CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 5 07:41:48 UTC 2021 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h src/libexec/httpd/testsuite: t10.out Log Message: don't assume host BUFSIZ is sufficent. small BUFSIZ leads to always happens errors in the testsuite. switch all these buffers to be 4KiB sized. reported by embr To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 src/libexec/httpd/CHANGES cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.131 -r1.132 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.68 -r1.69 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.2 -r1.3 src/libexec/httpd/testsuite/t10.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.48 src/libexec/httpd/CHANGES:1.49 --- src/libexec/httpd/CHANGES:1.48 Sun Apr 4 18:14:26 2021 +++ src/libexec/httpd/CHANGES Wed May 5 07:41:48 2021 @@ -1,4 +1,9 @@ -$NetBSD: CHANGES,v 1.48 2021/04/04 18:14:26 mrg Exp $ +$NetBSD: CHANGES,v 1.49 2021/05/05 07:41:48 mrg Exp $ + +changes in bozohttpd 20210504: + o don't assume host BUFSIZ is sufficent. small BUFSIZ leads to + always happens errors in the testsuite. switch all these buffers + to be 4KiB sized. reported by embr changes in bozohttpd 20210403: o fix a denial of service attack against initial request contents, Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.26 src/libexec/httpd/auth-bozo.c:1.27 --- src/libexec/httpd/auth-bozo.c:1.26 Thu Oct 15 02:19:23 2020 +++ src/libexec/httpd/auth-bozo.c Wed May 5 07:41:48 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.27 2021/05/05 07:41:48 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -54,7 +54,7 @@ bozo_auth_check(bozo_httpreq_t *request, bozohttpd_t *httpd = request->hr_httpd; struct stat sb; char dir[MAXPATHLEN], authfile[MAXPATHLEN], *basename; - char user[BUFSIZ], *pass; + char user[BOZO_MINBUFSIZE], *pass; FILE *fp; int len; @@ -144,7 +144,7 @@ bozo_auth_check_headers(bozo_httpreq_t * if (strcasecmp(val, "authorization") == 0 && strncasecmp(str, "Basic ", 6) == 0) { - char authbuf[BUFSIZ]; + char authbuf[BOZO_MINBUFSIZE]; char *pass = NULL; ssize_t alen; Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.131 src/libexec/httpd/bozohttpd.c:1.132 --- src/libexec/httpd/bozohttpd.c:1.131 Wed May 5 07:09:19 2021 +++ src/libexec/httpd/bozohttpd.c Wed May 5 07:41:48 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.131 2021/05/05 07:09:19 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.132 2021/05/05 07:41:48 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210403" +#define SERVER_SOFTWARE "bozohttpd/20210504" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -2275,7 +2275,7 @@ bozo_http_error(bozohttpd_t *httpd, int } #endif /* !NO_USER_SUPPORT */ - size = snprintf(httpd->errorbuf, BUFSIZ, + size = snprintf(httpd->errorbuf, BOZO_MINBUFSIZE, "%s\n" "%s\n" "%s%s: %s\n" @@ -2285,10 +2285,10 @@ bozo_http_error(bozohttpd_t *httpd, int user ? user : "", file, reason, hostname, portbuf, hostname, portbuf); free(user); - if (size >= (int)BUFSIZ) { + if (size >= (int)BOZO_MINBUFSIZE) { bozowarn(httpd, "bozo_http_error buffer too small, truncated"); - size = (int)BUFSIZ; + size = (int)BOZO_MINBUFSIZE; } if (file_alloc) @@ -2515,7 +2515,7 @@ bozo_init_httpd(bozohttpd_t *httpd) httpd->mmapsz = BOZO_MMAPSZ; /* error buffer for bozo_http_error() */ - if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) { + if ((httpd->errorbuf = malloc(BOZO_MINBUFSIZE)) == NULL) { fprintf(stderr, "bozohttpd: memory_allocation failure\n"); return 0; Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.68 src/libexec/httpd/bozohttpd.h:1.69 --- src/libexec/httpd/bozohttpd.h:1.68 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/bozohttpd.h Wed May 5 07:41:48 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.68 2021/02/27 12:36:46 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.69 2021/05/05 07:41:48 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -227,6 +227,8 @@ typedef struct bozoprefs_t { /* only allow this many total headers bytes */ #define BOZO_HEADERS_MAX_SIZE (16 * 1024) +#define BOZO_MINBUFSIZE (4 * 1024) + /* debug flags
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed May 5 07:09:19 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: include . bozo_unconst() uses uintptr_t defined here. from embr . To generate a diff of this commit: cvs rdiff -u -r1.130 -r1.131 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.130 src/libexec/httpd/bozohttpd.c:1.131 --- src/libexec/httpd/bozohttpd.c:1.130 Thu Apr 8 07:02:11 2021 +++ src/libexec/httpd/bozohttpd.c Wed May 5 07:09:19 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.130 2021/04/08 07:02:11 rillig Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.131 2021/05/05 07:09:19 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -138,6 +138,7 @@ #include #include #include +#include #include #include #include
CVS commit: src/libexec/httpd
Module Name:src Committed By: rillig Date: Thu Apr 8 07:02:12 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c cgi-bozo.c Log Message: bozohttpd: fix argument type for functions from Found by the recently added check to lint (message 342). ok mrg@ To generate a diff of this commit: cvs rdiff -u -r1.129 -r1.130 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.53 -r1.54 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.129 src/libexec/httpd/bozohttpd.c:1.130 --- src/libexec/httpd/bozohttpd.c:1.129 Sun Apr 4 18:14:26 2021 +++ src/libexec/httpd/bozohttpd.c Thu Apr 8 07:02:11 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.129 2021/04/04 18:14:26 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.130 2021/04/08 07:02:11 rillig Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1110,7 +1110,7 @@ handle_redirect(bozo_httpreq_t *request, */ if (sep) { for (s = url; s != sep;) { -if (!isalnum((int)*s) && +if (!isalnum((unsigned char)*s) && *s != '+' && *s != '-' && *s != '.') break; if (++s == sep) { Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.53 src/libexec/httpd/cgi-bozo.c:1.54 --- src/libexec/httpd/cgi-bozo.c:1.53 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/cgi-bozo.c Thu Apr 8 07:02:12 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.53 2021/02/27 12:36:46 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.54 2021/04/08 07:02:12 rillig Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -289,7 +289,8 @@ parse_search_string(bozo_httpreq_t *requ goto parse_err; while (*s) { /* check if it's unreserved */ - if (isalpha((int)*s) || isdigit((int)*s) || + if (isalpha((unsigned char)*s) || + isdigit((unsigned char)*s) || strchr(UNRESERVED_CHAR, *s)) { s++; continue; @@ -299,8 +300,8 @@ parse_search_string(bozo_httpreq_t *requ if (*s == '%') { if (s[1] == '\0' || s[2] == '\0') goto parse_err; -if (!isxdigit((int)s[1]) || -!isxdigit((int)s[2])) +if (!isxdigit((unsigned char)s[1]) || +!isxdigit((unsigned char)s[2])) goto parse_err; s += 3; continue; @@ -517,8 +518,8 @@ bozo_process_cgi(bozo_httpreq_t *request strcpy(t, "HTTP_"); t += strlen(t); for (s2 = headp->h_header; *s2; t++, s2++) - if (islower((unsigned)*s2)) -*t = toupper((unsigned)*s2); + if (islower((unsigned char)*s2)) +*t = toupper((unsigned char)*s2); else if (*s2 == '-') *t = '_'; else
CVS commit: src/libexec/httpd/small
Module Name:src Committed By: rillig Date: Thu Apr 8 06:52:42 UTC 2021 Modified Files: src/libexec/httpd/small: Makefile Log Message: bozohttpd-small: fix typo in SRCS, fix targets dependall and lint The additional ':' after 'main.c' had no effect on the compilation since the suffix is removed when computing the list of object files. The ':' excluded main.c from the dependency computation and from lint. By defining CPPFLAGS instead of CFLAGS, the default "-O2" steps in again, and the proper flags are passed to lint, which did not work before at all because it could not find an included file. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/small/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/small/Makefile diff -u src/libexec/httpd/small/Makefile:1.5 src/libexec/httpd/small/Makefile:1.6 --- src/libexec/httpd/small/Makefile:1.5 Thu Apr 8 06:44:55 2021 +++ src/libexec/httpd/small/Makefile Thu Apr 8 06:52:42 2021 @@ -1,9 +1,10 @@ +# $NetBSD: Makefile,v 1.6 2021/04/08 06:52:42 rillig Exp $ # $eterna: Makefile,v 1.1 2009/05/22 21:51:39 mrg Exp $ # build a 100% lean bozohttpd-small.c PROG= bozohttpd-small NOMAN= # defined -SRCS= bozohttpd-small.c content-bozo-small.c ssl-bozo.c main.c: +SRCS= bozohttpd-small.c content-bozo-small.c ssl-bozo.c main.c LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPPORT \ -DNO_CGIBIN_SUPPORT -DNO_DIRINDEX_SUPPORT \ @@ -11,7 +12,7 @@ LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPP -DNO_SSL_SUPPORT -UDO_HTPASSWD \ -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -CFLAGS= -I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS} +CPPFLAGS= -I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS} bozohttpd-small.c: bozohttpd.c unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp; \
CVS commit: src/libexec/httpd/small
Module Name:src Committed By: rillig Date: Thu Apr 8 06:44:55 UTC 2021 Modified Files: src/libexec/httpd/small: Makefile Log Message: bozohttpd-small: fix error handling for unifdef The second of the '$$?' was spelled only '$?'. At the time where this shell expression was evaluated, it had already been overwritten by the preceding command '['. To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/small/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/small/Makefile diff -u src/libexec/httpd/small/Makefile:1.4 src/libexec/httpd/small/Makefile:1.5 --- src/libexec/httpd/small/Makefile:1.4 Mon Jul 13 10:35:17 2020 +++ src/libexec/httpd/small/Makefile Thu Apr 8 06:44:55 2021 @@ -14,13 +14,21 @@ LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPP CFLAGS= -I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS} bozohttpd-small.c: bozohttpd.c - unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp ;\ - if [ $$? -ne 1 ]; then echo "unifdef returned $?, expecting 1" 2>&1; false; fi + unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp; \ + status=$$?; \ + if [ $$status -ne 1 ]; then \ + echo "unifdef returned $$status, expecting 1" 2>&1; \ + false; \ + fi mv -f $@.tmp $@ content-bozo-small.c: content-bozo.c - unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp ;\ - if [ $$? -ne 1 ]; then echo "unifdef returned $?, expecting 1" 2>&1; false; fi + unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp; \ + status=$$?; \ + if [ $$status -ne 1 ]; then \ + echo "unifdef returned $$status, expecting 1" 2>&1; \ + false; \ + fi mv -f $@.tmp $@ CLEANFILES+= content-bozo-small.c bozohttpd-small.c
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Apr 4 18:14:27 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c Log Message: avoid DoS in initial request size, which is now bounded at 16KiB. reported by Justin Parrott in PR#56085. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/libexec/httpd/CHANGES cvs rdiff -u -r1.128 -r1.129 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.47 src/libexec/httpd/CHANGES:1.48 --- src/libexec/httpd/CHANGES:1.47 Sat Feb 27 12:55:25 2021 +++ src/libexec/httpd/CHANGES Sun Apr 4 18:14:26 2021 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.47 2021/02/27 12:55:25 mrg Exp $ +$NetBSD: CHANGES,v 1.48 2021/04/04 18:14:26 mrg Exp $ + +changes in bozohttpd 20210403: + o fix a denial of service attack against initial request contents, + now bounded at 16KiB. reported by Justin Parrott in PR#56085 changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.128 src/libexec/httpd/bozohttpd.c:1.129 --- src/libexec/httpd/bozohttpd.c:1.128 Sat Feb 27 12:55:25 2021 +++ src/libexec/httpd/bozohttpd.c Sun Apr 4 18:14:26 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.128 2021/02/27 12:55:25 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.129 2021/04/04 18:14:26 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210227" +#define SERVER_SOFTWARE "bozohttpd/20210403" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -852,6 +852,10 @@ bozo_read_request(bozohttpd_t *httpd) next_header: alarm(httpd->header_timeout); } + if (str == NULL) { + bozo_http_error(httpd, 413, request, "request too large"); + goto cleanup; + } /* now, clear it all out */ alarm(0); @@ -2124,7 +2128,7 @@ bozo_escape_html(bozohttpd_t *httpd, con if (httpd) tmp = bozomalloc(httpd, len); else if ((tmp = malloc(len)) == 0) - return NULL; + return NULL; for (i = 0, j = 0; url[i]; i++) { switch (url[i]) { @@ -2373,6 +2377,9 @@ bozostrnsep(char **strp, const char *del * inspired by fgetln(3), but works for fd's. should work identically * except it, however, does *not* return the newline, and it does nul * terminate the string. + * + * returns NULL if the line grows too large. empty lines will be + * returned with *lenp set to 0. */ char * bozodgetln(bozohttpd_t *httpd, int fd, ssize_t *lenp, @@ -2386,11 +2393,8 @@ bozodgetln(bozohttpd_t *httpd, int fd, s if (httpd->getln_buflen == 0) { /* should be plenty for most requests */ httpd->getln_buflen = 128; - httpd->getln_buffer = malloc((size_t)httpd->getln_buflen); - if (httpd->getln_buffer == NULL) { - httpd->getln_buflen = 0; - return NULL; - } + httpd->getln_buffer = + bozomalloc(httpd, (size_t)httpd->getln_buflen); } len = 0; @@ -2406,6 +2410,9 @@ bozodgetln(bozohttpd_t *httpd, int fd, s for (; readfn(httpd, fd, , 1) == 1; ) { debug((httpd, DEBUG_EXPLODING, "bozodgetln read %c", c)); + if (httpd->getln_buflen > BOZO_HEADERS_MAX_SIZE) + return NULL; + if (len >= httpd->getln_buflen - 1) { httpd->getln_buflen *= 2; debug((httpd, DEBUG_EXPLODING, "bozodgetln: "
CVS commit: src/libexec/httpd
Module Name:src Committed By: rillig Date: Sun Feb 28 16:10:00 UTC 2021 Modified Files: src/libexec/httpd: printenv.lua Log Message: libexec/httpd: fix cross-site scripting in Lua example curl \ --header 'NAME: ' \ 'http://127.0.0.1:8080/test/printenv?=' To generate a diff of this commit: cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/printenv.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/printenv.lua diff -u src/libexec/httpd/printenv.lua:1.4 src/libexec/httpd/printenv.lua:1.5 --- src/libexec/httpd/printenv.lua:1.4 Tue Aug 25 20:02:33 2020 +++ src/libexec/httpd/printenv.lua Sun Feb 28 16:10:00 2021 @@ -1,4 +1,4 @@ --- $NetBSD: printenv.lua,v 1.4 2020/08/25 20:02:33 leot Exp $ +-- $NetBSD: printenv.lua,v 1.5 2021/02/28 16:10:00 rillig Exp $ -- this small Lua script demonstrates the use of Lua in (bozo)httpd -- it will simply output the "environment" @@ -14,6 +14,10 @@ local httpd = require 'httpd' +function escape_html(s) + return s:gsub('&', ''):gsub('<', ''):gsub('>', ''):gsub('"', '') +end + function printenv(env, headers, query) -- we get the "environment" in the env table, the values are more @@ -40,18 +44,18 @@ function printenv(env, headers, query) httpd.print('Server Environment') -- print the list of "environment" variables for k, v in pairs(env) do - httpd.print(k .. '=' .. v .. '') + httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '') end httpd.print('Request Headers') for k, v in pairs(headers) do - httpd.print(k .. '=' .. v .. '') + httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '') end if query ~= nil then httpd.print('Query Variables') for k, v in pairs(query) do - httpd.print(k .. '=' .. v .. '') + httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '') end end @@ -83,7 +87,7 @@ function form(env, header, query) end for k, v in pairs(query) do - httpd.print(k .. '=' .. v .. '') + httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '') end else httpd.print('No values')
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 05:19:52 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: update version, dates, add emily to list of contributors. sort list. To generate a diff of this commit: cvs rdiff -u -r1.87 -r1.88 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.87 src/libexec/httpd/bozohttpd.8:1.88 --- src/libexec/httpd/bozohttpd.8:1.87 Thu Oct 15 09:54:22 2020 +++ src/libexec/httpd/bozohttpd.8 Sun Feb 28 05:19:52 2021 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.87 2020/10/15 09:54:22 wiz Exp $ +.\" $NetBSD: bozohttpd.8,v 1.88 2021/02/28 05:19:52 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2020 Matthew R. Green +.\" Copyright (c) 1997-2021 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd October 14, 2020 +.Dd February 27, 2021 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -646,7 +646,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20201014. +version 20210227. .Sh AUTHORS .An -nosplit .Nm @@ -699,6 +699,9 @@ added support for serving gzipped files .Aq Mt p...@pdc.kth.se provided a fix for a minor (non-security) buffer overflow condition .It +.Aq Mt emily@ingalls.rocks +provided fixes for some bad request parsing +.It .An Jun-ichiro itojun Hagino, KAME .Aq Mt ito...@iijlab.net provided initial IPv6 support @@ -751,6 +754,10 @@ provided man page fixes .Aq Mt dena...@gmail.com provided a cgi-bin fix .It +.An Jared McNeill +.Aq Mt jmcne...@netbsd.org +added support for readme in directory indexing +.It .An Julio Merino .Aq Mt j...@netbsd.org Added the @@ -789,6 +796,11 @@ provided the .Fl V option .It +.An Jukka Ruohonen +.Aq Mt jru...@netbsd.org +provided support for +.Xr blocklistd 8 +.It .An Thor Lancelot Simon .Aq Mt t...@netbsd.org enhanced cgi-bin support @@ -807,15 +819,7 @@ provided http authorization fixes .It .Aq Mt x...@kittenz.org provided chroot and change-to-user support, and other various fixes -.It -.An Jukka Ruohonen -.Aq Mt jru...@netbsd.org -provided support for -.Xr blocklistd 8 -.It -.An Jared McNeill -.Aq Mt jmcne...@netbsd.org -added support for readme in directory indexing + .It .An S.P.Zeidler .Aq Mt s...@netbsd.org
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 04:18:46 UTC 2021 Modified Files: src/libexec/httpd: Makefile Log Message: avoid warnings from the previous when using objdirs. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.30 src/libexec/httpd/Makefile:1.31 --- src/libexec/httpd/Makefile:1.30 Sun Feb 28 02:39:15 2021 +++ src/libexec/httpd/Makefile Sun Feb 28 04:18:46 2021 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.30 2021/02/28 02:39:15 mrg Exp $ +# $NetBSD: Makefile,v 1.31 2021/02/28 04:18:46 mrg Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -84,7 +84,7 @@ check: .if empty(BOZOVER) BOZOVER!= sed -n \ -e s/\"$$// -e \ - 's/\#define[ ]*SERVER_SOFTWARE[ ]*\"bozohttpd\///p' bozohttpd.c + 's/\#define[ ]*SERVER_SOFTWARE[ ]*\"bozohttpd\///p' ${.PARSEDIR}/bozohttpd.c .endif # Create a distfile: uses /tmp
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Feb 28 02:39:15 UTC 2021 Modified Files: src/libexec/httpd: Makefile Log Message: give BOZOVER a default so exporting a distfile is easy. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.29 src/libexec/httpd/Makefile:1.30 --- src/libexec/httpd/Makefile:1.29 Sat Jul 11 08:10:52 2020 +++ src/libexec/httpd/Makefile Sun Feb 28 02:39:15 2021 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.29 2020/07/11 08:10:52 jruoho Exp $ +# $NetBSD: Makefile,v 1.30 2021/02/28 02:39:15 mrg Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -81,6 +81,12 @@ CLEANFILES+= bozohttpd.8.html bozohttpd. check: cd ${.CURDIR}/testsuite && ${MAKE} check +.if empty(BOZOVER) +BOZOVER!= sed -n \ + -e s/\"$$// -e \ + 's/\#define[ ]*SERVER_SOFTWARE[ ]*\"bozohttpd\///p' bozohttpd.c +.endif + # Create a distfile: uses /tmp BASE=bozohttpd-${BOZOVER} TAR=${BASE}.tar
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Feb 27 12:55:25 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c content-bozo.c Log Message: changes in bozohttpd 20210227: o new support for content types: .tar.bz2, .tar.xz, .tar.lz, .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix netbsd PR#56026: MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.47 src/libexec/httpd/CHANGES cvs rdiff -u -r1.127 -r1.128 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.46 src/libexec/httpd/CHANGES:1.47 --- src/libexec/httpd/CHANGES:1.46 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/CHANGES Sat Feb 27 12:55:25 2021 @@ -1,4 +1,11 @@ -$NetBSD: CHANGES,v 1.46 2021/02/27 12:36:46 mrg Exp $ +$NetBSD: CHANGES,v 1.47 2021/02/27 12:55:25 mrg Exp $ + +changes in bozohttpd 20210227: + o new support for content types: .tar.bz2, .tar.xz, .tar.lz, + .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma, + .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix + netbsd PR#56026: + MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.127 src/libexec/httpd/bozohttpd.c:1.128 --- src/libexec/httpd/bozohttpd.c:1.127 Sat Feb 27 12:36:46 2021 +++ src/libexec/httpd/bozohttpd.c Sat Feb 27 12:55:25 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.127 2021/02/27 12:36:46 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.128 2021/02/27 12:55:25 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210211" +#define SERVER_SOFTWARE "bozohttpd/20210227" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.19 src/libexec/httpd/content-bozo.c:1.20 --- src/libexec/httpd/content-bozo.c:1.19 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/content-bozo.c Sat Feb 27 12:55:25 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: content-bozo.c,v 1.19 2020/10/15 04:21:53 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.20 2021/02/27 12:55:25 mrg Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -63,11 +63,18 @@ static bozo_content_map_t static_content { ".pa", "application/x-ns-proxy-autoconfig", "", "", NULL }, { ".tar", "multipart/x-tar", "", "", NULL }, { ".gtar", "application/x-gtar-compressed", "", "", NULL }, - { ".tar.Z", "application/x-gtar-compressed", "", "", NULL }, { ".tar.gz", "application/x-gtar-compressed", "", "", NULL }, - { ".taz", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.bz2", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.xz", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.lz", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.zst", "application/x-gtar-compressed", "", "", NULL }, { ".tgz", "application/x-gtar-compressed", "", "", NULL }, + { ".tbz2", "application/x-gtar-compressed", "", "", NULL }, + { ".txz", "application/x-gtar-compressed", "", "", NULL }, + { ".tlz", "application/x-gtar-compressed", "", "", NULL }, { ".tar.z", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.Z", "application/x-gtar-compressed", "", "", NULL }, + { ".taz", "application/x-gtar-compressed", "", "", NULL }, { ".Z", "application/x-compress", "", "", NULL }, { ".gz", "application/x-gzip", "", "", NULL }, { ".z", "unknown", "", "", NULL }, @@ -131,6 +138,19 @@ static bozo_content_map_t static_content { ".ustar", "application/x-ustar", "", "", NULL }, { ".src", "application/x-wais-source", "", "", NULL }, { ".zip", "application/zip", "", "", NULL }, + { ".zipx", "application/zip", "", "", NULL }, + { ".xz", "application/x-xz", "", "", NULL }, + { ".zst", "application/x-zstd", "", "", NULL }, + { ".sz", "application/x-snappy-framed", "", "", NULL }, + { ".lz", "application/x-lzip", "", "", NULL }, + { ".lzma", "application/x-lzma", "", "", NULL }, + { ".lzo", "application/x-lzop", "", "", NULL }, + { ".7z", "application/x-7z-compressed", "", "", NULL }, + { ".lzo", "application/x-lzop", "", "", NULL }, + { ".cab",
