CVS commit: src/libexec/httpd

2021-05-05 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed May  5 07:41:48 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h
src/libexec/httpd/testsuite: t10.out

Log Message:
don't assume host BUFSIZ is sufficent.  small BUFSIZ leads to
always happens errors in the testsuite.  switch all these buffers
to be 4KiB sized.  reported by embr 


To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.131 -r1.132 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.68 -r1.69 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.2 -r1.3 src/libexec/httpd/testsuite/t10.out

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.48 src/libexec/httpd/CHANGES:1.49
--- src/libexec/httpd/CHANGES:1.48	Sun Apr  4 18:14:26 2021
+++ src/libexec/httpd/CHANGES	Wed May  5 07:41:48 2021
@@ -1,4 +1,9 @@
-$NetBSD: CHANGES,v 1.48 2021/04/04 18:14:26 mrg Exp $
+$NetBSD: CHANGES,v 1.49 2021/05/05 07:41:48 mrg Exp $
+
+changes in bozohttpd 20210504:
+	o  don't assume host BUFSIZ is sufficent.  small BUFSIZ leads to
+	   always happens errors in the testsuite.  switch all these buffers
+	   to be 4KiB sized.  reported by embr 
 
 changes in bozohttpd 20210403:
 	o  fix a denial of service attack against initial request contents,

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.26 src/libexec/httpd/auth-bozo.c:1.27
--- src/libexec/httpd/auth-bozo.c:1.26	Thu Oct 15 02:19:23 2020
+++ src/libexec/httpd/auth-bozo.c	Wed May  5 07:41:48 2021
@@ -1,9 +1,9 @@
-/*	$NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.27 2021/05/05 07:41:48 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -54,7 +54,7 @@ bozo_auth_check(bozo_httpreq_t *request,
 	bozohttpd_t *httpd = request->hr_httpd;
 	struct stat sb;
 	char dir[MAXPATHLEN], authfile[MAXPATHLEN], *basename;
-	char user[BUFSIZ], *pass;
+	char user[BOZO_MINBUFSIZE], *pass;
 	FILE *fp;
 	int len;
 
@@ -144,7 +144,7 @@ bozo_auth_check_headers(bozo_httpreq_t *
 
 	if (strcasecmp(val, "authorization") == 0 &&
 	strncasecmp(str, "Basic ", 6) == 0) {
-		char	authbuf[BUFSIZ];
+		char	authbuf[BOZO_MINBUFSIZE];
 		char	*pass = NULL;
 		ssize_t	alen;
 

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.131 src/libexec/httpd/bozohttpd.c:1.132
--- src/libexec/httpd/bozohttpd.c:1.131	Wed May  5 07:09:19 2021
+++ src/libexec/httpd/bozohttpd.c	Wed May  5 07:41:48 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.131 2021/05/05 07:09:19 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.132 2021/05/05 07:41:48 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20210403"
+#define SERVER_SOFTWARE		"bozohttpd/20210504"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
@@ -2275,7 +2275,7 @@ bozo_http_error(bozohttpd_t *httpd, int 
 		}
 #endif /* !NO_USER_SUPPORT */
 
-		size = snprintf(httpd->errorbuf, BUFSIZ,
+		size = snprintf(httpd->errorbuf, BOZO_MINBUFSIZE,
 		"%s\n"
 		"%s\n"
 		"%s%s: %s\n"
@@ -2285,10 +2285,10 @@ bozo_http_error(bozohttpd_t *httpd, int 
 		user ? user : "", file,
 		reason, hostname, portbuf, hostname, portbuf);
 		free(user);
-		if (size >= (int)BUFSIZ) {
+		if (size >= (int)BOZO_MINBUFSIZE) {
 			bozowarn(httpd,
 "bozo_http_error buffer too small, truncated");
-			size = (int)BUFSIZ;
+			size = (int)BOZO_MINBUFSIZE;
 		}
 
 		if (file_alloc)
@@ -2515,7 +2515,7 @@ bozo_init_httpd(bozohttpd_t *httpd)
 	httpd->mmapsz = BOZO_MMAPSZ;
 
 	/* error buffer for bozo_http_error() */
-	if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) {
+	if ((httpd->errorbuf = malloc(BOZO_MINBUFSIZE)) == NULL) {
 		fprintf(stderr,
 			"bozohttpd: memory_allocation failure\n");
 		return 0;

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.68 src/libexec/httpd/bozohttpd.h:1.69
--- src/libexec/httpd/bozohttpd.h:1.68	Sat Feb 27 12:36:46 2021
+++ src/libexec/httpd/bozohttpd.h	Wed May  5 07:41:48 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.68 2021/02/27 12:36:46 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.69 2021/05/05 07:41:48 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -227,6 +227,8 @@ typedef struct bozoprefs_t {
 /* only allow this many total headers bytes */
 #define BOZO_HEADERS_MAX_SIZE (16 * 1024)
 
+#define BOZO_MINBUFSIZE (4 * 1024)
+
 /* debug flags

CVS commit: src/libexec/httpd

2021-05-05 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed May  5 07:09:19 UTC 2021

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
include .  bozo_unconst() uses uintptr_t defined here.
from embr .


To generate a diff of this commit:
cvs rdiff -u -r1.130 -r1.131 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.130 src/libexec/httpd/bozohttpd.c:1.131
--- src/libexec/httpd/bozohttpd.c:1.130	Thu Apr  8 07:02:11 2021
+++ src/libexec/httpd/bozohttpd.c	Wed May  5 07:09:19 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.130 2021/04/08 07:02:11 rillig Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.131 2021/05/05 07:09:19 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -138,6 +138,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include

CVS commit: src/libexec/httpd

2021-04-08 Thread Roland Illig 
Module Name:src
Committed By:   rillig
Date:   Thu Apr  8 07:02:12 UTC 2021

Modified Files:
src/libexec/httpd: bozohttpd.c cgi-bozo.c

Log Message:
bozohttpd: fix argument type for functions from 

Found by the recently added check to lint (message 342).

ok mrg@


To generate a diff of this commit:
cvs rdiff -u -r1.129 -r1.130 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.53 -r1.54 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.129 src/libexec/httpd/bozohttpd.c:1.130
--- src/libexec/httpd/bozohttpd.c:1.129	Sun Apr  4 18:14:26 2021
+++ src/libexec/httpd/bozohttpd.c	Thu Apr  8 07:02:11 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.129 2021/04/04 18:14:26 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.130 2021/04/08 07:02:11 rillig Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1110,7 +1110,7 @@ handle_redirect(bozo_httpreq_t *request,
 		 */
 		if (sep) {
 			for (s = url; s != sep;) {
-if (!isalnum((int)*s) &&
+if (!isalnum((unsigned char)*s) &&
 *s != '+' && *s != '-' && *s != '.')
 	break;
 if (++s == sep) {

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.53 src/libexec/httpd/cgi-bozo.c:1.54
--- src/libexec/httpd/cgi-bozo.c:1.53	Sat Feb 27 12:36:46 2021
+++ src/libexec/httpd/cgi-bozo.c	Thu Apr  8 07:02:12 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.53 2021/02/27 12:36:46 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.54 2021/04/08 07:02:12 rillig Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -289,7 +289,8 @@ parse_search_string(bozo_httpreq_t *requ
 			goto parse_err;
 		while (*s) {
 			/* check if it's unreserved */
-			if (isalpha((int)*s) || isdigit((int)*s) ||
+			if (isalpha((unsigned char)*s) ||
+			isdigit((unsigned char)*s) ||
 			strchr(UNRESERVED_CHAR, *s)) {
 s++;
 continue;
@@ -299,8 +300,8 @@ parse_search_string(bozo_httpreq_t *requ
 			if (*s == '%') {
 if (s[1] == '\0' || s[2] == '\0')
 	goto parse_err;
-if (!isxdigit((int)s[1]) ||
-!isxdigit((int)s[2]))
+if (!isxdigit((unsigned char)s[1]) ||
+!isxdigit((unsigned char)s[2]))
 	goto parse_err;
 s += 3;
 continue;
@@ -517,8 +518,8 @@ bozo_process_cgi(bozo_httpreq_t *request
 		strcpy(t, "HTTP_");
 		t += strlen(t);
 		for (s2 = headp->h_header; *s2; t++, s2++)
-			if (islower((unsigned)*s2))
-*t = toupper((unsigned)*s2);
+			if (islower((unsigned char)*s2))
+*t = toupper((unsigned char)*s2);
 			else if (*s2 == '-')
 *t = '_';
 			else

CVS commit: src/libexec/httpd/small

2021-04-08 Thread Roland Illig 
Module Name:src
Committed By:   rillig
Date:   Thu Apr  8 06:52:42 UTC 2021

Modified Files:
src/libexec/httpd/small: Makefile

Log Message:
bozohttpd-small: fix typo in SRCS, fix targets dependall and lint

The additional ':' after 'main.c' had no effect on the compilation since
the suffix is removed when computing the list of object files.  The ':'
excluded main.c from the dependency computation and from lint.

By defining CPPFLAGS instead of CFLAGS, the default "-O2" steps in
again, and the proper flags are passed to lint, which did not work
before at all because it could not find an included file.


To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/small/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/small/Makefile
diff -u src/libexec/httpd/small/Makefile:1.5 src/libexec/httpd/small/Makefile:1.6
--- src/libexec/httpd/small/Makefile:1.5	Thu Apr  8 06:44:55 2021
+++ src/libexec/httpd/small/Makefile	Thu Apr  8 06:52:42 2021
@@ -1,9 +1,10 @@
+#	$NetBSD: Makefile,v 1.6 2021/04/08 06:52:42 rillig Exp $
 #	$eterna: Makefile,v 1.1 2009/05/22 21:51:39 mrg Exp $
 
 # build a 100% lean bozohttpd-small.c
 PROG=	bozohttpd-small
 NOMAN=	# defined
-SRCS=	bozohttpd-small.c content-bozo-small.c ssl-bozo.c main.c:
+SRCS=	bozohttpd-small.c content-bozo-small.c ssl-bozo.c main.c
 
 LEAN_IFDEF_FLAGS=	-UDEBUG -DNO_USER_SUPPORT \
 			-DNO_CGIBIN_SUPPORT -DNO_DIRINDEX_SUPPORT \
@@ -11,7 +12,7 @@ LEAN_IFDEF_FLAGS=	-UDEBUG -DNO_USER_SUPP
 			-DNO_SSL_SUPPORT -UDO_HTPASSWD \
 			-DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT
 
-CFLAGS=	-I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS}
+CPPFLAGS=	-I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS}
 
 bozohttpd-small.c: bozohttpd.c
 	unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp;			\

CVS commit: src/libexec/httpd/small

2021-04-08 Thread Roland Illig 
Module Name:src
Committed By:   rillig
Date:   Thu Apr  8 06:44:55 UTC 2021

Modified Files:
src/libexec/httpd/small: Makefile

Log Message:
bozohttpd-small: fix error handling for unifdef

The second of the '$$?' was spelled only '$?'.  At the time where this
shell expression was evaluated, it had already been overwritten by the
preceding command '['.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/small/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/small/Makefile
diff -u src/libexec/httpd/small/Makefile:1.4 src/libexec/httpd/small/Makefile:1.5
--- src/libexec/httpd/small/Makefile:1.4	Mon Jul 13 10:35:17 2020
+++ src/libexec/httpd/small/Makefile	Thu Apr  8 06:44:55 2021
@@ -14,13 +14,21 @@ LEAN_IFDEF_FLAGS=	-UDEBUG -DNO_USER_SUPP
 CFLAGS=	-I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS}
 
 bozohttpd-small.c: bozohttpd.c
-	unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp ;\
-	if [ $$? -ne 1 ]; then echo "unifdef returned $?, expecting 1" 2>&1; false; fi
+	unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp;			\
+	status=$$?;			\
+	if [ $$status -ne 1 ]; then	\
+		echo "unifdef returned $$status, expecting 1" 2>&1;	\
+		false;			\
+	fi
 	mv -f $@.tmp $@
 
 content-bozo-small.c: content-bozo.c
-	unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp ;\
-	if [ $$? -ne 1 ]; then echo "unifdef returned $?, expecting 1" 2>&1; false; fi
+	unifdef $(LEAN_IFDEF_FLAGS) < $> > $@.tmp;			\
+	status=$$?;			\
+	if [ $$status -ne 1 ]; then	\
+		echo "unifdef returned $$status, expecting 1" 2>&1;	\
+		false;			\
+	fi
 	mv -f $@.tmp $@
 
 CLEANFILES+=	content-bozo-small.c bozohttpd-small.c

CVS commit: src/libexec/httpd

2021-04-04 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Apr  4 18:14:27 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.c

Log Message:
avoid DoS in initial request size, which is now bounded at 16KiB.
reported by Justin Parrott in PR#56085.


