelot Simon .Aq Mt t...@netbsd.org enhanced cgi-bin support @@ -807,15 +819,7 @@ provided http authorization fixes .It .Aq Mt x...@kittenz.org provided chroot and change-to-user support, and other various fixes -.It -.An Jukka Ruohonen -.Aq Mt jru...@netbsd.org -provided support for -.Xr blocklistd 8 -.It -.An Jared McNeill -.Aq Mt jmcne...@netbsd.org -added support for readme in directory indexing + .It .An S.P.Zeidler .Aq Mt s...@netbsd.org
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 05:19:52 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: update version, dates, add emily to list of contributors. sort list. To generate a diff of this commit: cvs rdiff -u -r1.87 -r1.88 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 04:18:46 UTC 2021 Modified Files: src/libexec/httpd: Makefile Log Message: avoid warnings from the previous when using objdirs. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.30 src/libexec/httpd/Makefile:1.31 --- src/libexec/httpd/Makefile:1.30 Sun Feb 28 02:39:15 2021 +++ src/libexec/httpd/Makefile Sun Feb 28 04:18:46 2021 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.30 2021/02/28 02:39:15 mrg Exp $ +# $NetBSD: Makefile,v 1.31 2021/02/28 04:18:46 mrg Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -84,7 +84,7 @@ check: .if empty(BOZOVER) BOZOVER!= sed -n \ -e s/\"$$// -e \ - 's/\#define[ ]*SERVER_SOFTWARE[ ]*\"bozohttpd\///p' bozohttpd.c + 's/\#define[ ]*SERVER_SOFTWARE[ ]*\"bozohttpd\///p' ${.PARSEDIR}/bozohttpd.c .endif # Create a distfile: uses /tmp
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 04:18:46 UTC 2021 Modified Files: src/libexec/httpd: Makefile Log Message: avoid warnings from the previous when using objdirs. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 02:39:15 UTC 2021 Modified Files: src/libexec/httpd: Makefile Log Message: give BOZOVER a default so exporting a distfile is easy. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.29 src/libexec/httpd/Makefile:1.30 --- src/libexec/httpd/Makefile:1.29 Sat Jul 11 08:10:52 2020 +++ src/libexec/httpd/Makefile Sun Feb 28 02:39:15 2021 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.29 2020/07/11 08:10:52 jruoho Exp $ +# $NetBSD: Makefile,v 1.30 2021/02/28 02:39:15 mrg Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -81,6 +81,12 @@ CLEANFILES+= bozohttpd.8.html bozohttpd. check: cd ${.CURDIR}/testsuite && ${MAKE} check +.if empty(BOZOVER) +BOZOVER!= sed -n \ + -e s/\"$$// -e \ + 's/\#define[ ]*SERVER_SOFTWARE[ ]*\"bozohttpd\///p' bozohttpd.c +.endif + # Create a distfile: uses /tmp BASE=bozohttpd-${BOZOVER} TAR=${BASE}.tar
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 02:39:15 UTC 2021 Modified Files: src/libexec/httpd: Makefile Log Message: give BOZOVER a default so exporting a distfile is easy. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Feb 27 12:55:25 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c content-bozo.c Log Message: changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.47 src/libexec/httpd/CHANGES cvs rdiff -u -r1.127 -r1.128 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Feb 27 12:55:25 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c content-bozo.c Log Message: changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.47 src/libexec/httpd/CHANGES cvs rdiff -u -r1.127 -r1.128 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.46 src/libexec/httpd/CHANGES:1.47 --- src/libexec/httpd/CHANGES:1.46 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/CHANGES Sat Feb 27 12:55:25 2021 @@ -1,4 +1,11 @@ -$NetBSD: CHANGES,v 1.46 2021/02/27 12:36:46 mrg Exp $ +$NetBSD: CHANGES,v 1.47 2021/02/27 12:55:25 mrg Exp $ + +changes in bozohttpd 20210227: + o new support for content types: .tar.bz2, .tar.xz, .tar.lz, + .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, + .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix + netbsd PR#56026: + MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.127 src/libexec/httpd/bozohttpd.c:1.128 --- src/libexec/httpd/bozohttpd.c:1.127 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/bozohttpd.c Sat Feb 27 12:55:25 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.127 2021/02/27 12:36:46 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.128 2021/02/27 12:55:25 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210211" +#define SERVER_SOFTWARE "bozohttpd/20210227" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.19 src/libexec/httpd/content-bozo.c:1.20 --- src/libexec/httpd/content-bozo.c:1.19 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/content-bozo.c Sat Feb 27 12:55:25 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: content-bozo.c,v 1.19 2020/10/15 04:21:53 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.20 2021/02/27 12:55:25 mrg Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -63,11 +63,18 @@ static bozo_content_map_t static_content { ".pa", "application/x-ns-proxy-autoconfig", "", "", NULL }, { ".tar", "multipart/x-tar", "", "", NULL }, { ".gtar", "application/x-gtar-compressed", "", "", NULL }, - { ".tar.Z", "application/x-gtar-compressed", "", "", NULL }, { ".tar.gz", "application/x-gtar-compressed", "", "", NULL }, - { ".taz", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.bz2", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.xz", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.lz", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.zst", "application/x-gtar-compressed", "", "", NULL }, { ".tgz", "application/x-gtar-compressed", "", "", NULL }, + { ".tbz2", "application/x-gtar-compressed", "", "", NULL }, + { ".txz", "application/x-gtar-compressed", "", "", NULL }, + { ".tlz", "application/x-gtar-compressed", "", "", NULL }, { ".tar.z", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.Z", "application/x-gtar-compressed", "", "", NULL }, + { ".taz", "application/x-gtar-compressed", "", "", NULL }, { ".Z", "application/x-compress", "", "", NULL }, { ".gz", "application/x-gzip", "", "", NULL }, { ".z", "unknown", "", "", NULL }, @@ -131,6 +138,19 @@ static bozo_content_map_t static_content { ".ustar", "application/x-ustar", "", "", NULL }, { ".src", "application/x-wais-source", "", "", NULL }, { ".zip", "application/zip", "", "", NULL }, + { ".zipx", "application/zip", "", "", NULL }, + { ".xz", "application/x-xz", "", "", NULL }, + { ".zst", "application/x-zstd", "", "", NULL }, + { ".sz", "application/x-snappy-framed", "", "", NULL }, + { ".lz", "application/x-lzip", "", "", NULL }, + { ".lzma", "application/x-lzma", "", "", NULL }, + { ".lzo", "application/x-lzop", "", "", NULL }, + { ".7z", "application/x-7z-compressed", "", "", NULL }, + { ".lzo", "application/x-lzop", "", "", NULL }, + { ".cab",
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Feb 27 12:36:46 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c main.c src/libexec/httpd/libbozohttpd: libbozohttpd.3 Log Message: belated call version 20210211 after previous memory leak fix. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.46 src/libexec/httpd/CHANGES cvs rdiff -u -r1.126 -r1.127 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.67 -r1.68 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/main.c cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/libbozohttpd/libbozohttpd.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.45 src/libexec/httpd/CHANGES:1.46 --- src/libexec/httpd/CHANGES:1.45 Thu Feb 11 09:23:55 2021 +++ src/libexec/httpd/CHANGES Sat Feb 27 12:36:46 2021 @@ -1,8 +1,9 @@ -$NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $ +$NetBSD: CHANGES,v 1.46 2021/02/27 12:36:46 mrg Exp $ -changes in bozohttpd 20210210: +changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from . + o fix memory leaks in library interface: add bozo_cleanup(). changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.126 src/libexec/httpd/bozohttpd.c:1.127 --- src/libexec/httpd/bozohttpd.c:1.126 Thu Feb 11 09:57:52 2021 +++ src/libexec/httpd/bozohttpd.c Sat Feb 27 12:36:46 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.126 2021/02/11 09:57:52 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.127 2021/02/27 12:36:46 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210210" +#define SERVER_SOFTWARE "bozohttpd/20210211" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.67 src/libexec/httpd/bozohttpd.h:1.68 --- src/libexec/httpd/bozohttpd.h:1.67 Thu Feb 11 09:57:52 2021 +++ src/libexec/httpd/bozohttpd.h Sat Feb 27 12:36:46 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.h,v 1.67 2021/02/11 09:57:52 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.68 2021/02/27 12:36:46 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.52 src/libexec/httpd/cgi-bozo.c:1.53 --- src/libexec/httpd/cgi-bozo.c:1.52 Thu Feb 11 09:23:55 2021 +++ src/libexec/httpd/cgi-bozo.c Sat Feb 27 12:36:46 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: cgi-bozo.c,v 1.52 2021/02/11 09:23:55 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.53 2021/02/27 12:36:46 mrg Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.26 src/libexec/httpd/main.c:1.27 --- src/libexec/httpd/main.c:1.26 Thu Feb 11 09:57:52 2021 +++ src/libexec/httpd/main.c Sat Feb 27 12:36:46 2021 @@ -1,10 +1,10 @@ -/* $NetBSD: main.c,v 1.26 2021/02/11 09:57:52 mrg Exp $ */ +/* $NetBSD: main.c,v 1.27 2021/02/27 12:36:46 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/libbozohttpd/libbozohttpd.3 diff -u src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5 src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.6 --- src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5 Thu Feb 11 09:57:53 2021 +++ src/libexec/httpd/libbozohttpd/libbozohttpd.3 Sat Feb 27 12:36:46 2021 @@ -1,8 +1,8 @@ -.\" $NetBSD: libbozohttpd.3,v 1.5 2021/02/11 09:57:53 mrg Exp $ +.\" $NetBSD: libbozohttpd.3,v 1.6 2021/02/27 12:36:46 mrg Exp $ .\" .\" $eterna: libbozohttpd.3,v 1.2 2010/05/10 02:48:23 mrg Exp $ .\" -.\" Copyright (c) 2009 The NetBSD Foundation, Inc. +.\" Copyright (c) 2009, 2021 The NetBSD Foundation, Inc. .\" All rights reserved.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Feb 27 12:36:46 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c main.c src/libexec/httpd/libbozohttpd: libbozohttpd.3 Log Message: belated call version 20210211 after previous memory leak fix. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.46 src/libexec/httpd/CHANGES cvs rdiff -u -r1.126 -r1.127 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.67 -r1.68 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/main.c cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/libbozohttpd/libbozohttpd.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Feb 11 09:57:53 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h main.c src/libexec/httpd/libbozohttpd: libbozohttpd.3 Log Message: clean up issues detected by address sanitizer (just some memory leaks that only apply to the library version.) XXX: the handling of hr_file and its variants is more crappy again - the prior clean up is slightly less clean now, but at least it does not leak memory. XXX2: cgi-bin test hangs with address sanitizer. don't know why yet.. To generate a diff of this commit: cvs rdiff -u -r1.125 -r1.126 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.66 -r1.67 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/main.c cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/libbozohttpd/libbozohttpd.