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Feb 27 12:36:46 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c main.c src/libexec/httpd/libbozohttpd: libbozohttpd.3 Log Message: belated call version 20210211 after previous memory leak fix. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.46 src/libexec/httpd/CHANGES cvs rdiff -u -r1.126 -r1.127 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.67 -r1.68 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/main.c cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/libbozohttpd/libbozohttpd.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.45 src/libexec/httpd/CHANGES:1.46 --- src/libexec/httpd/CHANGES:1.45 Thu Feb 11 09:23:55 2021 +++ src/libexec/httpd/CHANGES Sat Feb 27 12:36:46 2021 @@ -1,8 +1,9 @@ -$NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $ +$NetBSD: CHANGES,v 1.46 2021/02/27 12:36:46 mrg Exp $ -changes in bozohttpd 20210210: +changes in bozohttpd 20210211: o fix various NULL derefs from malformed headers. mostly from . + o fix memory leaks in library interface: add bozo_cleanup(). changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.126 src/libexec/httpd/bozohttpd.c:1.127 --- src/libexec/httpd/bozohttpd.c:1.126 Thu Feb 11 09:57:52 2021 +++ src/libexec/httpd/bozohttpd.c Sat Feb 27 12:36:46 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.126 2021/02/11 09:57:52 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.127 2021/02/27 12:36:46 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20210210" +#define SERVER_SOFTWARE "bozohttpd/20210211" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.67 src/libexec/httpd/bozohttpd.h:1.68 --- src/libexec/httpd/bozohttpd.h:1.67 Thu Feb 11 09:57:52 2021 +++ src/libexec/httpd/bozohttpd.h Sat Feb 27 12:36:46 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.h,v 1.67 2021/02/11 09:57:52 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.68 2021/02/27 12:36:46 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.52 src/libexec/httpd/cgi-bozo.c:1.53 --- src/libexec/httpd/cgi-bozo.c:1.52 Thu Feb 11 09:23:55 2021 +++ src/libexec/httpd/cgi-bozo.c Sat Feb 27 12:36:46 2021 @@ -1,9 +1,9 @@ -/* $NetBSD: cgi-bozo.c,v 1.52 2021/02/11 09:23:55 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.53 2021/02/27 12:36:46 mrg Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.26 src/libexec/httpd/main.c:1.27 --- src/libexec/httpd/main.c:1.26 Thu Feb 11 09:57:52 2021 +++ src/libexec/httpd/main.c Sat Feb 27 12:36:46 2021 @@ -1,10 +1,10 @@ -/* $NetBSD: main.c,v 1.26 2021/02/11 09:57:52 mrg Exp $ */ +/* $NetBSD: main.c,v 1.27 2021/02/27 12:36:46 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ /* - * Copyright (c) 1997-2020 Matthew R. Green + * Copyright (c) 1997-2021 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/libbozohttpd/libbozohttpd.3 diff -u src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5 src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.6 --- src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5 Thu Feb 11 09:57:53 2021 +++ src/libexec/httpd/libbozohttpd/libbozohttpd.3 Sat Feb 27 12:36:46 2021 @@ -1,8 +1,8 @@ -.\" $NetBSD: libbozohttpd.3,v 1.5 2021/02/11 09:57:53 mrg Exp $ +.\" $NetBSD: libbozohttpd.3,v 1.6 2021/02/27 12:36:46 mrg Exp $ .\" .\" $eterna: libbozohttpd.3,v 1.2 2010/05/10 02:48:23 mrg Exp $ .\" -.\" Copyright (c) 2009 The NetBSD Foundation, Inc. +.\" Copyright (c) 2009, 2021 The NetBSD Foundation, Inc. .\" All rights reserved.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Feb 11 09:57:53 UTC 2021 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h main.c src/libexec/httpd/libbozohttpd: libbozohttpd.3 Log Message: clean up issues detected by address sanitizer (just some memory leaks that only apply to the library version.) XXX: the handling of hr_file and its variants is more crappy again - the prior clean up is slightly less clean now, but at least it does not leak memory. XXX2: cgi-bin test hangs with address sanitizer. don't know why yet.. To generate a diff of this commit: cvs rdiff -u -r1.125 -r1.126 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.66 -r1.67 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/main.c cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/libbozohttpd/libbozohttpd.3 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.125 src/libexec/httpd/bozohttpd.c:1.126 --- src/libexec/httpd/bozohttpd.c:1.125 Thu Feb 11 09:23:55 2021 +++ src/libexec/httpd/bozohttpd.c Thu Feb 11 09:57:52 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.125 2021/02/11 09:23:55 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.126 2021/02/11 09:57:52 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -239,6 +239,20 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr return 1; } +static void +bozo_clear_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs) +{ + size_t i; + + for (i = 0; i < prefs->count; i++) { + free(prefs->name[i]); + free(prefs->value[i]); + } + + free(prefs->name); + free(prefs->value); +} + /* * get a variable's value, or NULL */ @@ -339,8 +353,11 @@ bozo_clean_request(bozo_httpreq_t *reque free(request->hr_serverport); free(request->hr_virthostname); free(request->hr_file_free); + /* XXX this is gross */ if (request->hr_file_free != request->hr_oldfile) free(request->hr_oldfile); + else + free(request->hr_file); free(request->hr_query); free(request->hr_host); bozo_user_free(request->hr_user); @@ -2694,6 +2711,23 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs return 1; } +void +bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs) +{ + bozo_clear_prefs(httpd, prefs); + + free(httpd->virthostname); + free(httpd->errorbuf); + free(httpd->getln_buffer); + free(httpd->slashdir); +#define bozo_unconst(x) ((void *)(uintptr_t)x) + free(bozo_unconst(httpd->server_software)); + free(bozo_unconst(httpd->index_html)); + free(bozo_unconst(httpd->dir_readme)); + free(bozo_unconst(httpd->public_html)); +#undef bozo_unconst +} + int bozo_get_version(char *buf, size_t size) { Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.66 src/libexec/httpd/bozohttpd.h:1.67 --- src/libexec/httpd/bozohttpd.h:1.66 Thu Feb 11 09:23:55 2021 +++ src/libexec/httpd/bozohttpd.h Thu Feb 11 09:57:52 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.66 2021/02/11 09:23:55 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.67 2021/02/11 09:57:52 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -443,6 +443,7 @@ int bozo_init_httpd(bozohttpd_t *); int bozo_init_prefs(bozohttpd_t *, bozoprefs_t *); int bozo_set_defaults(bozohttpd_t *, bozoprefs_t *); int bozo_setup(bozohttpd_t *, bozoprefs_t *, const char *, const char *); +void bozo_cleanup(bozohttpd_t *, bozoprefs_t *); bozo_httpreq_t *bozo_read_request(bozohttpd_t *); void bozo_process_request(bozo_httpreq_t *); void bozo_clean_request(bozo_httpreq_t *); Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.25 src/libexec/httpd/main.c:1.26 --- src/libexec/httpd/main.c:1.25 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/main.c Thu Feb 11 09:57:52 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.25 2020/10/15 04:21:53 mrg Exp $ */ +/* $NetBSD: main.c,v 1.26 2021/02/11 09:57:52 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -408,5 +408,7 @@ main(int argc, char **argv) } } while (httpd.background); + bozo_cleanup(, ); + return (0); } Index: src/libexec/httpd/libbozohttpd/libbozohttpd.3 diff -u src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4 src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5 --- src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4 Sat Feb 4 01:32:54 2017 +++ src/libexec/httpd/libbozohttpd/libbozohttpd.3 Thu Feb 11 09:57:53 2021 @@ -1,4 +1,4 @@ -.\" $NetBSD: libbozohttpd.3,v 1.4 2017/02/04 01:32:54 mrg Exp $ +.\" $NetBSD: libbozohttpd.3,v 1.5 2021/02/11 09:57:53 mrg Exp $ .\" .\" $eterna: libbozohttpd.3,v 1.2 2010/05/10 02:48:23 mrg Exp $ .\" @@ -29,7 +29,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd February 2, 2017 +.Dd February 11, 2021 .Dt LIBBOZOHTTPD 3 .Os .Sh
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Feb 11 09:23:56 UTC 2021 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c src/libexec/httpd/testsuite: Makefile Added Files: src/libexec/httpd/testsuite: t16.in t16.out t17.in t17.out t18.in t18.out Log Message: changes in bozohttpd 20210210: o fix various NULL derefs from malformed headers. mostly from . To generate a diff of this commit: cvs rdiff -u -r1.44 -r1.45 src/libexec/httpd/CHANGES cvs rdiff -u -r1.124 -r1.125 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.65 -r1.66 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.51 -r1.52 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.13 -r1.14 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t16.in \ src/libexec/httpd/testsuite/t16.out src/libexec/httpd/testsuite/t17.in \ src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.in \ src/libexec/httpd/testsuite/t18.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.44 src/libexec/httpd/CHANGES:1.45 --- src/libexec/httpd/CHANGES:1.44 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/CHANGES Thu Feb 11 09:23:55 2021 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $ +$NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $ + +changes in bozohttpd 20210210: + o fix various NULL derefs from malformed headers. mostly from + . changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.124 src/libexec/httpd/bozohttpd.c:1.125 --- src/libexec/httpd/bozohttpd.c:1.124 Thu Nov 19 10:45:36 2020 +++ src/libexec/httpd/bozohttpd.c Thu Feb 11 09:23:55 2021 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.124 2020/11/19 10:45:36 hannken Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.125 2021/02/11 09:23:55 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -108,7 +108,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20201014" +#define SERVER_SOFTWARE "bozohttpd/20210210" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -338,8 +338,9 @@ bozo_clean_request(bozo_httpreq_t *reque free(request->hr_remoteaddr); free(request->hr_serverport); free(request->hr_virthostname); - free(request->hr_file); - free(request->hr_oldfile); + free(request->hr_file_free); + if (request->hr_file_free != request->hr_oldfile) + free(request->hr_oldfile); free(request->hr_query); free(request->hr_host); bozo_user_free(request->hr_user); @@ -619,6 +620,7 @@ bozo_read_request(bozohttpd_t *httpd) request->hr_last_byte_pos = -1; request->hr_if_modified_since = NULL; request->hr_virthostname = NULL; + request->hr_file_free = NULL; request->hr_file = NULL; request->hr_oldfile = NULL; SIMPLEQ_INIT(>hr_replheaders); @@ -735,7 +737,7 @@ bozo_read_request(bozohttpd_t *httpd) /* we allocate return space in file and query only */ parse_request(httpd, str, , , , ); - request->hr_file = file; + request->hr_file_free = request->hr_file = file; request->hr_query = query; if (method == NULL) { bozo_http_error(httpd, 404, NULL, "null method"); @@ -771,11 +773,17 @@ bozo_read_request(bozohttpd_t *httpd) val = bozostrnsep(, ":", ); debug((httpd, DEBUG_EXPLODING, "read_req2: after " - "bozostrnsep: str `%s' val `%s'", str, val ? val : "")); + "bozostrnsep: str `%s' val `%s'", + str ? str : "", val ? val : "")); if (val == NULL || len == -1) { bozo_http_error(httpd, 404, request, "no header"); goto cleanup; } + if (str == NULL) { +bozo_http_error(httpd, 404, request, +"malformed header"); +goto cleanup; + } while (*str == ' ' || *str == '\t') len--, str++; while (*val == ' ' || *val == '\t') @@ -1284,8 +1292,8 @@ check_remap(bozo_httpreq_t *request) strcpy(newfile+rlen, file + len); debug((httpd, DEBUG_NORMAL, "remapping found '%s'", newfile)); - free(request->hr_file); - request->hr_file = newfile; + free(request->hr_file_free); + request->hr_file_free = request->hr_file = newfile; } munmap(fmap, st.st_size); @@ -1313,9 +1321,6 @@ check_virtual(bozo_httpreq_t *request) debug((httpd, DEBUG_OBESE, "checking for http:// virtual host in '%s'", file)); if (strncasecmp(file, "http://;, 7) == 0) { - /* bozostrdup() might access it. */ - char *old_file = request->hr_file; - /* we would do virtual hosting here? */ file += 7; /* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */ @@ -1324,8 +1329,9 @@ check_virtual(bozo_httpreq_t *request) if ((s = strchr(request->hr_host, '/')) != NULL) *s = '\0'; s = strchr(file,
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Jan 17 00:15:14 UTC 2021 Modified Files: src/libexec/httpd: Makefile.boot Log Message: also set -D_DEFAULT_SOURCE to open up more headers. allow passing $(EXTRALIBS). To generate a diff of this commit: cvs rdiff -u -r1.8 -r1.9 src/libexec/httpd/Makefile.boot Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile.boot diff -u src/libexec/httpd/Makefile.boot:1.8 src/libexec/httpd/Makefile.boot:1.9 --- src/libexec/httpd/Makefile.boot:1.8 Mon Jul 13 09:38:57 2020 +++ src/libexec/httpd/Makefile.boot Sun Jan 17 00:15:14 2021 @@ -6,18 +6,20 @@ CC= cc OPT= -O LARGE_CFLAGS= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -LOCAL_CFLAGS= -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE +LOCAL_CFLAGS= -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE -D_DEFAULT_SOURCE CFLAGS= $(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS) GROFF= groff -Tascii CRYPTOLIBDIR= # -L/usr/local/lib CRYPTOLIBS= $(CRYPTOLIBDIR) -lcrypto -lssl +LIBS= $(CRYPTOLIBS) $(EXTRALIBS) + FILES= bozohttpd.c auth-bozo.c cgi-bozo.c content-bozo.c daemon-bozo.c \ dir-index-bozo.c lua-bozo.c ssl-bozo.c tilde-luzah-bozo.c main.c all: - $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(CRYPTOLIBS) + $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(LIBS) man: $(GROFF) -mandoc bozohttpd.8 > bozohttpd.cat8
CVS commit: src/libexec/httpd
Module Name:src Committed By: hannken Date: Thu Nov 19 10:45:37 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Bozohttpd clobbers files greater than 4GB on 32bit archs. Make sure the alignment mask derived from pagesize is an off_t. To generate a diff of this commit: cvs rdiff -u -r1.123 -r1.124 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.123 src/libexec/httpd/bozohttpd.c:1.124 --- src/libexec/httpd/bozohttpd.c:1.123 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/bozohttpd.c Thu Nov 19 10:45:36 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.123 2020/10/15 04:21:53 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.124 2020/11/19 10:45:36 hannken Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -907,7 +907,7 @@ mmap_and_write_part(bozohttpd_t *httpd, * * we use the write offset in all writes */ - mappedoffset = first_byte_pos & ~(httpd->page_size - 1); + mappedoffset = first_byte_pos & ~((off_t)httpd->page_size - 1); mappedsz = (size_t) (first_byte_pos - mappedoffset + sz + httpd->page_size - 1) & ~(httpd->page_size - 1);
CVS commit: src/libexec/httpd
Module Name:src Committed By: wiz Date: Thu Oct 15 09:54:22 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: New sentence, new line. Fix xref. To generate a diff of this commit: cvs rdiff -u -r1.86 -r1.87 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.86 src/libexec/httpd/bozohttpd.8:1.87 --- src/libexec/httpd/bozohttpd.8:1.86 Thu Oct 15 04:21:53 2020 +++ src/libexec/httpd/bozohttpd.8 Thu Oct 15 09:54:22 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.86 2020/10/15 04:21:53 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.87 2020/10/15 09:54:22 wiz Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -127,7 +127,8 @@ Enables CGI/1.1 interface for .Em ~user translation. Note that enabling this support implies that users can run commands -as the web server user. This may have security implications. +as the web server user. +This may have security implications. .It Fl e Causes .Nm @@ -141,7 +142,8 @@ Stops the .Fl b flag from detaching .Nm -from the tty and going into the background. This implies the +from the tty and going into the background. +This implies the .Fl b flag. .It Fl G @@ -809,7 +811,7 @@ provided chroot and change-to-user suppo .An Jukka Ruohonen .Aq Mt jru...@netbsd.org provided support for -.Xr blocklist 8 +.Xr blocklistd 8 .It .An Jared McNeill .Aq Mt jmcne...@netbsd.org
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Oct 15 04:21:53 UTC 2020 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c main.c ssl-bozo.c Log Message: various updates from / freebsd. the list from Henrik: bozohttpd.8: o Added -d flag to the man page o Moved -E flag in man page to keep alphabetic order o Grammar fix for description of -E flag in man page o Moved a word in the man description for the -f flag o Made -f imply -b as a backwards-compatible shortcut o Updated man description of -n to mention Lua scripts o Moved -z below -Z to keep the uppercase options first bozohttpd.c: o Removed obsolete comment about ~user missing cgi-bin support o Removed "/* ARGSUSED */" lines; was that a macro or a reminder? o Added USE_ARG macro call for sig, which was otherwise not used o Added USE_ARG macro call for msg (only used if debug is enabled) bozohttpd.h: o Fixed typo in the include guard (BOZOHTTOPD_H_ -> BOZOHTTPD_H_) o Renamed have_all to have_core; it didn't mean "all" options content-bozo.c: o Added USE_ARG macro call for signo, which was otherwise not used o Made -f imply -b as a backwards-compatible shortcut main.c: o Simplified -b text to be symmetric with that for the -f option o Updated -C text to make "suffix" explicit; it's better than "arg" o Changed to only show the -E description if have_user is true o Always show the -e option, which incorrectly used the -E logic o Renamed have_all to have_core; it didn't mean "all" options o Added three missing tabs for the description of the -G option o Updated -L text to make "prefix" explicit; it's better than "arg" o Updated -M text to make "suffix" explicit; it's slightly better o Added a previously missing description for the -n option o Documented the otherwise obscure valid types for the -T option o Shortened "username" to "user" to match the actual help text o Moved handling of -c below that for -C to standardize the order o Broke the enabling test for -C into two lines for consistency o Inverted the enabling test for -E; this is what was meant, right? o Removed the enabling test for -e, which should always be enabled ssl-bozo.c: o Added USE_ARG for httpd, which is not used if SSL has been excluded To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.44 src/libexec/httpd/CHANGES cvs rdiff -u -r1.85 -r1.86 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.122 -r1.123 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.64 -r1.65 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/content-bozo.c cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/daemon-bozo.c cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/main.c cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.43 src/libexec/httpd/CHANGES:1.44 --- src/libexec/httpd/CHANGES:1.43 Thu Oct 15 02:19:23 2020 +++ src/libexec/httpd/CHANGES Thu Oct 15 04:21:53 2020 @@ -1,4 +1,4 @@ -$NetBSD: CHANGES,v 1.43 2020/10/15 02:19:23 mrg Exp $ +$NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $ changes in bozohttpd 20201014: o also set -D_GNU_SOURCE in Makefile.boot. from @@ -6,6 +6,9 @@ changes in bozohttpd 20201014: o fix array size botch (assertion, not exploitable.) from mar...@netbsd.org. o also match %2F as well as %2f. from l...@vuxu.org. + o many manual and help fixes. clean ups for higher lint levels, + consistency/style clean ups. various option fixes including made + -f imply -b. from for freebsd. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.85 src/libexec/httpd/bozohttpd.8:1.86 --- src/libexec/httpd/bozohttpd.8:1.85 Thu Oct 15 02:19:23 2020 +++ src/libexec/httpd/bozohttpd.8 Thu Oct 15 04:21:53 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.85 2020/10/15 02:19:23 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.86 2020/10/15 04:21:53 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -34,14 +34,14 @@ .Nd hyper text transfer protocol version 1.1 daemon .Sh SYNOPSIS .Nm -.Op Fl EGHVXefhnsu +.Op Fl EGHVXdefhnsu .Op Fl C Ar suffix cgihandler .Op Fl I Ar port .Op Fl L Ar prefix script .Op Fl M Ar suffix type encoding encoding11 .Op Fl P Ar pidfile .Op Fl R Ar readme -.Op Fl S Ar server_software +.Op Fl S Ar version .Op Fl T Ar type timeout .Op Fl U Ar username .Op Fl Z Ar cert privkey @@ -120,6 +120,14 @@ Note that the CGI/1.1 interface is avail translation using .Fl E switch. +.It Fl d +Enables debug support. +.It Fl E +Enables
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Oct 15 02:19:24 UTC 2020 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c main.c ssl-bozo.c Log Message: set -D_GNU_SOURCE in Makefile.boot. from hadrien.lac...@posteo.net. also match %2F as well as %2f. from l...@vuxu.org. introduce defines for "80" and "443". copyright maint. To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/CHANGES cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.84 -r1.85 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.121 -r1.122 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.63 -r1.64 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/dir-index-bozo.c cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/main.c cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.42 src/libexec/httpd/CHANGES:1.43 --- src/libexec/httpd/CHANGES:1.42 Sat Sep 12 12:39:28 2020 +++ src/libexec/httpd/CHANGES Thu Oct 15 02:19:23 2020 @@ -1,4 +1,11 @@ -$NetBSD: CHANGES,v 1.42 2020/09/12 12:39:28 rhialto Exp $ +$NetBSD: CHANGES,v 1.43 2020/10/15 02:19:23 mrg Exp $ + +changes in bozohttpd 20201014: + o also set -D_GNU_SOURCE in Makefile.boot. from + hadrien.lac...@posteo.net. + o fix array size botch (assertion, not exploitable.) from + mar...@netbsd.org. + o also match %2F as well as %2f. from l...@vuxu.org. changes in bozohttpd 20200912: o add .m4a and .m4v file extensions. Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.25 src/libexec/httpd/auth-bozo.c:1.26 --- src/libexec/httpd/auth-bozo.c:1.25 Sat Jul 11 08:10:52 2020 +++ src/libexec/httpd/auth-bozo.c Thu Oct 15 02:19:23 2020 @@ -1,9 +1,9 @@ -/* $NetBSD: auth-bozo.c,v 1.25 2020/07/11 08:10:52 jruoho Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2019 Matthew R. Green + * Copyright (c) 1997-2020 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.84 src/libexec/httpd/bozohttpd.8:1.85 --- src/libexec/httpd/bozohttpd.8:1.84 Thu Aug 20 07:55:10 2020 +++ src/libexec/httpd/bozohttpd.8 Thu Oct 15 02:19:23 2020 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.84 2020/08/20 07:55:10 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.85 2020/10/15 02:19:23 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2019 Matthew R. Green +.\" Copyright (c) 1997-2020 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 11, 2020 +.Dd October 14, 2020 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -642,7 +642,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20190116. +version 20201014. .Sh AUTHORS .An -nosplit .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.121 src/libexec/httpd/bozohttpd.c:1.122 --- src/libexec/httpd/bozohttpd.c:1.121 Sat Sep 5 13:38:24 2020 +++ src/libexec/httpd/bozohttpd.c Thu Oct 15 02:19:23 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.121 2020/09/05 13:38:24 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.122 2020/10/15 02:19:23 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20200820" +#define SERVER_SOFTWARE "bozohttpd/20201014" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -651,7 +651,7 @@ bozo_read_request(bozohttpd_t *httpd) * if passed through a proxy that doesn't rewrite the port. */ if (httpd->bindport) { - if (strcmp(httpd->bindport, "80") != 0) + if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0) port = httpd->bindport; else port = NULL; @@ -1099,7 +1099,7 @@ handle_redirect(bozo_httpreq_t *request, hostname = ""; portbuf[0] = '\0'; } else { - const char *defport = httpd->sslinfo ? "443" : "80"; + const char *defport = httpd->sslinfo ? BOZO_HTTPS_PORT : BOZO_HTTP_PORT; if (request->hr_serverport && strcmp(request->hr_serverport, defport) != 0) @@ -1335,7 +1335,8 @@ check_virtual(bozo_httpreq_t *request) * canonicalise hr_host - that is, remove any :80. */ len = strlen(request->hr_host); - if (len > 3 && strcmp(request->hr_host + len - 3, ":80") == 0) { + if (len > 3 && +
CVS commit: src/libexec/httpd
Module Name:src Committed By: rhialto Date: Sat Sep 12 14:44:25 UTC 2020 Modified Files: src/libexec/httpd: content-bozo.c Log Message: bozohttpd: correct .m4a to audio/mp4. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.17 src/libexec/httpd/content-bozo.c:1.18 --- src/libexec/httpd/content-bozo.c:1.17 Sat Sep 12 12:39:28 2020 +++ src/libexec/httpd/content-bozo.c Sat Sep 12 14:44:25 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: content-bozo.c,v 1.17 2020/09/12 12:39:28 rhialto Exp $ */ +/* $NetBSD: content-bozo.c,v 1.18 2020/09/12 14:44:25 rhialto Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -135,7 +135,7 @@ static bozo_content_map_t static_content { ".snd", "audio/basic", "", "", NULL }, { ".mpga", "audio/mpeg", "", "", NULL }, { ".mp2", "audio/mpeg", "", "", NULL }, - { ".m4a", "audio/mpeg", "", "", NULL }, + { ".m4a", "audio/mp4", "", "", NULL }, { ".aif", "audio/x-aiff", "", "", NULL }, { ".aiff", "audio/x-aiff", "", "", NULL }, { ".aifc", "audio/x-aiff", "", "", NULL },
CVS commit: src/libexec/httpd
Module Name:src Committed By: rhialto Date: Sat Sep 12 12:39:28 UTC 2020 Modified Files: src/libexec/httpd: CHANGES content-bozo.c Log Message: bozohttpd: add .m4a and .m4v file extensions. To generate a diff of this commit: cvs rdiff -u -r1.41 -r1.42 src/libexec/httpd/CHANGES cvs rdiff -u -r1.16 -r1.17 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.41 src/libexec/httpd/CHANGES:1.42 --- src/libexec/httpd/CHANGES:1.41 Thu Aug 20 07:55:10 2020 +++ src/libexec/httpd/CHANGES Sat Sep 12 12:39:28 2020 @@ -1,4 +1,7 @@ -$NetBSD: CHANGES,v 1.41 2020/08/20 07:55:10 mrg Exp $ +$NetBSD: CHANGES,v 1.42 2020/09/12 12:39:28 rhialto Exp $ + +changes in bozohttpd 20200912: + o add .m4a and .m4v file extensions. changes in bozohttpd 20200820: o make this work on sun2 by reducing mmap window there. Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.16 src/libexec/httpd/content-bozo.c:1.17 --- src/libexec/httpd/content-bozo.c:1.16 Fri Nov 23 08:11:20 2018 +++ src/libexec/httpd/content-bozo.c Sat Sep 12 12:39:28 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: content-bozo.c,v 1.16 2018/11/23 08:11:20 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.17 2020/09/12 12:39:28 rhialto Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -135,6 +135,7 @@ static bozo_content_map_t static_content { ".snd", "audio/basic", "", "", NULL }, { ".mpga", "audio/mpeg", "", "", NULL }, { ".mp2", "audio/mpeg", "", "", NULL }, + { ".m4a", "audio/mpeg", "", "", NULL }, { ".aif", "audio/x-aiff", "", "", NULL }, { ".aiff", "audio/x-aiff", "", "", NULL }, { ".aifc", "audio/x-aiff", "", "", NULL }, @@ -167,6 +168,7 @@ static bozo_content_map_t static_content { ".ts", "video/mpeg", "", "", NULL }, { ".vob", "video/mpeg", "", "", NULL }, { ".mp4", "video/mp4", "", "", NULL }, + { ".m4v", "video/mp4", "", "", NULL }, { ".qt", "video/quicktime", "", "", NULL }, { ".mov", "video/quicktime", "", "", NULL }, { ".avi", "video/x-msvideo", "", "", NULL },
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Sep 5 13:38:24 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: avoid passing NULL pointers to printf() like functions and %s. To generate a diff of this commit: cvs rdiff -u -r1.120 -r1.121 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.120 src/libexec/httpd/bozohttpd.c:1.121 --- src/libexec/httpd/bozohttpd.c:1.120 Thu Aug 20 07:57:01 2020 +++ src/libexec/httpd/bozohttpd.c Sat Sep 5 13:38:24 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.120 2020/08/20 07:57:01 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.121 2020/09/05 13:38:24 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -317,7 +317,7 @@ parse_request(bozohttpd_t *httpd, char * debug((httpd, DEBUG_FAT, "url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"", - *method, *file, *query, *proto)); + *method, *file, *query ? *query : "", *proto ? *proto : "")); } /* @@ -771,7 +771,7 @@ bozo_read_request(bozohttpd_t *httpd) val = bozostrnsep(, ":", ); debug((httpd, DEBUG_EXPLODING, "read_req2: after " - "bozostrnsep: str `%s' val `%s'", str, val)); + "bozostrnsep: str `%s' val `%s'", str, val ? val : "")); if (val == NULL || len == -1) { bozo_http_error(httpd, 404, request, "no header"); goto cleanup;
CVS commit: src/libexec/httpd
Module Name:src Committed By: leot Date: Tue Aug 25 20:02:33 UTC 2020 Modified Files: src/libexec/httpd: printenv.lua Log Message: Fix a typo in a comment To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/printenv.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/printenv.lua diff -u src/libexec/httpd/printenv.lua:1.3 src/libexec/httpd/printenv.lua:1.4 --- src/libexec/httpd/printenv.lua:1.3 Mon Dec 7 03:11:48 2015 +++ src/libexec/httpd/printenv.lua Tue Aug 25 20:02:33 2020 @@ -1,10 +1,10 @@ --- $NetBSD: printenv.lua,v 1.3 2015/12/07 03:11:48 kamil Exp $ +-- $NetBSD: printenv.lua,v 1.4 2020/08/25 20:02:33 leot Exp $ -- this small Lua script demonstrates the use of Lua in (bozo)httpd -- it will simply output the "environment" -- Keep in mind that bozohttpd forks for each request when started in --- daemon mode, you can set global veriables here, but they will have +-- daemon mode, you can set global variables here, but they will have -- the same value on each invocation. You can not keep state between -- two calls.