To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.128 -r1.129 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.47 src/libexec/httpd/CHANGES:1.48
--- src/libexec/httpd/CHANGES:1.47	Sat Feb 27 12:55:25 2021
+++ src/libexec/httpd/CHANGES	Sun Apr  4 18:14:26 2021
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.47 2021/02/27 12:55:25 mrg Exp $
+$NetBSD: CHANGES,v 1.48 2021/04/04 18:14:26 mrg Exp $
+
+changes in bozohttpd 20210403:
+	o  fix a denial of service attack against initial request contents,
+   now bounded at 16KiB.  reported by Justin Parrott in PR#56085
 
 changes in bozohttpd 20210227:
 	o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.128 src/libexec/httpd/bozohttpd.c:1.129
--- src/libexec/httpd/bozohttpd.c:1.128	Sat Feb 27 12:55:25 2021
+++ src/libexec/httpd/bozohttpd.c	Sun Apr  4 18:14:26 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.128 2021/02/27 12:55:25 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.129 2021/04/04 18:14:26 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20210227"
+#define SERVER_SOFTWARE		"bozohttpd/20210403"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
@@ -852,6 +852,10 @@ bozo_read_request(bozohttpd_t *httpd)
 next_header:
 		alarm(httpd->header_timeout);
 	}
+	if (str == NULL) {
+		bozo_http_error(httpd, 413, request, "request too large");
+		goto cleanup;
+	}
 
 	/* now, clear it all out */
 	alarm(0);
@@ -2124,7 +2128,7 @@ bozo_escape_html(bozohttpd_t *httpd, con
 	if (httpd)
 		tmp = bozomalloc(httpd, len);
 	else if ((tmp = malloc(len)) == 0)
-			return NULL;
+		return NULL;
 
 	for (i = 0, j = 0; url[i]; i++) {
 		switch (url[i]) {
@@ -2373,6 +2377,9 @@ bozostrnsep(char **strp, const char *del
  * inspired by fgetln(3), but works for fd's.  should work identically
  * except it, however, does *not* return the newline, and it does nul
  * terminate the string.
+ *
+ * returns NULL if the line grows too large.  empty lines will be
+ * returned with *lenp set to 0.
  */
 char *
 bozodgetln(bozohttpd_t *httpd, int fd, ssize_t *lenp,
@@ -2386,11 +2393,8 @@ bozodgetln(bozohttpd_t *httpd, int fd, s
 	if (httpd->getln_buflen == 0) {
 		/* should be plenty for most requests */
 		httpd->getln_buflen = 128;
-		httpd->getln_buffer = malloc((size_t)httpd->getln_buflen);
-		if (httpd->getln_buffer == NULL) {
-			httpd->getln_buflen = 0;
-			return NULL;
-		}
+		httpd->getln_buffer =
+		bozomalloc(httpd, (size_t)httpd->getln_buflen);
 	}
 	len = 0;
 
@@ -2406,6 +2410,9 @@ bozodgetln(bozohttpd_t *httpd, int fd, s
 	for (; readfn(httpd, fd, , 1) == 1; ) {
 		debug((httpd, DEBUG_EXPLODING, "bozodgetln read %c", c));
 
+		if (httpd->getln_buflen > BOZO_HEADERS_MAX_SIZE)
+			return NULL;
+
 		if (len >= httpd->getln_buflen - 1) {
 			httpd->getln_buflen *= 2;
 			debug((httpd, DEBUG_EXPLODING, "bozodgetln: "

CVS commit: src/libexec/httpd

2021-02-28 Thread Roland Illig 
Module Name:src
Committed By:   rillig
Date:   Sun Feb 28 16:10:00 UTC 2021

Modified Files:
src/libexec/httpd: printenv.lua

Log Message:
libexec/httpd: fix cross-site scripting in Lua example

curl \
  --header 'NAME: ' \
  'http://127.0.0.1:8080/test/printenv?='


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/printenv.lua

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/printenv.lua
diff -u src/libexec/httpd/printenv.lua:1.4 src/libexec/httpd/printenv.lua:1.5
--- src/libexec/httpd/printenv.lua:1.4	Tue Aug 25 20:02:33 2020
+++ src/libexec/httpd/printenv.lua	Sun Feb 28 16:10:00 2021
@@ -1,4 +1,4 @@
--- $NetBSD: printenv.lua,v 1.4 2020/08/25 20:02:33 leot Exp $
+-- $NetBSD: printenv.lua,v 1.5 2021/02/28 16:10:00 rillig Exp $
 
 -- this small Lua script demonstrates the use of Lua in (bozo)httpd
 -- it will simply output the "environment"
@@ -14,6 +14,10 @@
 
 local httpd = require 'httpd'
 
+function escape_html(s)
+  return s:gsub('&', ''):gsub('<', ''):gsub('>', ''):gsub('"', '')
+end
+
 function printenv(env, headers, query)
 
 	-- we get the "environment" in the env table, the values are more
@@ -40,18 +44,18 @@ function printenv(env, headers, query)
 	httpd.print('Server Environment')
 	-- print the list of "environment" variables
 	for k, v in pairs(env) do
-		httpd.print(k .. '=' .. v .. '')
+		httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '')
 	end
 
 	httpd.print('Request Headers')
 	for k, v in pairs(headers) do
-		httpd.print(k .. '=' .. v .. '')
+		httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '')
 	end
 
 	if query ~= nil then
 		httpd.print('Query Variables')
 		for k, v in pairs(query) do
-			httpd.print(k .. '=' .. v .. '')
+			httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '')
 		end
 	end
 
@@ -83,7 +87,7 @@ function form(env, header, query)
 		end
 
 		for k, v in pairs(query) do
-			httpd.print(k .. '=' .. v .. '')
+			httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '')
 		end
 	else
 		httpd.print('No values')

CVS commit: src/libexec/httpd

2021-02-27 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Feb 28 05:19:52 UTC 2021

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
update version, dates, add emily to list of contributors.  sort list.


To generate a diff of this commit:
cvs rdiff -u -r1.87 -r1.88 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.87 src/libexec/httpd/bozohttpd.8:1.88
--- src/libexec/httpd/bozohttpd.8:1.87	Thu Oct 15 09:54:22 2020
+++ src/libexec/httpd/bozohttpd.8	Sun Feb 28 05:19:52 2021
@@ -1,8 +1,8 @@
-.\"	$NetBSD: bozohttpd.8,v 1.87 2020/10/15 09:54:22 wiz Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.88 2021/02/28 05:19:52 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2020 Matthew R. Green
+.\" Copyright (c) 1997-2021 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd October 14, 2020
+.Dd February 27, 2021
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -646,7 +646,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20201014.
+version 20210227.
 .Sh AUTHORS
 .An -nosplit
 .Nm
@@ -699,6 +699,9 @@ added support for serving gzipped files 
 .Aq Mt p...@pdc.kth.se
 provided a fix for a minor (non-security) buffer overflow condition
 .It
+.Aq Mt emily@ingalls.rocks
+provided fixes for some bad request parsing
+.It
 .An Jun-ichiro itojun Hagino, KAME
 .Aq Mt ito...@iijlab.net
 provided initial IPv6 support
@@ -751,6 +754,10 @@ provided man page fixes
 .Aq Mt dena...@gmail.com
 provided a cgi-bin fix
 .It
+.An Jared McNeill
+.Aq Mt jmcne...@netbsd.org
+added support for readme in directory indexing
+.It
 .An Julio Merino
 .Aq Mt j...@netbsd.org
 Added the
@@ -789,6 +796,11 @@ provided the
 .Fl V
 option
 .It
+.An Jukka Ruohonen
+.Aq Mt jru...@netbsd.org
+provided support for
+.Xr blocklistd 8
+.It
 .An Thor Lancelot Simon
 .Aq Mt t...@netbsd.org
 enhanced cgi-bin support
@@ -807,15 +819,7 @@ provided http authorization fixes
 .It
 .Aq Mt x...@kittenz.org
 provided chroot and change-to-user support, and other various fixes
-.It
-.An Jukka Ruohonen
-.Aq Mt jru...@netbsd.org
-provided support for
-.Xr blocklistd 8
-.It
-.An Jared McNeill
-.Aq Mt jmcne...@netbsd.org
-added support for readme in directory indexing
+
 .It
 .An S.P.Zeidler
 .Aq Mt s...@netbsd.org

CVS commit: src/libexec/httpd

2021-02-27 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Feb 28 04:18:46 UTC 2021

Modified Files:
src/libexec/httpd: Makefile

Log Message:
avoid warnings from the previous when using objdirs.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/Makefile
diff -u src/libexec/httpd/Makefile:1.30 src/libexec/httpd/Makefile:1.31
--- src/libexec/httpd/Makefile:1.30	Sun Feb 28 02:39:15 2021
+++ src/libexec/httpd/Makefile	Sun Feb 28 04:18:46 2021
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.30 2021/02/28 02:39:15 mrg Exp $
+#	$NetBSD: Makefile,v 1.31 2021/02/28 04:18:46 mrg Exp $
 #
 #	$eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
 #
@@ -84,7 +84,7 @@ check:
 .if empty(BOZOVER)
 BOZOVER!=	sed -n \
 		-e s/\"$$// -e \
-		's/\#define[ 	]*SERVER_SOFTWARE[ 	]*\"bozohttpd\///p'  bozohttpd.c
+		's/\#define[ 	]*SERVER_SOFTWARE[ 	]*\"bozohttpd\///p'  ${.PARSEDIR}/bozohttpd.c
 .endif
 
 # Create a distfile: uses /tmp

CVS commit: src/libexec/httpd

2021-02-27 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Feb 28 02:39:15 UTC 2021

Modified Files:
src/libexec/httpd: Makefile

Log Message:
give BOZOVER a default so exporting a distfile is easy.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/Makefile
diff -u src/libexec/httpd/Makefile:1.29 src/libexec/httpd/Makefile:1.30
--- src/libexec/httpd/Makefile:1.29	Sat Jul 11 08:10:52 2020
+++ src/libexec/httpd/Makefile	Sun Feb 28 02:39:15 2021
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.29 2020/07/11 08:10:52 jruoho Exp $
+#	$NetBSD: Makefile,v 1.30 2021/02/28 02:39:15 mrg Exp $
 #
 #	$eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
 #
@@ -81,6 +81,12 @@ CLEANFILES+=	bozohttpd.8.html bozohttpd.
 check:
 	cd ${.CURDIR}/testsuite && ${MAKE} check
 
+.if empty(BOZOVER)
+BOZOVER!=	sed -n \
+		-e s/\"$$// -e \
+		's/\#define[ 	]*SERVER_SOFTWARE[ 	]*\"bozohttpd\///p'  bozohttpd.c
+.endif
+
 # Create a distfile: uses /tmp
 BASE=bozohttpd-${BOZOVER}
 TAR=${BASE}.tar

CVS commit: src/libexec/httpd

2021-02-27 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sat Feb 27 12:55:25 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.c content-bozo.c

Log Message:
changes in bozohttpd 20210227:
o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
   .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
   .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
   netbsd PR#56026:
   MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid


To generate a diff of this commit:
cvs rdiff -u -r1.46 -r1.47 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.127 -r1.128 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/content-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.46 src/libexec/httpd/CHANGES:1.47
--- src/libexec/httpd/CHANGES:1.46	Sat Feb 27 12:36:46 2021
+++ src/libexec/httpd/CHANGES	Sat Feb 27 12:55:25 2021
@@ -1,4 +1,11 @@
-$NetBSD: CHANGES,v 1.46 2021/02/27 12:36:46 mrg Exp $
+$NetBSD: CHANGES,v 1.47 2021/02/27 12:55:25 mrg Exp $
+
+changes in bozohttpd 20210227:
+	o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
+	   .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
+	   .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
+	   netbsd PR#56026:
+	   MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
 
 changes in bozohttpd 20210211:
 	o  fix various NULL derefs from malformed headers.  mostly from

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.127 src/libexec/httpd/bozohttpd.c:1.128
--- src/libexec/httpd/bozohttpd.c:1.127	Sat Feb 27 12:36:46 2021
+++ src/libexec/httpd/bozohttpd.c	Sat Feb 27 12:55:25 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.127 2021/02/27 12:36:46 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.128 2021/02/27 12:55:25 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20210211"
+#define SERVER_SOFTWARE		"bozohttpd/20210227"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.19 src/libexec/httpd/content-bozo.c:1.20
--- src/libexec/httpd/content-bozo.c:1.19	Thu Oct 15 04:21:53 2020
+++ src/libexec/httpd/content-bozo.c	Sat Feb 27 12:55:25 2021
@@ -1,9 +1,9 @@
-/*	$NetBSD: content-bozo.c,v 1.19 2020/10/15 04:21:53 mrg Exp $	*/
+/*	$NetBSD: content-bozo.c,v 1.20 2021/02/27 12:55:25 mrg Exp $	*/
 
