CVS commit: [netbsd-8] src/libexec/httpd
Module Name:src Committed By: martin Date: Sat Mar 27 13:38:52 UTC 2021 Modified Files: src/libexec/httpd [netbsd-8]: CHANGES Makefile Makefile.boot auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c dir-index-bozo.c main.c printenv.lua ssl-bozo.c src/libexec/httpd/libbozohttpd [netbsd-8]: Makefile libbozohttpd.3 src/libexec/httpd/small [netbsd-8]: Makefile src/libexec/httpd/testsuite [netbsd-8]: Makefile Added Files: src/libexec/httpd/testsuite [netbsd-8]: t16.in t16.out t17.in t17.out t18.in t18.out Log Message: Pull up the following via patch, requested by mrg in ticket #1668: Makefile1.30-1.31 Makefile.boot 1.7-1.9 auth-bozo.c 1.25-1.26 bozohttpd.8 1.80-1.87 bozohttpd.c 1.114-1.123,1.125-1.128 bozohttpd.h 1.61-1.68 cgi-bozo.c 1.49-1.53 content-bozo.c 1.17-1.20 daemon-bozo.c 1-.22 dir-index-bozo.c1.33-1.34 main.c 1.23-1.27 printenv.lua1.4-1.5 ssl-bozo.c 1.27-1.29 libbozohttpd/libbozohttpd.3 1.5-1.6 small/Makefile 1.4 testsuite/Makefile 1.14 testsuite/t16.in1.1 testsuite/t16.out 1.1 testsuite/t17.in1.1 testsuite/t17.out 1.1 testsuite/t18.in1.1 testsuite/t18.out 1.1 Update to bozohttpd 20210227. changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from . o fix memory leaks in library interface: add bozo_cleanup(). changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from hadrien.lac...@posteo.net. o fix array size botch (assertion, not exploitable.) from mar...@netbsd.org. o also match %2F as well as %2f. from l...@vuxu.org. o many manual and help fixes. clean ups for higher lint levels, consistency/style clean ups. various option fixes including made -f imply -b. from for freebsd. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. changes in bozohttpd 20200820: o make this work on sun2 by reducing mmap window there. o fix SSL shutdown sequence. from s...@netbsd.org. o add readme support to directory indexing. from jmcne...@netbsd.org o add blocklist(8) support. from jru...@netbsd.org. To generate a diff of this commit: cvs rdiff -u -r1.25.4.3 -r1.25.4.4 src/libexec/httpd/CHANGES cvs rdiff -u -r1.27.2.1 -r1.27.2.2 src/libexec/httpd/Makefile cvs rdiff -u -r1.6 -r1.6.18.1 src/libexec/httpd/Makefile.boot cvs rdiff -u -r1.18.8.2 -r1.18.8.3 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.65.4.2 -r1.65.4.3 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.86.4.5 -r1.86.4.6 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.47.4.3 -r1.47.4.4 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.37.4.4 -r1.37.4.5 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.14.6.1 -r1.14.6.2 src/libexec/httpd/content-bozo.c cvs rdiff -u -r1.17.8.2 -r1.17.8.3 src/libexec/httpd/daemon-bozo.c cvs rdiff -u -r1.25.8.2 -r1.25.8.3 src/libexec/httpd/dir-index-bozo.c cvs rdiff -u -r1.16.6.2 -r1.16.6.3 src/libexec/httpd/main.c cvs rdiff -u -r1.3 -r1.3.8.1 src/libexec/httpd/printenv.lua cvs rdiff -u -r1.22.8.2 -r1.22.8.3 src/libexec/httpd/ssl-bozo.c cvs rdiff -u -r1.3 -r1.3.2.1 src/libexec/httpd/libbozohttpd/Makefile cvs rdiff -u -r1.4 -r1.4.4.1 src/libexec/httpd/libbozohttpd/libbozohttpd.3 cvs rdiff -u -r1.3 -r1.3.16.1 src/libexec/httpd/small/Makefile cvs rdiff -u -r1.7.4.2 -r1.7.4.3 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r0 -r1.1.2.2 src/libexec/httpd/testsuite/t16.in \ src/libexec/httpd/testsuite/t17.in src/libexec/httpd/testsuite/t18.in cvs rdiff -u -r0 -r1.1.4.2 src/libexec/httpd/testsuite/t16.out \ src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.25.4.3 src/libexec/httpd/CHANGES:1.25.4.4 --- src/libexec/httpd/CHANGES:1.25.4.3 Wed Jun 12
CVS commit: [netbsd-8] src/libexec/httpd