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Aug 20 07:56:27 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: compare mmap return again MAP_FAILED not -1 or 0. To generate a diff of this commit: cvs rdiff -u -r1.118 -r1.119 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.118 src/libexec/httpd/bozohttpd.c:1.119 --- src/libexec/httpd/bozohttpd.c:1.118 Thu Aug 20 05:46:31 2020 +++ src/libexec/httpd/bozohttpd.c Thu Aug 20 07:56:26 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.118 2020/08/20 05:46:31 spz Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.119 2020/08/20 07:56:26 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -914,7 +914,7 @@ mmap_and_write_part(bozohttpd_t *httpd, wroffset = (size_t)(first_byte_pos - mappedoffset); addr = mmap(0, mappedsz, PROT_READ, MAP_SHARED, fd, mappedoffset); - if (addr == (char *)-1) { + if (addr == MAP_FAILED) { bozowarn(httpd, "mmap failed: %s", strerror(errno)); return -1; } @@ -1201,7 +1201,7 @@ check_remap(bozo_httpreq_t *request) } fmap = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, mapfile, 0); - if (fmap == NULL) { + if (fmap == MAP_FAILED) { bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d", errno); goto out;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Aug 20 07:57:01 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: call this bozohttpd/20200820 To generate a diff of this commit: cvs rdiff -u -r1.119 -r1.120 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.119 src/libexec/httpd/bozohttpd.c:1.120 --- src/libexec/httpd/bozohttpd.c:1.119 Thu Aug 20 07:56:26 2020 +++ src/libexec/httpd/bozohttpd.c Thu Aug 20 07:57:01 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.119 2020/08/20 07:56:26 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.120 2020/08/20 07:57:01 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20190228" +#define SERVER_SOFTWARE "bozohttpd/20200820" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html"
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Aug 20 07:55:10 UTC 2020 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 Log Message: update for recent changes. To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/libexec/httpd/CHANGES cvs rdiff -u -r1.83 -r1.84 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.40 src/libexec/httpd/CHANGES:1.41 --- src/libexec/httpd/CHANGES:1.40 Thu Feb 28 09:16:42 2019 +++ src/libexec/httpd/CHANGES Thu Aug 20 07:55:10 2020 @@ -1,4 +1,10 @@ -$NetBSD: CHANGES,v 1.40 2019/02/28 09:16:42 mrg Exp $ +$NetBSD: CHANGES,v 1.41 2020/08/20 07:55:10 mrg Exp $ + +changes in bozohttpd 20200820: + o make this work on sun2 by reducing mmap window there. + o fix SSL shutdown sequence. from s...@netbsd.org. + o add readme support to directory indexing. from jmcne...@netbsd.org + o add blocklist(8) support. from jru...@netbsd.org. changes in bozohttpd 20190228: o extend timeout facility to ssl and stop servers hanging forever Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.83 src/libexec/httpd/bozohttpd.8:1.84 --- src/libexec/httpd/bozohttpd.8:1.83 Mon Jul 13 09:41:18 2020 +++ src/libexec/httpd/bozohttpd.8 Thu Aug 20 07:55:10 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.83 2020/07/13 09:41:18 wiz Exp $ +.\" $NetBSD: bozohttpd.8,v 1.84 2020/08/20 07:55:10 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -701,8 +701,8 @@ provided initial IPv6 support .It .An Martin Husemann .Aq Mt mar...@netbsd.org -provided .bzabsredirect and .bzredir support, and fixed various -redirection issues +provided .bzabsredirect and .bzredir support, fixed various +redirection issues and more .It .An Arto Huusko .Aq Mt arto.huu...@pp2.inet.fi @@ -804,6 +804,19 @@ provided http authorization fixes .Aq Mt x...@kittenz.org provided chroot and change-to-user support, and other various fixes .It +.An Jukka Ruohonen +.Aq Mt jru...@netbsd.org +provided support for +.Xr blocklist 8 +.It +.An Jared McNeill +.Aq Mt jmcne...@netbsd.org +added support for readme in directory indexing +.It +.An S.P.Zeidler +.Aq Mt s...@netbsd.org +fixed several SSL shutdown issues +.It Coyote Point provided various CGI fixes .El .Pp
CVS commit: src/libexec/httpd
Module Name:src Committed By: spz Date: Thu Aug 20 05:46:31 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h cgi-bozo.c ssl-bozo.c Log Message: send close_notify for the ssl connection before closing the TCP connection Thanks to Dr. Thomas Orgis for reporting the issue. To generate a diff of this commit: cvs rdiff -u -r1.117 -r1.118 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.62 -r1.63 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.117 src/libexec/httpd/bozohttpd.c:1.118 --- src/libexec/httpd/bozohttpd.c:1.117 Mon Jul 13 09:38:57 2020 +++ src/libexec/httpd/bozohttpd.c Thu Aug 20 05:46:31 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.117 2020/07/13 09:38:57 jruoho Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.118 2020/08/20 05:46:31 spz Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1912,6 +1912,8 @@ bozo_process_request(bozo_httpreq_t *req cleanup: close(fd); cleanup_nofd: + /* If SSL enabled send close_notify. */ + bozo_ssl_shutdown(request->hr_httpd); close(STDIN_FILENO); close(STDOUT_FILENO); /*close(STDERR_FILENO);*/ Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.62 src/libexec/httpd/bozohttpd.h:1.63 --- src/libexec/httpd/bozohttpd.h:1.62 Sat Jul 11 08:10:52 2020 +++ src/libexec/httpd/bozohttpd.h Thu Aug 20 05:46:31 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.62 2020/07/11 08:10:52 jruoho Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.63 2020/08/20 05:46:31 spz Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -312,6 +312,7 @@ char *bozostrdup(bozohttpd_t *, bozo_htt #define bozo_ssl_set_ciphers(w, x) bozo_noop #define bozo_ssl_init(x)bozo_noop #define bozo_ssl_accept(x)(0) +#define bozo_ssl_shutdown(x)bozo_noop #define bozo_ssl_destroy(x)bozo_noop #define have_ssl (0) #else @@ -319,6 +320,7 @@ void bozo_ssl_set_opts(bozohttpd_t *, co void bozo_ssl_set_ciphers(bozohttpd_t *, const char *); void bozo_ssl_init(bozohttpd_t *); int bozo_ssl_accept(bozohttpd_t *); +void bozo_ssl_shutdown(bozohttpd_t *); void bozo_ssl_destroy(bozohttpd_t *); #define have_ssl (1) #endif Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.49 src/libexec/httpd/cgi-bozo.c:1.50 --- src/libexec/httpd/cgi-bozo.c:1.49 Fri Dec 6 05:53:20 2019 +++ src/libexec/httpd/cgi-bozo.c Thu Aug 20 05:46:31 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.49 2019/12/06 05:53:20 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.50 2020/08/20 05:46:31 spz Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -637,6 +637,8 @@ bozo_process_cgi(bozo_httpreq_t *request /* child reader/writer */ close(STDIN_FILENO); finish_cgi_output(httpd, request, sv[0], nph); + /* if we do SSL, send a SSL_shutdown now */ + bozo_ssl_shutdown(request->hr_httpd); /* if we're done output, our parent is useless... */ kill(getppid(), SIGKILL); debug((httpd, DEBUG_FAT, "done processing cgi output")); Index: src/libexec/httpd/ssl-bozo.c diff -u src/libexec/httpd/ssl-bozo.c:1.26 src/libexec/httpd/ssl-bozo.c:1.27 --- src/libexec/httpd/ssl-bozo.c:1.26 Thu Feb 28 08:28:21 2019 +++ src/libexec/httpd/ssl-bozo.c Thu Aug 20 05:46:31 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: ssl-bozo.c,v 1.26 2019/02/28 08:28:21 mrg Exp $ */ +/* $NetBSD: ssl-bozo.c,v 1.27 2020/08/20 05:46:31 spz Exp $ */ /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ @@ -287,6 +287,15 @@ bozo_ssl_accept(bozohttpd_t *httpd) } void +bozo_ssl_shutdown(bozohttpd_t *httpd) +{ + const sslinfo_t *sslinfo = httpd->sslinfo; + + if (sslinfo && sslinfo->bozossl) + SSL_shutdown(sslinfo->bozossl); +} + +void bozo_ssl_destroy(bozohttpd_t *httpd) { const sslinfo_t *sslinfo = httpd->sslinfo;
CVS commit: src/libexec/httpd/small
Module Name:src Committed By: jruoho Date: Mon Jul 13 10:35:17 UTC 2020 Modified Files: src/libexec/httpd/small: Makefile Log Message: Add -DNO_BLOCKLIST_SUPPORT also to small/Makefile. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/small/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/small/Makefile diff -u src/libexec/httpd/small/Makefile:1.3 src/libexec/httpd/small/Makefile:1.4 --- src/libexec/httpd/small/Makefile:1.3 Thu Jul 17 06:24:57 2014 +++ src/libexec/httpd/small/Makefile Mon Jul 13 10:35:17 2020 @@ -9,7 +9,7 @@ LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPP -DNO_CGIBIN_SUPPORT -DNO_DIRINDEX_SUPPORT \ -DNO_DAEMON_MODE -DNO_DYNAMIC_CONTENT \ -DNO_SSL_SUPPORT -UDO_HTPASSWD \ - -DNO_LUA_SUPPORT + -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT CFLAGS= -I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS}
CVS commit: src/libexec/httpd
Module Name:src Committed By: wiz Date: Mon Jul 13 09:41:18 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: Use Nx. To generate a diff of this commit: cvs rdiff -u -r1.82 -r1.83 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.82 src/libexec/httpd/bozohttpd.8:1.83 --- src/libexec/httpd/bozohttpd.8:1.82 Mon Jul 13 09:38:57 2020 +++ src/libexec/httpd/bozohttpd.8 Mon Jul 13 09:41:18 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.82 2020/07/13 09:38:57 jruoho Exp $ +.\" $NetBSD: bozohttpd.8,v 1.83 2020/07/13 09:41:18 wiz Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -455,7 +455,8 @@ on the compiler command line to enable t It may require linking with the crypt library, using .Dq -lcrypt . .Ss BLOCKLIST SUPPORT -On NetBSD, +On +.Nx , .Nm supports .Xr blocklistd 8
CVS commit: src/libexec/httpd
Module Name:src Committed By: jruoho Date: Mon Jul 13 09:38:57 UTC 2020 Modified Files: src/libexec/httpd: Makefile.boot bozohttpd.8 bozohttpd.c Log Message: Do not report status code 500 to blocklistd(8) Add -DNO_BLOCKLIST_SUPPORT to Makefile.boot. To generate a diff of this commit: cvs rdiff -u -r1.7 -r1.8 src/libexec/httpd/Makefile.boot cvs rdiff -u -r1.81 -r1.82 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.116 -r1.117 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile.boot diff -u src/libexec/httpd/Makefile.boot:1.7 src/libexec/httpd/Makefile.boot:1.8 --- src/libexec/httpd/Makefile.boot:1.7 Wed Oct 30 07:28:13 2019 +++ src/libexec/httpd/Makefile.boot Mon Jul 13 09:38:57 2020 @@ -6,7 +6,7 @@ CC= cc OPT= -O LARGE_CFLAGS= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -LOCAL_CFLAGS= -DNO_LUA_SUPPORT -D_GNU_SOURCE +LOCAL_CFLAGS= -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE CFLAGS= $(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS) GROFF= groff -Tascii Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.81 src/libexec/httpd/bozohttpd.8:1.82 --- src/libexec/httpd/bozohttpd.8:1.81 Sat Jul 11 08:10:52 2020 +++ src/libexec/httpd/bozohttpd.8 Mon Jul 13 09:38:57 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.81 2020/07/11 08:10:52 jruoho Exp $ +.\" $NetBSD: bozohttpd.8,v 1.82 2020/07/13 09:38:57 jruoho Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -466,16 +466,14 @@ compilation option. .Pp Upon occurrence, .Nm -reports three HTTP status codes to +reports two HTTP status codes to .Xr blocklistd 8 as failures: .Em 401 -(``Unauthorized'') , -.Em 403 -(``Forbidden'') , +(``Unauthorized'') and -.Em 500 -(``Internal Server Error'') . +.Em 403 +(``Forbidden'') . Of these, .Em 401 is the one received upon authorization failure with the Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.116 src/libexec/httpd/bozohttpd.c:1.117 --- src/libexec/httpd/bozohttpd.c:1.116 Sat Jul 11 08:10:52 2020 +++ src/libexec/httpd/bozohttpd.c Mon Jul 13 09:38:57 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.116 2020/07/11 08:10:52 jruoho Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.117 2020/07/13 09:38:57 jruoho Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2297,8 +2297,7 @@ bozo_http_error(bozohttpd_t *httpd, int pfilter_notify(BLOCKLIST_AUTH_FAIL, code); break; - case 403: /* FALLTHROUGH */ - case 500: + case 403: pfilter_notify(BLOCKLIST_ABUSIVE_BEHAVIOR, code); break; }
CVS commit: src/libexec/httpd
Module Name:src Committed By: jruoho Date: Sat Jul 11 08:10:52 UTC 2020 Modified Files: src/libexec/httpd: Makefile auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h Log Message: Add blocklistd(8) support. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/Makefile cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.80 -r1.81 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.115 -r1.116 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.61 -r1.62 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.28 src/libexec/httpd/Makefile:1.29 --- src/libexec/httpd/Makefile:1.28 Thu Jan 17 07:39:00 2019 +++ src/libexec/httpd/Makefile Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.28 2019/01/17 07:39:00 mrg Exp $ +# $NetBSD: Makefile,v 1.29 2020/07/11 08:10:52 jruoho Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -14,6 +14,7 @@ # NO_SSL_SUPPORT /* don't support ssl (https) */ # DO_HTPASSWD /* support .htpasswd files */ # NO_LUA_SUPPORT /* don't support Lua for dynamic content */ +# NO_BLOCKLIST_SUPPORT /* don't support blocklist */ # # other system specific defines: # HAVE_NBUTIL_H /* netbsd compat is in @@ -32,8 +33,8 @@ SRCS= bozohttpd.c ssl-bozo.c auth-bozo.c tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c SRCS+= main.c -LDADD= -lcrypt -llua -lm -DPADD= ${LIBCRYPT} ${LIBLUA} ${LIBM} +LDADD= -lblocklist -lcrypt -llua -lm +DPADD= ${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM} WARNS?= 4 Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.24 src/libexec/httpd/auth-bozo.c:1.25 --- src/libexec/httpd/auth-bozo.c:1.24 Thu Feb 28 08:28:21 2019 +++ src/libexec/httpd/auth-bozo.c Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bozo.c,v 1.24 2019/02/28 08:28:21 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.25 2020/07/11 08:10:52 jruoho Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -105,6 +105,11 @@ bozo_auth_check(bozo_httpreq_t *request, pass) != 0) break; fclose(fp); + +#ifndef NO_BLOCKLIST_SUPPORT + pfilter_notify(BLOCKLIST_AUTH_OK, 200); +#endif /* !NO_BLOCKLIST_SUPPORT */ + return 0; } } Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.80 src/libexec/httpd/bozohttpd.8:1.81 --- src/libexec/httpd/bozohttpd.8:1.80 Mon Jul 6 23:31:36 2020 +++ src/libexec/httpd/bozohttpd.8 Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.80 2020/07/06 23:31:36 jmcneill Exp $ +.\" $NetBSD: bozohttpd.8,v 1.81 2020/07/11 08:10:52 jruoho Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 6, 2020 +.Dd July 11, 2020 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -454,6 +454,45 @@ with on the compiler command line to enable this support. It may require linking with the crypt library, using .Dq -lcrypt . +.Ss BLOCKLIST SUPPORT +On NetBSD, +.Nm +supports +.Xr blocklistd 8 +by default. +The support can be disabled with the +.Dq -DNO_BLOCKLIST_SUPPORT +compilation option. +.Pp +Upon occurrence, +.Nm +reports three HTTP status codes to +.Xr blocklistd 8 +as failures: +.Em 401 +(``Unauthorized'') , +.Em 403 +(``Forbidden'') , +and +.Em 500 +(``Internal Server Error'') . +Of these, +.Em 401 +is the one received upon authorization failure with the +HTTP Basic Authorization mechanism. +A successful authorization decreases the counter kept by +.Xr blocklistd 8 . +.Pp +Note that the implementation of the HTTP Basic Authorization mechanism +uses a redirection; a status code +.Em 401 +is always initially received. +Therefore, a single authorization failure of +.Pa .htpasswd +is reported as two failures to +.Xr blocklistd 8 , +but no failures are recorded upon successful authorization +due to the decrease of the failure counter. .Ss SSL SUPPORT .Nm has support for TLSv1.1 and TLSv1.2 protocols that are included by Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.115 src/libexec/httpd/bozohttpd.c:1.116 --- src/libexec/httpd/bozohttpd.c:1.115 Mon Jul 6 23:31:36 2020 +++ src/libexec/httpd/bozohttpd.c Sat Jul 11 08:10:52 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.115 2020/07/06 23:31:36 jmcneill Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.116 2020/07/11 08:10:52 jruoho Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2133,6 +2133,7 @@ static struct errors_map { const char *shortmsg; /* short version of message */ const char *longmsg; /* long version of message */ } errors_map[] = { + { 200, "200 OK", "The request was valid", }, { 400, "400 Bad Request", "The request was
CVS commit: src/libexec/httpd
Module Name:src Committed By: jmcneill Date: Mon Jul 6 23:31:36 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c main.c Log Message: Add -R flag to specify a README file to add at the bottom of directory autoindex listings. To generate a diff of this commit: cvs rdiff -u -r1.79 -r1.80 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.114 -r1.115 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.60 -r1.61 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/dir-index-bozo.c cvs rdiff -u -r1.22 -r1.23 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.79 src/libexec/httpd/bozohttpd.8:1.80 --- src/libexec/httpd/bozohttpd.8:1.79 Thu Feb 28 08:28:21 2019 +++ src/libexec/httpd/bozohttpd.8 Mon Jul 6 23:31:36 2020 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.79 2019/02/28 08:28:21 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.80 2020/07/06 23:31:36 jmcneill Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 27, 2019 +.Dd July 6, 2020 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -40,6 +40,7 @@ .Op Fl L Ar prefix script .Op Fl M Ar suffix type encoding encoding11 .Op Fl P Ar pidfile +.Op Fl R Ar readme .Op Fl S Ar server_software .Op Fl T Ar type timeout .Op Fl U Ar username @@ -232,6 +233,10 @@ translations from .Dq public_html to .Ar pubdir . +.It Fl R Ar readme +When directory indexing is enabled, include the contents of the file +.Ar readme +in the footer of the directory index. .It Fl S Ar server_software Sets the internal server version to .Ar server_software . Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.114 src/libexec/httpd/bozohttpd.c:1.115 --- src/libexec/httpd/bozohttpd.c:1.114 Sun Jun 7 23:33:02 2020 +++ src/libexec/httpd/bozohttpd.c Mon Jul 6 23:31:36 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.114 2020/06/07 23:33:02 fox Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.115 2020/07/06 23:31:36 jmcneill Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2570,6 +2570,9 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs strcmp(cp, "true") == 0) { httpd->dir_indexing = 1; } + if ((cp = bozo_get_pref(prefs, "directory index readme")) != NULL) { + httpd->dir_readme = bozostrdup(httpd, NULL, cp); + } if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) { httpd->public_html = bozostrdup(httpd, NULL, cp); } Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.60 src/libexec/httpd/bozohttpd.h:1.61 --- src/libexec/httpd/bozohttpd.h:1.60 Fri Mar 8 03:12:28 2019 +++ src/libexec/httpd/bozohttpd.h Mon Jul 6 23:31:36 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.60 2019/03/08 03:12:28 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.61 2020/07/06 23:31:36 jmcneill Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -117,6 +117,7 @@ typedef struct bozohttpd_t { struct pollfd *fds; /* current poll fd set */ int request_times; /* # times a request was processed */ int dir_indexing; /* handle directories */ + const char *dir_readme; /* include README footer in indexes */ int hide_dots; /* hide .* */ int process_cgi; /* use the cgi handler */ char *cgibin; /* cgi-bin directory */ Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.32 src/libexec/httpd/dir-index-bozo.c:1.33 --- src/libexec/httpd/dir-index-bozo.c:1.32 Thu Feb 28 08:28:21 2019 +++ src/libexec/httpd/dir-index-bozo.c Mon Jul 6 23:31:36 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: dir-index-bozo.c,v 1.32 2019/02/28 08:28:21 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.33 2020/07/06 23:31:36 jmcneill Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ @@ -38,9 +38,11 @@ #include #include +#include #include #include #include +#include #include #include "bozohttpd.h" @@ -57,7 +59,8 @@ bozo_dir_index(bozo_httpreq_t *request, DIR *dp; char buf[MAXPATHLEN]; char *file = NULL, *printname = NULL, *p; - int k, j; + int k, j, fd; + ssize_t rlen; if (!isindex || !httpd->dir_indexing) return 0; @@ -197,6 +200,23 @@ bozo_dir_index(bozo_httpreq_t *request, free(deo[k]); free(deo); bozo_printf(httpd, "\r\n"); + if (httpd->dir_readme != NULL) { + if (httpd->dir_readme[0] == '/') + snprintf(buf, sizeof buf, "%s", httpd->dir_readme); + else + snprintf(buf, sizeof buf, "%s/%s", dirpath, httpd->dir_readme); + fd = open(buf, O_RDONLY); + if (fd != -1) { + bozo_flush(httpd, stdout); + do { +rlen = read(fd, buf, sizeof buf); +if (rlen <= 0) + break; +
CVS commit: src/libexec/httpd
Module Name:src Committed By: fox Date: Sun Jun 7 23:33:02 UTC 2020 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: libexec/httpd: Fix the possible -Werror=stringop-truncation Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag. Reviewed by: kamil@, mrg@ To generate a diff of this commit: cvs rdiff -u -r1.113 -r1.114 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.113 src/libexec/httpd/bozohttpd.c:1.114 --- src/libexec/httpd/bozohttpd.c:1.113 Thu Feb 28 09:16:42 2019 +++ src/libexec/httpd/bozohttpd.c Sun Jun 7 23:33:02 2020 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.113 2019/02/28 09:16:42 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.114 2020/06/07 23:33:02 fox Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -496,7 +496,7 @@ got_proto_09: if (strncasecmp(proto, "HTTP/", 5) != 0) goto bad; - strncpy(majorstr, proto + 5, sizeof majorstr); + strncpy(majorstr, proto + 5, sizeof(majorstr)-1); majorstr[sizeof(majorstr)-1] = 0; minorstr = strchr(majorstr, '.'); if (minorstr == NULL)
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Dec 6 05:53:21 UTC 2019 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: remove some XXX comments. one isn't relevant, and the other two have been incorrect for a long while now. To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.48 src/libexec/httpd/cgi-bozo.c:1.49 --- src/libexec/httpd/cgi-bozo.c:1.48 Fri Mar 29 14:46:44 2019 +++ src/libexec/httpd/cgi-bozo.c Fri Dec 6 05:53:20 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.48 2019/03/29 14:46:44 martin Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.49 2019/12/06 05:53:20 mrg Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -137,7 +137,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo * return it in the response. If the cgi program does * not return any `Status:' header then the server should * respond with 200 OK. - * XXX The CGI 1.1 and 1.2 specification differ slightly on + * The CGI 1.1 and 1.2 specification differ slightly on * this in that v1.2 says that the script MUST NOT return a * `Status:' header if it is returning a `Location:' header. * For compatibility we are going with the CGI 1.1 behavior. @@ -182,8 +182,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo bozo_flush(httpd, stdout); } - /* XXX we should have some goo that times us out - */ + /* CGI programs should perform their own timeouts */ while ((rbytes = read(in, buf, sizeof buf)) > 0) { ssize_t wbytes; char *bp = buf; @@ -645,8 +644,7 @@ bozo_process_cgi(bozo_httpreq_t *request } close(STDOUT_FILENO); - /* XXX we should have some goo that times us out - */ + /* CGI programs should perform their own timeouts */ while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) { ssize_t wbytes; char *bp = buf;
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Fri Mar 29 14:46:44 UTC 2019 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: Account for cgihandler being set when counting the number of CGI environment headers we are about to set. Avoids an assertion failure (and overruninng the array) later. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.47 src/libexec/httpd/cgi-bozo.c:1.48 --- src/libexec/httpd/cgi-bozo.c:1.47 Thu Jan 17 07:46:16 2019 +++ src/libexec/httpd/cgi-bozo.c Fri Mar 29 14:46:44 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.47 2019/01/17 07:46:16 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.48 2019/03/29 14:46:44 martin Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -493,6 +493,7 @@ bozo_process_cgi(bozo_httpreq_t *request (clen && *clen ? 1 : 0) + (request->hr_remotehost && *request->hr_remotehost ? 1 : 0) + (request->hr_remoteaddr && *request->hr_remoteaddr ? 1 : 0) + + (cgihandler ? 1 : 0) + bozo_auth_cgi_count(request) + (request->hr_serverport && *request->hr_serverport ? 1 : 0);
CVS commit: src/libexec/httpd/testsuite
Module Name:src Committed By: mrg Date: Wed Mar 27 04:50:30 UTC 2019 Modified Files: src/libexec/httpd/testsuite: Makefile Log Message: add $NetBSD$ To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/libexec/httpd/testsuite/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/testsuite/Makefile diff -u src/libexec/httpd/testsuite/Makefile:1.12 src/libexec/httpd/testsuite/Makefile:1.13 --- src/libexec/httpd/testsuite/Makefile:1.12 Fri Dec 14 23:57:22 2018 +++ src/libexec/httpd/testsuite/Makefile Wed Mar 27 04:50:30 2019 @@ -1,3 +1,4 @@ +# $NetBSD: Makefile,v 1.13 2019/03/27 04:50:30 mrg Exp $ # $eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $ SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Mar 8 03:12:28 UTC 2019 Modified Files: src/libexec/httpd: bozohttpd.h Log Message: on m68010 set BOZO_WRSZ to 16k and BOZO_WRSZ to 64k. To generate a diff of this commit: cvs rdiff -u -r1.59 -r1.60 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.59 src/libexec/httpd/bozohttpd.h:1.60 --- src/libexec/httpd/bozohttpd.h:1.59 Thu Feb 28 08:28:21 2019 +++ src/libexec/httpd/bozohttpd.h Fri Mar 8 03:12:28 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.59 2019/02/28 08:28:21 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.60 2019/03/08 03:12:28 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -199,6 +199,16 @@ typedef struct bozoprefs_t { char **value; /* values for the name entries */ } bozoprefs_t; +/* sun2 has a tiny VA range */ +#ifdef __mc68010__ +#ifndef BOZO_WRSZ +#define BOZO_WRSZ (16 * 1024) +#endif +#ifndef BOZO_MMAPSZ +#define BOZO_MMAPSZ (BOZO_WRSZ * 4) +#endif +#endif + /* by default write in upto 64KiB chunks, and mmap in upto 64MiB chunks */ #ifndef BOZO_WRSZ #define BOZO_WRSZ (64 * 1024)