 /*	$eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -63,11 +63,18 @@ static bozo_content_map_t static_content
 	{ ".pa",	"application/x-ns-proxy-autoconfig", "",	"", NULL },
 	{ ".tar",	"multipart/x-tar",		"",		"", NULL },
 	{ ".gtar",	"application/x-gtar-compressed", "",		"", NULL },
-	{ ".tar.Z",	"application/x-gtar-compressed", "",		"", NULL },
 	{ ".tar.gz",	"application/x-gtar-compressed", "",		"", NULL },
-	{ ".taz",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".tar.bz2",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".tar.xz",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".tar.lz",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".tar.zst",	"application/x-gtar-compressed", "",		"", NULL },
 	{ ".tgz",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".tbz2",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".txz",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".tlz",	"application/x-gtar-compressed", "",		"", NULL },
 	{ ".tar.z",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".tar.Z",	"application/x-gtar-compressed", "",		"", NULL },
+	{ ".taz",	"application/x-gtar-compressed", "",		"", NULL },
 	{ ".Z",		"application/x-compress",	"",		"", NULL },
 	{ ".gz",	"application/x-gzip",		"",		"", NULL },
 	{ ".z",		"unknown",			"",		"", NULL },
@@ -131,6 +138,19 @@ static bozo_content_map_t static_content
 	{ ".ustar",	"application/x-ustar",		"",		"", NULL },
 	{ ".src",	"application/x-wais-source",	"",		"", NULL },
 	{ ".zip",	"application/zip",		"",		"", NULL },
+	{ ".zipx",	"application/zip",		"",		"", NULL },
+	{ ".xz",	"application/x-xz",		"",		"", NULL },
+	{ ".zst",	"application/x-zstd",		"",		"", NULL },
+	{ ".sz",	"application/x-snappy-framed",	"",		"", NULL },
+	{ ".lz",	"application/x-lzip",		"",		"", NULL },
+	{ ".lzma",	"application/x-lzma",		"",		"", NULL },
+	{ ".lzo",	"application/x-lzop",		"",		"", NULL },
+	{ ".7z",	"application/x-7z-compressed",	"",		"", NULL },
+	{ ".lzo",	"application/x-lzop",		"",		"", NULL },
+	{ ".cab",

CVS commit: src/libexec/httpd

2021-02-27 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sat Feb 27 12:36:46 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c main.c
src/libexec/httpd/libbozohttpd: libbozohttpd.3

Log Message:
belated call version 20210211 after previous memory leak fix.


To generate a diff of this commit:
cvs rdiff -u -r1.45 -r1.46 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.126 -r1.127 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.67 -r1.68 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/main.c
cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/libbozohttpd/libbozohttpd.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.45 src/libexec/httpd/CHANGES:1.46
--- src/libexec/httpd/CHANGES:1.45	Thu Feb 11 09:23:55 2021
+++ src/libexec/httpd/CHANGES	Sat Feb 27 12:36:46 2021
@@ -1,8 +1,9 @@
-$NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $
+$NetBSD: CHANGES,v 1.46 2021/02/27 12:36:46 mrg Exp $
 
-changes in bozohttpd 20210210:
+changes in bozohttpd 20210211:
 	o  fix various NULL derefs from malformed headers.  mostly from
 	   .
+	o  fix memory leaks in library interface: add bozo_cleanup().
 
 changes in bozohttpd 20201014:
 	o  also set -D_GNU_SOURCE in Makefile.boot.  from

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.126 src/libexec/httpd/bozohttpd.c:1.127
--- src/libexec/httpd/bozohttpd.c:1.126	Thu Feb 11 09:57:52 2021
+++ src/libexec/httpd/bozohttpd.c	Sat Feb 27 12:36:46 2021
@@ -1,9 +1,9 @@
-/*	$NetBSD: bozohttpd.c,v 1.126 2021/02/11 09:57:52 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.127 2021/02/27 12:36:46 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20210210"
+#define SERVER_SOFTWARE		"bozohttpd/20210211"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.67 src/libexec/httpd/bozohttpd.h:1.68
--- src/libexec/httpd/bozohttpd.h:1.67	Thu Feb 11 09:57:52 2021
+++ src/libexec/httpd/bozohttpd.h	Sat Feb 27 12:36:46 2021
@@ -1,9 +1,9 @@
-/*	$NetBSD: bozohttpd.h,v 1.67 2021/02/11 09:57:52 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.68 2021/02/27 12:36:46 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.52 src/libexec/httpd/cgi-bozo.c:1.53
--- src/libexec/httpd/cgi-bozo.c:1.52	Thu Feb 11 09:23:55 2021
+++ src/libexec/httpd/cgi-bozo.c	Sat Feb 27 12:36:46 2021
@@ -1,9 +1,9 @@
-/*	$NetBSD: cgi-bozo.c,v 1.52 2021/02/11 09:23:55 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.53 2021/02/27 12:36:46 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.26 src/libexec/httpd/main.c:1.27
--- src/libexec/httpd/main.c:1.26	Thu Feb 11 09:57:52 2021
+++ src/libexec/httpd/main.c	Sat Feb 27 12:36:46 2021
@@ -1,10 +1,10 @@
-/*	$NetBSD: main.c,v 1.26 2021/02/11 09:57:52 mrg Exp $	*/
+/*	$NetBSD: main.c,v 1.27 2021/02/27 12:36:46 mrg Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/libbozohttpd/libbozohttpd.3
diff -u src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5 src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.6
--- src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5	Thu Feb 11 09:57:53 2021
+++ src/libexec/httpd/libbozohttpd/libbozohttpd.3	Sat Feb 27 12:36:46 2021
@@ -1,8 +1,8 @@
-.\" $NetBSD: libbozohttpd.3,v 1.5 2021/02/11 09:57:53 mrg Exp $
+.\" $NetBSD: libbozohttpd.3,v 1.6 2021/02/27 12:36:46 mrg Exp $
 .\"
 .\" $eterna: libbozohttpd.3,v 1.2 2010/05/10 02:48:23 mrg Exp $
 .\"
-.\" Copyright (c) 2009 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2009, 2021 The NetBSD Foundation, Inc.
 .\" All rights reserved.

CVS commit: src/libexec/httpd

2021-02-11 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Feb 11 09:57:53 UTC 2021

Modified Files:
src/libexec/httpd: bozohttpd.c bozohttpd.h main.c
src/libexec/httpd/libbozohttpd: libbozohttpd.3

Log Message:
clean up issues detected by address sanitizer (just some memory
leaks that only apply to the library version.)

XXX: the handling of hr_file and its variants is more crappy
again - the prior clean up is slightly less clean now, but at
least it does not leak memory.

XXX2: cgi-bin test hangs with address sanitizer.  don't know
why yet..


To generate a diff of this commit:
cvs rdiff -u -r1.125 -r1.126 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.66 -r1.67 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/main.c
cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/libbozohttpd/libbozohttpd.3

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.125 src/libexec/httpd/bozohttpd.c:1.126
--- src/libexec/httpd/bozohttpd.c:1.125	Thu Feb 11 09:23:55 2021
+++ src/libexec/httpd/bozohttpd.c	Thu Feb 11 09:57:52 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.125 2021/02/11 09:23:55 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.126 2021/02/11 09:57:52 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -239,6 +239,20 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr
 	return 1;
 }
 
+static void
+bozo_clear_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
+{
+	size_t	i;
+
+	for (i = 0; i < prefs->count; i++) {
+		free(prefs->name[i]);
+		free(prefs->value[i]);
+	}
+
+	free(prefs->name);
+	free(prefs->value);
+}
+
 /*
  * get a variable's value, or NULL
  */
@@ -339,8 +353,11 @@ bozo_clean_request(bozo_httpreq_t *reque
 	free(request->hr_serverport);
 	free(request->hr_virthostname);
 	free(request->hr_file_free);
+	/* XXX this is gross */
 	if (request->hr_file_free != request->hr_oldfile)
 		free(request->hr_oldfile);
+	else
+		free(request->hr_file);
 	free(request->hr_query);
 	free(request->hr_host);
 	bozo_user_free(request->hr_user);
@@ -2694,6 +2711,23 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
 	return 1;
 }
 
+void
+bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs)
+{
+	bozo_clear_prefs(httpd, prefs);
+
+	free(httpd->virthostname);
+	free(httpd->errorbuf);
+	free(httpd->getln_buffer);
+	free(httpd->slashdir);
+#define bozo_unconst(x) ((void *)(uintptr_t)x)
+	free(bozo_unconst(httpd->server_software));
+	free(bozo_unconst(httpd->index_html));
+	free(bozo_unconst(httpd->dir_readme));
+	free(bozo_unconst(httpd->public_html));
+#undef bozo_unconst
+}
+
 int
 bozo_get_version(char *buf, size_t size)
 {

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.66 src/libexec/httpd/bozohttpd.h:1.67
--- src/libexec/httpd/bozohttpd.h:1.66	Thu Feb 11 09:23:55 2021
+++ src/libexec/httpd/bozohttpd.h	Thu Feb 11 09:57:52 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.66 2021/02/11 09:23:55 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.67 2021/02/11 09:57:52 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -443,6 +443,7 @@ int bozo_init_httpd(bozohttpd_t *);
 int bozo_init_prefs(bozohttpd_t *, bozoprefs_t *);
 int bozo_set_defaults(bozohttpd_t *, bozoprefs_t *);
 int bozo_setup(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
+void bozo_cleanup(bozohttpd_t *, bozoprefs_t *);
 bozo_httpreq_t *bozo_read_request(bozohttpd_t *);
 void bozo_process_request(bozo_httpreq_t *);
 void bozo_clean_request(bozo_httpreq_t *);

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.25 src/libexec/httpd/main.c:1.26
--- src/libexec/httpd/main.c:1.25	Thu Oct 15 04:21:53 2020
+++ src/libexec/httpd/main.c	Thu Feb 11 09:57:52 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.25 2020/10/15 04:21:53 mrg Exp $	*/
+/*	$NetBSD: main.c,v 1.26 2021/02/11 09:57:52 mrg Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
@@ -408,5 +408,7 @@ main(int argc, char **argv)
 		}
 	} while (httpd.background);
 
+	bozo_cleanup(, );
+
 	return (0);
 }

Index: src/libexec/httpd/libbozohttpd/libbozohttpd.3
diff -u src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4 src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.5
--- src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4	Sat Feb  4 01:32:54 2017
+++ src/libexec/httpd/libbozohttpd/libbozohttpd.3	Thu Feb 11 09:57:53 2021
@@ -1,4 +1,4 @@
-.\" $NetBSD: libbozohttpd.3,v 1.4 2017/02/04 01:32:54 mrg Exp $
+.\" $NetBSD: libbozohttpd.3,v 1.5 2021/02/11 09:57:53 mrg Exp $
 .\"
 .\" $eterna: libbozohttpd.3,v 1.2 2010/05/10 02:48:23 mrg Exp $
 .\"
@@ -29,7 +29,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd February 2, 2017
+.Dd February 11, 2021
 .Dt LIBBOZOHTTPD 3
 .Os
 .Sh

CVS commit: src/libexec/httpd

2021-02-11 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Feb 11 09:23:56 UTC 2021

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c
src/libexec/httpd/testsuite: Makefile
Added Files:
src/libexec/httpd/testsuite: t16.in t16.out t17.in t17.out t18.in
t18.out

Log Message:
changes in bozohttpd 20210210:
o  fix various NULL derefs from malformed headers.  mostly from
   .