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Feb 11 09:57:53 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h main.c src/libexec/httpd/libbozohttpd: libbozohttpd.3 Log Message: clean up issues detected by address sanitizer (just some memory leaks that only apply to the library version.) XXX: the handling of hr_file and its variants is more crappy again - the prior clean up is slightly less clean now, but at least it does not leak memory. XXX2: cgi-bin test hangs with address sanitizer. don't know why yet.. To generate a diff of this commit: cvs rdiff -u -r1.125 -r1.126 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.66 -r1.67 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/main.c cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/libbozohttpd/libbozohttpd.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.125 src/libexec/httpd/bozohttpd.c:1.126 --- src/libexec/httpd/bozohttpd.c:1.125 Thu Feb 11 09:23:55 2021 +++ src/libexec/httpd/bozohttpd.c Thu Feb 11 09:57:52 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.125 2021/02/11 09:23:55 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.126 2021/02/11 09:57:52 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -239,6 +239,20 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr return 1; } +static void +bozo_clear_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs) +{ + size_t i; + + for (i = 0; i < prefs->count; i++) { + free(prefs->name[i]); + free(prefs->value[i]); + } + + free(prefs->name); + free(prefs->value); +} + /* * get a variable's value, or NULL */ @@ -339,8 +353,11 @@ bozo_clean_request(bozo_httpreq_t *reque free(request->hr_serverport); free(request->hr_virthostname); free(request->hr_file_free); + /* XXX this is gross */ if (request->hr_file_free != request->hr_oldfile) free(request->hr_oldfile); + else + free(request->hr_file); free(request->hr_query); free(request->hr_host); bozo_user_free(request->hr_user); @@ -2694,6 +2711,23 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs return 1; } +void +bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs) +{ + bozo_clear_prefs(httpd, prefs); + + free(httpd->virthostname); + free(httpd->errorbuf); + free(httpd->getln_buffer); + free(httpd->slashdir); +#define bozo_unconst(x) ((void *)(uintptr_t)x) + free(bozo_unconst(httpd->server_software)); + free(bozo_unconst(httpd->index_html)); + free(bozo_unconst(httpd->dir_readme)); + free(bozo_unconst(httpd->public_html)); +#undef bozo_unconst +} + int bozo_get_version(char *buf, size_t size) { Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.66 src/libexec/httpd/bozohttpd.h:1.67 --- src/libexec/httpd/bozohttpd.h:1.66 Thu Feb 11 09:23:55 2021 +++ src/libexec/httpd/bozohttpd.h Thu Feb 11 09:57:52 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.66 2021/02/11 09:23:55 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.67 2021/02/11 09:57:52 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -443,6 +443,7 @@ int bozo_init_httpd(bozohttpd_t *); int bozo_init_prefs(bozohttpd_t *, bozoprefs_t *); int bozo_set_defaults(bozohttpd_t *, bozoprefs_t *); int bozo_setup(bozohttpd_t *, bozoprefs_t *, const char *, const char *); +void bozo_cleanup(bozohttpd_t *, bozoprefs_t *); bozo_httpreq_t *bozo_read_request(bozohttpd_t *); void bozo_process_request(bozo_httpreq_t *); void bozo_clean_request(bozo_httpreq_t *); Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.25 src/libexec/httpd/main.c:1.26 --- src/libexec/httpd/main.c:1.25 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/main.c Thu Feb 11 09:57:52 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.25 2020/10/15 04:21:53 mrg Exp $ */ +/* $NetBSD: main.c,v 1.26 2021/02/11 09:57:52 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -408,5 +408,7 @@ main(int argc, char **argv) } } while (httpd.background); + bozo_cleanup(, ); + return (0); } Index: src/libexec/httpd/libbozohttpd/libbozohttpd.3 diff -u src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4 src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5 --- src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4 Sat Feb 4 01:32:54 2017 +++ src/libexec/httpd/libbozohttpd/libbozohttpd.3 Thu Feb 11 09:57:53 2021 @@ -1,4 +1,4 @@ -.\" $NetBSD: libbozohttpd.3,v 1.4 2017/02/04 01:32:54 mrg Exp $ +.\" $NetBSD: libbozohttpd.3,v 1.5 2021/02/11 09:57:53 mrg Exp $ .\" .\" $eterna: libbozohttpd.3,v 1.2 2010/05/10 02:48:23 mrg Exp $ .\" @@ -29,7 +29,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd February 2, 2017 +.Dd February 11, 2021 .Dt LIBBOZOHTTPD 3 .Os .Sh