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Feb 28 09:16:42 UTC 2019 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c Log Message: call this bozohttpd 20190228, and merge the CHANGES entries from the previous release. To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.40 src/libexec/httpd/CHANGES cvs rdiff -u -r1.112 -r1.113 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.39 src/libexec/httpd/CHANGES:1.40 --- src/libexec/httpd/CHANGES:1.39 Sun Jan 27 04:40:57 2019 +++ src/libexec/httpd/CHANGES Thu Feb 28 09:16:42 2019 @@ -1,10 +1,11 @@ -$NetBSD: CHANGES,v 1.39 2019/01/27 04:40:57 dholland Exp $ +$NetBSD: CHANGES,v 1.40 2019/02/28 09:16:42 mrg Exp $ -changes in bozohttpd 20190121: +changes in bozohttpd 20190228: + o extend timeout facility to ssl and stop servers hanging forever + if the client never sends anything. reported by Steffen in netbsd + PR#50655. o don't display special files in the directory index. they aren't served, but links to them are generated. - -changes in bozohttpd 20190116: o fix CGI '+' parameter handling, some error checking, and a double free. from rajeev_v_pil...@yahoo.com o more directory indexing clean up. from rajeev_v_pil...@yahoo.com Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.112 src/libexec/httpd/bozohttpd.c:1.113 --- src/libexec/httpd/bozohttpd.c:1.112 Thu Feb 28 08:28:21 2019 +++ src/libexec/httpd/bozohttpd.c Thu Feb 28 09:16:42 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.112 2019/02/28 08:28:21 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.113 2019/02/28 09:16:42 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20190121" +#define SERVER_SOFTWARE "bozohttpd/20190228" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html"
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Feb 28 08:28:22 UTC 2019 Modified Files: src/libexec/httpd: auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c ssl-bozo.c Log Message: add ssl specific timeout value (30s). if SSL_accept() doesn't work with in this timeout value, ssl setup now fails. mostly different from, but inspired from the patch in PR 50655 To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.78 -r1.79 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.111 -r1.112 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.58 -r1.59 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/dir-index-bozo.c cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.23 src/libexec/httpd/auth-bozo.c:1.24 --- src/libexec/httpd/auth-bozo.c:1.23 Tue Jan 22 05:32:57 2019 +++ src/libexec/httpd/auth-bozo.c Thu Feb 28 08:28:21 2019 @@ -1,9 +1,9 @@ -/* $NetBSD: auth-bozo.c,v 1.23 2019/01/22 05:32:57 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.24 2019/02/28 08:28:21 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2018 Matthew R. Green + * Copyright (c) 1997-2019 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.78 src/libexec/httpd/bozohttpd.8:1.79 --- src/libexec/httpd/bozohttpd.8:1.78 Thu Jan 17 07:46:16 2019 +++ src/libexec/httpd/bozohttpd.8 Thu Feb 28 08:28:21 2019 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.78 2019/01/17 07:46:16 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.79 2019/02/28 08:28:21 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2018 Matthew R. Green +.\" Copyright (c) 1997-2019 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd January 7, 2019 +.Dd February 27, 2019 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -245,11 +245,13 @@ to The valid values of .Ar type are +.Dq ssl timeout , .Dq initial timeout , .Dq header timeout , and .Dq request timeout . -The default values are 30 seconds, 10 seconds and 600 seconds, respectively. +The default values are 30 seconds, 30 seconds, 10 seconds and 600 seconds, +respectively. .It Fl t Ar chrootdir Makes .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.111 src/libexec/httpd/bozohttpd.c:1.112 --- src/libexec/httpd/bozohttpd.c:1.111 Tue Jan 22 05:32:57 2019 +++ src/libexec/httpd/bozohttpd.c Thu Feb 28 08:28:21 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.111 2019/01/22 05:32:57 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.112 2019/02/28 08:28:21 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -137,7 +137,6 @@ #include #include #include -#include #include #include #include @@ -148,6 +147,9 @@ #include "bozohttpd.h" +#ifndef SSL_TIMEOUT +#define SSL_TIMEOUT "30" /* wait for 30 seconds for ssl handshake */ +#endif #ifndef INITIAL_TIMEOUT #define INITIAL_TIMEOUT "30" /* wait for 30 seconds initially */ #endif @@ -183,7 +185,7 @@ struct { { NULL, NULL }, }; -volatile sig_atomic_t timeout_hit; +volatile sig_atomic_t bozo_timeout_hit; /* * check there's enough space in the prefs and names arrays. @@ -371,18 +373,19 @@ bozo_clean_request(bozo_httpreq_t *reque static void alarmer(int sig) { - timeout_hit = 1; + bozo_timeout_hit = 1; } /* - * set a timeout for "initial", "header", or "request". + * set a timeout for "ssl", "initial", "header", or "request". */ int bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs, const char *target, const char *val) { const char **cur, *timeouts[] = { + "ssl timeout", "initial timeout", "header timeout", "request timeout", @@ -602,14 +605,10 @@ bozo_read_request(bozohttpd_t *httpd) /* * if we're in daemon mode, bozo_daemon_fork() will return here twice * for each call. once in the child, returning 0, and once in the - * parent, returning 1. for each child, then we can setup SSL, and - * the parent can signal the caller there was no request to process - * and it will wait for another. + * parent, returning 1 for each child. */ if (bozo_daemon_fork(httpd)) return NULL; - if (bozo_ssl_accept(httpd)) - return NULL; request = bozomalloc(httpd, sizeof(*request)); memset(request, 0, sizeof(*request)); @@ -685,6 +684,14 @@ bozo_read_request(bozohttpd_t *httpd) goto cleanup; } + /* + *
CVS commit: src/libexec/httpd
Module Name:src Committed By: dholland Date: Sun Jan 27 04:40:57 UTC 2019 Modified Files: src/libexec/httpd: CHANGES Log Message: fix duplicated chunk from merge To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/libexec/httpd/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.38 src/libexec/httpd/CHANGES:1.39 --- src/libexec/httpd/CHANGES:1.38 Sun Jan 27 02:08:36 2019 +++ src/libexec/httpd/CHANGES Sun Jan 27 04:40:57 2019 @@ -1,37 +1,4 @@ -$NetBSD: CHANGES,v 1.38 2019/01/27 02:08:36 pgoyette Exp $ - -changes in bozohttpd 20190121: - o don't display special files in the directory index. they aren't - served, but links to them are generated. - -changes in bozohttpd 20190116: - o fix CGI '+' parameter handling, some error checking, and a double - free. from rajeev_v_pil...@yahoo.com - o more directory indexing clean up. from rajeev_v_pil...@yahoo.com - -changes in bozohttpd 20181215: - o fix .htpasswd bypass for authenticated users. reported by JP, - from l...@netbsd.org - o avoid possible null dereference when receiving a big request that - timeout. reported by m...@netbsd.org, from l...@netbsd.org - o fix handling of -T option, from l...@netbsd.org - o cleanups and portability improvements, from m...@netbsd.org - o change directory indexing to use html tables, from - rajeev_v_pil...@yahoo.com - -changes in bozohttpd 20181125: - o fixes for option parsing introduced in bozohttpd 20181123 - -changes in bozohttpd 20181121: - o add url remap support via .bzremap file, from mar...@netbsd.org - o handle redirections for any protocol, not just http: - o fix a denial of service attack against header contents, which - is now bounded at 16KiB. reported by JP - o reduce default timeouts, and add expand timeouts to handle the - initial line, each header, and the total time spent - o add -T option to expose new timeout settings - o minor RFC fixes related to timeout handling - o fix special file (.htpasswd, .bz*) bypass. reported by JP +$NetBSD: CHANGES,v 1.39 2019/01/27 04:40:57 dholland Exp $ changes in bozohttpd 20190121: o don't display special files in the directory index. they aren't
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Jan 22 05:32:57 UTC 2019 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h dir-index-bozo.c Log Message: o don't display special files in the directory index. they aren't served, but links to them are generated. To generate a diff of this commit: cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/CHANGES cvs rdiff -u -r1.22 -r1.23 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.110 -r1.111 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.57 -r1.58 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.36 src/libexec/httpd/CHANGES:1.37 --- src/libexec/httpd/CHANGES:1.36 Thu Jan 17 07:46:16 2019 +++ src/libexec/httpd/CHANGES Tue Jan 22 05:32:57 2019 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.36 2019/01/17 07:46:16 mrg Exp $ +$NetBSD: CHANGES,v 1.37 2019/01/22 05:32:57 mrg Exp $ + +changes in bozohttpd 20190121: + o don't display special files in the directory index. they aren't + served, but links to them are generated. changes in bozohttpd 20190116: o fix CGI '+' parameter handling, some error checking, and a double Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.22 src/libexec/httpd/auth-bozo.c:1.23 --- src/libexec/httpd/auth-bozo.c:1.22 Thu Nov 22 08:54:08 2018 +++ src/libexec/httpd/auth-bozo.c Tue Jan 22 05:32:57 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bozo.c,v 1.22 2018/11/22 08:54:08 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.23 2019/01/22 05:32:57 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -64,7 +64,7 @@ bozo_auth_check(bozo_httpreq_t *request, strcpy(dir, "."); else { *basename++ = '\0'; - if (bozo_check_special_files(request, basename)) + if (bozo_check_special_files(request, basename, true)) return 1; } request->hr_authrealm = bozostrdup(httpd, request, dir); Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.110 src/libexec/httpd/bozohttpd.c:1.111 --- src/libexec/httpd/bozohttpd.c:1.110 Fri Jan 18 06:04:10 2019 +++ src/libexec/httpd/bozohttpd.c Tue Jan 22 05:32:57 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.110 2019/01/18 06:04:10 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.111 2019/01/22 05:32:57 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20190116" +#define SERVER_SOFTWARE "bozohttpd/20190121" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" @@ -140,7 +140,6 @@ #include #include #include -#include #include #include #include @@ -1461,7 +1460,7 @@ check_bzredirect(bozo_httpreq_t *request *basename++ = '\0'; strcpy(path, dir); } - if (bozo_check_special_files(request, basename)) + if (bozo_check_special_files(request, basename, true)) return -1; debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path)); @@ -1913,17 +1912,24 @@ bozo_process_request(bozo_httpreq_t *req /* make sure we're not trying to access special files */ int -bozo_check_special_files(bozo_httpreq_t *request, const char *name) +bozo_check_special_files(bozo_httpreq_t *request, const char *name, bool doerror) { bozohttpd_t *httpd = request->hr_httpd; size_t i; + int error = 0; - for (i = 0; specials[i].file; i++) - if (strcmp(name, specials[i].file) == 0) - return bozo_http_error(httpd, 403, request, + for (i = 0; specials[i].file; i++) { + if (strcmp(name, specials[i].file) == 0) { + if (doerror) { +error = bozo_http_error(httpd, 403, request, specials[i].name); + } else { +error = -1; + } + } + } - return 0; + return error; } /* generic header printing routine */ Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.57 src/libexec/httpd/bozohttpd.h:1.58 --- src/libexec/httpd/bozohttpd.h:1.57 Sat Nov 24 13:02:46 2018 +++ src/libexec/httpd/bozohttpd.h Tue Jan 22 05:32:57 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.57 2018/11/24 13:02:46 christos Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.58 2019/01/22 05:32:57 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -34,6 +34,8 @@ #include "netbsd_queue.h" +#include + #include #ifndef NO_LUA_SUPPORT @@ -259,7 +261,7 @@ void debug__(bozohttpd_t *, int, const c /* be sure to always return this error up */ int bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *); -int bozo_check_special_files(bozo_httpreq_t *, const char *) BOZO_CHECKRET; +int bozo_check_special_files(bozo_httpreq_t *, const char *, bool) BOZO_CHECKRET; char *bozo_http_date(char *, size_t); void
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Jan 18 06:04:10 UTC 2019 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: rework size_arrays(): - avoid calloc, use bozomalloc - minor CSE - fix bozoprefs->size setting when increasing the size (new total was being added to the prior total.) found by clang static analyzer from rajeev_v_pillai. pass httpd to size_arrays() now. free(NULL) is legal. To generate a diff of this commit: cvs rdiff -u -r1.109 -r1.110 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.109 src/libexec/httpd/bozohttpd.c:1.110 --- src/libexec/httpd/bozohttpd.c:1.109 Fri Jan 18 05:48:31 2019 +++ src/libexec/httpd/bozohttpd.c Fri Jan 18 06:04:10 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.109 2019/01/18 05:48:31 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.110 2019/01/18 06:04:10 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -190,33 +190,21 @@ volatile sig_atomic_t timeout_hit; * check there's enough space in the prefs and names arrays. */ static int -size_arrays(bozoprefs_t *bozoprefs, size_t needed) +size_arrays(bozohttpd_t *httpd, bozoprefs_t *bozoprefs, size_t needed) { - char **temp; + size_t len = sizeof(char *) * needed; if (bozoprefs->size == 0) { /* only get here first time around */ - bozoprefs->name = calloc(sizeof(char *), needed); - if (bozoprefs->name == NULL) - return 0; - bozoprefs->value = calloc(sizeof(char *), needed); - if (bozoprefs->value == NULL) { - free(bozoprefs->name); - return 0; - } - bozoprefs->size = needed; + bozoprefs->name = bozomalloc(httpd, len); + bozoprefs->value = bozomalloc(httpd, len); } else if (bozoprefs->count == bozoprefs->size) { /* only uses 'needed' when filled array */ - temp = realloc(bozoprefs->name, sizeof(char *) * needed); - if (temp == NULL) - return 0; - bozoprefs->name = temp; - temp = realloc(bozoprefs->value, sizeof(char *) * needed); - if (temp == NULL) - return 0; - bozoprefs->value = temp; - bozoprefs->size += needed; + bozoprefs->name = bozorealloc(httpd, bozoprefs->name, len); + bozoprefs->value = bozorealloc(httpd, bozoprefs->value, len); } + + bozoprefs->size = needed; return 1; } @@ -239,14 +227,13 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr if ((i = findvar(bozoprefs, name)) < 0) { /* add the element to the array */ - if (!size_arrays(bozoprefs, bozoprefs->size + 15)) + if (!size_arrays(httpd, bozoprefs, bozoprefs->size + 15)) return 0; i = bozoprefs->count++; bozoprefs->name[i] = bozostrdup(httpd, NULL, name); } else { /* replace the element in the array */ - if (bozoprefs->value[i]) - free(bozoprefs->value[i]); + free(bozoprefs->value[i]); } bozoprefs->value[i] = bozostrdup(httpd, NULL, value); return 1;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Jan 18 05:48:31 UTC 2019 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: fix a few problems pointed out by clang static analyzer, from rajeev_v_pillai: - bozostrnsep() may return with "in = NULL", so check for it. - nul terminating in bozo_escape_rfc3986() can be simpler - don't use uniinit variables in check_remap() - don't use re-used freed data in check_virtual(). this one is tricky as the original code was: free(request->hr_file); request->hr_file = bozostrdup(httpd, request, s ? s : "/"); however, bozostrdup() may reference request->hr_file. To generate a diff of this commit: cvs rdiff -u -r1.108 -r1.109 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.108 src/libexec/httpd/bozohttpd.c:1.109 --- src/libexec/httpd/bozohttpd.c:1.108 Thu Jan 17 07:46:16 2019 +++ src/libexec/httpd/bozohttpd.c Fri Jan 18 05:48:31 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.108 2019/01/17 07:46:16 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.109 2019/01/18 05:48:31 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -245,10 +245,8 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr bozoprefs->name[i] = bozostrdup(httpd, NULL, name); } else { /* replace the element in the array */ - if (bozoprefs->value[i]) { + if (bozoprefs->value[i]) free(bozoprefs->value[i]); - bozoprefs->value[i] = NULL; - } } bozoprefs->value[i] = bozostrdup(httpd, NULL, value); return 1; @@ -297,7 +295,7 @@ parse_request(bozohttpd_t *httpd, char * len = (ssize_t)strlen(in); val = bozostrnsep(, " \t\n\r", ); - if (len < 1 || val == NULL) + if (len < 1 || val == NULL || in == NULL) return; *method = val; @@ -996,7 +994,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, buf = bozorealloc(httpd, buf, buflen); } - for (len = 0, s = url, d = buf; *s;) { + for (s = url, d = buf; *s;) { if (*s & 0x80) goto encode_it; switch (*s) { @@ -1028,16 +1026,14 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, encode_it: snprintf(d, 4, "%%%02X", (unsigned char)*s++); d += 3; - len += 3; break; default: leave_it: *d++ = *s++; - len++; break; } } - buf[len] = 0; + *d = 0; return buf; } @@ -1195,7 +1191,7 @@ check_remap(bozo_httpreq_t *request) bozohttpd_t *httpd = request->hr_httpd; char *file = request->hr_file, *newfile; void *fmap; - const char *replace, *map_to, *p; + const char *replace = NULL, *map_to = NULL, *p; struct stat st; int mapfile; size_t avail, len, rlen, reqlen, num_esc = 0; @@ -1324,6 +1320,9 @@ check_virtual(bozo_httpreq_t *request) debug((httpd, DEBUG_OBESE, "checking for http:// virtual host in '%s'", file)); if (strncasecmp(file, "http://;, 7) == 0) { + /* bozostrdup() might access it. */ + char *old_file = request->hr_file; + /* we would do virtual hosting here? */ file += 7; /* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */ @@ -1332,8 +1331,8 @@ check_virtual(bozo_httpreq_t *request) if ((s = strchr(request->hr_host, '/')) != NULL) *s = '\0'; s = strchr(file, '/'); - free(request->hr_file); request->hr_file = bozostrdup(httpd, request, s ? s : "/"); + free(old_file); debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'", request->hr_host, request->hr_file)); } else if (!request->hr_host) @@ -1357,7 +1356,10 @@ check_virtual(bozo_httpreq_t *request) if (request->hr_host) { s = strrchr(request->hr_host, ':'); if (s != NULL) -/* truncate Host: as we want to copy it without port part */ +/* + * truncate Host: as we want to copy it + * without port part + */ *s = '\0'; request->hr_virthostname = bozostrdup(httpd, request, request->hr_host);
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Jan 17 07:46:16 UTC 2019 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c cgi-bozo.c daemon-bozo.c dir-index-bozo.c Log Message: - call this 20190116 - adjust the directory indexing again: - don't include "index.html" in html headers - additional escaping of names - re-add top/bottom borders - adds an aquamarine table header - Zebra-stripes table rows using CSS instead of code all from "Rajeev V. Pillai" To generate a diff of this commit: cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/CHANGES cvs rdiff -u -r1.77 -r1.78 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.107 -r1.108 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.46 -r1.47 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/daemon-bozo.c cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.35 src/libexec/httpd/CHANGES:1.36 --- src/libexec/httpd/CHANGES:1.35 Thu Jan 17 07:34:06 2019 +++ src/libexec/httpd/CHANGES Thu Jan 17 07:46:16 2019 @@ -1,8 +1,9 @@ -$NetBSD: CHANGES,v 1.35 2019/01/17 07:34:06 mrg Exp $ +$NetBSD: CHANGES,v 1.36 2019/01/17 07:46:16 mrg Exp $ changes in bozohttpd 20190116: - o fix CGI '+' parameter handling, and a double free. from - rajeev_v_pil...@yahoo.com + o fix CGI '+' parameter handling, some error checking, and a double + free. from rajeev_v_pil...@yahoo.com + o more directory indexing clean up. from rajeev_v_pil...@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.77 src/libexec/httpd/bozohttpd.8:1.78 --- src/libexec/httpd/bozohttpd.8:1.77 Tue Jan 8 06:04:29 2019 +++ src/libexec/httpd/bozohttpd.8 Thu Jan 17 07:46:16 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.77 2019/01/08 06:04:29 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.78 2019/01/17 07:46:16 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -597,7 +597,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20181215. +version 20190116. .Sh AUTHORS .An -nosplit .Nm @@ -632,7 +632,7 @@ provided cgi-bin support fixes, and more .Aq Mt a...@netbsd.org cleaned up many internal interfaces, made .Nm -linkable as a library and provided the Lua binding. +linkable as a library and provided the Lua binding .It .An DEGROOTE Arnaud .Aq Mt degro...@netbsd.org @@ -688,7 +688,7 @@ provided many fixes and enhancements for fixed memory leaks, various issues with userdir support, information disclosure issues, added support for using CGI handlers with directory indexing, found several security issues and provided -various other fixes. +various other fixes .It .An Arnaud Lacombe .Aq Mt a...@netbsd.org @@ -706,7 +706,7 @@ provided a cgi-bin fix .Aq Mt j...@netbsd.org Added the .Fl P -option (pidfile support) and provided some man page fixes. +option (pidfile support) and provided some man page fixes .It .An Luke Mewburn .Aq Mt lu...@netbsd.org @@ -715,7 +715,8 @@ HTTP basic authorization support and muc .It .An Rajeev V. Pillai .Aq Mt rajeev_v_pil...@yahoo.com -provided several fixes for virtual hosting and directory indexing +provided several fixes for virtual hosting and directory indexing and +fixes for CGI .It .An Jeremy C. Reed .Aq Mt r...@netbsd.org @@ -737,11 +738,11 @@ provided minor compile fixes and a CGI c .Aq Mt rum...@ephemeral.org provided the .Fl V -option. +option .It .An Thor Lancelot Simon .Aq Mt t...@netbsd.org -enhanced cgi-bin support. +enhanced cgi-bin support .It .An Joerg Sonnenberger .Aq Mt jo...@netbsd.org @@ -758,7 +759,7 @@ provided http authorization fixes .Aq Mt x...@kittenz.org provided chroot and change-to-user support, and other various fixes .It -Coyote Point provided various CGI fixes. +Coyote Point provided various CGI fixes .El .Pp There are probably others I have forgotten (let me know if you care) Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.107 src/libexec/httpd/bozohttpd.c:1.108 --- src/libexec/httpd/bozohttpd.c:1.107 Sat Dec 15 12:52:36 2018 +++ src/libexec/httpd/bozohttpd.c Thu Jan 17 07:46:16 2019 @@ -1,9 +1,9 @@ -/* $NetBSD: bozohttpd.c,v 1.107 2018/12/15 12:52:36 leot Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.108 2019/01/17 07:46:16 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2018 Matthew R. Green + * Copyright (c) 1997-2019 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Jan 17 07:39:00 UTC 2019 Modified Files: src/libexec/httpd: Makefile src/libexec/httpd/testsuite: t11.out Log Message: add 'check' target to toplevel makefile. fix the t11.out output now that CGI parsing works better. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/Makefile cvs rdiff -u -r1.1 -r1.2 src/libexec/httpd/testsuite/t11.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/Makefile diff -u src/libexec/httpd/Makefile:1.27 src/libexec/httpd/Makefile:1.28 --- src/libexec/httpd/Makefile:1.27 Sun May 21 15:28:41 2017 +++ src/libexec/httpd/Makefile Thu Jan 17 07:39:00 2019 @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.27 2017/05/21 15:28:41 riastradh Exp $ +# $NetBSD: Makefile,v 1.28 2019/01/17 07:39:00 mrg Exp $ # # $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $ # @@ -77,6 +77,9 @@ bozohttpd.8.txt: bozohttpd.8 CLEANFILES+= bozohttpd.8.html bozohttpd.8.txt +check: + cd ${.CURDIR}/testsuite && ${MAKE} check + # Create a distfile: uses /tmp BASE=bozohttpd-${BOZOVER} TAR=${BASE}.tar Index: src/libexec/httpd/testsuite/t11.out diff -u src/libexec/httpd/testsuite/t11.out:1.1 src/libexec/httpd/testsuite/t11.out:1.2 --- src/libexec/httpd/testsuite/t11.out:1.1 Tue Jan 31 14:33:54 2017 +++ src/libexec/httpd/testsuite/t11.out Thu Jan 17 07:39:00 2019 @@ -1 +1,11 @@ HTTP/1.1 200 OK +Content-Type: text/html +Content-Length: 194 +Server: bozohttpd/20181215 +Allow: GET, HEAD, POST + +404 Not Found +404 Not Found +cgi-bin/echo.bat: This item has not been found + +
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Jan 17 07:34:06 UTC 2019 Modified Files: src/libexec/httpd: CHANGES cgi-bozo.c daemon-bozo.c Log Message: - fix CGI '+' param and error handling. - remove unused parameter to daemon_poll_err(). both from "Rajeev V. Pillai" To generate a diff of this commit: cvs rdiff -u -r1.34 -r1.35 src/libexec/httpd/CHANGES cvs rdiff -u -r1.45 -r1.46 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/daemon-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.34 src/libexec/httpd/CHANGES:1.35 --- src/libexec/httpd/CHANGES:1.34 Wed Dec 19 12:40:32 2018 +++ src/libexec/httpd/CHANGES Thu Jan 17 07:34:06 2019 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.34 2018/12/19 12:40:32 mrg Exp $ +$NetBSD: CHANGES,v 1.35 2019/01/17 07:34:06 mrg Exp $ + +changes in bozohttpd 20190116: + o fix CGI '+' parameter handling, and a double free. from + rajeev_v_pil...@yahoo.com changes in bozohttpd 20181215: o fix .htpasswd bypass for authenticated users. reported by JP, Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.45 src/libexec/httpd/cgi-bozo.c:1.46 --- src/libexec/httpd/cgi-bozo.c:1.45 Sat Nov 24 13:03:15 2018 +++ src/libexec/httpd/cgi-bozo.c Thu Jan 17 07:34:06 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.45 2018/11/24 13:03:15 christos Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.46 2019/01/17 07:34:06 mrg Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -241,10 +241,10 @@ parse_search_string(bozo_httpreq_t *requ args[0] = str; args[*args_len] = NULL; - for (s = str, i = 0; (s = strchr(s, '+')) != NULL;) { + for (s = str, i = 1; (s = strchr(s, '+')) != NULL; i++) { *s = '\0'; s++; - args[i++] = s; + args[i] = s; } /* @@ -333,8 +333,7 @@ parse_search_string(bozo_httpreq_t *requ parse_err: - free (str); - free (*args); + free(str); free(args); *args_len = 0; @@ -610,9 +609,12 @@ bozo_process_cgi(bozo_httpreq_t *request closelog(); bozo_daemon_closefds(httpd); - if (-1 == execve(path, argv, envp)) + if (-1 == execve(path, argv, envp)) { + bozo_http_error(httpd, 404, request, +"Cannot execute CGI"); bozoerr(httpd, 1, "child exec failed: %s: %s", path, strerror(errno)); + } /* NOT REACHED */ bozoerr(httpd, 1, "child execve returned?!"); } Index: src/libexec/httpd/daemon-bozo.c diff -u src/libexec/httpd/daemon-bozo.c:1.19 src/libexec/httpd/daemon-bozo.c:1.20 --- src/libexec/httpd/daemon-bozo.c:1.19 Thu Nov 22 08:54:08 2018 +++ src/libexec/httpd/daemon-bozo.c Thu Jan 17 07:34:06 2019 @@ -1,4 +1,4 @@ -/* $NetBSD: daemon-bozo.c,v 1.19 2018/11/22 08:54:08 mrg Exp $ */ +/* $NetBSD: daemon-bozo.c,v 1.20 2019/01/17 07:34:06 mrg Exp $ */ /* $eterna: daemon-bozo.c,v 1.24 2011/11/18 09:21:15 mrg Exp $ */ @@ -205,7 +205,7 @@ daemon_runchild(bozohttpd_t *httpd, int } static int -daemon_poll_err(bozohttpd_t *httpd, int fd, int idx) +daemon_poll_err(bozohttpd_t *httpd, int idx) { if ((httpd->fds[idx].revents & (POLLNVAL|POLLERR|POLLHUP)) == 0) return 0; @@ -284,7 +284,7 @@ again: } for (i = 0; i < httpd->nsock; i++) { - if (daemon_poll_err(httpd, fd, i)) + if (daemon_poll_err(httpd, i)) break; if (httpd->fds[i].revents == 0) continue;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Jan 8 06:04:29 UTC 2019 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: remove reference to deleted -r option. fixes PR#53840 from J. Lewis Muir. To generate a diff of this commit: cvs rdiff -u -r1.76 -r1.77 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.76 src/libexec/httpd/bozohttpd.8:1.77 --- src/libexec/httpd/bozohttpd.8:1.76 Wed Dec 19 12:40:32 2018 +++ src/libexec/httpd/bozohttpd.8 Tue Jan 8 06:04:29 2019 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.76 2018/12/19 12:40:32 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.77 2019/01/08 06:04:29 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 18, 2018 +.Dd January 7, 2019 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -477,9 +477,7 @@ if a .Pa .bzdirect file is found (contents are irrelevant) .Nm -will allow direct access even with the -.Fl r -option. +will allow direct access. If a .Pa .bzredirect symbolic link is found,