To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.124 -r1.125 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.65 -r1.66 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.51 -r1.52 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.13 -r1.14 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t16.in \
src/libexec/httpd/testsuite/t16.out src/libexec/httpd/testsuite/t17.in \
src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.in \
src/libexec/httpd/testsuite/t18.out

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.44 src/libexec/httpd/CHANGES:1.45
--- src/libexec/httpd/CHANGES:1.44	Thu Oct 15 04:21:53 2020
+++ src/libexec/httpd/CHANGES	Thu Feb 11 09:23:55 2021
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $
+$NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $
+
+changes in bozohttpd 20210210:
+	o  fix various NULL derefs from malformed headers.  mostly from
+	   .
 
 changes in bozohttpd 20201014:
 	o  also set -D_GNU_SOURCE in Makefile.boot.  from

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.124 src/libexec/httpd/bozohttpd.c:1.125
--- src/libexec/httpd/bozohttpd.c:1.124	Thu Nov 19 10:45:36 2020
+++ src/libexec/httpd/bozohttpd.c	Thu Feb 11 09:23:55 2021
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.124 2020/11/19 10:45:36 hannken Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.125 2021/02/11 09:23:55 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -108,7 +108,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20201014"
+#define SERVER_SOFTWARE		"bozohttpd/20210210"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
@@ -338,8 +338,9 @@ bozo_clean_request(bozo_httpreq_t *reque
 	free(request->hr_remoteaddr);
 	free(request->hr_serverport);
 	free(request->hr_virthostname);
-	free(request->hr_file);
-	free(request->hr_oldfile);
+	free(request->hr_file_free);
+	if (request->hr_file_free != request->hr_oldfile)
+		free(request->hr_oldfile);
 	free(request->hr_query);
 	free(request->hr_host);
 	bozo_user_free(request->hr_user);
@@ -619,6 +620,7 @@ bozo_read_request(bozohttpd_t *httpd)
 	request->hr_last_byte_pos = -1;
 	request->hr_if_modified_since = NULL;
 	request->hr_virthostname = NULL;
+	request->hr_file_free = NULL;
 	request->hr_file = NULL;
 	request->hr_oldfile = NULL;
 	SIMPLEQ_INIT(>hr_replheaders);
@@ -735,7 +737,7 @@ bozo_read_request(bozohttpd_t *httpd)
 
 			/* we allocate return space in file and query only */
 			parse_request(httpd, str, , , , );
-			request->hr_file = file;
+			request->hr_file_free = request->hr_file = file;
 			request->hr_query = query;
 			if (method == NULL) {
 bozo_http_error(httpd, 404, NULL, "null method");
@@ -771,11 +773,17 @@ bozo_read_request(bozohttpd_t *httpd)
 
 			val = bozostrnsep(, ":", );
 			debug((httpd, DEBUG_EXPLODING, "read_req2: after "
-			"bozostrnsep: str `%s' val `%s'", str, val ? val : ""));
+			"bozostrnsep: str `%s' val `%s'",
+			str ? str : "", val ? val : ""));
 			if (val == NULL || len == -1) {
 bozo_http_error(httpd, 404, request, "no header");
 goto cleanup;
 			}
+			if (str == NULL) {
+bozo_http_error(httpd, 404, request,
+"malformed header");
+goto cleanup;
+			}
 			while (*str == ' ' || *str == '\t')
 len--, str++;
 			while (*val == ' ' || *val == '\t')
@@ -1284,8 +1292,8 @@ check_remap(bozo_httpreq_t *request)
 		strcpy(newfile+rlen, file + len);
 		debug((httpd, DEBUG_NORMAL, "remapping found '%s'",
 		newfile));
-		free(request->hr_file);
-		request->hr_file = newfile;
+		free(request->hr_file_free);
+		request->hr_file_free = request->hr_file = newfile;
 	}
 
 	munmap(fmap, st.st_size);
@@ -1313,9 +1321,6 @@ check_virtual(bozo_httpreq_t *request)
 	debug((httpd, DEBUG_OBESE,
 	   "checking for http:// virtual host in '%s'", file));
 	if (strncasecmp(file, "http://;, 7) == 0) {
-		/* bozostrdup() might access it. */
-		char *old_file = request->hr_file;
-
 		/* we would do virtual hosting here? */
 		file += 7;
 		/* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */
@@ -1324,8 +1329,9 @@ check_virtual(bozo_httpreq_t *request)
 		if ((s = strchr(request->hr_host, '/')) != NULL)
 			*s = '\0';
 		s = strchr(file,

CVS commit: src/libexec/httpd

2021-01-16 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Jan 17 00:15:14 UTC 2021

Modified Files:
src/libexec/httpd: Makefile.boot

Log Message:
also set -D_DEFAULT_SOURCE to open up more headers.
allow passing $(EXTRALIBS).


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/libexec/httpd/Makefile.boot

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/Makefile.boot
diff -u src/libexec/httpd/Makefile.boot:1.8 src/libexec/httpd/Makefile.boot:1.9
--- src/libexec/httpd/Makefile.boot:1.8	Mon Jul 13 09:38:57 2020
+++ src/libexec/httpd/Makefile.boot	Sun Jan 17 00:15:14 2021
@@ -6,18 +6,20 @@
 CC=	cc
 OPT=	-O
 LARGE_CFLAGS=	-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-LOCAL_CFLAGS=	-DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE
+LOCAL_CFLAGS=	-DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE -D_DEFAULT_SOURCE
 CFLAGS=	$(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS)
 
 GROFF=	groff -Tascii
 CRYPTOLIBDIR=	# -L/usr/local/lib
 CRYPTOLIBS=	$(CRYPTOLIBDIR) -lcrypto -lssl
 
+LIBS=	$(CRYPTOLIBS) $(EXTRALIBS)
+
 FILES=	bozohttpd.c auth-bozo.c cgi-bozo.c content-bozo.c daemon-bozo.c \
 	dir-index-bozo.c lua-bozo.c ssl-bozo.c tilde-luzah-bozo.c main.c
 
 all:
-	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(CRYPTOLIBS)
+	$(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(LIBS)
 
 man:
 	$(GROFF) -mandoc bozohttpd.8 > bozohttpd.cat8

CVS commit: src/libexec/httpd

2020-11-19 Thread Juergen Hannken-Illjes 
Module Name:src
Committed By:   hannken
Date:   Thu Nov 19 10:45:37 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Bozohttpd clobbers files greater than 4GB on 32bit archs.

Make sure the alignment mask derived from pagesize is an off_t.


To generate a diff of this commit:
cvs rdiff -u -r1.123 -r1.124 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.123 src/libexec/httpd/bozohttpd.c:1.124
--- src/libexec/httpd/bozohttpd.c:1.123	Thu Oct 15 04:21:53 2020
+++ src/libexec/httpd/bozohttpd.c	Thu Nov 19 10:45:36 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.123 2020/10/15 04:21:53 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.124 2020/11/19 10:45:36 hannken Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -907,7 +907,7 @@ mmap_and_write_part(bozohttpd_t *httpd, 
 	 *
 	 * we use the write offset in all writes
 	 */
-	mappedoffset = first_byte_pos & ~(httpd->page_size - 1);
+	mappedoffset = first_byte_pos & ~((off_t)httpd->page_size - 1);
 	mappedsz = (size_t)
 		(first_byte_pos - mappedoffset + sz + httpd->page_size - 1) &
 		~(httpd->page_size - 1);

CVS commit: src/libexec/httpd

2020-10-15 Thread Thomas Klausner 
Module Name:src
Committed By:   wiz
Date:   Thu Oct 15 09:54:22 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
New sentence, new line. Fix xref.


To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.86 src/libexec/httpd/bozohttpd.8:1.87
--- src/libexec/httpd/bozohttpd.8:1.86	Thu Oct 15 04:21:53 2020
+++ src/libexec/httpd/bozohttpd.8	Thu Oct 15 09:54:22 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.86 2020/10/15 04:21:53 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.87 2020/10/15 09:54:22 wiz Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -127,7 +127,8 @@ Enables CGI/1.1 interface for
 .Em ~user
 translation.
 Note that enabling this support implies that users can run commands
-as the web server user. This may have security implications.
+as the web server user.
+This may have security implications.
 .It Fl e
 Causes
 .Nm
@@ -141,7 +142,8 @@ Stops the
 .Fl b
 flag from detaching
 .Nm
-from the tty and going into the background. This implies the
+from the tty and going into the background.
+This implies the
 .Fl b
 flag.
 .It Fl G
@@ -809,7 +811,7 @@ provided chroot and change-to-user suppo
 .An Jukka Ruohonen
 .Aq Mt jru...@netbsd.org
 provided support for
-.Xr blocklist 8
+.Xr blocklistd 8
 .It
 .An Jared McNeill
 .Aq Mt jmcne...@netbsd.org

CVS commit: src/libexec/httpd

2020-10-14 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Oct 15 04:21:53 UTC 2020

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h
cgi-bozo.c content-bozo.c daemon-bozo.c main.c ssl-bozo.c

Log Message:
various updates from  / freebsd.  the list from Henrik:

bozohttpd.8:
o Added -d flag to the man page
o Moved -E flag in man page to keep alphabetic order
o Grammar fix for description of -E flag in man page
o Moved a word in the man description for the -f flag
o Made -f imply -b as a backwards-compatible shortcut
o Updated man description of -n to mention Lua scripts
o Moved -z below -Z to keep the uppercase options first

bozohttpd.c:
o Removed obsolete comment about ~user missing cgi-bin support
o Removed "/* ARGSUSED */" lines; was that a macro or a reminder?
o Added USE_ARG macro call for sig, which was otherwise not used
o Added USE_ARG macro call for msg (only used if debug is enabled)

bozohttpd.h:
o Fixed typo in the include guard (BOZOHTTOPD_H_ -> BOZOHTTPD_H_)
o Renamed have_all to have_core; it didn't mean "all" options

content-bozo.c:
o Added USE_ARG macro call for signo, which was otherwise not used
o Made -f imply -b as a backwards-compatible shortcut

main.c:
o Simplified -b text to be symmetric with that for the -f option
o Updated -C text to make "suffix" explicit; it's better than "arg"
o Changed to only show the -E description if have_user is true
o Always show the -e option, which incorrectly used the -E logic
o Renamed have_all to have_core; it didn't mean "all" options
o Added three missing tabs for the description of the -G option
o Updated -L text to make "prefix" explicit; it's better than "arg"
o Updated -M text to make "suffix" explicit; it's slightly better
o Added a previously missing description for the -n option
o Documented the otherwise obscure valid types for the -T option
o Shortened "username" to "user" to match the actual help text
o Moved handling of -c below that for -C to standardize the order
o Broke the enabling test for -C into two lines for consistency
o Inverted the enabling test for -E; this is what was meant, right?
o Removed the enabling test for -e, which should always be enabled

ssl-bozo.c:
o Added USE_ARG for httpd, which is not used if SSL has been excluded


To generate a diff of this commit:
cvs rdiff -u -r1.43 -r1.44 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.85 -r1.86 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.122 -r1.123 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.64 -r1.65 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/main.c
cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.43 src/libexec/httpd/CHANGES:1.44
--- src/libexec/httpd/CHANGES:1.43	Thu Oct 15 02:19:23 2020
+++ src/libexec/httpd/CHANGES	Thu Oct 15 04:21:53 2020
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.43 2020/10/15 02:19:23 mrg Exp $
+$NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $
 
 changes in bozohttpd 20201014:
 	o  also set -D_GNU_SOURCE in Makefile.boot.  from
@@ -6,6 +6,9 @@ changes in bozohttpd 20201014:
 	o  fix array size botch (assertion, not exploitable.)  from
 	   mar...@netbsd.org.
 	o  also match %2F as well as %2f.  from l...@vuxu.org.
+	o  many manual and help fixes.  clean ups for higher lint levels,
+	   consistency/style clean ups.  various option fixes including made
+	   -f imply -b.  from  for freebsd.
 
 changes in bozohttpd 20200912:
 	o  add .m4a and .m4v file extensions.

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.85 src/libexec/httpd/bozohttpd.8:1.86
--- src/libexec/httpd/bozohttpd.8:1.85	Thu Oct 15 02:19:23 2020
+++ src/libexec/httpd/bozohttpd.8	Thu Oct 15 04:21:53 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.85 2020/10/15 02:19:23 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.86 2020/10/15 04:21:53 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -34,14 +34,14 @@
 .Nd hyper text transfer protocol version 1.1 daemon
 .Sh SYNOPSIS
 .Nm
-.Op Fl EGHVXefhnsu
+.Op Fl EGHVXdefhnsu
 .Op Fl C Ar suffix cgihandler
 .Op Fl I Ar port
 .Op Fl L Ar prefix script
 .Op Fl M Ar suffix type encoding encoding11
 .Op Fl P Ar pidfile
 .Op Fl R Ar readme
-.Op Fl S Ar server_software
+.Op Fl S Ar version
 .Op Fl T Ar type timeout
 .Op Fl U Ar username
 .Op Fl Z Ar cert privkey
@@ -120,6 +120,14 @@ Note that the CGI/1.1 interface is avail
 translation using
 .Fl E
 switch.
+.It Fl d
+Enables debug support.
+.It Fl E
+Enables

CVS commit: src/libexec/httpd

2020-10-14 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Oct 15 02:19:24 UTC 2020

Modified Files:
src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c
bozohttpd.h dir-index-bozo.c main.c ssl-bozo.c

Log Message:
set -D_GNU_SOURCE in Makefile.boot.  from hadrien.lac...@posteo.net.
also match %2F as well as %2f.  from l...@vuxu.org.
introduce defines for "80" and "443".  copyright maint.


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.84 -r1.85 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.121 -r1.122 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.63 -r1.64 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/main.c
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.42 src/libexec/httpd/CHANGES:1.43
--- src/libexec/httpd/CHANGES:1.42	Sat Sep 12 12:39:28 2020
+++ src/libexec/httpd/CHANGES	Thu Oct 15 02:19:23 2020
@@ -1,4 +1,11 @@
-$NetBSD: CHANGES,v 1.42 2020/09/12 12:39:28 rhialto Exp $
+$NetBSD: CHANGES,v 1.43 2020/10/15 02:19:23 mrg Exp $
+
+changes in bozohttpd 20201014:
+	o  also set -D_GNU_SOURCE in Makefile.boot.  from
+	   hadrien.lac...@posteo.net.
+	o  fix array size botch (assertion, not exploitable.)  from
+	   mar...@netbsd.org.
+	o  also match %2F as well as %2f.  from l...@vuxu.org.
 
 changes in bozohttpd 20200912:
 	o  add .m4a and .m4v file extensions.