Module Name:src Committed By: martin Date: Thu Nov 19 11:27:22 UTC 2020 Modified Files: src/libexec/httpd [netbsd-8]: bozohttpd.c Log Message: Pull up following revision(s) (requested by hannken in ticket #1624): libexec/httpd/bozohttpd.c: revision 1.124 Bozohttpd clobbers files greater than 4GB on 32bit archs. Make sure the alignment mask derived from pagesize is an off_t. To generate a diff of this commit: cvs rdiff -u -r1.86.4.4 -r1.86.4.5 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.86.4.4 src/libexec/httpd/bozohttpd.c:1.86.4.5 --- src/libexec/httpd/bozohttpd.c:1.86.4.4 Wed Jun 12 10:32:00 2019 +++ src/libexec/httpd/bozohttpd.c Thu Nov 19 11:27:22 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.86.4.4 2019/06/12 10:32:00 martin Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.86.4.5 2020/11/19 11:27:22 martin Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -907,7 +907,7 @@ mmap_and_write_part(bozohttpd_t *httpd, * * we use the write offset in all writes */ - mappedoffset = first_byte_pos & ~(httpd->page_size - 1); + mappedoffset = first_byte_pos & ~((off_t)httpd->page_size - 1); mappedsz = (size_t) (first_byte_pos - mappedoffset + sz + httpd->page_size - 1) & ~(httpd->page_size - 1);
CVS commit: [netbsd-8] src/libexec/httpd
Module Name:src Committed By: martin Date: Wed Nov 28 19:50:37 UTC 2018 Modified Files: src/libexec/httpd [netbsd-8]: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c main.c Log Message: Pull up following revision(s) (requested by mrg in ticket #1109): libexec/httpd/main.c: revision 1.22 libexec/httpd/CHANGES: revision 1.29 libexec/httpd/cgi-bozo.c: revision 1.45 libexec/httpd/bozohttpd.h: revision 1.57 libexec/httpd/CHANGES: revision 1.30 libexec/httpd/bozohttpd.c: revision 1.97 libexec/httpd/bozohttpd.c: revision 1.98 libexec/httpd/bozohttpd.c: revision 1.99 one semicolon is usually enough. - appease lint - add FALLTHROUGH comment - one return is usually enough. - avoid c99ism. - fix -X option parsing. noted by Rajeev V. Pillai. - add option fixes here. - normalise some messages. To generate a diff of this commit: cvs rdiff -u -r1.25.4.1 -r1.25.4.2 src/libexec/httpd/CHANGES cvs rdiff -u -r1.86.4.2 -r1.86.4.3 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.47.4.1 -r1.47.4.2 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.37.4.2 -r1.37.4.3 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.16.6.1 -r1.16.6.2 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.25.4.1 src/libexec/httpd/CHANGES:1.25.4.2 --- src/libexec/httpd/CHANGES:1.25.4.1 Sat Nov 24 17:13:51 2018 +++ src/libexec/httpd/CHANGES Wed Nov 28 19:50:37 2018 @@ -1,4 +1,7 @@ -$NetBSD: CHANGES,v 1.25.4.1 2018/11/24 17:13:51 martin Exp $ +$NetBSD: CHANGES,v 1.25.4.2 2018/11/28 19:50:37 martin Exp $ + +changes in bozohttpd 20181125: + o fixes for option parsing introduced in bozohttpd 20181123 changes in bozohttpd 20181121: o add url remap support via .bzremap file, from mar...@netbsd.org @@ -9,7 +12,7 @@ changes in bozohttpd 20181121: initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling - o fix special file (.htpasswd, .bz*) bypass. reported by JP. + o fix special file (.htpasswd, .bz*) bypass. reported by JP changes in bozohttpd 20170201: o fix an infinite loop in cgi processing @@ -94,7 +97,7 @@ changes in bozohttpd 20100617: changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main - program into main.c, the remaining parts are useable as library. + program into main.c, the remaining parts are useable as library add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.86.4.2 src/libexec/httpd/bozohttpd.c:1.86.4.3 --- src/libexec/httpd/bozohttpd.c:1.86.4.2 Sat Nov 24 17:13:51 2018 +++ src/libexec/httpd/bozohttpd.c Wed Nov 28 19:50:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.86.4.2 2018/11/24 17:13:51 martin Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.86.4.3 