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Dec 19 12:40:32 UTC 2018 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 Log Message: minor rewording. fix alphabeta ordering of contributors. To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/CHANGES cvs rdiff -u -r1.75 -r1.76 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.33 src/libexec/httpd/CHANGES:1.34 --- src/libexec/httpd/CHANGES:1.33 Tue Dec 18 23:11:40 2018 +++ src/libexec/httpd/CHANGES Wed Dec 19 12:40:32 2018 @@ -1,7 +1,7 @@ -$NetBSD: CHANGES,v 1.33 2018/12/18 23:11:40 mrg Exp $ +$NetBSD: CHANGES,v 1.34 2018/12/19 12:40:32 mrg Exp $ changes in bozohttpd 20181215: - o avoid .htpasswd exposure to authenticated users. reported by JP, + o fix .htpasswd bypass for authenticated users. reported by JP, from l...@netbsd.org o avoid possible null dereference when receiving a big request that timeout. reported by m...@netbsd.org, from l...@netbsd.org Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.75 src/libexec/httpd/bozohttpd.8:1.76 --- src/libexec/httpd/bozohttpd.8:1.75 Tue Dec 4 02:52:42 2018 +++ src/libexec/httpd/bozohttpd.8 Wed Dec 19 12:40:32 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.75 2018/12/04 02:52:42 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.76 2018/12/19 12:40:32 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 4, 2018 +.Dd December 18, 2018 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -599,7 +599,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20181204. +version 20181215. .Sh AUTHORS .An -nosplit .Nm @@ -610,14 +610,14 @@ was written by The large list of contributors includes: .Bl -dash .It -.An Marc Balmer -.Aq Mt mbal...@netbsd.org -added Lua support for dynamic content creation -.It .An Christoph Badura .Aq Mt b...@bsd.de provided Range: header support .It +.An Marc Balmer +.Aq Mt mbal...@netbsd.org +added Lua support for dynamic content creation +.It .An Sean Boudreau .Aq Mt se...@netbsd.org provided a security fix for virtual hosting @@ -644,14 +644,14 @@ provided a fix for daemon mode .Aq Mt a...@netbsd.org provided directory indexing support .It -.An Per Ekman -.Aq Mt p...@pdc.kth.se -provided a fix for a minor (non-security) buffer overflow condition -.It .An Roland Dowdeswell .Aq Mt el...@netbsd.org added support for serving gzipped files and better SSL handling .It +.An Per Ekman +.Aq Mt p...@pdc.kth.se +provided a fix for a minor (non-security) buffer overflow condition +.It .An Jun-ichiro itojun Hagino, KAME .Aq Mt ito...@iijlab.net provided initial IPv6 support
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Dec 18 23:11:40 UTC 2018 Modified Files: src/libexec/httpd: CHANGES Log Message: fix an old spell-o and a new format-o. To generate a diff of this commit: cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.32 src/libexec/httpd/CHANGES:1.33 --- src/libexec/httpd/CHANGES:1.32 Sat Dec 15 12:52:36 2018 +++ src/libexec/httpd/CHANGES Tue Dec 18 23:11:40 2018 @@ -1,4 +1,4 @@ -$NetBSD: CHANGES,v 1.32 2018/12/15 12:52:36 leot Exp $ +$NetBSD: CHANGES,v 1.33 2018/12/18 23:11:40 mrg Exp $ changes in bozohttpd 20181215: o avoid .htpasswd exposure to authenticated users. reported by JP, @@ -7,9 +7,7 @@ changes in bozohttpd 20181215: timeout. reported by m...@netbsd.org, from l...@netbsd.org o fix handling of -T option, from l...@netbsd.org o cleanups and portability improvements, from m...@netbsd.org - -changes in bozohttpd 20181204: - o change directory indexing to use html tables. from + o change directory indexing to use html tables, from rajeev_v_pil...@yahoo.com changes in bozohttpd 20181125: @@ -305,7 +303,7 @@ changes in bozohttpd 5.07 (20010610): - add many new content-types, now support most common ones changes in bozohttpd 5.06 (2825): - - add IPv6 suppor from ito...@iijlab.net + - add IPv6 support from ito...@iijlab.net - man page fixes from j...@netbsd.org changes in bozohttpd 5.05 (2815):
CVS commit: src/libexec/httpd
Module Name:src Committed By: leot Date: Sat Dec 15 12:52:37 UTC 2018 Modified Files: src/libexec/httpd: CHANGES bozohttpd.c Log Message: Document last changes and bump version to 20181215 Suggested by , thanks! (Possible mistakes are mine though!) To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/CHANGES cvs rdiff -u -r1.106 -r1.107 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.31 src/libexec/httpd/CHANGES:1.32 --- src/libexec/httpd/CHANGES:1.31 Tue Dec 4 02:52:42 2018 +++ src/libexec/httpd/CHANGES Sat Dec 15 12:52:36 2018 @@ -1,4 +1,12 @@ -$NetBSD: CHANGES,v 1.31 2018/12/04 02:52:42 mrg Exp $ +$NetBSD: CHANGES,v 1.32 2018/12/15 12:52:36 leot Exp $ + +changes in bozohttpd 20181215: + o avoid .htpasswd exposure to authenticated users. reported by JP, + from l...@netbsd.org + o avoid possible null dereference when receiving a big request that + timeout. reported by m...@netbsd.org, from l...@netbsd.org + o fix handling of -T option, from l...@netbsd.org + o cleanups and portability improvements, from m...@netbsd.org changes in bozohttpd 20181204: o change directory indexing to use html tables. from Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.106 src/libexec/httpd/bozohttpd.c:1.107 --- src/libexec/httpd/bozohttpd.c:1.106 Sat Dec 15 12:43:24 2018 +++ src/libexec/httpd/bozohttpd.c Sat Dec 15 12:52:36 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.106 2018/12/15 12:43:24 leot Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.107 2018/12/15 12:52:36 leot Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20181125" +#define SERVER_SOFTWARE "bozohttpd/20181215" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html"
CVS commit: src/libexec/httpd
Module Name:src Committed By: leot Date: Sat Dec 15 12:43:24 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing) To generate a diff of this commit: cvs rdiff -u -r1.105 -r1.106 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.105 src/libexec/httpd/bozohttpd.c:1.106 --- src/libexec/httpd/bozohttpd.c:1.105 Sat Dec 15 12:39:22 2018 +++ src/libexec/httpd/bozohttpd.c Sat Dec 15 12:43:24 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.105 2018/12/15 12:39:22 leot Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.106 2018/12/15 12:43:24 leot Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -398,7 +398,7 @@ int bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs, const char *target, const char *val) { - const char *cur, *timeouts[] = { + const char **cur, *timeouts[] = { "initial timeout", "header timeout", "request timeout", @@ -408,9 +408,9 @@ bozo_set_timeout(bozohttpd_t *httpd, boz const size_t minlen = 1; size_t len = strlen(target); - for (cur = timeouts[0]; len >= minlen && *cur; cur++) { - if (strncmp(target, cur, len) == 0) { - bozo_set_pref(httpd, prefs, cur, val); + for (cur = timeouts; len >= minlen && *cur; cur++) { + if (strncmp(target, *cur, len) == 0) { + bozo_set_pref(httpd, prefs, *cur, val); return 0; } }
CVS commit: src/libexec/httpd
Module Name:src Committed By: leot Date: Sat Dec 15 12:39:22 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Avoid .htpasswd exposure to authenticated users when .htpasswd is in the slashdir too. Problem reported by JP via tech-security@ and discussed with , thanks! To generate a diff of this commit: cvs rdiff -u -r1.104 -r1.105 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.104 src/libexec/httpd/bozohttpd.c:1.105 --- src/libexec/httpd/bozohttpd.c:1.104 Sat Dec 15 09:28:27 2018 +++ src/libexec/httpd/bozohttpd.c Sat Dec 15 12:39:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.104 2018/12/15 09:28:27 leot Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.105 2018/12/15 12:39:22 leot Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1467,7 +1467,7 @@ check_bzredirect(bozo_httpreq_t *request } else if (basename == NULL) { strcpy(path, "."); strcpy(dir, ""); - basename = dir; + basename = request->hr_file + 1; } else { *basename++ = '\0'; strcpy(path, dir);
CVS commit: src/libexec/httpd
Module Name:src Committed By: leot Date: Sat Dec 15 09:28:27 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Avoid possible NULL dereference when sending a big request that timeout. Problem reported by and reviewed by and , thanks! To generate a diff of this commit: cvs rdiff -u -r1.103 -r1.104 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.103 src/libexec/httpd/bozohttpd.c:1.104 --- src/libexec/httpd/bozohttpd.c:1.103 Sat Dec 15 02:03:24 2018 +++ src/libexec/httpd/bozohttpd.c Sat Dec 15 09:28:27 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.103 2018/12/15 02:03:24 maya Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.104 2018/12/15 09:28:27 leot Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -2260,7 +2260,8 @@ bozo_http_error(bozohttpd_t *httpd, int if (request && request->hr_allow) bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow); /* RFC 7231 (HTTP/1.1) 6.5.7 */ - if (code == 408 && request->hr_proto == httpd->consts.http_11) + if (code == 408 && request && + request->hr_proto == httpd->consts.http_11) bozo_printf(httpd, "Connection: close\r\n"); bozo_printf(httpd, "\r\n"); /* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Sat Dec 15 02:03:24 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: strings.h for strcasecmp (on linux) To generate a diff of this commit: cvs rdiff -u -r1.102 -r1.103 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.102 src/libexec/httpd/bozohttpd.c:1.103 --- src/libexec/httpd/bozohttpd.c:1.102 Sat Dec 15 01:02:34 2018 +++ src/libexec/httpd/bozohttpd.c Sat Dec 15 02:03:24 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.102 2018/12/15 01:02:34 maya Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.103 2018/12/15 02:03:24 maya Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -141,6 +141,7 @@ #include #include #include +#include #include #include #include
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Sat Dec 15 01:02:34 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Check against BOZO_HEADERS_MAX_SIZE in a way that isn't prone to overflow. Note that this isn't reachable in practice as big requests time out. To generate a diff of this commit: cvs rdiff -u -r1.101 -r1.102 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.101 src/libexec/httpd/bozohttpd.c:1.102 --- src/libexec/httpd/bozohttpd.c:1.101 Tue Dec 4 02:52:42 2018 +++ src/libexec/httpd/bozohttpd.c Sat Dec 15 01:02:34 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.101 2018/12/04 02:52:42 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.102 2018/12/15 01:02:34 maya Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -585,12 +585,14 @@ process_method(bozo_httpreq_t *request, static int bozo_got_header_length(bozo_httpreq_t *request, size_t len) { + + if (len > BOZO_HEADERS_MAX_SIZE - request->hr_header_bytes) + return bozo_http_error(request->hr_httpd, 413, request, + "too many headers"); + request->hr_header_bytes += len; - if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE) - return 0; - return bozo_http_error(request->hr_httpd, 413, request, - "too many headers"); + return 0; } /*
CVS commit: src/libexec/httpd/testsuite
Module Name:src Committed By: maya Date: Fri Dec 14 23:57:22 UTC 2018 Modified Files: src/libexec/httpd/testsuite: Makefile test-bigfile test-simple Log Message: Don't pass ${HOST} to test scripts. htnl_cmp compares against the output of `hostname`. This makes the tests pass on my machine. To generate a diff of this commit: cvs rdiff -u -r1.11 -r1.12 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/testsuite/test-bigfile \ src/libexec/httpd/testsuite/test-simple Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/testsuite/Makefile diff -u src/libexec/httpd/testsuite/Makefile:1.11 src/libexec/httpd/testsuite/Makefile:1.12 --- src/libexec/httpd/testsuite/Makefile:1.11 Wed Nov 21 09:37:02 2018 +++ src/libexec/httpd/testsuite/Makefile Fri Dec 14 23:57:22 2018 @@ -9,7 +9,6 @@ BOZOHTTPD?= ../debug/bozohttpd-debug WGET?= wget DATA?= $(.CURDIR)/data VERBOSE?= yes -HOST?= test.eterna .if ${VERBOSE} != "yes" SILENT= @ @@ -28,17 +27,17 @@ check: check-simple check-cgi check-bigf check-simple: .for a in $(SIMPLETESTS) - ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" "${HOST}" + ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" .endfor check-cgi: .for a in $(CGITESTS) - ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" "${HOST}" -c "${.CURDIR}/cgi-bin" + ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" -c "${.CURDIR}/cgi-bin" .endfor check-bigfile: .for a in $(BIGFILETESTS) - ${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}" "${HOST}" + ${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}" .endfor .include Index: src/libexec/httpd/testsuite/test-bigfile diff -u src/libexec/httpd/testsuite/test-bigfile:1.5 src/libexec/httpd/testsuite/test-bigfile:1.6 --- src/libexec/httpd/testsuite/test-bigfile:1.5 Wed Nov 21 09:37:02 2018 +++ src/libexec/httpd/testsuite/test-bigfile Fri Dec 14 23:57:22 2018 @@ -1,12 +1,11 @@ #! /bin/sh -# $NetBSD: test-bigfile,v 1.5 2018/11/21 09:37:02 mrg Exp $ +# $NetBSD: test-bigfile,v 1.6 2018/12/14 23:57:22 maya Exp $ test="$1"; shift # partial4000 or partial8000 bozohttpd="$1"; shift wget="$1"; shift datadir="$1"; shift verbose="$1"; shift -host="$1"; shift tmperr="tmp.$test.err" Index: src/libexec/httpd/testsuite/test-simple diff -u src/libexec/httpd/testsuite/test-simple:1.5 src/libexec/httpd/testsuite/test-simple:1.6 --- src/libexec/httpd/testsuite/test-simple:1.5 Wed Nov 21 09:37:02 2018 +++ src/libexec/httpd/testsuite/test-simple Fri Dec 14 23:57:22 2018 @@ -1,12 +1,11 @@ #! /bin/sh -# $NetBSD: test-simple,v 1.5 2018/11/21 09:37:02 mrg Exp $ +# $NetBSD: test-simple,v 1.6 2018/12/14 23:57:22 maya Exp $ test="$1"; shift bozohttpd="$1"; shift datadir="$1"; shift curdir="$1"; shift verbose="$1"; shift -host="$1"; shift in="$curdir/$test.in" out="$curdir/$test.out" @@ -21,7 +20,7 @@ fi bozotestport=1 -${bozohttpd} "$@" "${datadir}" "${host}" < "$in" > "$tmpout" +${bozohttpd} "$@" "${datadir}" < "$in" > "$tmpout" if "$curdir/html_cmp" cmp "$out" "$tmpout"; then exit 0 else
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Dec 4 02:52:42 UTC 2018 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c dir-index-bozo.c Log Message: use html tables for directory index. from "Rajeev V. Pillai" call this bozohttpd 20181204. To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/CHANGES cvs rdiff -u -r1.74 -r1.75 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.100 -r1.101 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.30 src/libexec/httpd/CHANGES:1.31 --- src/libexec/httpd/CHANGES:1.30 Sun Nov 25 23:48:14 2018 +++ src/libexec/httpd/CHANGES Tue Dec 4 02:52:42 2018 @@ -1,4 +1,8 @@ -$NetBSD: CHANGES,v 1.30 2018/11/25 23:48:14 mrg Exp $ +$NetBSD: CHANGES,v 1.31 2018/12/04 02:52:42 mrg Exp $ + +changes in bozohttpd 20181204: + o change directory indexing to use html tables. from + rajeev_v_pil...@yahoo.com changes in bozohttpd 20181125: o fixes for option parsing introduced in bozohttpd 20181123 Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.74 src/libexec/httpd/bozohttpd.8:1.75 --- src/libexec/httpd/bozohttpd.8:1.74 Fri Nov 23 08:11:20 2018 +++ src/libexec/httpd/bozohttpd.8 Tue Dec 4 02:52:42 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.74 2018/11/23 08:11:20 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.75 2018/12/04 02:52:42 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 19, 2018 +.Dd December 4, 2018 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -599,7 +599,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20181123. +version 20181204. .Sh AUTHORS .An -nosplit .Nm @@ -717,7 +717,7 @@ HTTP basic authorization support and muc .It .An Rajeev V. Pillai .Aq Mt rajeev_v_pil...@yahoo.com -provided several fixes for virtual hosting +provided several fixes for virtual hosting and directory indexing .It .An Jeremy C. Reed .Aq Mt r...@netbsd.org Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.100 src/libexec/httpd/bozohttpd.c:1.101 --- src/libexec/httpd/bozohttpd.c:1.100 Tue Dec 4 00:26:15 2018 +++ src/libexec/httpd/bozohttpd.c Tue Dec 4 02:52:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.100 2018/12/04 00:26:15 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.101 2018/12/04 02:52:42 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1441,7 +1441,7 @@ check_bzredirect(bozo_httpreq_t *request bozohttpd_t *httpd = request->hr_httpd; struct stat sb; char dir[MAXPATHLEN], redir[MAXPATHLEN], redirpath[MAXPATHLEN + 1], - path[MAXPATHLEN]; + path[MAXPATHLEN + 1]; char *basename, *finalredir; int rv, absolute; @@ -2076,6 +2076,9 @@ bozo_escape_html(bozohttpd_t *httpd, con case '&': j += 5; break; + case '"': + j += 6; + break; } } @@ -2106,6 +2109,10 @@ bozo_escape_html(bozohttpd_t *httpd, con memcpy(tmp + j, "", 5); j += 5; break; + case '"': + memcpy(tmp + j, "", 6); + j += 6; + break; default: tmp[j++] = url[i]; } Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.28 src/libexec/httpd/dir-index-bozo.c:1.29 --- src/libexec/httpd/dir-index-bozo.c:1.28 Thu Nov 22 08:54:08 2018 +++ src/libexec/httpd/dir-index-bozo.c Tue Dec 4 02:52:42 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: dir-index-bozo.c,v 1.28 2018/11/22 08:54:08 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.29 2018/12/04 02:52:42 mrg Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ @@ -45,14 +45,6 @@ #include "bozohttpd.h" -static void -directory_hr(bozohttpd_t *httpd) -{ - - bozo_printf(httpd, - "\r\n\r\n"); -} - /* * output a directory index. return 1 if it actually did something.. */ @@ -62,12 +54,10 @@ bozo_dir_index(bozo_httpreq_t *request, bozohttpd_t *httpd = request->hr_httpd; struct stat sb; struct dirent **de, **deo; - struct tm *tm; DIR *dp; char buf[MAXPATHLEN]; - char spacebuf[48]; char *file = NULL, *printname = NULL; - int l, k, j, i; + int k, j, i; if (!isindex || !httpd->dir_indexing) return 0; @@ -117,23 +107,19 @@ bozo_dir_index(bozo_httpreq_t *request, printname = bozostrdup(httpd, request, request->hr_file); #endif /* !NO_USER_SUPPORT */ - bozo_printf(httpd, - "Index of %s\r\n", + bozo_printf(httpd, "\r\n"); + bozo_printf(httpd, "\r\n"); + bozo_printf(httpd, "tr.o {background:#f4f4f4;}\r\n"); + bozo_printf(httpd, "Index of %s\r\n", printname); bozo_printf(httpd, "Index of %s\r\n", printname); - bozo_printf(httpd,
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Dec 4 00:26:15 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: avoid sign extension in % handling (and printing 0xFF before wanted values.) from Rajeev V. Pillai. To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.99 src/libexec/httpd/bozohttpd.c:1.100 --- src/libexec/httpd/bozohttpd.c:1.99 Sun Nov 25 07:37:20 2018 +++ src/libexec/httpd/bozohttpd.c Tue Dec 4 00:26:15 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.99 2018/11/25 07:37:20 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.100 2018/12/04 00:26:15 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1023,7 +1023,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, case '\r': case ' ': encode_it: - snprintf(d, 4, "%%%02X", *s++); + snprintf(d, 4, "%%%02X", (unsigned char)*s++); d += 3; len += 3; break;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Nov 25 23:48:14 UTC 2018 Modified Files: src/libexec/httpd: CHANGES Log Message: normalise some messages. To generate a diff of this commit: cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.29 src/libexec/httpd/CHANGES:1.30 --- src/libexec/httpd/CHANGES:1.29 Sun Nov 25 23:37:09 2018 +++ src/libexec/httpd/CHANGES Sun Nov 25 23:48:14 2018 @@ -1,7 +1,7 @@ -$NetBSD: CHANGES,v 1.29 2018/11/25 23:37:09 mrg Exp $ +$NetBSD: CHANGES,v 1.30 2018/11/25 23:48:14 mrg Exp $ changes in bozohttpd 20181125: - o fixes for option parsing introduced in bozohttpd 20181123. + o fixes for option parsing introduced in bozohttpd 20181123 changes in bozohttpd 20181121: o add url remap support via .bzremap file, from mar...@netbsd.org @@ -12,7 +12,7 @@ changes in bozohttpd 20181121: initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling - o fix special file (.htpasswd, .bz*) bypass. reported by JP. + o fix special file (.htpasswd, .bz*) bypass. reported by JP changes in bozohttpd 20170201: o fix an infinite loop in cgi processing @@ -97,7 +97,7 @@ changes in bozohttpd 20100617: changes in bozohttpd 20100509: o major rework and clean up of internal interfaces. move the main - program into main.c, the remaining parts are useable as library. + program into main.c, the remaining parts are useable as library add bindings for lua. by Alistair G. Crooks o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Nov 25 23:37:09 UTC 2018 Modified Files: src/libexec/httpd: CHANGES Log Message: add option fixes here. To generate a diff of this commit: cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/CHANGES Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.28 src/libexec/httpd/CHANGES:1.29 --- src/libexec/httpd/CHANGES:1.28 Wed Nov 21 09:37:02 2018 +++ src/libexec/httpd/CHANGES Sun Nov 25 23:37:09 2018 @@ -1,4 +1,7 @@ -$NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $ +$NetBSD: CHANGES,v 1.29 2018/11/25 23:37:09 mrg Exp $ + +changes in bozohttpd 20181125: + o fixes for option parsing introduced in bozohttpd 20181123. changes in bozohttpd 20181121: o add url remap support via .bzremap file, from mar...@netbsd.org
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Nov 25 07:37:20 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c main.c Log Message: fix -X option parsing. noted by Rajeev V. Pillai. To generate a diff of this commit: cvs rdiff -u -r1.98 -r1.99 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.98 src/libexec/httpd/bozohttpd.c:1.99 --- src/libexec/httpd/bozohttpd.c:1.98 Sat Nov 24 18:38:59 2018 +++ src/libexec/httpd/bozohttpd.c Sun Nov 25 07:37:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.98 2018/11/24 18:38:59 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.99 2018/11/25 07:37:20 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20181124" +#define SERVER_SOFTWARE "bozohttpd/20181125" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.21 src/libexec/httpd/main.c:1.22 --- src/libexec/httpd/main.c:1.21 Sat Nov 24 02:30:56 2018 +++ src/libexec/httpd/main.c Sun Nov 25 07:37:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.21 2018/11/24 02:30:56 mrg Exp $ */ +/* $NetBSD: main.c,v 1.22 2018/11/25 07:37:20 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -336,10 +336,6 @@ main(int argc, char **argv) bozo_set_pref(, , "enable users", "true"); break; - bozo_set_pref(, , "directory indexing", - "true"); - break; - case 'V': bozo_set_pref(, , "unknown slash", "true"); break; @@ -352,6 +348,10 @@ main(int argc, char **argv) if (!have_dirindex) goto no_dirindex_support; + bozo_set_pref(, , "directory indexing", + "true"); + break; + case 'x': bozo_set_pref(, , "index.html", optarg); break;
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Nov 24 18:38:59 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: avoid c99ism. To generate a diff of this commit: cvs rdiff -u -r1.97 -r1.98 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.97 src/libexec/httpd/bozohttpd.c:1.98 --- src/libexec/httpd/bozohttpd.c:1.97 Sat Nov 24 13:08:10 2018 +++ src/libexec/httpd/bozohttpd.c Sat Nov 24 18:38:59 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.97 2018/11/24 13:08:10 christos Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.98 2018/11/24 18:38:59 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1924,8 +1924,9 @@ int bozo_check_special_files(bozo_httpreq_t *request, const char *name) { bozohttpd_t *httpd = request->hr_httpd; + size_t i; - for (size_t i = 0; specials[i].file; i++) + for (i = 0; specials[i].file; i++) if (strcmp(name, specials[i].file) == 0) return bozo_http_error(httpd, 403, request, specials[i].name);
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Sat Nov 24 13:08:11 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: - add FALLTHROUGH comment - one return is usually enough. To generate a diff of this commit: cvs rdiff -u -r1.96 -r1.97 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.96 src/libexec/httpd/bozohttpd.c:1.97 --- src/libexec/httpd/bozohttpd.c:1.96 Fri Nov 23 21:35:13 2018 +++ src/libexec/httpd/bozohttpd.c Sat Nov 24 08:08:10 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.96 2018/11/24 02:35:13 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.97 2018/11/24 13:08:10 christos Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1018,6 +1018,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, case '"': if (absolute) goto leave_it; + /*FALLTHROUGH*/ case '\n': case '\r': case ' ': @@ -1026,8 +1027,8 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, d += 3; len += 3; break; - leave_it: default: + leave_it: *d++ = *s++; len++; break; @@ -1477,7 +1478,6 @@ check_bzredirect(bozo_httpreq_t *request REDIRECT_FILE) >= sizeof(redir)) { return bozo_http_error(httpd, 404, request, "redirectfile path too long"); - return -1; } if (lstat(redir, ) == 0) { if (!S_ISLNK(sb.st_mode))
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Sat Nov 24 13:03:15 UTC 2018 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: appease lint To generate a diff of this commit: cvs rdiff -u -r1.44 -r1.45 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.44 src/libexec/httpd/cgi-bozo.c:1.45 --- src/libexec/httpd/cgi-bozo.c:1.44 Fri Nov 23 03:11:20 2018 +++ src/libexec/httpd/cgi-bozo.c Sat Nov 24 08:03:15 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.44 2018/11/23 08:11:20 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.45 2018/11/24 13:03:15 christos Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -234,14 +234,14 @@ parse_search_string(bozo_httpreq_t *requ */ *args_len = 1; /* count '+' in str */ - for (s = str; (s = strchr(s, '+')); (*args_len)++) + for (s = str; (s = strchr(s, '+')) != NULL; (*args_len)++) s++; args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1)); args[0] = str; args[*args_len] = NULL; - for (s = str, i = 0; (s = strchr(s, '+'));) { + for (s = str, i = 0; (s = strchr(s, '+')) != NULL;) { *s = '\0'; s++; args[i++] = s;