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.25 src/libexec/httpd/auth-bozo.c:1.26
--- src/libexec/httpd/auth-bozo.c:1.25	Sat Jul 11 08:10:52 2020
+++ src/libexec/httpd/auth-bozo.c	Thu Oct 15 02:19:23 2020
@@ -1,9 +1,9 @@
-/*	$NetBSD: auth-bozo.c,v 1.25 2020/07/11 08:10:52 jruoho Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.84 src/libexec/httpd/bozohttpd.8:1.85
--- src/libexec/httpd/bozohttpd.8:1.84	Thu Aug 20 07:55:10 2020
+++ src/libexec/httpd/bozohttpd.8	Thu Oct 15 02:19:23 2020
@@ -1,8 +1,8 @@
-.\"	$NetBSD: bozohttpd.8,v 1.84 2020/08/20 07:55:10 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.85 2020/10/15 02:19:23 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2019 Matthew R. Green
+.\" Copyright (c) 1997-2020 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 11, 2020
+.Dd October 14, 2020
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -642,7 +642,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20190116.
+version 20201014.
 .Sh AUTHORS
 .An -nosplit
 .Nm

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.121 src/libexec/httpd/bozohttpd.c:1.122
--- src/libexec/httpd/bozohttpd.c:1.121	Sat Sep  5 13:38:24 2020
+++ src/libexec/httpd/bozohttpd.c	Thu Oct 15 02:19:23 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.121 2020/09/05 13:38:24 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.122 2020/10/15 02:19:23 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20200820"
+#define SERVER_SOFTWARE		"bozohttpd/20201014"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
@@ -651,7 +651,7 @@ bozo_read_request(bozohttpd_t *httpd)
 	 * if passed through a proxy that doesn't rewrite the port.
 	 */
 	if (httpd->bindport) {
-		if (strcmp(httpd->bindport, "80") != 0)
+		if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0)
 			port = httpd->bindport;
 		else
 			port = NULL;
@@ -1099,7 +1099,7 @@ handle_redirect(bozo_httpreq_t *request,
 		hostname = "";
 		portbuf[0] = '\0';
 	} else {
-		const char *defport = httpd->sslinfo ? "443" : "80";
+		const char *defport = httpd->sslinfo ? BOZO_HTTPS_PORT : BOZO_HTTP_PORT;
 
 		if (request->hr_serverport &&
 		strcmp(request->hr_serverport, defport) != 0)
@@ -1335,7 +1335,8 @@ check_virtual(bozo_httpreq_t *request)
 	 * canonicalise hr_host - that is, remove any :80.
 	 */
 	len = strlen(request->hr_host);
-	if (len > 3 && strcmp(request->hr_host + len - 3, ":80") == 0) {
+	if (len > 3 &&
+

CVS commit: src/libexec/httpd

2020-09-12 Thread Olaf Seibert 
Module Name:src
Committed By:   rhialto
Date:   Sat Sep 12 14:44:25 UTC 2020

Modified Files:
src/libexec/httpd: content-bozo.c

Log Message:
bozohttpd: correct .m4a to audio/mp4.


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/content-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.17 src/libexec/httpd/content-bozo.c:1.18
--- src/libexec/httpd/content-bozo.c:1.17	Sat Sep 12 12:39:28 2020
+++ src/libexec/httpd/content-bozo.c	Sat Sep 12 14:44:25 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: content-bozo.c,v 1.17 2020/09/12 12:39:28 rhialto Exp $	*/
+/*	$NetBSD: content-bozo.c,v 1.18 2020/09/12 14:44:25 rhialto Exp $	*/
 
 /*	$eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -135,7 +135,7 @@ static bozo_content_map_t static_content
 	{ ".snd",	"audio/basic",			"",		"", NULL },
 	{ ".mpga",	"audio/mpeg",			"",		"", NULL },
 	{ ".mp2",	"audio/mpeg",			"",		"", NULL },
-	{ ".m4a",	"audio/mpeg",			"",		"", NULL },
+	{ ".m4a",	"audio/mp4",			"",		"", NULL },
 	{ ".aif",	"audio/x-aiff",			"",		"", NULL },
 	{ ".aiff",	"audio/x-aiff",			"",		"", NULL },
 	{ ".aifc",	"audio/x-aiff",			"",		"", NULL },

CVS commit: src/libexec/httpd

2020-09-12 Thread Olaf Seibert 
Module Name:src
Committed By:   rhialto
Date:   Sat Sep 12 12:39:28 UTC 2020

Modified Files:
src/libexec/httpd: CHANGES content-bozo.c

Log Message:
bozohttpd: add .m4a and .m4v file extensions.


To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.16 -r1.17 src/libexec/httpd/content-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.41 src/libexec/httpd/CHANGES:1.42
--- src/libexec/httpd/CHANGES:1.41	Thu Aug 20 07:55:10 2020
+++ src/libexec/httpd/CHANGES	Sat Sep 12 12:39:28 2020
@@ -1,4 +1,7 @@
-$NetBSD: CHANGES,v 1.41 2020/08/20 07:55:10 mrg Exp $
+$NetBSD: CHANGES,v 1.42 2020/09/12 12:39:28 rhialto Exp $
+
+changes in bozohttpd 20200912:
+	o  add .m4a and .m4v file extensions.
 
 changes in bozohttpd 20200820:
 	o  make this work on sun2 by reducing mmap window there.

Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.16 src/libexec/httpd/content-bozo.c:1.17
--- src/libexec/httpd/content-bozo.c:1.16	Fri Nov 23 08:11:20 2018
+++ src/libexec/httpd/content-bozo.c	Sat Sep 12 12:39:28 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: content-bozo.c,v 1.16 2018/11/23 08:11:20 mrg Exp $	*/
+/*	$NetBSD: content-bozo.c,v 1.17 2020/09/12 12:39:28 rhialto Exp $	*/
 
 /*	$eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -135,6 +135,7 @@ static bozo_content_map_t static_content
 	{ ".snd",	"audio/basic",			"",		"", NULL },
 	{ ".mpga",	"audio/mpeg",			"",		"", NULL },
 	{ ".mp2",	"audio/mpeg",			"",		"", NULL },
+	{ ".m4a",	"audio/mpeg",			"",		"", NULL },
 	{ ".aif",	"audio/x-aiff",			"",		"", NULL },
 	{ ".aiff",	"audio/x-aiff",			"",		"", NULL },
 	{ ".aifc",	"audio/x-aiff",			"",		"", NULL },
@@ -167,6 +168,7 @@ static bozo_content_map_t static_content
 	{ ".ts",	"video/mpeg",			"",		"", NULL },
 	{ ".vob",	"video/mpeg",			"",		"", NULL },
 	{ ".mp4",	"video/mp4",			"",		"", NULL },
+	{ ".m4v",	"video/mp4",			"",		"", NULL },
 	{ ".qt",	"video/quicktime",		"",		"", NULL },
 	{ ".mov",	"video/quicktime",		"",		"", NULL },
 	{ ".avi",	"video/x-msvideo",		"",		"", NULL },

CVS commit: src/libexec/httpd

2020-09-05 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sat Sep  5 13:38:24 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
avoid passing NULL pointers to printf() like functions and %s.


To generate a diff of this commit:
cvs rdiff -u -r1.120 -r1.121 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.120 src/libexec/httpd/bozohttpd.c:1.121
--- src/libexec/httpd/bozohttpd.c:1.120	Thu Aug 20 07:57:01 2020
+++ src/libexec/httpd/bozohttpd.c	Sat Sep  5 13:38:24 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.120 2020/08/20 07:57:01 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.121 2020/09/05 13:38:24 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -317,7 +317,7 @@ parse_request(bozohttpd_t *httpd, char *
 
 	debug((httpd, DEBUG_FAT,
 		"url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"",
-		*method, *file, *query, *proto));
+		*method, *file, *query ? *query : "", *proto ? *proto : ""));
 }
 
 /*
@@ -771,7 +771,7 @@ bozo_read_request(bozohttpd_t *httpd)
 
 			val = bozostrnsep(, ":", );
 			debug((httpd, DEBUG_EXPLODING, "read_req2: after "
-			"bozostrnsep: str `%s' val `%s'", str, val));
+			"bozostrnsep: str `%s' val `%s'", str, val ? val : ""));
 			if (val == NULL || len == -1) {
 bozo_http_error(httpd, 404, request, "no header");
 goto cleanup;

CVS commit: src/libexec/httpd

2020-08-25 Thread Leonardo Taccari 
Module Name:src
Committed By:   leot
Date:   Tue Aug 25 20:02:33 UTC 2020

Modified Files:
src/libexec/httpd: printenv.lua

Log Message:
Fix a typo in a comment


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/printenv.lua

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/printenv.lua
diff -u src/libexec/httpd/printenv.lua:1.3 src/libexec/httpd/printenv.lua:1.4
--- src/libexec/httpd/printenv.lua:1.3	Mon Dec  7 03:11:48 2015
+++ src/libexec/httpd/printenv.lua	Tue Aug 25 20:02:33 2020
@@ -1,10 +1,10 @@
--- $NetBSD: printenv.lua,v 1.3 2015/12/07 03:11:48 kamil Exp $
+-- $NetBSD: printenv.lua,v 1.4 2020/08/25 20:02:33 leot Exp $
 
 -- this small Lua script demonstrates the use of Lua in (bozo)httpd
 -- it will simply output the "environment"
 
 -- Keep in mind that bozohttpd forks for each request when started in
--- daemon mode, you can set global veriables here, but they will have
+-- daemon mode, you can set global variables here, but they will have
 -- the same value on each invocation.  You can not keep state between
 -- two calls.

CVS commit: src/libexec/httpd

2020-08-20 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Aug 20 07:56:27 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
compare mmap return again MAP_FAILED not -1 or 0.


To generate a diff of this commit:
cvs rdiff -u -r1.118 -r1.119 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.118 src/libexec/httpd/bozohttpd.c:1.119
--- src/libexec/httpd/bozohttpd.c:1.118	Thu Aug 20 05:46:31 2020
+++ src/libexec/httpd/bozohttpd.c	Thu Aug 20 07:56:26 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.118 2020/08/20 05:46:31 spz Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.119 2020/08/20 07:56:26 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -914,7 +914,7 @@ mmap_and_write_part(bozohttpd_t *httpd, 
 	wroffset = (size_t)(first_byte_pos - mappedoffset);
 
 	addr = mmap(0, mappedsz, PROT_READ, MAP_SHARED, fd, mappedoffset);
-	if (addr == (char *)-1) {
+	if (addr == MAP_FAILED) {
 		bozowarn(httpd, "mmap failed: %s", strerror(errno));
 		return -1;
 	}
@@ -1201,7 +1201,7 @@ check_remap(bozo_httpreq_t *request)
 	}
 
 	fmap = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, mapfile, 0);
-	if (fmap == NULL) {
+	if (fmap == MAP_FAILED) {
 		bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d",
 		errno);
 		goto out;

CVS commit: src/libexec/httpd

2020-08-20 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Aug 20 07:57:01 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
call this bozohttpd/20200820


To generate a diff of this commit:
cvs rdiff -u -r1.119 -r1.120 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.119 src/libexec/httpd/bozohttpd.c:1.120
--- src/libexec/httpd/bozohttpd.c:1.119	Thu Aug 20 07:56:26 2020
+++ src/libexec/httpd/bozohttpd.c	Thu Aug 20 07:57:01 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.119 2020/08/20 07:56:26 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.120 2020/08/20 07:57:01 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20190228"
+#define SERVER_SOFTWARE		"bozohttpd/20200820"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

CVS commit: src/libexec/httpd

2020-08-20 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Aug 20 07:55:10 UTC 2020

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8

Log Message:
update for recent changes.