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Feb 11 09:23:56 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c src/libexec/httpd/testsuite: Makefile Added Files: src/libexec/httpd/testsuite: t16.in t16.out t17.in t17.out t18.in t18.out Log Message: changes in bozohttpd 20210210: o fix various NULL derefs from malformed headers. mostly from . To generate a diff of this commit: cvs rdiff -u -r1.44 -r1.45 src/libexec/httpd/CHANGES cvs rdiff -u -r1.124 -r1.125 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.65 -r1.66 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.51 -r1.52 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.13 -r1.14 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t16.in \ src/libexec/httpd/testsuite/t16.out src/libexec/httpd/testsuite/t17.in \ src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.in \ src/libexec/httpd/testsuite/t18.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.44 src/libexec/httpd/CHANGES:1.45 --- src/libexec/httpd/CHANGES:1.44 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/CHANGES Thu Feb 11 09:23:55 2021 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $ +$NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $ + +changes in bozohttpd 20210210: + o fix various NULL derefs from malformed headers. mostly from + . changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.124 src/libexec/httpd/bozohttpd.c:1.125 --- src/libexec/httpd/bozohttpd.c:1.124 Thu Nov 19 10:45:36 2020 +++ src/libexec/httpd/bozohttpd.c Thu Feb 11 09:23:55 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.124 2020/11/19 10:45:36 hannken Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.125 2021/02/11 09:23:55 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20201014" +#define SERVER_SOFTWARE "bozohttpd/20210210" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -338,8 +338,9 @@ bozo_clean_request(bozo_httpreq_t *reque free(request->hr_remoteaddr); free(request->hr_serverport); free(request->hr_virthostname); - free(request->hr_file); - free(request->hr_oldfile); + free(request->hr_file_free); + if (request->hr_file_free != request->hr_oldfile) + free(request->hr_oldfile); free(request->hr_query); free(request->hr_host); bozo_user_free(request->hr_user); @@ -619,6 +620,7 @@ bozo_read_request(bozohttpd_t *httpd) request->hr_last_byte_pos = -1; request->hr_if_modified_since = NULL; request->hr_virthostname = NULL; + request->hr_file_free = NULL; request->hr_file = NULL; request->hr_oldfile = NULL; SIMPLEQ_INIT(>hr_replheaders); @@ -735,7 +737,7 @@ bozo_read_request(bozohttpd_t *httpd) /* we allocate return space in file and query only */ parse_request(httpd, str, , , , ); - request->hr_file = file; + request->hr_file_free = request->hr_file = file; request->hr_query = query; if (method == NULL) { bozo_http_error(httpd, 404, NULL, "null method"); @@ -771,11 +773,17 @@ bozo_read_request(bozohttpd_t *httpd) val = bozostrnsep(, ":", ); debug((httpd, DEBUG_EXPLODING, "read_req2: after " - "bozostrnsep: str `%s' val `%s'", str, val ? val : "")); + "bozostrnsep: str `%s' val `%s'", + str ? str : "", val ? val : "")); if (val == NULL || len == -1) { bozo_http_error(httpd, 404, request, "no header"); goto cleanup; } + if (str == NULL) { +bozo_http_error(httpd, 404, request, +"malformed header"); +goto cleanup; + } while (*str == ' ' || *str == '\t') len--, str++; while (*val == ' ' || *val == '\t') @@ -1284,8 +1292,8 @@ check_remap(bozo_httpreq_t *request) strcpy(newfile+rlen, file + len); debug((httpd, DEBUG_NORMAL, "remapping found '%s'", newfile)); - free(request->hr_file); - request->hr_file = newfile; + free(request->hr_file_free); + request->hr_file_free = request->hr_file = newfile; } munmap(fmap, st.st_size); @@ -1313,9 +1321,6 @@ check_virtual(bozo_httpreq_t *request) debug((httpd, DEBUG_OBESE, "checking for http:// virtual host in '%s'", file)); if (strncasecmp(file, "http://;, 7) == 0) { - /* bozostrdup() might access it. */ - char *old_file = request->hr_file; - /* we would do virtual hosting here? */ file += 7; /* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */ @@ -1324,8 +1329,9 @@ check_virtual(bozo_httpreq_t *request) if ((s = strchr(request->hr_host, '/')) != NULL) *s = '\0'; s = strchr(file,
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Feb 11 09:23:56 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c src/libexec/httpd/testsuite: Makefile Added Files: src/libexec/httpd/testsuite: t16.in t16.out t17.in t17.out t18.in t18.out Log Message: changes in bozohttpd 20210210: o fix various NULL derefs from malformed headers. mostly from . To generate a diff of this commit: cvs rdiff -u -r1.44 -r1.45 src/libexec/httpd/CHANGES cvs rdiff -u -r1.124 -r1.125 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.65 -r1.66 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.51 -r1.52 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.13 -r1.14 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t16.in \ src/libexec/httpd/testsuite/t16.out src/libexec/httpd/testsuite/t17.in \ src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.in \ src/libexec/httpd/testsuite/t18.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Jan 17 00:15:14 UTC 2021 Modified Files: src/libexec/httpd: Makefile.boot Log Message: also set -D_DEFAULT_SOURCE to open up more headers. allow passing $(EXTRALIBS). To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/libexec/httpd/Makefile.boot Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile.boot diff -u src/libexec/httpd/Makefile.boot:1.8 src/libexec/httpd/Makefile.boot:1.9 --- src/libexec/httpd/Makefile.boot:1.8 Mon Jul 13 09:38:57 2020 +++ src/libexec/httpd/Makefile.boot Sun Jan 17 00:15:14 2021 @@ -6,18 +6,20 @@ CC= cc OPT= -O LARGE_CFLAGS= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -LOCAL_CFLAGS= -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE +LOCAL_CFLAGS= -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE -D_DEFAULT_SOURCE CFLAGS= $(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS) GROFF= groff -Tascii CRYPTOLIBDIR= # -L/usr/local/lib CRYPTOLIBS= $(CRYPTOLIBDIR) -lcrypto -lssl +LIBS= $(CRYPTOLIBS) $(EXTRALIBS) + FILES= bozohttpd.c auth-bozo.c cgi-bozo.c content-bozo.c daemon-bozo.c \ dir-index-bozo.c lua-bozo.c ssl-bozo.c tilde-luzah-bozo.c main.c all: - $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(CRYPTOLIBS) + $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(LIBS) man: $(GROFF) -mandoc bozohttpd.8 > bozohttpd.cat8