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Sat Nov 24 13:02:46 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.h Log Message: one semicolon is usually enough. To generate a diff of this commit: cvs rdiff -u -r1.56 -r1.57 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.56 src/libexec/httpd/bozohttpd.h:1.57 --- src/libexec/httpd/bozohttpd.h:1.56 Thu Nov 22 03:54:08 2018 +++ src/libexec/httpd/bozohttpd.h Sat Nov 24 08:02:46 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.56 2018/11/22 08:54:08 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.57 2018/11/24 13:02:46 christos Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -407,7 +407,7 @@ void bozo_add_content_map_cgi(bozohttpd_ #endif /* I/O */ -int bozo_printf(bozohttpd_t *, const char *, ...) BOZO_PRINTFLIKE(2, 3);; +int bozo_printf(bozohttpd_t *, const char *, ...) BOZO_PRINTFLIKE(2, 3); ssize_t bozo_read(bozohttpd_t *, int, void *, size_t); ssize_t bozo_write(bozohttpd_t *, int, const void *, size_t); int bozo_flush(bozohttpd_t *, FILE *);
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Nov 24 02:35:13 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: call this bozohttpd 20181124. To generate a diff of this commit: cvs rdiff -u -r1.95 -r1.96 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.95 src/libexec/httpd/bozohttpd.c:1.96 --- src/libexec/httpd/bozohttpd.c:1.95 Sat Nov 24 00:47:51 2018 +++ src/libexec/httpd/bozohttpd.c Sat Nov 24 02:35:13 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.95 2018/11/24 00:47:51 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.96 2018/11/24 02:35:13 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20181123" +#define SERVER_SOFTWARE "bozohttpd/20181124" #endif #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html"
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Nov 24 02:30:56 UTC 2018 Modified Files: src/libexec/httpd: main.c Log Message: fix a bug in the rework for -i option: move the real code in place. for some reason gcc does not warn about this: case 'x': stuff_here(); break; other_stuff_here(); break; and the other_stuff_here() was what was mis-placed. should fix atf failures in networking. To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.20 src/libexec/httpd/main.c:1.21 --- src/libexec/httpd/main.c:1.20 Thu Nov 22 18:21:59 2018 +++ src/libexec/httpd/main.c Sat Nov 24 02:30:56 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.20 2018/11/22 18:21:59 mrg Exp $ */ +/* $NetBSD: main.c,v 1.21 2018/11/24 02:30:56 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -253,6 +253,9 @@ main(int argc, char **argv) if (!have_daemon_mode) goto no_daemon_mode; + bozo_set_pref(, , "bind address", optarg); + break; + case 'L': if (!have_lua) bozoerr(, 1, "Lua support not enabled"); @@ -371,9 +374,6 @@ main(int argc, char **argv) bozo_ssl_set_ciphers(, optarg); break; - bozo_set_pref(, , "bind address", optarg); - break; - default: usage(, progname); /* NOTREACHED */
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sat Nov 24 00:47:52 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: s/time/val/ to avoid shadowing a global indentifier. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.94 src/libexec/httpd/bozohttpd.c:1.95 --- src/libexec/httpd/bozohttpd.c:1.94 Fri Nov 23 08:11:20 2018 +++ src/libexec/httpd/bozohttpd.c Sat Nov 24 00:47:51 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.94 2018/11/23 08:11:20 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.95 2018/11/24 00:47:51 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -395,7 +395,7 @@ alarmer(int sig) */ int bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs, - const char *target, const char *time) + const char *target, const char *val) { const char *cur, *timeouts[] = { "initial timeout", @@ -409,7 +409,7 @@ bozo_set_timeout(bozohttpd_t *httpd, boz for (cur = timeouts[0]; len >= minlen && *cur; cur++) { if (strncmp(target, cur, len) == 0) { - bozo_set_pref(httpd, prefs, cur, time); + bozo_set_pref(httpd, prefs, cur, val); return 0; } }
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Nov 23 08:11:20 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.8 bozohttpd.c cgi-bozo.c content-bozo.c Log Message: minor style fixes. simplify bozo_match_content_map(). To generate a diff of this commit: cvs rdiff -u -r1.73 -r1.74 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.93 -r1.94 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.43 -r1.44 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.15 -r1.16 src/libexec/httpd/content-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.73 src/libexec/httpd/bozohttpd.8:1.74 --- src/libexec/httpd/bozohttpd.8:1.73 Tue Nov 20 01:06:46 2018 +++ src/libexec/httpd/bozohttpd.8 Fri Nov 23 08:11:20 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.73 2018/11/20 01:06:46 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.74 2018/11/23 08:11:20 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -599,7 +599,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20181119. +version 20181123. .Sh AUTHORS .An -nosplit .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.93 src/libexec/httpd/bozohttpd.c:1.94 --- src/libexec/httpd/bozohttpd.c:1.93 Thu Nov 22 08:54:08 2018 +++ src/libexec/httpd/bozohttpd.c Fri Nov 23 08:11:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.93 2018/11/22 08:54:08 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.94 2018/11/23 08:11:20 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,9 +109,8 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20181122" +#define SERVER_SOFTWARE "bozohttpd/20181123" #endif - #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" #endif Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.43 src/libexec/httpd/cgi-bozo.c:1.44 --- src/libexec/httpd/cgi-bozo.c:1.43 Thu Nov 22 18:42:06 2018 +++ src/libexec/httpd/cgi-bozo.c Fri Nov 23 08:11:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.43 2018/11/22 18:42:06 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.44 2018/11/23 08:11:20 mrg Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -147,7 +147,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo "%s: writing HTTP header " "from status %s ..", __func__, hdr_value)); bozo_printf(httpd, "%s %s\r\n", request->hr_proto, - hdr_value); +hdr_value); bozo_flush(httpd, stdout); write_header = 0; free(hdr_name); @@ -174,7 +174,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo "%s: writing delayed HTTP headers ..", __func__)); SIMPLEQ_FOREACH_SAFE(hdr, , h_next, nhdr) { bozo_printf(httpd, "%s: %s\r\n", hdr->h_header, - hdr->h_value); +hdr->h_value); free(hdr->h_header); free(hdr); } @@ -190,7 +190,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo while (rbytes) { wbytes = bozo_write(httpd, STDOUT_FILENO, buf, - (size_t)rbytes); + (size_t)rbytes); if (wbytes > 0) { rbytes -= wbytes; bp += wbytes; @@ -223,9 +223,8 @@ parse_search_string(bozo_httpreq_t *requ *args_len = 0; /* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */ - if (strchr(query, '=')) { + if (strchr(query, '=')) return NULL; - } str = bozostrdup(httpd, request, query); @@ -289,7 +288,7 @@ parse_search_string(bozo_httpreq_t *requ /* search-word MUST have at least one schar */ if (*s == '\0') goto parse_err; - while(*s) { + while (*s) { /* check if it's unreserved */ if (isalpha((int)*s) || isdigit((int)*s) || strchr(UNRESERVED_CHAR, *s)) { @@ -348,7 +347,7 @@ bozo_cgi_setbin(bozohttpd_t *httpd, cons { httpd->cgibin = bozostrdup(httpd, NULL, path); debug((httpd, DEBUG_OBESE, "cgibin (cgi-bin directory) is %s", - httpd->cgibin)); + httpd->cgibin)); } /* help build up the environ pointer */ @@ -444,7 +443,7 @@ bozo_process_cgi(bozo_httpreq_t *request } else if (len - 1 == CGIBIN_PREFIX_LEN) /* url is "/cgi-bin/" */ append_index_html(httpd, ); - /* RFC3875 sect. 4.4. - search-string support */ + /* RFC3875 sect. 4.4. - search-string support */ if (query != NULL) { search_string_argv = parse_search_string(request, query, _string_argc); Index: src/libexec/httpd/content-bozo.c diff -u src/libexec/httpd/content-bozo.c:1.15 src/libexec/httpd/content-bozo.c:1.16 --- src/libexec/httpd/content-bozo.c:1.15 Tue Nov 20 01:06:46 2018 +++ src/libexec/httpd/content-bozo.c Fri Nov 23 08:11:20 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: content-bozo.c,v 1.15 2018/11/20 01:06:46 mrg Exp $ */ +/* $NetBSD: content-bozo.c,v 1.16 2018/11/23 08:11:20 mrg Exp $ */ /* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Nov 22 18:42:06 UTC 2018 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: add an assert() check on array bounds. To generate a diff of this commit: cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.42 src/libexec/httpd/cgi-bozo.c:1.43 --- src/libexec/httpd/cgi-bozo.c:1.42 Thu Nov 22 08:54:08 2018 +++ src/libexec/httpd/cgi-bozo.c Thu Nov 22 18:42:06 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.42 2018/11/22 08:54:08 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.43 2018/11/22 18:42:06 mrg Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -45,6 +45,7 @@ #include #include #include +#include #include @@ -380,6 +381,7 @@ bozo_process_cgi(bozo_httpreq_t *request const char *type, *clen, *info, *cgihandler; char *query, *s, *t, *path, *env, *command, *file, *url; char **envp, **curenvp, **argv, **search_string_argv = NULL; + char **lastenvp; char *uri; size_t i, len, search_string_argc = 0; ssize_t rbytes; @@ -506,6 +508,7 @@ bozo_process_cgi(bozo_httpreq_t *request for (ix = 0; ix < envpsize; ix++) envp[ix] = NULL; curenvp = envp; + lastenvp = envp + envpsize; SIMPLEQ_FOREACH(headp, >hr_headers, h_next) { const char *s2; @@ -587,6 +590,7 @@ bozo_process_cgi(bozo_httpreq_t *request strerror(errno)); *curenvp = 0; + assert(lastenvp > curenvp); /* * We create 2 procs: one to become the CGI, one read from
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Nov 22 18:21:59 UTC 2018 Modified Files: src/libexec/httpd: main.c Log Message: alpha sort the option switch. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/main.c diff -u src/libexec/httpd/main.c:1.19 src/libexec/httpd/main.c:1.20 --- src/libexec/httpd/main.c:1.19 Thu Nov 22 08:54:08 2018 +++ src/libexec/httpd/main.c Thu Nov 22 18:21:59 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: main.c,v 1.19 2018/11/22 08:54:08 mrg Exp $ */ +/* $NetBSD: main.c,v 1.20 2018/11/22 18:21:59 mrg Exp $ */ /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ @@ -163,92 +163,53 @@ main(int argc, char **argv) "C:EGHI:L:M:P:S:T:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) { switch (c) { - case 'L': - if (!have_lua) -bozoerr(, 1, "Lua support not enabled"); - - /* make sure there's two argument */ - if (argc - optind < 1) -usage(, progname); - bozo_add_lua_map(, optarg, argv[optind]); - optind++; - break; - case 'M': - if (!have_dynamic_content) -bozoerr(, 1, -"dynamic mime content support not enabled"); + case 'b': + if (!have_daemon_mode) + no_daemon_mode: +bozoerr(, 1, "Daemon mode not enabled"); - /* make sure there're four arguments */ - if (argc - optind < 3) -usage(, progname); - bozo_add_content_map_mime(, optarg, argv[optind], - argv[optind+1], argv[optind+2]); - optind += 3; + /* + * test suite support - undocumented + * background == 2 (aka, -b -b) means to + * only process 1 per kid + */ + val = bozo_get_pref(, "background") == NULL ? + "1" : "2"; + bozo_set_pref(, , "background", val); break; - case 'n': - bozo_set_pref(, , "numeric", "true"); - break; + case 'c': + if (!have_cgibin) +bozoerr(, 1, "CGI not enabled"); - case 's': - bozo_set_pref(, , "log to stderr", "true"); + bozo_cgi_setbin(, optarg); break; - case 'S': - bozo_set_pref(, , "server software", - optarg); - break; - case 'Z': - if (!have_ssl) - no_ssl: -bozoerr(, 1, "ssl support not enabled"); + case 'C': + if (!have_dynamic_content && !have_cgibin) +bozoerr(, 1, +"dynamic CGI handler support not enabled"); /* make sure there's two arguments */ if (argc - optind < 1) usage(, progname); - bozo_ssl_set_opts(, optarg, argv[optind++]); - break; - - case 'z': - if (!have_ssl) -goto no_ssl; - - bozo_ssl_set_ciphers(, optarg); - break; - - case 'U': - bozo_set_pref(, , "username", optarg); - break; - - case 'V': - bozo_set_pref(, , "unknown slash", "true"); - break; - - case 'v': - bozo_set_pref(, , "virtual base", optarg); - break; - - case 'x': - bozo_set_pref(, , "index.html", optarg); + bozo_add_content_map_cgi(, optarg, + argv[optind++]); break; - case 'I': - bozo_set_pref(, , "port number", optarg); + case 'd': + if (!have_debug) +bozowarn(, "Debugging not enabled"); + httpd.debug++; break; - case 'b': - if (!have_daemon_mode) - no_daemon_mode: -bozoerr(, 1, "Daemon mode not enabled"); + case 'E': + if (have_user && + have_cgibin) +bozoerr(, 1, "CGI not enabled"); - /* - * test suite support - undocumented - * background == 2 (aka, -b -b) means to - * only process 1 per kid - */ - val = bozo_get_pref(, "background") == NULL ? - "1" : "2"; - bozo_set_pref(, , "background", val); + bozo_set_pref(, , "enable user cgibin", + "true"); break; case 'e': @@ -266,11 +227,58 @@ main(int argc, char **argv) bozo_set_pref(, , "foreground", "true"); break; + case 'G': + { +char version[128]; + +bozo_get_version(version, sizeof(version)); +printf("bozohttpd version %s\n", version); + } + return 0; + + case 'H': + if (!have_dirindex) + no_dirindex_support: +bozoerr(, 1, + "directory indexing not enabled"); + + bozo_set_pref(, , "hide dots", "true"); + break; + + case 'I': + bozo_set_pref(, , "port number", optarg); + break; + case 'i': if (!have_daemon_mode) goto no_daemon_mode; - bozo_set_pref(, , "bind address", optarg); + case 'L': + if (!have_lua) +bozoerr(, 1, "Lua support not enabled"); + + /* make sure there's two argument */ + if (argc - optind < 1) +usage(, progname); + bozo_add_lua_map(, optarg, argv[optind]); + optind++; + break; + + case 'M': + if (!have_dynamic_content) +bozoerr(, 1, +"dynamic mime content support not enabled"); + + /* make sure there're four arguments */ + if (argc - optind < 3) +usage(, progname); + bozo_add_content_map_mime(, optarg, argv[optind], + argv[optind+1], argv[optind+2]); + optind +=
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Nov 22 08:54:08 UTC 2018 Modified Files: src/libexec/httpd: auth-bozo.c bozohttpd.c bozohttpd.h cgi-bozo.c daemon-bozo.c dir-index-bozo.c main.c ssl-bozo.c tilde-luzah-bozo.c Log Message: many clean ups: - keep a list of special files and their human names - remove (void) casts on bozo_http_error() - fix a few more misuses of bozo_http_error() - rename check_mapping() to check_remap() and perform some CSE - switch away from ``%s'' to '%s' - remove a bunch of #ifdef using new have_feature defines To generate a diff of this commit: cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.92 -r1.93 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.41 -r1.42 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/daemon-bozo.c \ src/libexec/httpd/main.c cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/dir-index-bozo.c cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/ssl-bozo.c cvs rdiff -u -r1.15 -r1.16 src/libexec/httpd/tilde-luzah-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.21 src/libexec/httpd/auth-bozo.c:1.22 --- src/libexec/httpd/auth-bozo.c:1.21 Wed Nov 21 09:37:02 2018 +++ src/libexec/httpd/auth-bozo.c Thu Nov 22 08:54:08 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bozo.c,v 1.21 2018/11/21 09:37:02 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.22 2018/11/22 08:54:08 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -117,6 +117,7 @@ bozo_auth_init(bozo_httpreq_t *request) { request->hr_authuser = NULL; request->hr_authpass = NULL; + request->hr_authrealm = NULL; } void Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.92 src/libexec/httpd/bozohttpd.c:1.93 --- src/libexec/httpd/bozohttpd.c:1.92 Wed Nov 21 17:39:19 2018 +++ src/libexec/httpd/bozohttpd.c Thu Nov 22 08:54:08 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.92 2018/11/21 17:39:19 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.93 2018/11/22 08:54:08 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20181121" +#define SERVER_SOFTWARE "bozohttpd/20181122" #endif #ifndef PUBLIC_HTML @@ -169,6 +169,21 @@ #define LOG_FTP LOG_DAEMON #endif +/* + * List of special file that we should never serve. + */ +struct { + const char *file; + const char *name; +} specials[] = { + { DIRECT_ACCESS_FILE, "rejected direct access request" }, + { REDIRECT_FILE, "rejected redirect request" }, + { ABSREDIRECT_FILE, "rejected absredirect request" }, + { REMAP_FILE, "rejected remap request" }, + { AUTH_FILE, "rejected authfile request" }, + { NULL, NULL }, +}; + volatile sig_atomic_t timeout_hit; /* @@ -680,8 +695,7 @@ bozo_read_request(bozohttpd_t *httpd) sigaction(SIGALRM, , NULL); if (clock_gettime(CLOCK_MONOTONIC, ) != 0) { - (void)bozo_http_error(httpd, 500, NULL, - "clock_gettime failed"); + bozo_http_error(httpd, 500, NULL, "clock_gettime failed"); goto cleanup; } @@ -690,8 +704,7 @@ bozo_read_request(bozohttpd_t *httpd) alarm(0); if (clock_gettime(CLOCK_MONOTONIC, ) != 0) { - (void)bozo_http_error(httpd, 500, NULL, -"clock_gettime failed"); + bozo_http_error(httpd, 500, NULL, "clock_gettime failed"); goto cleanup; } /* @@ -711,16 +724,14 @@ bozo_read_request(bozohttpd_t *httpd) timeout_hit = 1; if (timeout_hit) { - (void)bozo_http_error(httpd, 408, NULL, - "request timed out"); + bozo_http_error(httpd, 408, NULL, "request timed out"); goto cleanup; } line++; if (line == 1) { if (len < 1) { -(void)bozo_http_error(httpd, 404, NULL, - "null method"); +bozo_http_error(httpd, 404, NULL, "null method"); goto cleanup; } bozowarn(httpd, @@ -734,13 +745,11 @@ bozo_read_request(bozohttpd_t *httpd) request->hr_file = file; request->hr_query = query; if (method == NULL) { -(void)bozo_http_error(httpd, 404, NULL, - "null method"); +bozo_http_error(httpd, 404, NULL, "null method"); goto cleanup; } if (file == NULL) { -(void)bozo_http_error(httpd, 404, NULL, - "null file"); +bozo_http_error(httpd, 404, NULL, "null file"); goto cleanup; } @@ -768,12 +777,10 @@ bozo_read_request(bozohttpd_t *httpd) break; val = bozostrnsep(, ":", ); - debug((httpd, DEBUG_EXPLODING, - "read_req2: after bozostrnsep: str ``%s'' val ``%s''", - str, val)); + debug((httpd, DEBUG_EXPLODING, "read_req2: after " + "bozostrnsep: str `%s' val `%s'", str, val)); if (val == NULL || len == -1) { -
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Nov 21 17:39:19 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: use MAP_SHARED for the bzremap file. avoids netbsd kernel complaining: WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 15478 command bozohttpd) To generate a diff of this commit: cvs rdiff -u -r1.91 -r1.92 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.91 src/libexec/httpd/bozohttpd.c:1.92 --- src/libexec/httpd/bozohttpd.c:1.91 Wed Nov 21 09:37:02 2018 +++ src/libexec/httpd/bozohttpd.c Wed Nov 21 17:39:19 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.91 2018/11/21 09:37:02 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.92 2018/11/21 17:39:19 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1204,7 +1204,7 @@ check_mapping(bozo_httpreq_t *request) return; } - fmap = mmap(NULL, st.st_size, PROT_READ, 0, mapfile, 0); + fmap = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, mapfile, 0); if (fmap == NULL) { bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d", errno);
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Nov 21 10:25:17 UTC 2018 Modified Files: src/libexec/httpd: dir-index-bozo.c Log Message: two fixes reported by mouse: - don't check contents of 'st' if stat(2) failed. - round up instead of truncate. now 1 byte files say 10kB not 9kB. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/dir-index-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/dir-index-bozo.c diff -u src/libexec/httpd/dir-index-bozo.c:1.26 src/libexec/httpd/dir-index-bozo.c:1.27 --- src/libexec/httpd/dir-index-bozo.c:1.26 Tue Nov 20 01:06:46 2018 +++ src/libexec/httpd/dir-index-bozo.c Wed Nov 21 10:25:17 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: dir-index-bozo.c,v 1.26 2018/11/20 01:06:46 mrg Exp $ */ +/* $NetBSD: dir-index-bozo.c,v 1.27 2018/11/21 10:25:17 mrg Exp $ */ /* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */ @@ -157,7 +157,7 @@ bozo_dir_index(bozo_httpreq_t *request, if (strcmp(name, "..") == 0) { bozo_printf(httpd, ""); l += bozo_printf(httpd, "Parent Directory"); - } else if (S_ISDIR(sb.st_mode)) { + } else if (!nostat && S_ISDIR(sb.st_mode)) { bozo_printf(httpd, "", urlname); l += bozo_printf(httpd, "%s/", htmlname); } else if (strchr(name, ':') != NULL) { @@ -185,6 +185,10 @@ bozo_dir_index(bozo_httpreq_t *request, if (nostat) bozo_printf(httpd, "? ?"); else { + unsigned long long len; + + len = ((unsigned long long)sb.st_size + 1023) / 1024; + tm = gmtime(_mtime); strftime(buf, sizeof buf, "%d-%b-%Y %R", tm); l += bozo_printf(httpd, "%s", buf); @@ -199,8 +203,7 @@ bozo_dir_index(bozo_httpreq_t *request, spacebuf[i] = '\0'; bozo_printf(httpd, "%s", spacebuf); - bozo_printf(httpd, "%12llukB", -(unsigned long long)sb.st_size >> 10); + bozo_printf(httpd, "%12llukB", len); } bozo_printf(httpd, "\r\n"); }
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Wed Nov 21 09:37:02 UTC 2018 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h src/libexec/httpd/testsuite: Makefile html_cmp test-bigfile test-simple Log Message: - move special files defines into bozohttpd.h, so we can ... - consolidate all the special file checks into bozo_check_special_files() so that all builds check the same list of special files, regardless of build options. - convert "(void)bozo_http_error(...); return -1;" into plain "return bozo_http_error(...);" - fix the call to bozo_check_special_files() to be used on all input types. part of the fixes for failure to reject access to /.htpasswd as reported by JP on tech-security. - use warn_unused_result attribute on bozo_check_special_files(), and fix the failures to return failure. second part of the htpasswd access fix. - update testsuite to use a fixed fake hostname. call this bozohttpd 20181121. To generate a diff of this commit: cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/CHANGES cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.90 -r1.91 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.10 -r1.11 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/testsuite/html_cmp cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/testsuite/test-bigfile \ src/libexec/httpd/testsuite/test-simple Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.27 src/libexec/httpd/CHANGES:1.28 --- src/libexec/httpd/CHANGES:1.27 Tue Nov 20 01:06:46 2018 +++ src/libexec/httpd/CHANGES Wed Nov 21 09:37:02 2018 @@ -1,6 +1,6 @@ -$NetBSD: CHANGES,v 1.27 2018/11/20 01:06:46 mrg Exp $ +$NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $ -changes in bozohttpd 20181118: +changes in bozohttpd 20181121: o add url remap support via .bzremap file, from mar...@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which @@ -9,6 +9,7 @@ changes in bozohttpd 20181118: initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling + o fix special file (.htpasswd, .bz*) bypass. reported by JP. changes in bozohttpd 20170201: o fix an infinite loop in cgi processing Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.20 src/libexec/httpd/auth-bozo.c:1.21 --- src/libexec/httpd/auth-bozo.c:1.20 Tue Nov 20 01:06:46 2018 +++ src/libexec/httpd/auth-bozo.c Wed Nov 21 09:37:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bozo.c,v 1.20 2018/11/20 01:06:46 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.21 2018/11/21 09:37:02 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -42,10 +42,6 @@ #include "bozohttpd.h" -#ifndef AUTH_FILE -#define AUTH_FILE ".htpasswd" -#endif - static ssize_t base64_decode(const unsigned char *, size_t, unsigned char *, size_t); @@ -68,7 +64,6 @@ bozo_auth_check(bozo_httpreq_t *request, strcpy(dir, "."); else { *basename++ = '\0'; - /* ensure basename(file) != AUTH_FILE */ if (bozo_check_special_files(request, basename)) return 1; } @@ -173,18 +168,6 @@ bozo_auth_check_headers(bozo_httpreq_t * return 0; } -int -bozo_auth_check_special_files(bozo_httpreq_t *request, -const char *name) -{ - bozohttpd_t *httpd = request->hr_httpd; - - if (strcmp(name, AUTH_FILE) == 0) - return bozo_http_error(httpd, 403, request, -"no permission to open authfile"); - return 0; -} - void bozo_auth_check_401(bozo_httpreq_t *request, int code) { Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.90 src/libexec/httpd/bozohttpd.c:1.91 --- src/libexec/httpd/bozohttpd.c:1.90 Tue Nov 20 01:06:46 2018 +++ src/libexec/httpd/bozohttpd.c Wed Nov 21 09:37:02 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.90 2018/11/20 01:06:46 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.91 2018/11/21 09:37:02 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,26 +109,9 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20181119" -#endif -#ifndef DIRECT_ACCESS_FILE -#define DIRECT_ACCESS_FILE ".bzdirect" -#endif -#ifndef REDIRECT_FILE -#define REDIRECT_FILE ".bzredirect" -#endif -#ifndef ABSREDIRECT_FILE -#define ABSREDIRECT_FILE ".bzabsredirect" -#endif -#ifndef REMAP_FILE -#define REMAP_FILE ".bzremap" +#define SERVER_SOFTWARE "bozohttpd/20181121" #endif -/* - * When you add some .bz* file, make sure to also check it in - * bozo_check_special_files() - */ - #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" #endif @@ -696,7 +679,6 @@
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Nov 20 01:23:06 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.h Log Message: also fix have_dynamic_content from the previous previous. re-order the debug and dynamic content to match the same pattern as everything else so similar problems are less likely in the future. To generate a diff of this commit: cvs rdiff -u -r1.53 -r1.54 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.53 src/libexec/httpd/bozohttpd.h:1.54 --- src/libexec/httpd/bozohttpd.h:1.53 Tue Nov 20 01:19:51 2018 +++ src/libexec/httpd/bozohttpd.h Tue Nov 20 01:23:06 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.53 2018/11/20 01:19:51 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.54 2018/11/20 01:23:06 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -222,13 +222,13 @@ typedef struct bozoprefs_t { #define BOZO_DEAD #endif -#ifndef NO_DEBUG +#ifdef NO_DEBUG +#define debug(x) +#define have_debug (0) +#else void debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4); #define debug(x) debug__ x #define have_debug (1) -#else -#define debug(x) -#define have_debug (0) #endif /* NO_DEBUG */ int bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *); @@ -365,11 +365,11 @@ const char *bozo_content_type(bozo_httpr const char *bozo_content_encoding(bozo_httpreq_t *, const char *); bozo_content_map_t *bozo_match_content_map(bozohttpd_t *, const char *, int); bozo_content_map_t *bozo_get_content_map(bozohttpd_t *, const char *); -#ifndef NO_DYNAMIC_CONTENT -void bozo_add_content_map_mime(bozohttpd_t *, const char *, const char *, - const char *, const char *); +#ifdef NO_DYNAMIC_CONTENT #define have_dynamic_content(0) #else +void bozo_add_content_map_mime(bozohttpd_t *, const char *, const char *, + const char *, const char *); #define have_dynamic_content(1) #endif