To generate a diff of this commit:
cvs rdiff -u -r1.40 -r1.41 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.83 -r1.84 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.40 src/libexec/httpd/CHANGES:1.41
--- src/libexec/httpd/CHANGES:1.40	Thu Feb 28 09:16:42 2019
+++ src/libexec/httpd/CHANGES	Thu Aug 20 07:55:10 2020
@@ -1,4 +1,10 @@
-$NetBSD: CHANGES,v 1.40 2019/02/28 09:16:42 mrg Exp $
+$NetBSD: CHANGES,v 1.41 2020/08/20 07:55:10 mrg Exp $
+
+changes in bozohttpd 20200820:
+	o  make this work on sun2 by reducing mmap window there.
+	o  fix SSL shutdown sequence.  from s...@netbsd.org.
+	o  add readme support to directory indexing.  from jmcne...@netbsd.org
+	o  add blocklist(8) support.  from jru...@netbsd.org.
 
 changes in bozohttpd 20190228:
 	o  extend timeout facility to ssl and stop servers hanging forever

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.83 src/libexec/httpd/bozohttpd.8:1.84
--- src/libexec/httpd/bozohttpd.8:1.83	Mon Jul 13 09:41:18 2020
+++ src/libexec/httpd/bozohttpd.8	Thu Aug 20 07:55:10 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.83 2020/07/13 09:41:18 wiz Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.84 2020/08/20 07:55:10 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -701,8 +701,8 @@ provided initial IPv6 support
 .It
 .An Martin Husemann
 .Aq Mt mar...@netbsd.org
-provided .bzabsredirect and .bzredir support, and fixed various
-redirection issues
+provided .bzabsredirect and .bzredir support, fixed various
+redirection issues and more
 .It
 .An Arto Huusko
 .Aq Mt arto.huu...@pp2.inet.fi
@@ -804,6 +804,19 @@ provided http authorization fixes
 .Aq Mt x...@kittenz.org
 provided chroot and change-to-user support, and other various fixes
 .It
+.An Jukka Ruohonen
+.Aq Mt jru...@netbsd.org
+provided support for
+.Xr blocklist 8
+.It
+.An Jared McNeill
+.Aq Mt jmcne...@netbsd.org
+added support for readme in directory indexing
+.It
+.An S.P.Zeidler
+.Aq Mt s...@netbsd.org
+fixed several SSL shutdown issues
+.It
 Coyote Point provided various CGI fixes
 .El
 .Pp

CVS commit: src/libexec/httpd

2020-08-19 Thread S.P.Zeidler 
Module Name:src
Committed By:   spz
Date:   Thu Aug 20 05:46:31 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.c bozohttpd.h cgi-bozo.c ssl-bozo.c

Log Message:
send close_notify for the ssl connection before closing the TCP connection
Thanks to Dr. Thomas Orgis for reporting the issue.


To generate a diff of this commit:
cvs rdiff -u -r1.117 -r1.118 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.62 -r1.63 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.117 src/libexec/httpd/bozohttpd.c:1.118
--- src/libexec/httpd/bozohttpd.c:1.117	Mon Jul 13 09:38:57 2020
+++ src/libexec/httpd/bozohttpd.c	Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.117 2020/07/13 09:38:57 jruoho Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.118 2020/08/20 05:46:31 spz Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1912,6 +1912,8 @@ bozo_process_request(bozo_httpreq_t *req
  cleanup:
 	close(fd);
  cleanup_nofd:
+	/* If SSL enabled send close_notify. */
+	bozo_ssl_shutdown(request->hr_httpd);
 	close(STDIN_FILENO);
 	close(STDOUT_FILENO);
 	/*close(STDERR_FILENO);*/

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.62 src/libexec/httpd/bozohttpd.h:1.63
--- src/libexec/httpd/bozohttpd.h:1.62	Sat Jul 11 08:10:52 2020
+++ src/libexec/httpd/bozohttpd.h	Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.62 2020/07/11 08:10:52 jruoho Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.63 2020/08/20 05:46:31 spz Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -312,6 +312,7 @@ char	*bozostrdup(bozohttpd_t *, bozo_htt
 #define bozo_ssl_set_ciphers(w, x)			bozo_noop
 #define bozo_ssl_init(x)bozo_noop
 #define bozo_ssl_accept(x)(0)
+#define bozo_ssl_shutdown(x)bozo_noop
 #define bozo_ssl_destroy(x)bozo_noop
 #define have_ssl	(0)
 #else
@@ -319,6 +320,7 @@ void	bozo_ssl_set_opts(bozohttpd_t *, co
 void	bozo_ssl_set_ciphers(bozohttpd_t *, const char *);
 void	bozo_ssl_init(bozohttpd_t *);
 int	bozo_ssl_accept(bozohttpd_t *);
+void	bozo_ssl_shutdown(bozohttpd_t *);
 void	bozo_ssl_destroy(bozohttpd_t *);
 #define have_ssl	(1)
 #endif

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.49 src/libexec/httpd/cgi-bozo.c:1.50
--- src/libexec/httpd/cgi-bozo.c:1.49	Fri Dec  6 05:53:20 2019
+++ src/libexec/httpd/cgi-bozo.c	Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.49 2019/12/06 05:53:20 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.50 2020/08/20 05:46:31 spz Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -637,6 +637,8 @@ bozo_process_cgi(bozo_httpreq_t *request
 		/* child reader/writer */
 		close(STDIN_FILENO);
 		finish_cgi_output(httpd, request, sv[0], nph);
+		/* if we do SSL, send a SSL_shutdown now */
+		bozo_ssl_shutdown(request->hr_httpd);
 		/* if we're done output, our parent is useless... */
 		kill(getppid(), SIGKILL);
 		debug((httpd, DEBUG_FAT, "done processing cgi output"));

Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.26 src/libexec/httpd/ssl-bozo.c:1.27
--- src/libexec/httpd/ssl-bozo.c:1.26	Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/ssl-bozo.c	Thu Aug 20 05:46:31 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssl-bozo.c,v 1.26 2019/02/28 08:28:21 mrg Exp $	*/
+/*	$NetBSD: ssl-bozo.c,v 1.27 2020/08/20 05:46:31 spz Exp $	*/
 
 /*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -287,6 +287,15 @@ bozo_ssl_accept(bozohttpd_t *httpd)
 }
 
 void
+bozo_ssl_shutdown(bozohttpd_t *httpd)
+{
+	const sslinfo_t *sslinfo = httpd->sslinfo;
+
+	if (sslinfo && sslinfo->bozossl)
+		SSL_shutdown(sslinfo->bozossl);
+}
+
+void
 bozo_ssl_destroy(bozohttpd_t *httpd)
 {
 	const sslinfo_t *sslinfo = httpd->sslinfo;

CVS commit: src/libexec/httpd/small

2020-07-13 Thread Jukka Ruohonen 
Module Name:src
Committed By:   jruoho
Date:   Mon Jul 13 10:35:17 UTC 2020

Modified Files:
src/libexec/httpd/small: Makefile

Log Message:
Add -DNO_BLOCKLIST_SUPPORT also to small/Makefile.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/small/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/small/Makefile
diff -u src/libexec/httpd/small/Makefile:1.3 src/libexec/httpd/small/Makefile:1.4
--- src/libexec/httpd/small/Makefile:1.3	Thu Jul 17 06:24:57 2014
+++ src/libexec/httpd/small/Makefile	Mon Jul 13 10:35:17 2020
@@ -9,7 +9,7 @@ LEAN_IFDEF_FLAGS=	-UDEBUG -DNO_USER_SUPP
 			-DNO_CGIBIN_SUPPORT -DNO_DIRINDEX_SUPPORT \
 			-DNO_DAEMON_MODE -DNO_DYNAMIC_CONTENT \
 			-DNO_SSL_SUPPORT -UDO_HTPASSWD \
-			-DNO_LUA_SUPPORT
+			-DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT
 
 CFLAGS=	-I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS}

CVS commit: src/libexec/httpd

2020-07-13 Thread Thomas Klausner 
Module Name:src
Committed By:   wiz
Date:   Mon Jul 13 09:41:18 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
Use Nx.


To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.83 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.82 src/libexec/httpd/bozohttpd.8:1.83
--- src/libexec/httpd/bozohttpd.8:1.82	Mon Jul 13 09:38:57 2020
+++ src/libexec/httpd/bozohttpd.8	Mon Jul 13 09:41:18 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.82 2020/07/13 09:38:57 jruoho Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.83 2020/07/13 09:41:18 wiz Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -455,7 +455,8 @@ on the compiler command line to enable t
 It may require linking with the crypt library, using
 .Dq -lcrypt .
 .Ss BLOCKLIST SUPPORT
-On NetBSD,
+On
+.Nx ,
 .Nm
 supports
 .Xr blocklistd 8

CVS commit: src/libexec/httpd

2020-07-13 Thread Jukka Ruohonen 
Module Name:src
Committed By:   jruoho
Date:   Mon Jul 13 09:38:57 UTC 2020

Modified Files:
src/libexec/httpd: Makefile.boot bozohttpd.8 bozohttpd.c

Log Message:
Do not report status code 500 to blocklistd(8)  Add -DNO_BLOCKLIST_SUPPORT
to Makefile.boot.


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 src/libexec/httpd/Makefile.boot
cvs rdiff -u -r1.81 -r1.82 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.116 -r1.117 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/Makefile.boot
diff -u src/libexec/httpd/Makefile.boot:1.7 src/libexec/httpd/Makefile.boot:1.8
--- src/libexec/httpd/Makefile.boot:1.7	Wed Oct 30 07:28:13 2019
+++ src/libexec/httpd/Makefile.boot	Mon Jul 13 09:38:57 2020
@@ -6,7 +6,7 @@
 CC=	cc
 OPT=	-O
 LARGE_CFLAGS=	-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-LOCAL_CFLAGS=	-DNO_LUA_SUPPORT -D_GNU_SOURCE
+LOCAL_CFLAGS=	-DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE
 CFLAGS=	$(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS)
 
 GROFF=	groff -Tascii

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.81 src/libexec/httpd/bozohttpd.8:1.82
--- src/libexec/httpd/bozohttpd.8:1.81	Sat Jul 11 08:10:52 2020
+++ src/libexec/httpd/bozohttpd.8	Mon Jul 13 09:38:57 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.81 2020/07/11 08:10:52 jruoho Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.82 2020/07/13 09:38:57 jruoho Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -466,16 +466,14 @@ compilation option.
 .Pp
 Upon occurrence,
 .Nm
-reports three HTTP status codes to
+reports two HTTP status codes to
 .Xr blocklistd 8
 as failures:
 .Em 401
-(``Unauthorized'') ,
-.Em 403
-(``Forbidden'') ,
+(``Unauthorized'')
 and
-.Em 500
-(``Internal Server Error'') .
+.Em 403
+(``Forbidden'') .
 Of these,
 .Em 401
 is the one received upon authorization failure with the

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.116 src/libexec/httpd/bozohttpd.c:1.117
--- src/libexec/httpd/bozohttpd.c:1.116	Sat Jul 11 08:10:52 2020
+++ src/libexec/httpd/bozohttpd.c	Mon Jul 13 09:38:57 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.116 2020/07/11 08:10:52 jruoho Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.117 2020/07/13 09:38:57 jruoho Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -2297,8 +2297,7 @@ bozo_http_error(bozohttpd_t *httpd, int 
 		pfilter_notify(BLOCKLIST_AUTH_FAIL, code);
 		break;
 
-	case 403: /* FALLTHROUGH */
-	case 500:
+	case 403:
 		pfilter_notify(BLOCKLIST_ABUSIVE_BEHAVIOR, code);
 		break;
 	}

CVS commit: src/libexec/httpd

2020-07-11 Thread Jukka Ruohonen 
Module Name:src
Committed By:   jruoho
Date:   Sat Jul 11 08:10:52 UTC 2020

Modified Files:
src/libexec/httpd: Makefile auth-bozo.c bozohttpd.8 bozohttpd.c
bozohttpd.h

Log Message:
Add blocklistd(8) support.