2018/11/28 19:50:37 martin Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20181124" +#define SERVER_SOFTWARE "bozohttpd/20181125" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -1018,6 +1018,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, case '"': if (absolute) goto leave_it; + /*FALLTHROUGH*/ case '\n': case '\r': case ' ': @@ -1026,8 +1027,8 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, d += 3; len += 3; break; - leave_it: default: + leave_it: *d++ = *s++; len++; break; @@ -1477,7 +1478,6 @@ check_bzredirect(bozo_httpreq_t *request REDIRECT_FILE) >= sizeof(redir)) { return bozo_http_error(httpd, 404, request, "redirectfile path too long"); - return -1; } if (lstat(redir, ) == 0) { if (!S_ISLNK(sb.st_mode)) @@ -1924,8 +1924,9 @@ int bozo_check_special_files(bozo_httpreq_t *request, const char *name) { bozohttpd_t *httpd = request->hr_httpd; + size_t i; - for (size_t i = 0; specials[i].file; i++) + for (i = 0; specials[i].file; i++) if (strcmp(name, specials[i].file) == 0) return bozo_http_error(httpd, 403, request, specials[i].name); Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.47.4.1 src/libexec/httpd/bozohttpd.h:1.47.4.2 --- src/libexec/httpd/bozohttpd.h:1.47.4.1 Sat Nov 24 17:13:51 2018 +++ src/libexec/httpd/bozohttpd.h Wed Nov 28 19:50:37 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.47.4.1 2018/11/24 17:13:51 martin Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.47.4.2 2018/11/28 19:50:37 martin Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -407,7 +407,7 @@ void
CVS commit: [netbsd-8] src/libexec/httpd
Module Name:src Committed By: martin Date: Sat Nov 24 17:13:51 UTC 2018 Modified Files: src/libexec/httpd [netbsd-8]: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c dir-index-bozo.c main.c ssl-bozo.c tilde-luzah-bozo.c src/libexec/httpd/lua [netbsd-8]: bozo.lua glue.c optparse.lua src/libexec/httpd/testsuite [netbsd-8]: Makefile html_cmp t3.out t5.out t6.out test-bigfile test-simple Added Files: src/libexec/httpd/testsuite [netbsd-8]: t12.in t12.out t13.in t13.out t14.in t14.out t15.in t15.out src/libexec/httpd/testsuite/data [netbsd-8]: .bzremap Log Message: Sync to HEAD (requested by mrg in ticket #1104) libexec/httpd/testsuite/data/.bzremap up to 1.1 libexec/httpd/testsuite/t12.out up to 1.1 libexec/httpd/testsuite/t12.in up to 1.1 libexec/httpd/testsuite/t13.out up to 1.1 libexec/httpd/testsuite/t13.in up to 1.1 libexec/httpd/testsuite/t14.out up to 1.1 libexec/httpd/testsuite/t14.in up to 1.1 libexec/httpd/testsuite/t15.out up to 1.1 libexec/httpd/testsuite/t15.in up to 1.1 libexec/httpd/CHANGES up to 1.28 libexec/httpd/auth-bozo.c up to 1.22 libexec/httpd/bozohttpd.8 up to 1.74 libexec/httpd/bozohttpd.c up to 1.96 libexec/httpd/bozohttpd.h up to 1.56 libexec/httpd/cgi-bozo.cup to 1.44 libexec/httpd/content-bozo.cup to 1.16 libexec/httpd/daemon-bozo.c up to 1.19 libexec/httpd/dir-index-bozo.c up to 1.28 libexec/httpd/main.cup to 1.21 libexec/httpd/ssl-bozo.cup to 1.25 libexec/httpd/tilde-luzah-bozo.cup to 1.16 libexec/httpd/lua/bozo.lua up to 1.3 libexec/httpd/lua/glue.cup to 1.5 libexec/httpd/lua/optparse.lua up to 1.2 libexec/httpd/testsuite/Makefileup to 1.11 libexec/httpd/testsuite/html_cmpup to 1.6 libexec/httpd/testsuite/t3.out up to 1.4 libexec/httpd/testsuite/t5.out up to 1.4 libexec/httpd/testsuite/t6.out up to 1.4 libexec/httpd/testsuite/test-bigfileup to 1.5 libexec/httpd/testsuite/test-simple up to 1.5 Cosmetic changes to Lua binding in bozohttpd. - Don't use negative indicies to read arguments of Lua functions. - On error, return nil, "error string". - Use ssize_t for return values from bozo_read() and bozo_write(). - Prefer lstring especially when if saves you from