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Nov 20 01:15:50 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.h main.c Log Message: move some #if support into bozohttpd.h. To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.52 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/main.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.51 src/libexec/httpd/bozohttpd.h:1.52 --- src/libexec/httpd/bozohttpd.h:1.51 Tue Nov 20 01:06:46 2018 +++ src/libexec/httpd/bozohttpd.h Tue Nov 20 01:15:50 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.51 2018/11/20 01:06:46 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.52 2018/11/20 01:15:50 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -225,8 +225,10 @@ typedef struct bozoprefs_t { #ifndef NO_DEBUG void debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4); #define debug(x) debug__ x +#define have_debug (0) #else #define debug(x) +#define have_debug (1) #endif /* NO_DEBUG */ int bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *); @@ -256,19 +258,23 @@ char *bozostrdup(bozohttpd_t *, bozo_htt #define bozo_noop do { /* nothing */ } while (/*CONSTCOND*/0) +#define have_all (1) + /* ssl-bozo.c */ #ifdef NO_SSL_SUPPORT -#define bozo_ssl_set_opts(w, x, y) bozo_noop -#define bozo_ssl_set_ciphers(w, x, y) bozo_noop -#define bozo_ssl_init(x) bozo_noop -#define bozo_ssl_accept(x) (0) -#define bozo_ssl_destroy(x) bozo_noop +#define bozo_ssl_set_opts(w, x, y) bozo_noop +#define bozo_ssl_set_ciphers(w, x, y) bozo_noop +#define bozo_ssl_init(x)bozo_noop +#define bozo_ssl_accept(x)(0) +#define bozo_ssl_destroy(x)bozo_noop +#define have_ssl (0) #else void bozo_ssl_set_opts(bozohttpd_t *, const char *, const char *); void bozo_ssl_set_ciphers(bozohttpd_t *, const char *); void bozo_ssl_init(bozohttpd_t *); int bozo_ssl_accept(bozohttpd_t *); void bozo_ssl_destroy(bozohttpd_t *); +#define have_ssl (1) #endif @@ -283,64 +289,74 @@ void bozo_auth_check_401(bozo_httpreq_t void bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***); int bozo_auth_cgi_count(bozo_httpreq_t *); #else -#define bozo_auth_init(x) bozo_noop -#define bozo_auth_check(x, y) 0 -#define bozo_auth_cleanup(x) bozo_noop -#define bozo_auth_check_headers(y, z, a, b) 0 -#define bozo_auth_check_special_files(x, y) 0 -#define bozo_auth_check_401(x, y) bozo_noop -#define bozo_auth_cgi_setenv(x, y) bozo_noop -#define bozo_auth_cgi_count(x) 0 +#define bozo_auth_init(x)bozo_noop +#define bozo_auth_check(x, y)(0) +#define bozo_auth_cleanup(x)bozo_noop +#define bozo_auth_check_headers(y, z, a, b) (0) +#define bozo_auth_check_special_files(x, y) (0) +#define bozo_auth_check_401(x, y) bozo_noop +#define bozo_auth_cgi_setenv(x, y) bozo_noop +#define bozo_auth_cgi_count(x)(0) #endif /* DO_HTPASSWD */ /* cgi-bozo.c */ #ifdef NO_CGIBIN_SUPPORT -#define bozo_process_cgi(h)0 +#define bozo_process_cgi(h)(0) +#define have_cgibin (0) #else void bozo_cgi_setbin(bozohttpd_t *, const char *); void bozo_setenv(bozohttpd_t *, const char *, const char *, char **); int bozo_process_cgi(bozo_httpreq_t *); void bozo_add_content_map_cgi(bozohttpd_t *, const char *, const char *); +#define have_cgibin (1) #endif /* NO_CGIBIN_SUPPORT */ /* lua-bozo.c */ #ifdef NO_LUA_SUPPORT -#define bozo_process_lua(h)0 +#define bozo_process_lua(h)(0) +#define have_lua (0) #else void bozo_add_lua_map(bozohttpd_t *, const char *, const char *); int bozo_process_lua(bozo_httpreq_t *); +#define have_lua (1) #endif /* NO_LUA_SUPPORT */ /* daemon-bozo.c */ #ifdef NO_DAEMON_MODE #define bozo_daemon_init(x)bozo_noop -#define bozo_daemon_fork(x)0 +#define bozo_daemon_fork(x)(0) #define bozo_daemon_closefds(x)bozo_noop +#define have_daemon_mode(0) #else void bozo_daemon_init(bozohttpd_t *); int bozo_daemon_fork(bozohttpd_t *); void bozo_daemon_closefds(bozohttpd_t *); +#define have_daemon_mode(1) #endif /* NO_DAEMON_MODE */ /* tilde-luzah-bozo.c */ #ifdef NO_USER_SUPPORT -#define bozo_user_transform(x)0 +#define bozo_user_transform(x)(0) #define bozo_user_free(x)/* nothing */ +#define have_user (0) #else int bozo_user_transform(bozo_httpreq_t *); #define bozo_user_free(x)free(x) +#define have_user (1) #endif /* NO_USER_SUPPORT */ /* dir-index-bozo.c */ #ifdef NO_DIRINDEX_SUPPORT -#define bozo_dir_index(a, b, c)0 +#define bozo_dir_index(a, b, c)(0) +#define have_dirindex (0) #else int bozo_dir_index(bozo_httpreq_t *, const char *, int); +#define have_dirindex (1) #endif /* NO_DIRINDEX_SUPPORT */ @@ -352,6 +368,9 @@ bozo_content_map_t *bozo_get_content_map
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Nov 20 01:19:52 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.h Log Message: fix previous: have_debug was reversed. To generate a diff of this commit: cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.52 src/libexec/httpd/bozohttpd.h:1.53 --- src/libexec/httpd/bozohttpd.h:1.52 Tue Nov 20 01:15:50 2018 +++ src/libexec/httpd/bozohttpd.h Tue Nov 20 01:19:51 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.52 2018/11/20 01:15:50 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.53 2018/11/20 01:19:51 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -225,10 +225,10 @@ typedef struct bozoprefs_t { #ifndef NO_DEBUG void debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4); #define debug(x) debug__ x -#define have_debug (0) +#define have_debug (1) #else #define debug(x) -#define have_debug (1) +#define have_debug (0) #endif /* NO_DEBUG */ int bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Tue Nov 20 01:06:47 UTC 2018 Modified Files: src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c dir-index-bozo.c main.c ssl-bozo.c tilde-luzah-bozo.c src/libexec/httpd/testsuite: Makefile Added Files: src/libexec/httpd/testsuite: t15.in t15.out Log Message: from CHANGES: o reduce default timeouts, and add expand timeouts to handle the initial line, each header, and the total time spent o add -T option to expose new timeout settings o minor RFC fixes related to timeout handling responses old timeouts: 60 seconds for initial request like, 60 seconds per header line, and no whole timeout (though the recent total header size changes do introduce one that would be about 11 hours.) new timeouts: 30 seconds for initial request like, 10 seconds per header line, and a total request time of 600 seconds. the new global timeout is implemented using CLOCK_MONOTONIC, with a fallback to CLOCK_REALTIME if monotonic time is unavailable. reject multiple Host: headers. besides being protocol standard, this closes one additional memory leak found by JP. add a simple test to check this. clean up option and usage handling some. To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/CHANGES cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/auth-bozo.c cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.40 -r1.41 src/libexec/httpd/cgi-bozo.c cvs rdiff -u -r1.14 -r1.15 src/libexec/httpd/content-bozo.c \ src/libexec/httpd/tilde-luzah-bozo.c cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/daemon-bozo.c cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/dir-index-bozo.c cvs rdiff -u -r1.16 -r1.17 src/libexec/httpd/main.c cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/ssl-bozo.c cvs rdiff -u -r1.9 -r1.10 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t15.in \ src/libexec/httpd/testsuite/t15.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.26 src/libexec/httpd/CHANGES:1.27 --- src/libexec/httpd/CHANGES:1.26 Mon Nov 19 04:14:59 2018 +++ src/libexec/httpd/CHANGES Tue Nov 20 01:06:46 2018 @@ -1,10 +1,14 @@ -$NetBSD: CHANGES,v 1.26 2018/11/19 04:14:59 mrg Exp $ +$NetBSD: CHANGES,v 1.27 2018/11/20 01:06:46 mrg Exp $ changes in bozohttpd 20181118: o add url remap support via .bzremap file, from mar...@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which - is now bounded at 16KiB. reported by JP. + is now bounded at 16KiB. reported by JP + o reduce default timeouts, and add expand timeouts to handle the + initial line, each header, and the total time spent + o add -T option to expose new timeout settings + o minor RFC fixes related to timeout handling changes in bozohttpd 20170201: o fix an infinite loop in cgi processing Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.19 src/libexec/httpd/auth-bozo.c:1.20 --- src/libexec/httpd/auth-bozo.c:1.19 Mon Nov 19 04:13:09 2018 +++ src/libexec/httpd/auth-bozo.c Tue Nov 20 01:06:46 2018 @@ -1,9 +1,9 @@ -/* $NetBSD: auth-bozo.c,v 1.19 2018/11/19 04:13:09 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.20 2018/11/20 01:06:46 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2014 Matthew R. Green + * Copyright (c) 1997-2018 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.72 src/libexec/httpd/bozohttpd.8:1.73 --- src/libexec/httpd/bozohttpd.8:1.72 Mon Nov 19 04:14:59 2018 +++ src/libexec/httpd/bozohttpd.8 Tue Nov 20 01:06:46 2018 @@ -1,8 +1,8 @@ -.\" $NetBSD: bozohttpd.8,v 1.72 2018/11/19 04:14:59 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.73 2018/11/20 01:06:46 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2017 Matthew R. Green +.\" Copyright (c) 1997-2018 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 24, 2018 +.Dd November 19, 2018 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -41,6 +41,7 @@ .Op Fl M Ar suffix type encoding encoding11 .Op Fl P Ar pidfile .Op Fl S Ar server_software +.Op Fl T Ar type timeout .Op Fl U Ar username .Op Fl Z Ar cert privkey .Op Fl c Ar cgibin @@ -236,6 +237,19 @@ Sets
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Nov 19 04:15:00 UTC 2018 Modified Files: src/libexec/httpd: CHANGES bozohttpd.8 Log Message: note the changes present in bozohttpd 20181118: o add url remap support via .bzremap file, from mar...@netbsd.org o handle redirections for any protocol, not just http: o fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. To generate a diff of this commit: cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/CHANGES cvs rdiff -u -r1.71 -r1.72 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/CHANGES diff -u src/libexec/httpd/CHANGES:1.25 src/libexec/httpd/CHANGES:1.26 --- src/libexec/httpd/CHANGES:1.25 Tue Jan 31 14:33:54 2017 +++ src/libexec/httpd/CHANGES Mon Nov 19 04:14:59 2018 @@ -1,4 +1,10 @@ -$NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $ +$NetBSD: CHANGES,v 1.26 2018/11/19 04:14:59 mrg Exp $ + +changes in bozohttpd 20181118: + o add url remap support via .bzremap file, from mar...@netbsd.org + o handle redirections for any protocol, not just http: + o fix a denial of service attack against header contents, which + is now bounded at 16KiB. reported by JP. changes in bozohttpd 20170201: o fix an infinite loop in cgi processing Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.71 src/libexec/httpd/bozohttpd.8:1.72 --- src/libexec/httpd/bozohttpd.8:1.71 Fri Aug 24 14:24:50 2018 +++ src/libexec/httpd/bozohttpd.8 Mon Nov 19 04:14:59 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.71 2018/08/24 14:24:50 wiz Exp $ +.\" $NetBSD: bozohttpd.8,v 1.72 2018/11/19 04:14:59 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -585,7 +585,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20180824. +version 20181118. .Sh AUTHORS .An -nosplit .Nm @@ -644,7 +644,8 @@ provided initial IPv6 support .It .An Martin Husemann .Aq Mt mar...@netbsd.org -provided .bzabsredirect support, and fixed various redirection issues +provided .bzabsredirect and .bzredir support, and fixed various +redirection issues .It .An Arto Huusko .Aq Mt arto.huu...@pp2.inet.fi
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Nov 19 04:13:09 UTC 2018 Modified Files: src/libexec/httpd: auth-bozo.c Log Message: avoid memory leak in sending multiple auth headers. mostly mitigated by previous patch to limit total header size, but still a real problem here. To generate a diff of this commit: cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/auth-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/auth-bozo.c diff -u src/libexec/httpd/auth-bozo.c:1.18 src/libexec/httpd/auth-bozo.c:1.19 --- src/libexec/httpd/auth-bozo.c:1.18 Sun Dec 27 10:21:35 2015 +++ src/libexec/httpd/auth-bozo.c Mon Nov 19 04:13:09 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: auth-bozo.c,v 1.18 2015/12/27 10:21:35 mrg Exp $ */ +/* $NetBSD: auth-bozo.c,v 1.19 2018/11/19 04:13:09 mrg Exp $ */ /* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */ @@ -147,6 +147,10 @@ bozo_auth_check_headers(bozo_httpreq_t * char *pass = NULL; ssize_t alen; + /* free prior entries. */ + free(request->hr_authuser); + free(request->hr_authpass); + alen = base64_decode((unsigned char *)str + 6, (size_t)(len - 6), (unsigned char *)authbuf, @@ -158,8 +162,6 @@ bozo_auth_check_headers(bozo_httpreq_t * return bozo_http_error(httpd, 400, request, "bad authorization field"); *pass++ = '\0'; - free(request->hr_authuser); - free(request->hr_authpass); request->hr_authuser = bozostrdup(httpd, request, authbuf); request->hr_authpass = bozostrdup(httpd, request, pass); debug((httpd, DEBUG_FAT,
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Mon Nov 19 04:12:22 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c bozohttpd.h src/libexec/httpd/testsuite: Makefile Added Files: src/libexec/httpd/testsuite: t14.in t14.out Log Message: fix a denial of service attack against header contents, which is now bounded at 16KiB. reported by JP. To generate a diff of this commit: cvs rdiff -u -r1.88 -r1.89 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/bozohttpd.h cvs rdiff -u -r1.8 -r1.9 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t14.in \ src/libexec/httpd/testsuite/t14.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.88 src/libexec/httpd/bozohttpd.c:1.89 --- src/libexec/httpd/bozohttpd.c:1.88 Fri Aug 24 11:41:16 2018 +++ src/libexec/httpd/bozohttpd.c Mon Nov 19 04:12:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.88 2018/08/24 11:41:16 martin Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.89 2018/11/19 04:12:22 mrg Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20180824" +#define SERVER_SOFTWARE "bozohttpd/20181118" #endif #ifndef DIRECT_ACCESS_FILE #define DIRECT_ACCESS_FILE ".bzdirect" @@ -546,6 +546,18 @@ process_method(bozo_httpreq_t *request, return bozo_http_error(httpd, 404, request, "unknown method"); } +/* check header byte count */ +static int +bozo_got_header_length(bozo_httpreq_t *request, size_t len) +{ + request->hr_header_bytes += len; + if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE) + return 0; + + return bozo_http_error(request->hr_httpd, 413, request, + "too many headers"); +} + /* * This function reads a http request from stdin, returning a pointer to a * bozo_httpreq_t structure, describing the request. @@ -720,6 +732,9 @@ bozo_read_request(bozohttpd_t *httpd) while (*val == ' ' || *val == '\t') val++; + if (bozo_got_header_length(request, len)) +goto cleanup; + if (bozo_auth_check_headers(request, val, str, len)) goto next_header; @@ -2069,6 +2084,7 @@ static struct errors_map { { 403, "403 Forbidden", "Access to this item has been denied",}, { 404, "404 Not Found", "This item has not been found", }, { 408, "408 Request Timeout", "This request took too long", }, + { 413, "413 Payload Too Large", "Use smaller requests", }, { 417, "417 Expectation Failed","Expectations not available", }, { 420, "420 Enhance Your Calm","Chill, Winston", }, { 500, "500 Internal Error", "An error occured on the server", }, Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.49 src/libexec/httpd/bozohttpd.h:1.50 --- src/libexec/httpd/bozohttpd.h:1.49 Fri May 4 18:07:23 2018 +++ src/libexec/httpd/bozohttpd.h Mon Nov 19 04:12:22 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.49 2018/05/04 18:07:23 christos Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.50 2018/11/19 04:12:22 mrg Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -175,7 +175,8 @@ typedef struct bozo_httpreq_t { #endif struct qheaders hr_headers; struct qheaders hr_replheaders; - int hr_nheaders; + unsigned hr_nheaders; + size_t hr_header_bytes; } bozo_httpreq_t; /* helper to access the "active" host name from a httpd/request pair */ @@ -199,6 +200,9 @@ typedef struct bozoprefs_t { #define BOZO_MMAPSZ (BOZO_WRSZ * 1024) #endif +/* only allow this many total headers bytes */ +#define BOZO_HEADERS_MAX_SIZE (16 * 1024) + /* debug flags */ #define DEBUG_NORMAL 1 #define DEBUG_FAT 2 Index: src/libexec/httpd/testsuite/Makefile diff -u src/libexec/httpd/testsuite/Makefile:1.8 src/libexec/httpd/testsuite/Makefile:1.9 --- src/libexec/httpd/testsuite/Makefile:1.8 Fri Aug 24 11:41:16 2018 +++ src/libexec/httpd/testsuite/Makefile Mon Nov 19 04:12:22 2018 @@ -1,6 +1,6 @@ # $eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $ -SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 +SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 CGITESTS= t11 BIGFILETESTS= partial4000 partial8000 Added files: Index: src/libexec/httpd/testsuite/t14.in diff -u /dev/null src/libexec/httpd/testsuite/t14.in:1.1 --- /dev/null Mon Nov 19 04:12:23 2018 +++ src/libexec/httpd/testsuite/t14.in Mon Nov 19 04:12:22 2018 @@ -0,0 +1,194 @@ +GET / HTTP/1.1 +Host: +LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd +LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd +LongHeader:
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Sun Nov 18 11:22:11 UTC 2018 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: use __func__ in debug(). To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.40 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.39 src/libexec/httpd/cgi-bozo.c:1.40 --- src/libexec/httpd/cgi-bozo.c:1.39 Tue Nov 28 10:33:51 2017 +++ src/libexec/httpd/cgi-bozo.c Sun Nov 18 11:22:11 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.39 2017/11/28 10:33:51 martin Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.40 2018/11/18 11:22:11 mrg Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -103,7 +103,7 @@ parse_header(bozo_httpreq_t *request, co *hdr_val = value; return 0; -} +} /* * handle parsing a CGI header output, transposing a Status: header @@ -144,8 +144,8 @@ finish_cgi_output(bozohttpd_t *httpd, bo */ if (strcasecmp(hdr_name, "status") == 0) { debug((httpd, DEBUG_OBESE, -"bozo_process_cgi: writing HTTP header " -"from status %s ..", hdr_value)); +"%s: writing HTTP header " +"from status %s ..", __func__, hdr_value)); bozo_printf(httpd, "%s %s\r\n", request->hr_proto, hdr_value); bozo_flush(httpd, stdout); @@ -163,7 +163,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo if (write_header) { debug((httpd, DEBUG_OBESE, - "bozo_process_cgi: writing HTTP header ..")); + "%s: writing HTTP header ..", __func__)); bozo_printf(httpd, "%s 200 OK\r\n", request->hr_proto); bozo_flush(httpd, stdout); @@ -171,7 +171,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo if (nheaders) { debug((httpd, DEBUG_OBESE, - "bozo_process_cgi: writing delayed HTTP headers ..")); + "%s: writing delayed HTTP headers ..", __func__)); SIMPLEQ_FOREACH_SAFE(hdr, , h_next, nhdr) { bozo_printf(httpd, "%s: %s\r\n", hdr->h_header, hdr->h_value); @@ -415,7 +415,7 @@ bozo_process_cgi(bozo_httpreq_t *request file, query ? "?" : "", query ? query : ""); - debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: url `%s'", url)); + debug((httpd, DEBUG_NORMAL, "%s: url `%s'", __func__, url)); path = NULL; envp = NULL; @@ -433,13 +433,13 @@ bozo_process_cgi(bozo_httpreq_t *request cgihandler = content_cgihandler(httpd, request, file + 1); if (cgihandler == NULL) { debug((httpd, DEBUG_FAT, -"bozo_process_cgi: no handler, returning")); +"%s: no handler, returning", __func__)); goto out; } if (len == 0 || file[len - 1] == '/') append_index_html(httpd, ); - debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: cgihandler `%s'", - cgihandler)); + debug((httpd, DEBUG_NORMAL, "%s: cgihandler `%s'", + __func__, cgihandler)); } else if (len - 1 == CGIBIN_PREFIX_LEN) /* url is "/cgi-bin/" */ append_index_html(httpd, ); @@ -498,8 +498,8 @@ bozo_process_cgi(bozo_httpreq_t *request (request->hr_serverport && *request->hr_serverport ? 1 : 0); debug((httpd, DEBUG_FAT, - "bozo_process_cgi: path `%s', cmd `%s', info `%s', " - "query `%s', nph `%d', envpsize `%d'", + "%s: path `%s', cmd `%s', info `%s', " + "query `%s', nph `%d', envpsize `%d'", __func__, path, command, strornull(info), strornull(query), nph, envpsize)); @@ -575,11 +575,11 @@ bozo_process_cgi(bozo_httpreq_t *request bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++); bozo_auth_cgi_setenv(request, ); - debug((httpd, DEBUG_FAT, "bozo_process_cgi: going exec %s with args:", + debug((httpd, DEBUG_FAT, "%s: going exec %s with args:", __func__, path)); for (i = 0; argv[i] != NULL; i++) { - debug((httpd, DEBUG_FAT, "bozo_process_cgi: argv[%zu] = `%s'", + debug((httpd, DEBUG_FAT, "%s: argv[%zu] = `%s'", __func__, i, argv[i])); }
CVS commit: src/libexec/httpd
Module Name:src Committed By: wiz Date: Fri Aug 24 14:24:50 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: Remove trailing whitespace. To generate a diff of this commit: cvs rdiff -u -r1.70 -r1.71 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.70 src/libexec/httpd/bozohttpd.8:1.71 --- src/libexec/httpd/bozohttpd.8:1.70 Fri Aug 24 11:43:13 2018 +++ src/libexec/httpd/bozohttpd.8 Fri Aug 24 14:24:50 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.70 2018/08/24 11:43:13 martin Exp $ +.\" $NetBSD: bozohttpd.8,v 1.71 2018/08/24 14:24:50 wiz Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -513,7 +513,7 @@ file could look like this: .Pp The remap file should be short, access to it is slow and needs to happen on each request. -If a request path needs to include a colon +If a request path needs to include a colon .Pq Li \&: character, it can be escaped with a backslash
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Fri Aug 24 11:43:13 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: Bump date To generate a diff of this commit: cvs rdiff -u -r1.69 -r1.70 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.69 src/libexec/httpd/bozohttpd.8:1.70 --- src/libexec/httpd/bozohttpd.8:1.69 Fri Aug 24 11:41:16 2018 +++ src/libexec/httpd/bozohttpd.8 Fri Aug 24 11:43:13 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.69 2018/08/24 11:41:16 martin Exp $ +.\" $NetBSD: bozohttpd.8,v 1.70 2018/08/24 11:43:13 martin Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd November 28, 2017 +.Dd August 24, 2018 .Dt BOZOHTTPD 8 .Os .Sh NAME
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Fri Aug 24 11:41:16 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.8 bozohttpd.c src/libexec/httpd/testsuite: Makefile Added Files: src/libexec/httpd/testsuite: t12.in t12.out t13.in t13.out src/libexec/httpd/testsuite/data: .bzremap Log Message: Add support for remapping requested paths via a .bzredirect file. Fixes PR 52772. Ok: mrg@ To generate a diff of this commit: cvs rdiff -u -r1.68 -r1.69 src/libexec/httpd/bozohttpd.8 cvs rdiff -u -r1.87 -r1.88 src/libexec/httpd/bozohttpd.c cvs rdiff -u -r1.7 -r1.8 src/libexec/httpd/testsuite/Makefile cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t12.in \ src/libexec/httpd/testsuite/t12.out src/libexec/httpd/testsuite/t13.in \ src/libexec/httpd/testsuite/t13.out cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/data/.bzremap Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.68 src/libexec/httpd/bozohttpd.8:1.69 --- src/libexec/httpd/bozohttpd.8:1.68 Tue Nov 28 12:22:27 2017 +++ src/libexec/httpd/bozohttpd.8 Fri Aug 24 11:41:16 2018 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.68 2017/11/28 12:22:27 wiz Exp $ +.\" $NetBSD: bozohttpd.8,v 1.69 2018/08/24 11:41:16 martin Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -489,6 +489,37 @@ will redirect to Otherwise provided schema will be used i.e. symbolic link to .Em ftp://NetBSD.org/ will redirect to the provided URL. +If a +.Pa .bzremap +file is found at the root of a (virtual) server, it is expected to contain +rewrite mappings for URLs. +.Pp +These remappings are performed internally in the server before authentication +happens and can be used to hide implementation details, like the CGI handler +specific suffix for non cgi scripts in authorized directories. +.Pp +The map file consists of lines two paths separated by a colon, where the left +side needs to exactly match a (sub) path of the request and will be replaced +by the right side. +.Pp +The first match always wins. +.Pp +A +.Pa .bzremap +file could look like this: +.Bd -literal +/nic/update:/auth-dir/updipv4.pl +.Ed +.Pp +The remap file should be short, access to it is slow and needs to happen +on each request. +If a request path needs to include a colon +.Pq Li \&: +character, it can be escaped +with a backslash +.Pq Li \e +The right hand side of the colon is always used verbatim, no escape sequences +are interpreted. .Sh EXAMPLES To configure set of virtual hosts, one would use an .Xr inetd.conf 5 @@ -554,7 +585,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20170201. +version 20180824. .Sh AUTHORS .An -nosplit .Nm Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.87 src/libexec/httpd/bozohttpd.c:1.88 --- src/libexec/httpd/bozohttpd.c:1.87 Sun Jan 28 13:37:39 2018 +++ src/libexec/httpd/bozohttpd.c Fri Aug 24 11:41:16 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.87 2018/01/28 13:37:39 maya Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.88 2018/08/24 11:41:16 martin Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20170201" +#define SERVER_SOFTWARE "bozohttpd/20180824" #endif #ifndef DIRECT_ACCESS_FILE #define DIRECT_ACCESS_FILE ".bzdirect" @@ -120,6 +120,15 @@ #ifndef ABSREDIRECT_FILE #define ABSREDIRECT_FILE ".bzabsredirect" #endif +#ifndef REMAP_FILE +#define REMAP_FILE ".bzremap" +#endif + +/* + * When you add some .bz* file, make sure to also check it in + * bozo_check_special_files() + */ + #ifndef PUBLIC_HTML #define PUBLIC_HTML "public_html" #endif @@ -149,6 +158,7 @@ #include #include #include +#include #include #include #include @@ -1069,6 +1079,154 @@ head: } /* + * Like strncmp(), but s_esc may contain characters escaped by \. + * The len argument does not include the backslashes used for escaping, + * that is: it gives the raw len, after unescaping the string. + */ +static int +esccmp(const char *s_plain, const char *s_esc, size_t len) +{ + bool esc = false; + + while (len) { + if (!esc && *s_esc == '\\') { + esc = true; + s_esc++; + continue; + } + esc = false; + if (*s_plain == 0 || *s_esc == 0 || *s_plain != *s_esc) + return *s_esc - *s_plain; + s_esc++; + s_plain++; + len--; + } + return 0; +} + +/* + * Check if the request refers to a uri that is mapped via a .bzremap. + * We have /requested/path:/re/mapped/to/this.html lines in there, + * and the : separator may be use in the left hand side escaped with + * \ to encode a path containig a : character. + */ +static void +check_mapping(bozo_httpreq_t *request) +{ + bozohttpd_t *httpd =
CVS commit: src/libexec/httpd/testsuite