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/Makefile
cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.80 -r1.81 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.115 -r1.116 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.61 -r1.62 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/Makefile
diff -u src/libexec/httpd/Makefile:1.28 src/libexec/httpd/Makefile:1.29
--- src/libexec/httpd/Makefile:1.28	Thu Jan 17 07:39:00 2019
+++ src/libexec/httpd/Makefile	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.28 2019/01/17 07:39:00 mrg Exp $
+#	$NetBSD: Makefile,v 1.29 2020/07/11 08:10:52 jruoho Exp $
 #
 #	$eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
 #
@@ -14,6 +14,7 @@
 #	NO_SSL_SUPPORT		/* don't support ssl (https) */
 #	DO_HTPASSWD		/* support .htpasswd files */
 #	NO_LUA_SUPPORT		/* don't support Lua for dynamic content */
+#	NO_BLOCKLIST_SUPPORT	/* don't support blocklist */
 #
 # other system specific defines:
 #	HAVE_NBUTIL_H		/* netbsd compat is in 
@@ -32,8 +33,8 @@ SRCS=	bozohttpd.c ssl-bozo.c auth-bozo.c
 	tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c lua-bozo.c
 SRCS+=	main.c
 
-LDADD=	-lcrypt -llua -lm
-DPADD=	${LIBCRYPT} ${LIBLUA} ${LIBM}
+LDADD=	-lblocklist -lcrypt -llua -lm
+DPADD=	${LIBBLOCKLIST} ${LIBCRYPT} ${LIBLUA} ${LIBM}
 
 WARNS?=	4
 

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.24 src/libexec/httpd/auth-bozo.c:1.25
--- src/libexec/httpd/auth-bozo.c:1.24	Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/auth-bozo.c	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-bozo.c,v 1.24 2019/02/28 08:28:21 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.25 2020/07/11 08:10:52 jruoho Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -105,6 +105,11 @@ bozo_auth_check(bozo_httpreq_t *request,
 	pass) != 0)
 break;
 			fclose(fp);
+
+#ifndef NO_BLOCKLIST_SUPPORT
+			pfilter_notify(BLOCKLIST_AUTH_OK, 200);
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
 			return 0;
 		}
 	}

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.80 src/libexec/httpd/bozohttpd.8:1.81
--- src/libexec/httpd/bozohttpd.8:1.80	Mon Jul  6 23:31:36 2020
+++ src/libexec/httpd/bozohttpd.8	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.80 2020/07/06 23:31:36 jmcneill Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.81 2020/07/11 08:10:52 jruoho Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd July 6, 2020
+.Dd July 11, 2020
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -454,6 +454,45 @@ with
 on the compiler command line to enable this support.
 It may require linking with the crypt library, using
 .Dq -lcrypt .
+.Ss BLOCKLIST SUPPORT
+On NetBSD,
+.Nm
+supports
+.Xr blocklistd 8
+by default.
+The support can be disabled with the
+.Dq -DNO_BLOCKLIST_SUPPORT
+compilation option.
+.Pp
+Upon occurrence,
+.Nm
+reports three HTTP status codes to
+.Xr blocklistd 8
+as failures:
+.Em 401
+(``Unauthorized'') ,
+.Em 403
+(``Forbidden'') ,
+and
+.Em 500
+(``Internal Server Error'') .
+Of these,
+.Em 401
+is the one received upon authorization failure with the
+HTTP Basic Authorization mechanism.
+A successful authorization decreases the counter kept by
+.Xr blocklistd 8 .
+.Pp
+Note that the implementation of the HTTP Basic Authorization mechanism
+uses a redirection; a status code
+.Em 401
+is always initially received.
+Therefore, a single authorization failure of
+.Pa .htpasswd
+is reported as two failures to
+.Xr blocklistd 8 ,
+but no failures are recorded upon successful authorization
+due to the decrease of the failure counter.
 .Ss SSL SUPPORT
 .Nm
 has support for TLSv1.1 and TLSv1.2 protocols that are included by

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.115 src/libexec/httpd/bozohttpd.c:1.116
--- src/libexec/httpd/bozohttpd.c:1.115	Mon Jul  6 23:31:36 2020
+++ src/libexec/httpd/bozohttpd.c	Sat Jul 11 08:10:52 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.115 2020/07/06 23:31:36 jmcneill Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.116 2020/07/11 08:10:52 jruoho Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -2133,6 +2133,7 @@ static struct errors_map {
 	const char *shortmsg;		/* short version of message */
 	const char *longmsg;		/* long version of message */
 } errors_map[] = {
+	{ 200,	"200 OK",		"The request was valid", },
 	{ 400,	"400 Bad Request",	"The request was

CVS commit: src/libexec/httpd

2020-07-06 Thread Jared D. McNeill 
Module Name:src
Committed By:   jmcneill
Date:   Mon Jul  6 23:31:36 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.8 bozohttpd.c bozohttpd.h dir-index-bozo.c
main.c

Log Message:
Add -R flag to specify a README file to add at the bottom of directory
autoindex listings.


To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.114 -r1.115 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.60 -r1.61 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.22 -r1.23 src/libexec/httpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.79 src/libexec/httpd/bozohttpd.8:1.80
--- src/libexec/httpd/bozohttpd.8:1.79	Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/bozohttpd.8	Mon Jul  6 23:31:36 2020
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.79 2019/02/28 08:28:21 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.80 2020/07/06 23:31:36 jmcneill Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd February 27, 2019
+.Dd July 6, 2020
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -40,6 +40,7 @@
 .Op Fl L Ar prefix script
 .Op Fl M Ar suffix type encoding encoding11
 .Op Fl P Ar pidfile
+.Op Fl R Ar readme
 .Op Fl S Ar server_software
 .Op Fl T Ar type timeout
 .Op Fl U Ar username
@@ -232,6 +233,10 @@ translations from
 .Dq public_html
 to
 .Ar pubdir .
+.It Fl R Ar readme
+When directory indexing is enabled, include the contents of the file
+.Ar readme
+in the footer of the directory index.
 .It Fl S Ar server_software
 Sets the internal server version to
 .Ar server_software .

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.114 src/libexec/httpd/bozohttpd.c:1.115
--- src/libexec/httpd/bozohttpd.c:1.114	Sun Jun  7 23:33:02 2020
+++ src/libexec/httpd/bozohttpd.c	Mon Jul  6 23:31:36 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.114 2020/06/07 23:33:02 fox Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.115 2020/07/06 23:31:36 jmcneill Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -2570,6 +2570,9 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
 	strcmp(cp, "true") == 0) {
 		httpd->dir_indexing = 1;
 	}
+	if ((cp = bozo_get_pref(prefs, "directory index readme")) != NULL) {
+		httpd->dir_readme = bozostrdup(httpd, NULL, cp);
+	}
 	if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
 		httpd->public_html = bozostrdup(httpd, NULL, cp);
 	}

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.60 src/libexec/httpd/bozohttpd.h:1.61
--- src/libexec/httpd/bozohttpd.h:1.60	Fri Mar  8 03:12:28 2019
+++ src/libexec/httpd/bozohttpd.h	Mon Jul  6 23:31:36 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.60 2019/03/08 03:12:28 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.61 2020/07/06 23:31:36 jmcneill Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -117,6 +117,7 @@ typedef struct bozohttpd_t {
 	struct pollfd	*fds;		/* current poll fd set */
 	int		 request_times;	/* # times a request was processed */
 	int		 dir_indexing;	/* handle directories */
+	const char	*dir_readme;	/* include README footer in indexes */
 	int		 hide_dots;	/* hide .* */
 	int		 process_cgi;	/* use the cgi handler */
 	char		*cgibin;	/* cgi-bin directory */

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.32 src/libexec/httpd/dir-index-bozo.c:1.33
--- src/libexec/httpd/dir-index-bozo.c:1.32	Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/dir-index-bozo.c	Mon Jul  6 23:31:36 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.32 2019/02/28 08:28:21 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.33 2020/07/06 23:31:36 jmcneill Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -38,9 +38,11 @@
 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #include "bozohttpd.h"
@@ -57,7 +59,8 @@ bozo_dir_index(bozo_httpreq_t *request, 
 	DIR *dp;
 	char buf[MAXPATHLEN];
 	char *file = NULL, *printname = NULL, *p;
-	int k, j;
+	int k, j, fd;
+	ssize_t rlen;
 
 	if (!isindex || !httpd->dir_indexing)
 		return 0;
@@ -197,6 +200,23 @@ bozo_dir_index(bozo_httpreq_t *request, 
 	free(deo[k]);
 	free(deo);
 	bozo_printf(httpd, "\r\n");
+	if (httpd->dir_readme != NULL) {
+		if (httpd->dir_readme[0] == '/')
+			snprintf(buf, sizeof buf, "%s", httpd->dir_readme);
+		else
+			snprintf(buf, sizeof buf, "%s/%s", dirpath, httpd->dir_readme);
+		fd = open(buf, O_RDONLY);
+		if (fd != -1) {
+			bozo_flush(httpd, stdout);
+			do {
+rlen = read(fd, buf, sizeof buf);
+if (rlen <= 0)
+	break;
+

CVS commit: src/libexec/httpd

2020-06-07 Thread Santhosh Raju 
Module Name:src
Committed By:   fox
Date:   Sun Jun  7 23:33:02 UTC 2020

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
libexec/httpd: Fix the possible -Werror=stringop-truncation

Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.

Reviewed by: kamil@, mrg@


To generate a diff of this commit:
cvs rdiff -u -r1.113 -r1.114 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.113 src/libexec/httpd/bozohttpd.c:1.114
--- src/libexec/httpd/bozohttpd.c:1.113	Thu Feb 28 09:16:42 2019
+++ src/libexec/httpd/bozohttpd.c	Sun Jun  7 23:33:02 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.113 2019/02/28 09:16:42 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.114 2020/06/07 23:33:02 fox Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -496,7 +496,7 @@ got_proto_09:
 
 	if (strncasecmp(proto, "HTTP/", 5) != 0)
 		goto bad;
-	strncpy(majorstr, proto + 5, sizeof majorstr);
+	strncpy(majorstr, proto + 5, sizeof(majorstr)-1);
 	majorstr[sizeof(majorstr)-1] = 0;
 	minorstr = strchr(majorstr, '.');
 	if (minorstr == NULL)

CVS commit: src/libexec/httpd

2019-12-05 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Dec  6 05:53:21 UTC 2019

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
remove some XXX comments.  one isn't relevant, and the other two
have been incorrect for a long while now.


To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.48 src/libexec/httpd/cgi-bozo.c:1.49
--- src/libexec/httpd/cgi-bozo.c:1.48	Fri Mar 29 14:46:44 2019
+++ src/libexec/httpd/cgi-bozo.c	Fri Dec  6 05:53:20 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.48 2019/03/29 14:46:44 martin Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.49 2019/12/06 05:53:20 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -137,7 +137,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 		 * return it in the response.  If the cgi program does
 		 * not return any `Status:' header then the server should
 		 * respond with 200 OK.
-		 * XXX The CGI 1.1 and 1.2 specification differ slightly on
+		 * The CGI 1.1 and 1.2 specification differ slightly on
 		 * this in that v1.2 says that the script MUST NOT return a
 		 * `Status:' header if it is returning a `Location:' header.
 		 * For compatibility we are going with the CGI 1.1 behavior.
@@ -182,8 +182,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 		bozo_flush(httpd, stdout);
 	}
 
-	/* XXX we should have some goo that times us out
-	 */
+	/* CGI programs should perform their own timeouts */
 	while ((rbytes = read(in, buf, sizeof buf)) > 0) {
 		ssize_t wbytes;
 		char *bp = buf;
@@ -645,8 +644,7 @@ bozo_process_cgi(bozo_httpreq_t *request
 	}
 	close(STDOUT_FILENO);
 
-	/* XXX we should have some goo that times us out
-	 */
+	/* CGI programs should perform their own timeouts */
 	while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) {
 		ssize_t wbytes;
 		char *bp = buf;

CVS commit: src/libexec/httpd

2019-03-29 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Fri Mar 29 14:46:44 UTC 2019

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
Account for cgihandler being set when counting the number of CGI environment
headers we are about to set. Avoids an assertion failure (and overruninng
the array) later.


To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.47 src/libexec/httpd/cgi-bozo.c:1.48
--- src/libexec/httpd/cgi-bozo.c:1.47	Thu Jan 17 07:46:16 2019
+++ src/libexec/httpd/cgi-bozo.c	Fri Mar 29 14:46:44 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.47 2019/01/17 07:46:16 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.48 2019/03/29 14:46:44 martin Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -493,6 +493,7 @@ bozo_process_cgi(bozo_httpreq_t *request
 	(clen && *clen ? 1 : 0) +
 	(request->hr_remotehost && *request->hr_remotehost ? 1 : 0) +
 	(request->hr_remoteaddr && *request->hr_remoteaddr ? 1 : 0) +
+	(cgihandler ? 1 : 0) +
 	bozo_auth_cgi_count(request) +
 	(request->hr_serverport && *request->hr_serverport ? 1 : 0);

CVS commit: src/libexec/httpd/testsuite

2019-03-26 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Mar 27 04:50:30 UTC 2019

Modified Files:
src/libexec/httpd/testsuite: Makefile

Log Message:
add $NetBSD$


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/libexec/httpd/testsuite/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/testsuite/Makefile
diff -u src/libexec/httpd/testsuite/Makefile:1.12 src/libexec/httpd/testsuite/Makefile:1.13
--- src/libexec/httpd/testsuite/Makefile:1.12	Fri Dec 14 23:57:22 2018
+++ src/libexec/httpd/testsuite/Makefile	Wed Mar 27 04:50:30 2019
@@ -1,3 +1,4 @@
+#	$NetBSD: Makefile,v 1.13 2019/03/27 04:50:30 mrg Exp $
 #	$eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $
 
 SIMPLETESTS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15

CVS commit: src/libexec/httpd

2019-03-07 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Mar  8 03:12:28 UTC 2019

Modified Files:
src/libexec/httpd: bozohttpd.h

Log Message:
on m68010 set BOZO_WRSZ to 16k and BOZO_WRSZ to 64k.