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Jan 17 00:15:14 UTC 2021 Modified Files: src/libexec/httpd: Makefile.boot Log Message: also set -D_DEFAULT_SOURCE to open up more headers. allow passing $(EXTRALIBS). To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/libexec/httpd/Makefile.boot Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: hannken Date: Thu Nov 19 10:45:37 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Bozohttpd clobbers files greater than 4GB on 32bit archs. Make sure the alignment mask derived from pagesize is an off_t. To generate a diff of this commit: cvs rdiff -u -r1.123 -r1.124 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.123 src/libexec/httpd/bozohttpd.c:1.124 --- src/libexec/httpd/bozohttpd.c:1.123 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/bozohttpd.c Thu Nov 19 10:45:36 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.123 2020/10/15 04:21:53 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.124 2020/11/19 10:45:36 hannken Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -907,7 +907,7 @@ mmap_and_write_part(bozohttpd_t *httpd, * * we use the write offset in all writes */ - mappedoffset = first_byte_pos & ~(httpd->page_size - 1); + mappedoffset = first_byte_pos & ~((off_t)httpd->page_size - 1); mappedsz = (size_t) (first_byte_pos - mappedoffset + sz + httpd->page_size - 1) & ~(httpd->page_size - 1);
CVS commit: src/libexec/httpd
Module Name:src Committed By: hannken Date: Thu Nov 19 10:45:37 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Bozohttpd clobbers files greater than 4GB on 32bit archs. Make sure the alignment mask derived from pagesize is an off_t. To generate a diff of this commit: cvs rdiff -u -r1.123 -r1.124 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: wiz Date: Thu Oct 15 09:54:22 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: New sentence, new line. Fix xref. To generate a diff of this commit: cvs rdiff -u -r1.86 -r1.87 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.86 src/libexec/httpd/bozohttpd.8:1.87 --- src/libexec/httpd/bozohttpd.8:1.86 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/bozohttpd.8 Thu Oct 15 09:54:22 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.86 2020/10/15 04:21:53 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.87 2020/10/15 09:54:22 wiz Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -127,7 +127,8 @@ Enables CGI/1.1 interface for .Em ~user translation. Note that enabling this support implies that users can run commands -as the web server user. This may have security implications. +as the web server user. +This may have security implications. .It Fl e Causes .Nm @@ -141,7 +142,8 @@ Stops the .Fl b flag from detaching .Nm -from the tty and going into the background. This implies the +from the tty and going into the background. +This implies the .Fl b flag. .It Fl G @@ -809,7 +811,7 @@ provided chroot and change-to-user suppo .An Jukka Ruohonen .Aq Mt jru...@netbsd.org provided support for -.Xr blocklist 8 +.Xr blocklistd 8 .It .An Jared McNeill .Aq Mt jmcne...@netbsd.org
CVS commit: src/libexec/httpd
Module Name:src Committed By: wiz Date: Thu Oct 15 09:54:22 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: New sentence, new line. Fix xref. To generate a diff of this commit: cvs rdiff -u -r1.86 -r1.87 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Oct 15 04:21:53 UTC 2020 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c main.c ssl-bozo.c Log Message: various updates from / freebsd. the list from Henrik: bozohttpd.8: o Added -d flag to the man page o Moved -E flag in man page to keep alphabetic order o Grammar fix for description of -E flag in man page o Moved a word in the man description for the -f flag o Made -f imply -b as a backwards-compatible shortcut o Updated man description of -n to mention Lua scripts o Moved -z below -Z to keep the uppercase options first bozohttpd.c: o Removed obsolete comment about ~user missing cgi-bin support o Removed "/* ARGSUSED */" lines; was that a macro or a reminder? o Added USE_ARG macro call for sig, which was otherwise not used o Added USE_ARG macro call for msg (only used if debug is enabled) bozohttpd.h: o Fixed typo in the include guard (BOZOHTTOPD_H_ -> BOZOHTTPD_H_) o Renamed have_all to have_core; it didn't mean "all" options content-bozo.c: o Added USE_ARG macro call for signo, which was otherwise not used o Made -f imply -b as a backwards-compatible shortcut main.c: o Simplified -b text to be symmetric with that for the -f option o Updated -C text to make "suffix" explicit; it's better than "arg" o Changed to only show the -E description if have_user is true o Always show the -e option, which incorrectly used the -E logic o Renamed have_all to have_core; it didn't mean "all" options o Added three missing tabs for the description of the -G option o Updated -L text to make "prefix" explicit; it's better than "arg" o Updated -M text to make "suffix" explicit; it's slightly better o Added a previously missing description for the -n option o Documented the otherwise obscure valid types for the -T option o Shortened "username" to "user" to match the actual help text o Moved handling of -c below that for -C to standardize the order o Broke the enabling test for -C into two lines for