Module Name:src Committed By: mrg Date: Fri Aug 24 10:04:41 UTC 2018 Modified Files: src/libexec/httpd/testsuite: t3.out t5.out t6.out Log Message: fix output since protocol agnostic change went in. XXX: i thought someone hooked this into atf already, please do :) To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/testsuite/t3.out \ src/libexec/httpd/testsuite/t5.out src/libexec/httpd/testsuite/t6.out Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/testsuite/t3.out diff -u src/libexec/httpd/testsuite/t3.out:1.3 src/libexec/httpd/testsuite/t3.out:1.4 --- src/libexec/httpd/testsuite/t3.out:1.3 Sat Apr 18 07:48:02 2009 +++ src/libexec/httpd/testsuite/t3.out Fri Aug 24 10:04:41 2018 @@ -7,5 +7,5 @@ Allow: GET, HEAD, POST 400 Bad Request 400 Bad Request /: The request was not valid -http://madrugada.eterna.com.au/;>madrugada.eterna.com.au +madrugada.eterna.com.au Index: src/libexec/httpd/testsuite/t5.out diff -u src/libexec/httpd/testsuite/t5.out:1.3 src/libexec/httpd/testsuite/t5.out:1.4 --- src/libexec/httpd/testsuite/t5.out:1.3 Sat Apr 18 07:48:02 2009 +++ src/libexec/httpd/testsuite/t5.out Fri Aug 24 10:04:41 2018 @@ -6,5 +6,5 @@ Server: bozohttpd/20030206 403 Forbidden 403 Forbidden /cgi-bin/..M-@M-/..M-@M-/..M-@M-/..M-@M-/..M-@M-/../winnt/system32/cmd.exe: Access to this item has been denied -http://what-time-is-love.eterna.com.au/;>what-time-is-love.eterna.com.au +what-time-is-love.eterna.com.au Index: src/libexec/httpd/testsuite/t6.out diff -u src/libexec/httpd/testsuite/t6.out:1.3 src/libexec/httpd/testsuite/t6.out:1.4 --- src/libexec/httpd/testsuite/t6.out:1.3 Sat Apr 18 07:48:02 2009 +++ src/libexec/httpd/testsuite/t6.out Fri Aug 24 10:04:41 2018 @@ -6,5 +6,5 @@ Server: bozohttpd/5.15 404 Not Found 404 Not Found x: This item has not been found -http://splode.eterna.com.au/;>splode.eterna.com.au +splode.eterna.com.au
CVS commit: src/libexec/httpd/lua
Module Name:src Committed By: sevan Date: Fri May 4 19:45:27 UTC 2018 Modified Files: src/libexec/httpd/lua: glue.c Log Message: Do not try and process empty requests. This resolves a crash when issuing a carriage return to read_request() in foreground mode. In the C daemon, a NULL check is performed on bozo_read_request in main.c before moving on to bozo_process_request & bozo_clean_request. Here, process_request & clean_request just return instead. To generate a diff of this commit: cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/lua/glue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/lua/glue.c diff -u src/libexec/httpd/lua/glue.c:1.3 src/libexec/httpd/lua/glue.c:1.4 --- src/libexec/httpd/lua/glue.c:1.3 Tue May 1 23:51:53 2018 +++ src/libexec/httpd/lua/glue.c Fri May 4 19:45:27 2018 @@ -155,6 +155,9 @@ l_bozo_process_request(lua_State *L) bozo_httpreq_t *req; req = lua_touserdata(L, 1); + if (req == NULL) { + return 0; + } bozo_process_request(req); lua_pushnumber(L, 1); return 1; @@ -167,6 +170,9 @@ l_bozo_clean_request(lua_State *L) bozo_httpreq_t *req; req = lua_touserdata(L, 1); + if (req == NULL) { + return 0; + } bozo_clean_request(req); lua_pushnumber(L, 1); return 1;
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Fri May 4 18:07:23 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.h Log Message: fix the rest of the compilers. To generate a diff of this commit: cvs rdiff -u -r1.48 -r1.49 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.48 src/libexec/httpd/bozohttpd.h:1.49 --- src/libexec/httpd/bozohttpd.h:1.48 Fri May 4 14:06:44 2018 +++ src/libexec/httpd/bozohttpd.h Fri May 4 14:07:23 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.48 2018/05/04 18:06:44 christos Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.49 2018/05/04 18:07:23 christos Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -210,6 +210,9 @@ typedef struct bozoprefs_t { #if (defined(__GNUC__) && __GNUC__ >= 3) || defined(__lint__) #define BOZO_PRINTFLIKE(x,y) __attribute__((__format__(__printf__, x,y))) #define BOZO_DEAD __attribute__((__noreturn__)) +#else +#define BOZO_PRINTFLIKE(x,y) +#define BOZO_DEAD #endif #ifndef NO_DEBUG
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Fri May 4 18:06:44 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.h Log Message: fix lint To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/libexec/httpd/bozohttpd.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.h diff -u src/libexec/httpd/bozohttpd.h:1.47 src/libexec/httpd/bozohttpd.h:1.48 --- src/libexec/httpd/bozohttpd.h:1.47 Tue Jan 31 09:36:09 2017 +++ src/libexec/httpd/bozohttpd.h Fri May 4 14:06:44 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.h,v 1.47 2017/01/31 14:36:09 mrg Exp $ */ +/* $NetBSD: bozohttpd.h,v 1.48 2018/05/04 18:06:44 christos Exp $ */ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ @@ -207,7 +207,7 @@ typedef struct bozoprefs_t { #define strornull(x) ((x) ? (x) : "") -#if defined(__GNUC__) && __GNUC__ >= 3 +#if (defined(__GNUC__) && __GNUC__ >= 3) || defined(__lint__) #define BOZO_PRINTFLIKE(x,y) __attribute__((__format__(__printf__, x,y))) #define BOZO_DEAD __attribute__((__noreturn__)) #endif
CVS commit: src/libexec/httpd/lua
Module Name:src Committed By: sevan Date: Wed May 2 00:03:27 UTC 2018 Modified Files: src/libexec/httpd/lua: optparse.lua Log Message: Unbreak script for Lua 5.3. This change breaks support for older releases of Lua. To generate a diff of this commit: cvs rdiff -u -r1.1.1.1 -r1.2 src/libexec/httpd/lua/optparse.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/lua/optparse.lua diff -u src/libexec/httpd/lua/optparse.lua:1.1.1.1 src/libexec/httpd/lua/optparse.lua:1.2 --- src/libexec/httpd/lua/optparse.lua:1.1.1.1 Mon May 10 03:30:04 2010 +++ src/libexec/httpd/lua/optparse.lua Wed May 2 00:03:27 2018 @@ -42,7 +42,7 @@ function OptionParser(t) end function o.parse_args() -- expand options (e.g. "--input=file" -> "--input", "file") -local arg = {unpack(arg)} +local arg = {table.unpack(arg)} for i=#arg,1,-1 do local v = arg[i] local flag, val = v:match('^(%-%-%w+)=(.*)') if flag then
CVS commit: src/libexec/httpd/lua
Module Name:src Committed By: sevan Date: Wed May 2 00:00:30 UTC 2018 Modified Files: src/libexec/httpd/lua: bozo.lua Log Message: Pass the expected httpd instance when calling set_pref() process_request() only takes a single argument. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/libexec/httpd/lua/bozo.lua Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/lua/bozo.lua diff -u src/libexec/httpd/lua/bozo.lua:1.2 src/libexec/httpd/lua/bozo.lua:1.3 --- src/libexec/httpd/lua/bozo.lua:1.2 Wed Oct 28 09:20:15 2015 +++ src/libexec/httpd/lua/bozo.lua Wed May 2 00:00:30 2018 @@ -32,7 +32,7 @@ -- command line args dofile "optparse.lua" -opt = OptionParser{usage="%prog [options] root [vhost]", version="20091105"} +opt = OptionParser{usage="%prog [options] root [vhost]", version="20180502"} opt.add_option{"-C", "--cgimap", action="store", dest="cgimap", help="--cgimap 's t'"} opt.add_option{"-E", "--enable-user-cgibin", action="store_true", dest="enableusercgibin", help="--enable-user-cgibin"} @@ -75,22 +75,22 @@ prefs = bozohttpd.init_prefs() -- parse command line args options,args = opt.parse_args() if options.portnum then -bozohttpd.set_pref(prefs, "port number", options.portnum) +bozohttpd.set_pref(httpd, prefs, "port number", options.portnum) end if options.background then -bozohttpd.set_pref(prefs, "background", options.background) +bozohttpd.set_pref(httpd, prefs, "background", options.background) end if options.numeric then -bozohttpd.set_pref(prefs, "numeric", "true") +bozohttpd.set_pref(httpd, prefs, "numeric", "true") end if options.logstderr then -bozohttpd.set_pref(prefs, "log to stderr", "true") +bozohttpd.set_pref(httpd, prefs, "log to stderr", "true") end if options.foreground then -bozohttpd.set_pref(prefs, "foreground", "true") +bozohttpd.set_pref(httpd, prefs, "foreground", "true") end if options.trustedref then -bozohttpd.set_pref(prefs, "trusted referal", "true") +bozohttpd.set_pref(httpd, prefs, "trusted referal", "true") end if options.dynmime then suffix, type, s1, s2 = string.find(options.dynmime, @@ -98,29 +98,29 @@ if options.dynmime then bozohttpd.dynamic_mime(httpd, suffix, type, s1, s2) end if options.serversw then -bozohttpd.set_pref(prefs, "server software", options.serversw) +bozohttpd.set_pref(httpd, prefs, "server software", options.serversw) end if options.ssl then cert, priv = string.find(options.ssl, "(%S+)%s+(%S+)") bozohttpd.dynamic_mime(httpd, cert, priv) end if options.username then -bozohttpd.set_pref(prefs, "username", options.username) +bozohttpd.set_pref(httpd, prefs, "username", options.username) end if options.unknownslash then -bozohttpd.set_pref(prefs, "unknown slash", "true") +bozohttpd.set_pref(httpd, prefs, "unknown slash", "true") end if options.virtbase then -bozohttpd.set_pref(prefs, "virtual base", options.virtbase) +bozohttpd.set_pref(httpd, prefs, "virtual base", options.virtbase) end if options.indexhtml then -bozohttpd.set_pref(prefs, "index.html", options.indexhtml) +bozohttpd.set_pref(httpd, prefs, "index.html", options.indexhtml) end if options.dirtyenv then -bozohttpd.set_pref(prefs, "dirty environment", "true") +bozohttpd.set_pref(httpd, prefs, "dirty environment", "true") end if options.bindaddr then -bozohttpd.set_pref(prefs, "bind address", options.bindaddr) +bozohttpd.set_pref(httpd, prefs, "bind address", options.bindaddr) end if options.cgibin then bozohttpd.cgi_setbin(httpd, options.cgibin) @@ -130,22 +130,22 @@ if options.cgimap then bozohttpd.cgi_map(httpd, name, handler) end if options.public_html then -bozohttpd.set_pref(prefs, "public_html", options.public_html) +bozohttpd.set_pref(httpd, prefs, "public_html", options.public_html) end if options.chroot then -bozohttpd.set_pref(prefs, "chroot dir", options.chroot) +bozohttpd.set_pref(httpd, prefs, "chroot dir", options.chroot) end if options.enableusers then -bozohttpd.set_pref(prefs, "enable users", "true") +bozohttpd.set_pref(httpd, prefs, "enable users", "true") end if options.hidedots then -bozohttpd.set_pref(prefs, "hide dots", "true") +bozohttpd.set_pref(httpd, prefs, "hide dots", "true") end if options.enableusercgibin then -bozohttpd.set_pref(prefs, "enable user cgibin", "true") +bozohttpd.set_pref(httpd, prefs, "enable user cgibin", "true") end if options.dirindex then -bozohttpd.set_pref(prefs, "directory indexing", "true") +bozohttpd.set_pref(httpd, prefs, "directory indexing", "true")
CVS commit: src/libexec/httpd/lua
Module Name:src Committed By: sevan Date: Tue May 1 23:51:53 UTC 2018 Modified Files: src/libexec/httpd/lua: glue.c Log Message: Enable checking arguments for validity. Remove disabled code. Fix function parameters. Add support for Lua 5.3 To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.3 src/libexec/httpd/lua/glue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/lua/glue.c diff -u src/libexec/httpd/lua/glue.c:1.2 src/libexec/httpd/lua/glue.c:1.3 --- src/libexec/httpd/lua/glue.c:1.2 Sun Dec 27 10:21:35 2015 +++ src/libexec/httpd/lua/glue.c Tue May 1 23:51:53 2018 @@ -38,6 +38,7 @@ #include #define LUA_LIB +#define LUA_USE_APICHECK #include #include #include @@ -48,24 +49,6 @@ int luaopen_bozohttpd(lua_State *); -#if 0 -typedef struct strarg_t { - const char *s; /* string */ - const int n; /* corresponding int value */ -} strarg_t; - -/* map a string onto an int */ -static int -findtype(strarg_t *strs, const char *s) -{ - strarg_t *sp; - - for (sp = strs ; sp->s && strcasecmp(sp->s, s) != 0 ; sp++) { - } - return sp->n; -} -#endif - /* init() */ static int l_new(lua_State *L) @@ -102,18 +85,20 @@ l_init_prefs(lua_State *L) return 1; } -/* bozo_set_pref(prefs, name, value) */ +/* bozo_set_pref(httpd, prefs, name, value) */ static int l_bozo_set_pref(lua_State *L) { + bozohttpd_t *httpd; bozoprefs_t *prefs; const char *name; const char *value; - prefs = lua_touserdata(L, 1); - name = luaL_checkstring(L, 2); - value = luaL_checkstring(L, 3); - lua_pushnumber(L, bozo_set_pref(prefs, name, value)); + httpd = lua_touserdata(L, 1); + prefs = lua_touserdata(L, 2); + name = luaL_checkstring(L, 3); + value = luaL_checkstring(L, 4); + lua_pushnumber(L, bozo_set_pref(httpd, prefs, name, value)); return 1; } @@ -163,16 +148,14 @@ l_bozo_read_request(lua_State *L) return 1; } -/* bozo_process_request(httpd, req) */ +/* bozo_process_request(req) */ static int l_bozo_process_request(lua_State *L) { bozo_httpreq_t *req; - bozohttpd_t *httpd; - httpd = lua_touserdata(L, 1); - req = lua_touserdata(L, 2); - bozo_process_request(httpd, req); + req = lua_touserdata(L, 1); + bozo_process_request(req); lua_pushnumber(L, 1); return 1; } @@ -250,7 +233,7 @@ l_bozo_cgi_map(lua_State *L) return 1; } -const struct luaL_reg libluabozohttpd[] = { +const struct luaL_Reg libluabozohttpd[] = { { "new", l_new }, { "init_httpd", l_init_httpd }, { "init_prefs", l_init_prefs }, @@ -273,6 +256,10 @@ const struct luaL_reg libluabozohttpd[] int luaopen_bozohttpd(lua_State *L) { - luaL_openlib(L, "bozohttpd", libluabozohttpd, 0); +#if LUA_VERSION_NUM >= 502 +luaL_newlib(L, libluabozohttpd); +#else +luaL_register(L, "bozohttpd", libluabozohttpd); +#endif return 1; }
CVS commit: src/libexec/httpd
Module Name:src Committed By: christos Date: Tue Feb 6 15:48:46 UTC 2018 Modified Files: src/libexec/httpd: ssl-bozo.c Log Message: - need string.h - cast options to long for OpenSSL-1.1 To generate a diff of this commit: cvs rdiff -u -r1.22 -r1.23 src/libexec/httpd/ssl-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/ssl-bozo.c diff -u src/libexec/httpd/ssl-bozo.c:1.22 src/libexec/httpd/ssl-bozo.c:1.23 --- src/libexec/httpd/ssl-bozo.c:1.22 Mon Dec 28 02:37:59 2015 +++ src/libexec/httpd/ssl-bozo.c Tue Feb 6 10:48:46 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: ssl-bozo.c,v 1.22 2015/12/28 07:37:59 mrg Exp $ */ +/* $NetBSD: ssl-bozo.c,v 1.23 2018/02/06 15:48:46 christos Exp $ */ /* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */ @@ -34,6 +34,7 @@ #include #include +#include #include #include @@ -62,7 +63,7 @@ #ifndef BOZO_SSL_OPTIONS #define BOZO_SSL_OPTIONS \ - (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1) + ((long)(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1)) #endif /* this structure encapsulates the ssl info */
CVS commit: src/libexec/httpd
Module Name:src Committed By: maya Date: Sun Jan 28 13:37:39 UTC 2018 Modified Files: src/libexec/httpd: bozohttpd.c Log Message: Use a protocol-agnostic URL (don't degrade HTTPS->HTTP) Suggested by Travis Paul in PR bin/52958. To generate a diff of this commit: cvs rdiff -u -r1.86 -r1.87 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.86 src/libexec/httpd/bozohttpd.c:1.87 --- src/libexec/httpd/bozohttpd.c:1.86 Sun Feb 5 01:55:03 2017 +++ src/libexec/httpd/bozohttpd.c Sun Jan 28 13:37:39 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.86 2017/02/05 01:55:03 mrg Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.87 2018/01/28 13:37:39 maya Exp $ */ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ @@ -1990,7 +1990,7 @@ bozo_http_error(bozohttpd_t *httpd, int "%s\n" "%s\n" "%s%s: %s\n" - "http://%s%s/\;>%s%s\n" + "%s%s\n" "\n", header, header, user ? user : "", file,
CVS commit: src/libexec/httpd
Module Name:src Committed By: wiz Date: Tue Nov 28 12:22:27 UTC 2017 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: Document script handler issues with httpd(8). >From martin@, addressing PR 52194. While here, use American spelling consistently and upper-case some abbreviations. Bump date. To generate a diff of this commit: cvs rdiff -u -r1.67 -r1.68 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.67 src/libexec/httpd/bozohttpd.8:1.68 --- src/libexec/httpd/bozohttpd.8:1.67 Fri Jul 7 07:05:49 2017 +++ src/libexec/httpd/bozohttpd.8 Tue Nov 28 12:22:27 2017 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.67 2017/07/07 07:05:49 mrg Exp $ +.\" $NetBSD: bozohttpd.8,v 1.68 2017/11/28 12:22:27 wiz Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 1, 2017 +.Dd November 28, 2017 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -219,7 +219,7 @@ option. .It Fl P Ar pidfile Causes .Nm -to create a pid file in +to create a PID file in .Ar pidfile when run in daemon mode with the .Fl b @@ -284,7 +284,7 @@ If no directory exists in for the request, then .Ar slashdir will be used. -The default behaviour is to return 404 (Not Found.) +The default behavior is to return 404 (Not Found.) .It Fl v Ar virtualroot Enables virtual hosting support. Directories in @@ -314,7 +314,7 @@ Sets the list of SSL ciphers (see .Xr SSL_CTX_set_cipher_list 3 ) . .It Fl Z Ar certificate_path privatekey_path Sets the path to the server certificate file and the private key file -in pem format. +in PEM format. It also causes .Nm to start SSL mode. @@ -388,9 +388,9 @@ Lua support (NO_LUA_SUPPORT), and SSL support (NO_SSL_SUPPORT) by defining the listed macros when building .Nm . -.Ss HTTP BASIC AUTHORISATION +.Ss HTTP BASIC AUTHORIZATION .Nm -has support for HTTP Basic Authorisation. +has support for HTTP Basic Authorization. If a file named .Pa .htpasswd exists in the directory of the current request, @@ -406,7 +406,7 @@ This does not recursively protect any su The .Pa .htpasswd file contains lines delimited with a colon containing -usernames and passwords hashed with +user names and passwords hashed with .Xr crypt 3 , for example: .Bd -literal @@ -424,7 +424,7 @@ While .Nm distributed with .Nx -has support for HTTP Basic Authorisation enabled by default, +has support for HTTP Basic Authorization enabled by default, in the portable distribution it is excluded. Compile .Nm @@ -458,7 +458,7 @@ looks for a couple of special files in d to be provided on a per-directory basis. In addition to the .Pa .htpasswd -used by HTTP basic authorisation, +used by HTTP basic authorization, if a .Pa .bzdirect file is found (contents are irrelevant) @@ -478,7 +478,7 @@ If a .Pa .bzabsredirect symbolic link is found, .Nm -will redirect to the absolute url pointed to by this symlink. +will redirect to the absolute URL pointed to by this symlink. This is useful to redirect to different servers. Two forms of redirection are supported - symbolic link without schema will use .Em http:// @@ -514,6 +514,29 @@ Typically this will be like: .Bd -literal httpd -C .php /usr/pkg/bin/php-cgi /var/www .Ed +.Pp +Note that a plain script interpreter can not be used directly as a cgihandler, +as there are no command line options passed from +.Nm +to avoid security issues. +.Pp +If no CGI-aware wrapper exists, a simple shell script like the following +might do. +.Pp +It would be invoked like: +.Bd -literal +httpd -C .pl /www-scripts/bin/run.perl /var/www +.Ed +and the script could look like: +.Bd -literal +#! /bin/sh + +if [ -r "$SCRIPT_FILENAME" -a -x "$SCRIPT_FILENAME" ]; then + exec /usr/pkg/bin/perl "$SCRIPT_FILENAME" +fi + +exit 1 +.Ed .Sh SEE ALSO .Xr inetd.conf 5 , .Xr inetd 8 @@ -606,11 +629,11 @@ provided cgi-bin enhancements .It .An Nicolas Jombart .Aq Mt e...@ipv42.net -provided fixes for HTTP basic authorisation support +provided fixes for HTTP basic authorization support .It .An Antti Kantee .Aq Mt po...@netbsd.org -provided fixes for HTTP basic authorisation support +provided fixes for HTTP basic authorization support .It .An Thomas Klausner .Aq Mt w...@netbsd.org @@ -644,7 +667,7 @@ option (pidfile support) and provided so .An Luke Mewburn .Aq Mt lu...@netbsd.org provided many various fixes, including cgi-bin fixes and enhancements, -HTTP basic authorisation support and much code clean up +HTTP basic authorization support and much code clean up .It .An Rajeev V. Pillai .Aq Mt rajeev_v_pil...@yahoo.com @@ -686,7 +709,7 @@ provided a man page fix .It .An Holger Weiss .Aq Mt hol...@cis.fu-berlin.de -provided http authorisation
CVS commit: src/libexec/httpd
Module Name:src Committed By: martin Date: Tue Nov 28 10:33:51 UTC 2017 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism sometimes with EFAULT due to not NULL terminated environment. To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.38 src/libexec/httpd/cgi-bozo.c:1.39 --- src/libexec/httpd/cgi-bozo.c:1.38 Thu Oct 5 04:22:41 2017 +++ src/libexec/httpd/cgi-bozo.c Tue Nov 28 10:33:51 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.38 2017/10/05 04:22:41 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.39 2017/11/28 10:33:51 martin Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -587,6 +587,8 @@ bozo_process_cgi(bozo_httpreq_t *request bozoerr(httpd, 1, "child socketpair failed: %s", strerror(errno)); + *curenvp = 0; + /* * We create 2 procs: one to become the CGI, one read from * the CGI and output to the network, and this parent will
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Thu Oct 5 04:22:41 UTC 2017 Modified Files: src/libexec/httpd: cgi-bozo.c Log Message: s/u_int/unsigned/. from Jan Danielsson. increases/fixes portability. To generate a diff of this commit: cvs rdiff -u -r1.37 -r1.38 src/libexec/httpd/cgi-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/cgi-bozo.c diff -u src/libexec/httpd/cgi-bozo.c:1.37 src/libexec/httpd/cgi-bozo.c:1.38 --- src/libexec/httpd/cgi-bozo.c:1.37 Tue Jan 31 14:36:09 2017 +++ src/libexec/httpd/cgi-bozo.c Thu Oct 5 04:22:41 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: cgi-bozo.c,v 1.37 2017/01/31 14:36:09 mrg Exp $ */ +/* $NetBSD: cgi-bozo.c,v 1.38 2017/10/05 04:22:41 mrg Exp $ */ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ @@ -517,8 +517,8 @@ bozo_process_cgi(bozo_httpreq_t *request strcpy(t, "HTTP_"); t += strlen(t); for (s2 = headp->h_header; *s2; t++, s2++) - if (islower((u_int)*s2)) -*t = toupper((u_int)*s2); + if (islower((unsigned)*s2)) +*t = toupper((unsigned)*s2); else if (*s2 == '-') *t = '_'; else
CVS commit: src/libexec/httpd
Module Name:src Committed By: mrg Date: Fri Jul 7 07:05:49 UTC 2017 Modified Files: src/libexec/httpd: bozohttpd.8 Log Message: fix ordering of a couple of words. from Edgar Pettijohn in PR#52375. thanks! To generate a diff of this commit: cvs rdiff -u -r1.66 -r1.67 src/libexec/httpd/bozohttpd.8 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/bozohttpd.8 diff -u src/libexec/httpd/bozohttpd.8:1.66 src/libexec/httpd/bozohttpd.8:1.67 --- src/libexec/httpd/bozohttpd.8:1.66 Mon Jul 3 21:35:48 2017 +++ src/libexec/httpd/bozohttpd.8 Fri Jul 7 07:05:49 2017 @@ -1,4 +1,4 @@ -.\" $NetBSD: bozohttpd.8,v 1.66 2017/07/03 21:35:48 wiz Exp $ +.\" $NetBSD: bozohttpd.8,v 1.67 2017/07/07 07:05:49 mrg Exp $ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" @@ -488,7 +488,7 @@ will redirect to .Em http://NetBSD.org/ Otherwise provided schema will be used i.e. symbolic link to .Em ftp://NetBSD.org/ -will redirect to provided the URL. +will redirect to the provided URL. .Sh EXAMPLES To configure set of virtual hosts, one would use an .Xr inetd.conf 5
CVS commit: src/libexec/httpd
Module Name:src Committed By: alnsn Date: Sun May 28 22:37:36 UTC 2017 Modified Files: src/libexec/httpd: lua-bozo.c Log Message: Cosmetic changes to Lua binding in bozohttpd. - Don't use negative indicies to read arguments of Lua functions. - On error, return nil, "error string". - Use ssize_t for return values from bozo_read() and bozo_write(). - Prefer lstring especially when if saves you from appending NUL and doing len + 1 which can potentially wraparound. - Don't mix C allocations with Lua functions marked with "m" in the Lua manual. Those functions may throw (longjump) and leak data allocated by C function. In one case, I use luaL_Buffer, in the other case, I rearranged calls a bit. To generate a diff of this commit: cvs rdiff -u -r1.14 -r1.15 src/libexec/httpd/lua-bozo.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Modified files: Index: src/libexec/httpd/lua-bozo.c diff -u src/libexec/httpd/lua-bozo.c:1.14 src/libexec/httpd/lua-bozo.c:1.15 --- src/libexec/httpd/lua-bozo.c:1.14 Mon Dec 28 07:37:59 2015 +++ src/libexec/httpd/lua-bozo.c Sun May 28 22:37:36 2017 @@ -1,4 +1,4 @@ -/* $NetBSD: lua-bozo.c,v 1.14 2015/12/28 07:37:59 mrg Exp $ */ +/* $NetBSD: lua-bozo.c,v 1.15 2017/05/28 22:37:36 alnsn Exp $ */ /* * Copyright (c) 2013 Marc Balmer@@ -51,8 +51,8 @@ #define FORM "application/x-www-form-urlencoded" -static int -lua_flush(lua_State *L) +static bozohttpd_t * +httpd_instance(lua_State *L) { bozohttpd_t *httpd; @@ -61,6 +61,14 @@ lua_flush(lua_State *L) httpd = lua_touserdata(L, -1); lua_pop(L, 1); + return httpd; +} + +static int +lua_flush(lua_State *L) +{ + bozohttpd_t *httpd = httpd_instance(L); + bozo_flush(httpd, stdout); return 0; } @@ -68,63 +76,57 @@ lua_flush(lua_State *L) static int lua_print(lua_State *L) { - bozohttpd_t *httpd; - - lua_pushstring(L, "bozohttpd"); - lua_gettable(L, LUA_REGISTRYINDEX); - httpd = lua_touserdata(L, -1); - lua_pop(L, 1); + bozohttpd_t *httpd = httpd_instance(L); - bozo_printf(httpd, "%s\r\n", lua_tostring(L, -1)); + bozo_printf(httpd, "%s\r\n", lua_tostring(L, 1)); return 0; } static int lua_read(lua_State *L) { - bozohttpd_t *httpd; - int n, len; + bozohttpd_t *httpd = httpd_instance(L); + luaL_Buffer lbuf; char *data; + lua_Integer len; + ssize_t n; - lua_pushstring(L, "bozohttpd"); - lua_gettable(L, LUA_REGISTRYINDEX); - httpd = lua_touserdata(L, -1); - lua_pop(L, 1); + len = luaL_checkinteger(L, 1); + data = luaL_buffinitsize(L, , (size_t)len); - len = luaL_checkinteger(L, -1); - data = bozomalloc(httpd, len + 1); - n = bozo_read(httpd, STDIN_FILENO, data, len); - if (n >= 0) { - data[n] = '\0'; - lua_pushstring(L, data); - } else + if ((n = bozo_read(httpd, STDIN_FILENO, data, len)) >= 0) { + luaL_pushresultsize(, n); + return 1; + } else { lua_pushnil(L); - free(data); - return 1; + lua_pushstring(L, "bozo_read() call failed"); + return 2; + } } static int lua_register_handler(lua_State *L) { + bozohttpd_t *httpd = httpd_instance(L); lua_state_map_t *map; lua_handler_t *handler; - bozohttpd_t *httpd; + const char *name; + int ref; lua_pushstring(L, "lua_state_map"); lua_gettable(L, LUA_REGISTRYINDEX); map = lua_touserdata(L, -1); - lua_pushstring(L, "bozohttpd"); - lua_gettable(L, LUA_REGISTRYINDEX); - httpd = lua_touserdata(L, -1); - lua_pop(L, 2); + lua_pop(L, 1); + + name = luaL_checkstring(L, 1); - luaL_checkstring(L, 1); luaL_checktype(L, 2, LUA_TFUNCTION); + lua_pushvalue(L, 2); + ref = luaL_ref(L, LUA_REGISTRYINDEX); handler = bozomalloc(httpd, sizeof(lua_handler_t)); - - handler->name = bozostrdup(httpd, NULL, lua_tostring(L, 1)); - handler->ref = luaL_ref(L, LUA_REGISTRYINDEX); + handler->name = bozostrdup(httpd, NULL, name); + handler->ref = ref; SIMPLEQ_INSERT_TAIL(>handlers, handler, h_next); httpd->process_lua = 1; return 0; @@ -133,23 +135,26 @@ lua_register_handler(lua_State *L) static int lua_write(lua_State *L) { - bozohttpd_t *httpd; + bozohttpd_t *httpd = httpd_instance(L); const char *data; + size_t len; + ssize_t n; - lua_pushstring(L, "bozohttpd"); - lua_gettable(L, LUA_REGISTRYINDEX); - httpd = lua_touserdata(L, -1); - lua_pop(L, 1); - - data = luaL_checkstring(L, -1); - lua_pushinteger(L, bozo_write(httpd, STDIN_FILENO, data, strlen(data))); - return 1; + data = luaL_checklstring(L, 1, ); + if ((n = bozo_write(httpd, STDIN_FILENO, data, len)) >= 0) { + lua_pushinteger(L, n); + return 1; + } else { + lua_pushnil(L); + lua_pushstring(L, "bozo_write() call failed"); + return 2; + } } static int luaopen_httpd(lua_State *L) { - struct luaL_Reg functions[] = { + static struct luaL_Reg functions[] = { { "flush", lua_flush }, { "print", lua_print }, { "read", lua_read },