appending NUL and doing len + 1 which can potentially wraparound. - Don't mix C allocations with Lua functions marked with "m" in the Lua manual. Those functions may throw (longjump) and leak data allocated by C function. In one case, I use luaL_Buffer, in the other case, I rearranged calls a bit. fix ordering of a couple of words. from Edgar Pettijohn in PR#52375. thanks! s/u_int/unsigned/. from Jan Danielsson. increases/fixes portability. PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism sometimes with EFAULT due to not NULL terminated environment. Document script handler issues with httpd(8). >From martin@, addressing PR 52194. While here, use American spelling consistently and upper-case some abbreviations. Bump date. fix output since protocol agnostic change went in. XXX: i thought someone hooked this into atf already, please do :) Add support for remapping requested paths via a .bzredirect file. Fixes PR 52772. Ok: mrg@ Bump date Remove trailing whitespace. use __func__ in debug(). fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. avoid memory leak in sending multiple auth headers. mostly mitigated by previous patch to limit total header size, but still a real problem here. note the changes present in bozohttpd 20181118: o add url remap support via .bzremap file, from martin%netbsd.org@localhost o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. from CHANGES: o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling responses old timeouts: 60 seconds for initial request like, 60 seconds per
CVS commit: [netbsd-8] src/libexec/httpd
Module Name:src Committed By: martin Date: Sun Feb 4 12:49:25 UTC 2018 Modified Files: src/libexec/httpd [netbsd-8]: bozohttpd.c Log Message: Pull up following revision(s) (requested by maya in ticket #522): libexec/httpd/bozohttpd.c: revision 1.87 Use a protocol-agnostic URL (don't degrade HTTPS->HTTP) Suggested by Travis Paul in PR bin/52958. To generate a diff of this commit: cvs rdiff -u -r1.86 -r1.86.4.1 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.86 src/libexec/httpd/bozohttpd.c:1.86.4.1 --- src/libexec/httpd/bozohttpd.c:1.86 Sun Feb 5 01:55:03 2017 +++ src/libexec/httpd/bozohttpd.c Sun Feb 4 12:49:25 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.86 2017/02/05 01:55:03 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.86.4.1 2018/02/04 12:49:25 martin Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1990,7 +1990,7 @@ bozo_http_error(bozohttpd_t *httpd, int "%s\n" "%s\n" "%s%s: %s\n" - "http://%s%s/\;>%s%s\n" + "%s%s\n" "\n", header, header, user ? user : "", file,
CVS commit: [netbsd-8] src/libexec/httpd
Module Name:src Committed By: snj Date: Mon Dec 4 19:44:13 UTC 2017 Modified Files: src/libexec/httpd [netbsd-8]: cgi-bozo.c Log Message: Pull up following revision(s) (requested by martin in ticket #409): libexec/httpd/cgi-bozo.c: revision 1.39 PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism sometimes with EFAULT due to not NULL terminated environment. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.37.4.1 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.37 src/libexec/httpd/cgi-bozo.c:1.37.4.1 --- src/libexec/httpd/cgi-bozo.c:1.37 Tue Jan 31 14:36:09 2017 +++ src/libexec/httpd/cgi-bozo.c Mon Dec 4 19:44:13 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.37 2017/01/31 14:36:09 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.37.4.1 2017/12/04 19:44:13 snj Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -587,6 +587,8 @@ bozo_process_cgi(bozo_httpreq_t *request bozoerr(httpd, 1, "child socketpair failed: %s", strerror(errno)); + *curenvp = 0; + /* * We create 2 procs: one to become the CGI, one read from * the CGI and output to the network, and this parent will