consistency o Inverted the enabling test for -E; this is what was meant, right? o Removed the enabling test for -e, which should always be enabled ssl-bozo.c: o Added USE_ARG for httpd, which is not used if SSL has been excluded To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.44 src/libexec/httpd/CHANGES cvs rdiff -u -r1.85 -r1.86 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.122 -r1.123 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.64 -r1.65 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/content-bozo.c cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/daemon-bozo.c cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/main.c cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Oct 15 04:21:53 UTC 2020 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c main.c ssl-bozo.c Log Message: various updates from / freebsd. the list from Henrik: bozohttpd.8: o Added -d flag to the man page o Moved -E flag in man page to keep alphabetic order o Grammar fix for description of -E flag in man page o Moved a word in the man description for the -f flag o Made -f imply -b as a backwards-compatible shortcut o Updated man description of -n to mention Lua scripts o Moved -z below -Z to keep the uppercase options first bozohttpd.c: o Removed obsolete comment about ~user missing cgi-bin support o Removed "/* ARGSUSED */" lines; was that a macro or a reminder? o Added USE_ARG macro call for sig, which was otherwise not used o Added USE_ARG macro call for msg (only used if debug is enabled) bozohttpd.h: o Fixed typo in the include guard (BOZOHTTOPD_H_ -> BOZOHTTPD_H_) o Renamed have_all to have_core; it didn't mean "all" options content-bozo.c: o Added USE_ARG macro call for signo, which was otherwise not used o Made -f imply -b as a backwards-compatible shortcut main.c: o Simplified -b text to be symmetric with that for the -f option o Updated -C text to make "suffix" explicit; it's better than "arg" o Changed to only show the -E description if have_user is true o Always show the -e option, which incorrectly used the -E logic o Renamed have_all to have_core; it didn't mean "all" options o Added three missing tabs for the description of the -G option o Updated -L text to make "prefix" explicit; it's better than "arg" o Updated -M text to make "suffix" explicit; it's slightly better o Added a previously missing description for the -n option o Documented the otherwise obscure valid types for the -T option o Shortened "username" to "user" to match the actual help text o Moved handling of -c below that for -C to standardize the order o Broke the enabling test for -C into two lines for consistency o Inverted the enabling test for -E; this is what was meant, right? o Removed the enabling test for -e, which should always be enabled ssl-bozo.c: o Added USE_ARG for httpd, which is not used if SSL has been excluded To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.44 src/libexec/httpd/CHANGES cvs rdiff -u -r1.85 -r1.86 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.122 -r1.123 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.64 -r1.65 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/content-bozo.c cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/daemon-bozo.c cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/main.c cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.43 src/libexec/httpd/CHANGES:1.44 --- src/libexec/httpd/CHANGES:1.43 Thu Oct 15 02:19:23 2020 +++ src/libexec/httpd/CHANGES Thu Oct 15 04:21:53 2020 @@ -1,4 +1,4 @@ -$NetBSD: CHANGES,v 1.43 2020/10/15 02:19:23 mrg Exp $ +$NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $ changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from @@ -6,6 +6,9 @@ changes in bozohttpd 20201014: o fix array size botch (assertion, not exploitable.) from mar...@netbsd.org. o also match %2F as well as %2f. from l...@vuxu.org. + o many manual and help fixes. clean ups for higher lint levels, + consistency/style clean ups. various option fixes including made + -f imply -b. from for freebsd. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.85 src/libexec/httpd/bozohttpd.8:1.86 --- src/libexec/httpd/bozohttpd.8:1.85 Thu Oct 15 02:19:23 2020 +++ src/libexec/httpd/bozohttpd.8 Thu Oct 15 04:21:53 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.85 2020/10/15 02:19:23 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.86 2020/10/15 04:21:53 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -34,14 +34,14 @@ .Nd hyper text transfer protocol version 1.1 daemon .Sh SYNOPSIS .Nm -.Op Fl EGHVXefhnsu +.Op Fl EGHVXdefhnsu .Op Fl C Ar suffix cgihandler .Op Fl I Ar port .Op Fl L Ar prefix script .Op Fl M Ar suffix type encoding encoding11 .Op Fl P Ar pidfile .Op Fl R Ar readme -.Op Fl S Ar server_software +.Op Fl S Ar version .Op Fl T Ar type timeout .Op Fl U Ar username .Op Fl Z Ar cert privkey @@ -120,6 +120,14 @@ Note that the CGI/1.1 interface is avail translation using .Fl E switch. +.It Fl d +Enables debug support. +.It Fl E +Enables
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Oct 15 02:19:24 UTC 2020 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c main.c ssl-bozo.c Log Message: set -D_GNU_SOURCE in Makefile.boot. from hadrien.lac...@posteo.net. also match %2F as well as %2f. from l...@vuxu.org. introduce defines for "80" and "443". copyright maint. To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/CHANGES cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.84 -r1.85 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.121 -r1.122 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.63 -r1.64 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/dir-index-bozo.c cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/main.c cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Oct 15 02:19:24 UTC 2020 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c main.c ssl-bozo.c Log Message: set -D_GNU_SOURCE in Makefile.boot. from hadrien.lac...@posteo.net. also match %2F as well as %2f. from l...@vuxu.org. introduce defines for "80" and "443". copyright maint. To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/CHANGES cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.84 -r1.85 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.121 -r1.122 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.63 -r1.64 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/dir-index-bozo.c cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/main.c cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.42 src/libexec/httpd/CHANGES:1.43 --- src/libexec/httpd/CHANGES:1.42 Sat Sep 12 12:39:28 2020 +++ src/libexec/httpd/CHANGES Thu Oct 15 02:19:23 2020 @@ -1,4 +1,11 @@ -$NetBSD: CHANGES,v 1.42 2020/09/12 12:39:28 rhialto Exp $ +$NetBSD: CHANGES,v 1.43 2020/10/15 02:19:23 mrg Exp $ + +changes in bozohttpd 20201014: + o also set -D_GNU_SOURCE in Makefile.boot. from + hadrien.lac...@posteo.net. + o fix array size botch (assertion, not exploitable.) from + mar...@netbsd.org. + o also match %2F as well as %2f. from l...@vuxu.org. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.25 src/libexec/httpd/auth-bozo.c:1.26 --- src/libexec/httpd/auth-bozo.c:1.25 Sat Jul 11 08:10:52 2020 +++ src/libexec/httpd/auth-bozo.c Thu Oct 15 02:19:23 2020 @@ -1,9 +1,9 @@ -/* $NetBSD: auth-bozo.c,v 1.25 2020/07/11 08:10:52 jruoho Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2019 Matthew R. Green + * Copyright (c) 1997-2020 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.84 src/libexec/httpd/bozohttpd.8:1.85 --- src/libexec/httpd/bozohttpd.8:1.84 Thu Aug 20 07:55:10 2020 +++ src/libexec/httpd/bozohttpd.8 Thu Oct 15 02:19:23 2020 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.84 2020/08/20 07:55:10 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.85 2020/10/15 02:19:23 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2019 Matthew R. Green +.\" Copyright (c) 1997-2020 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 11, 2020 +.Dd October 14, 2020 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -642,7 +642,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20190116. +version 20201014. .Sh AUTHORS .An -nosplit .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.121 src/libexec/httpd/bozohttpd.c:1.122 --- src/libexec/httpd/bozohttpd.c:1.121 Sat Sep 5 13:38:24 2020 +++ src/libexec/httpd/bozohttpd.c Thu Oct 15 02:19:23 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.121 2020/09/05 13:38:24 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.122 2020/10/15 02:19:23 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20200820" +#define SERVER_SOFTWARE "bozohttpd/20201014" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -651,7 +651,7 @@ bozo_read_request(bozohttpd_t *httpd) * if passed through a proxy that doesn't rewrite the port. */ if (httpd->bindport) { - if (strcmp(httpd->bindport, "80") != 0) + if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0) port = httpd->bindport; else port = NULL; @@ -1099,7 +1099,7 @@ handle_redirect(bozo_httpreq_t *request, hostname = ""; portbuf[0] = '\0'; } else { - const char *defport = httpd->sslinfo ? "443" : "80"; + const char *defport = httpd->sslinfo ? BOZO_HTTPS_PORT : BOZO_HTTP_PORT; if (request->hr_serverport && strcmp(request->hr_serverport, defport) != 0) @@ -1335,7 +1335,8 @@ check_virtual(bozo_httpreq_t *request) * canonicalise hr_host - that is, remove any :80. */ len = strlen(request->hr_host); - if (len > 3 && strcmp(request->hr_host + len - 3, ":80") == 0) { + if (len > 3 && +
Re: CVS commit: src/libexec/httpd
Jared McNeill wrote in : |On Sat, 12 Sep 2020, Olaf Seibert wrote: | |> bozohttpd: add .m4a and .m4v file extensions. | |I don't think audio/mpeg is correct for .m4a. Since .m4a is MPEG audio in |an MP4 container, I would follow RFC 4337 ("MIME Type Registration for |MPEG-4") here which says you should use audio/mp4 instead. audio/mp4 mp4 mp4a m4a m4b --steffen | |Der Kragenbaer,The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt)
CVS commit: src/libexec/httpd
Module Name:src Committed By: rhialto Date: Sat Sep 12 14:44:25 UTC 2020 Modified Files: src/libexec/httpd: content-bozo.c Log Message: bozohttpd: correct .m4a to audio/mp4. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.17 src/libexec/httpd/content-bozo.c:1.18 --- src/libexec/httpd/content-bozo.c:1.17 Sat Sep 12 12:39:28 2020 +++ src/libexec/httpd/content-bozo.c Sat Sep 12 14:44:25 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: content-bozo.c,v 1.17 2020/09/12 12:39:28 rhialto Exp $ */ +/* $NetBSD: content-bozo.c,v 1.18 2020/09/12 14:44:25 rhialto Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -135,7 +135,7 @@ static bozo_content_map_t static_content { ".snd", "audio/basic", "", "", NULL }, { ".mpga", "audio/mpeg", "", "", NULL }, { ".mp2", "audio/mpeg", "", "", NULL }, - { ".m4a", "audio/mpeg", "", "", NULL }, + { ".m4a", "audio/mp4", "", "", NULL }, { ".aif", "audio/x-aiff", "", "", NULL }, { ".aiff", "audio/x-aiff", "", "", NULL }, { ".aifc", "audio/x-aiff", "", "", NULL },
CVS commit: src/libexec/httpd
Module Name:src Committed By: rhialto Date: Sat Sep 12 14:44:25 UTC 2020 Modified Files: src/libexec/httpd: content-bozo.c Log Message: bozohttpd: correct .m4a to audio/mp4. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Re: CVS commit: src/libexec/httpd
On Sat, 12 Sep 2020, Olaf Seibert wrote: bozohttpd: add .m4a and .m4v file extensions. I don't think audio/mpeg is correct for .m4a. Since .m4a is MPEG audio in an MP4 container, I would follow RFC 4337 ("MIME Type Registration for MPEG-4") here which says you should use audio/mp4 instead. Take care, Jared
CVS commit: src/libexec/httpd
Module Name:src Committed By: rhialto Date: Sat Sep 12 12:39:28 UTC 2020 Modified Files: src/libexec/httpd: CHANGES content-bozo.c Log Message: bozohttpd: add .m4a and .m4v file extensions. To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 src/libexec/httpd/CHANGES cvs rdiff -u -r1.16 -r1.17 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.41 src/libexec/httpd/CHANGES:1.42 --- src/libexec/httpd/CHANGES:1.41 Thu Aug 20 07:55:10 2020 +++ src/libexec/httpd/CHANGES Sat Sep 12 12:39:28 2020 @@ -1,4 +1,7 @@ -$NetBSD: CHANGES,v 1.41 2020/08/20 07:55:10 mrg Exp $ +$NetBSD: CHANGES,v 1.42 2020/09/12 12:39:28 rhialto Exp $ + +changes in bozohttpd 20200912: + o add .m4a and .m4v file extensions. changes in bozohttpd 20200820: o make this work on sun2 by reducing mmap window there. Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.16 src/libexec/httpd/content-bozo.c:1.17 --- src/libexec/httpd/content-bozo.c:1.16 Fri Nov 23 08:11:20 2018 +++ src/libexec/httpd/content-bozo.c Sat Sep 12 12:39:28 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: content-bozo.c,v 1.16 2018/11/23 08:11:20 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.17 2020/09/12 12:39:28 rhialto Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -135,6 +135,7 @@ static bozo_content_map_t static_content { ".snd", "audio/basic", "", "", NULL }, { ".mpga", "audio/mpeg", "", "", NULL }, { ".mp2", "audio/mpeg", "", "", NULL }, + { ".m4a", "audio/mpeg", "", "", NULL }, { ".aif", "audio/x-aiff", "", "", NULL }, { ".aiff", "audio/x-aiff", "", "", NULL }, { ".aifc", "audio/x-aiff", "", "", NULL }, @@ -167,6 +168,7 @@ static bozo_content_map_t static_content { ".ts", "video/mpeg", "", "", NULL }, { ".vob", "video/mpeg", "", "", NULL }, { ".mp4", "video/mp4", "", "", NULL }, + { ".m4v", "video/mp4", "", "", NULL }, { ".qt", "video/quicktime", "", "", NULL }, { ".mov", "video/quicktime", "", "", NULL }, { ".avi", "video/x-msvideo", "", "", NULL },
CVS commit: src/libexec/httpd
Module Name:src Committed By: rhialto Date: Sat Sep 12 12:39:28 UTC 2020 Modified Files: src/libexec/httpd: CHANGES content-bozo.c Log Message: bozohttpd: add .m4a and .m4v file extensions. To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 src/libexec/httpd/CHANGES cvs rdiff -u -r1.16 -r1.17 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Sep 5 13:38:24 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: avoid passing NULL pointers to printf() like functions and %s. To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.120 src/libexec/httpd/bozohttpd.c:1.121 --- src/libexec/httpd/bozohttpd.c:1.120 Thu Aug 20 07:57:01 2020 +++ src/libexec/httpd/bozohttpd.c Sat Sep 5 13:38:24 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.120 2020/08/20 07:57:01 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.121 2020/09/05 13:38:24 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -317,7 +317,7 @@ parse_request(bozohttpd_t *httpd, char * debug((httpd, DEBUG_FAT, "url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"", - *method, *file, *query, *proto)); + *method, *file, *query ? *query : "", *proto ? *proto : "")); } /* @@ -771,7 +771,7 @@ bozo_read_request(bozohttpd_t *httpd) val = bozostrnsep(, ":", ); debug((httpd, DEBUG_EXPLODING, "read_req2: after " - "bozostrnsep: str `%s' val `%s'", str, val)); + "bozostrnsep: str `%s' val `%s'", str, val ? val : "")); if (val == NULL || len == -1) { bozo_http_error(httpd, 404, request, "no header"); goto cleanup;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Sep 5 13:38:24 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: avoid passing NULL pointers to printf() like functions and %s. To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: leot Date: Tue Aug 25 20:02:33 UTC 2020 Modified Files: src/libexec/httpd: printenv.lua Log Message: Fix a typo in a comment To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/printenv.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/httpd
Module Name:src Committed By: leot Date: Tue Aug 25 20:02:33 UTC 2020 Modified Files: src/libexec/httpd: printenv.lua Log Message: Fix a typo in a comment To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/printenv.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/printenv.lua diff -u src/libexec/httpd/printenv.lua:1.3 src/libexec/httpd/printenv.lua:1.4 --- src/libexec/httpd/printenv.lua:1.3 Mon Dec 7 03:11:48 2015 +++ src/libexec/httpd/printenv.lua Tue Aug 25 20:02:33 2020 @@ -1,10 +1,10 @@ --- $NetBSD: printenv.lua,v 1.3 2015/12/07 03:11:48 kamil Exp $ +-- $NetBSD: printenv.lua,v 1.4 2020/08/25 20:02:33 leot Exp $ -- this small Lua script demonstrates the use of Lua in (bozo)httpd -- it will simply output the "environment" -- Keep in mind that bozohttpd forks for each request when started in --- daemon mode, you can set global veriables here, but they will have +-- daemon mode, you can set global variables here, but they will have -- the same value on each invocation. You can not keep state between -- two calls.