To generate a diff of this commit:
cvs rdiff -u -r1.59 -r1.60 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.59 src/libexec/httpd/bozohttpd.h:1.60
--- src/libexec/httpd/bozohttpd.h:1.59	Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/bozohttpd.h	Fri Mar  8 03:12:28 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.59 2019/02/28 08:28:21 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.60 2019/03/08 03:12:28 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -199,6 +199,16 @@ typedef struct bozoprefs_t {
 	char		**value;	/* values for the name entries */
 } bozoprefs_t;
 
+/* sun2 has a tiny VA range */
+#ifdef __mc68010__
+#ifndef BOZO_WRSZ
+#define BOZO_WRSZ	(16 * 1024)
+#endif
+#ifndef BOZO_MMAPSZ
+#define BOZO_MMAPSZ	(BOZO_WRSZ * 4)
+#endif
+#endif
+
 /* by default write in upto 64KiB chunks, and mmap in upto 64MiB chunks */
 #ifndef BOZO_WRSZ
 #define BOZO_WRSZ	(64 * 1024)

CVS commit: src/libexec/httpd

2019-02-28 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Feb 28 09:16:42 UTC 2019

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.c

Log Message:
call this bozohttpd 20190228, and merge the CHANGES entries from the
previous release.


To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.112 -r1.113 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.39 src/libexec/httpd/CHANGES:1.40
--- src/libexec/httpd/CHANGES:1.39	Sun Jan 27 04:40:57 2019
+++ src/libexec/httpd/CHANGES	Thu Feb 28 09:16:42 2019
@@ -1,10 +1,11 @@
-$NetBSD: CHANGES,v 1.39 2019/01/27 04:40:57 dholland Exp $
+$NetBSD: CHANGES,v 1.40 2019/02/28 09:16:42 mrg Exp $
 
-changes in bozohttpd 20190121:
+changes in bozohttpd 20190228:
+	o  extend timeout facility to ssl and stop servers hanging forever
+	   if the client never sends anything.  reported by Steffen in netbsd
+	   PR#50655.
 	o  don't display special files in the directory index.  they aren't
 	   served, but links to them are generated.
-
-changes in bozohttpd 20190116:
 	o  fix CGI '+' parameter handling, some error checking, and a double
 	   free.  from rajeev_v_pil...@yahoo.com
 	o  more directory indexing clean up.  from rajeev_v_pil...@yahoo.com

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.112 src/libexec/httpd/bozohttpd.c:1.113
--- src/libexec/httpd/bozohttpd.c:1.112	Thu Feb 28 08:28:21 2019
+++ src/libexec/httpd/bozohttpd.c	Thu Feb 28 09:16:42 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.112 2019/02/28 08:28:21 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.113 2019/02/28 09:16:42 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20190121"
+#define SERVER_SOFTWARE		"bozohttpd/20190228"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

CVS commit: src/libexec/httpd

2019-02-28 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Feb 28 08:28:22 UTC 2019

Modified Files:
src/libexec/httpd: auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h
dir-index-bozo.c ssl-bozo.c

Log Message:
add ssl specific timeout value (30s).  if SSL_accept() doesn't
work with in this timeout value, ssl setup now fails.

mostly different from, but inspired from the patch in PR 50655


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.78 -r1.79 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.111 -r1.112 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.58 -r1.59 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.23 src/libexec/httpd/auth-bozo.c:1.24
--- src/libexec/httpd/auth-bozo.c:1.23	Tue Jan 22 05:32:57 2019
+++ src/libexec/httpd/auth-bozo.c	Thu Feb 28 08:28:21 2019
@@ -1,9 +1,9 @@
-/*	$NetBSD: auth-bozo.c,v 1.23 2019/01/22 05:32:57 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.24 2019/02/28 08:28:21 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.78 src/libexec/httpd/bozohttpd.8:1.79
--- src/libexec/httpd/bozohttpd.8:1.78	Thu Jan 17 07:46:16 2019
+++ src/libexec/httpd/bozohttpd.8	Thu Feb 28 08:28:21 2019
@@ -1,8 +1,8 @@
-.\"	$NetBSD: bozohttpd.8,v 1.78 2019/01/17 07:46:16 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.79 2019/02/28 08:28:21 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2018 Matthew R. Green
+.\" Copyright (c) 1997-2019 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd January 7, 2019
+.Dd February 27, 2019
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -245,11 +245,13 @@ to
 The valid values of
 .Ar type
 are
+.Dq ssl timeout ,
 .Dq initial timeout ,
 .Dq header timeout ,
 and
 .Dq request timeout .
-The default values are 30 seconds, 10 seconds and 600 seconds, respectively.
+The default values are 30 seconds, 30 seconds, 10 seconds and 600 seconds,
+respectively.
 .It Fl t Ar chrootdir
 Makes
 .Nm

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.111 src/libexec/httpd/bozohttpd.c:1.112
--- src/libexec/httpd/bozohttpd.c:1.111	Tue Jan 22 05:32:57 2019
+++ src/libexec/httpd/bozohttpd.c	Thu Feb 28 08:28:21 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.111 2019/01/22 05:32:57 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.112 2019/02/28 08:28:21 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -137,7 +137,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -148,6 +147,9 @@
 
 #include "bozohttpd.h"
 
+#ifndef SSL_TIMEOUT
+#define	SSL_TIMEOUT		"30"	/* wait for 30 seconds for ssl handshake  */
+#endif
 #ifndef INITIAL_TIMEOUT
 #define	INITIAL_TIMEOUT		"30"	/* wait for 30 seconds initially */
 #endif
@@ -183,7 +185,7 @@ struct {
 	{ NULL,   NULL },
 };
 
-volatile sig_atomic_t	timeout_hit;
+volatile sig_atomic_t	bozo_timeout_hit;
 
 /*
  * check there's enough space in the prefs and names arrays.
@@ -371,18 +373,19 @@ bozo_clean_request(bozo_httpreq_t *reque
 static void
 alarmer(int sig)
 {
-	timeout_hit = 1;
+	bozo_timeout_hit = 1;
 }
 
 
 /*
- * set a timeout for "initial", "header", or "request".
+ * set a timeout for "ssl", "initial", "header", or "request".
  */
 int
 bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs,
 		 const char *target, const char *val)
 {
 	const char **cur, *timeouts[] = {
+		"ssl timeout",
 		"initial timeout",
 		"header timeout",
 		"request timeout",
@@ -602,14 +605,10 @@ bozo_read_request(bozohttpd_t *httpd)
 	/*
 	 * if we're in daemon mode, bozo_daemon_fork() will return here twice
 	 * for each call.  once in the child, returning 0, and once in the
-	 * parent, returning 1.  for each child, then we can setup SSL, and
-	 * the parent can signal the caller there was no request to process
-	 * and it will wait for another.
+	 * parent, returning 1 for each child.
 	 */
 	if (bozo_daemon_fork(httpd))
 		return NULL;
-	if (bozo_ssl_accept(httpd))
-		return NULL;
 
 	request = bozomalloc(httpd, sizeof(*request));
 	memset(request, 0, sizeof(*request));
@@ -685,6 +684,14 @@ bozo_read_request(bozohttpd_t *httpd)
 		goto cleanup;
 	}
 
+	/*
+	 *

CVS commit: src/libexec/httpd

2019-01-26 Thread David A. Holland 
Module Name:src
Committed By:   dholland
Date:   Sun Jan 27 04:40:57 UTC 2019

Modified Files:
src/libexec/httpd: CHANGES

Log Message:
fix duplicated chunk from merge


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 src/libexec/httpd/CHANGES

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.38 src/libexec/httpd/CHANGES:1.39
--- src/libexec/httpd/CHANGES:1.38	Sun Jan 27 02:08:36 2019
+++ src/libexec/httpd/CHANGES	Sun Jan 27 04:40:57 2019
@@ -1,37 +1,4 @@
-$NetBSD: CHANGES,v 1.38 2019/01/27 02:08:36 pgoyette Exp $
-
-changes in bozohttpd 20190121:
-	o  don't display special files in the directory index.  they aren't
-	   served, but links to them are generated.
-
-changes in bozohttpd 20190116:
-	o  fix CGI '+' parameter handling, some error checking, and a double
-	   free.  from rajeev_v_pil...@yahoo.com
-	o  more directory indexing clean up.  from rajeev_v_pil...@yahoo.com
-
-changes in bozohttpd 20181215:
-	o  fix .htpasswd bypass for authenticated users.  reported by JP,
-	   from l...@netbsd.org
-	o  avoid possible null dereference when receiving a big request that
-	   timeout.  reported by m...@netbsd.org, from l...@netbsd.org
-	o  fix handling of -T option, from l...@netbsd.org
-	o  cleanups and portability improvements, from m...@netbsd.org
-	o  change directory indexing to use html tables, from
-	   rajeev_v_pil...@yahoo.com
-
-changes in bozohttpd 20181125:
-	o  fixes for option parsing introduced in bozohttpd 20181123
-
-changes in bozohttpd 20181121:
-	o  add url remap support via .bzremap file, from mar...@netbsd.org
-	o  handle redirections for any protocol, not just http:
-	o  fix a denial of service attack against header contents, which
-	   is now bounded at 16KiB.  reported by JP
-	o  reduce default timeouts, and add expand timeouts to handle the
-	   initial line, each header, and the total time spent
-	o  add -T option to expose new timeout settings
-	o  minor RFC fixes related to timeout handling
-	o  fix special file (.htpasswd, .bz*) bypass.  reported by JP
+$NetBSD: CHANGES,v 1.39 2019/01/27 04:40:57 dholland Exp $
 
 changes in bozohttpd 20190121:
 	o  don't display special files in the directory index.  they aren't

CVS commit: src/libexec/httpd

2019-01-21 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Jan 22 05:32:57 UTC 2019

Modified Files:
src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h
dir-index-bozo.c

Log Message:
o  don't display special files in the directory index.  they aren't
   served, but links to them are generated.


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.22 -r1.23 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.110 -r1.111 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.57 -r1.58 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.36 src/libexec/httpd/CHANGES:1.37
--- src/libexec/httpd/CHANGES:1.36	Thu Jan 17 07:46:16 2019
+++ src/libexec/httpd/CHANGES	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.36 2019/01/17 07:46:16 mrg Exp $
+$NetBSD: CHANGES,v 1.37 2019/01/22 05:32:57 mrg Exp $
+
+changes in bozohttpd 20190121:
+	o  don't display special files in the directory index.  they aren't
+	   served, but links to them are generated.
 
 changes in bozohttpd 20190116:
 	o  fix CGI '+' parameter handling, some error checking, and a double

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.22 src/libexec/httpd/auth-bozo.c:1.23
--- src/libexec/httpd/auth-bozo.c:1.22	Thu Nov 22 08:54:08 2018
+++ src/libexec/httpd/auth-bozo.c	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-bozo.c,v 1.22 2018/11/22 08:54:08 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.23 2019/01/22 05:32:57 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -64,7 +64,7 @@ bozo_auth_check(bozo_httpreq_t *request,
 		strcpy(dir, ".");
 	else {
 		*basename++ = '\0';
-		if (bozo_check_special_files(request, basename))
+		if (bozo_check_special_files(request, basename, true))
 			return 1;
 	}
 	request->hr_authrealm = bozostrdup(httpd, request, dir);

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.110 src/libexec/httpd/bozohttpd.c:1.111
--- src/libexec/httpd/bozohttpd.c:1.110	Fri Jan 18 06:04:10 2019
+++ src/libexec/httpd/bozohttpd.c	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.110 2019/01/18 06:04:10 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.111 2019/01/22 05:32:57 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20190116"
+#define SERVER_SOFTWARE		"bozohttpd/20190121"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
@@ -140,7 +140,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -1461,7 +1460,7 @@ check_bzredirect(bozo_httpreq_t *request
 		*basename++ = '\0';
 		strcpy(path, dir);
 	}
-	if (bozo_check_special_files(request, basename))
+	if (bozo_check_special_files(request, basename, true))
 		return -1;
 
 	debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path));
@@ -1913,17 +1912,24 @@ bozo_process_request(bozo_httpreq_t *req
 
 /* make sure we're not trying to access special files */
 int
-bozo_check_special_files(bozo_httpreq_t *request, const char *name)
+bozo_check_special_files(bozo_httpreq_t *request, const char *name, bool doerror)
 {
 	bozohttpd_t *httpd = request->hr_httpd;
 	size_t i;
+	int error = 0;
 
-	for (i = 0; specials[i].file; i++)
-		if (strcmp(name, specials[i].file) == 0)
-			return bozo_http_error(httpd, 403, request,
+	for (i = 0; specials[i].file; i++) {
+		if (strcmp(name, specials[i].file) == 0) {
+			if (doerror) {
+error = bozo_http_error(httpd, 403, request,
 	   specials[i].name);
+			} else {
+error = -1;
+			}
+		}
+	}
 
-	return 0;
+	return error;
 }
 
 /* generic header printing routine */

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.57 src/libexec/httpd/bozohttpd.h:1.58
--- src/libexec/httpd/bozohttpd.h:1.57	Sat Nov 24 13:02:46 2018
+++ src/libexec/httpd/bozohttpd.h	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.57 2018/11/24 13:02:46 christos Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.58 2019/01/22 05:32:57 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -34,6 +34,8 @@
 
 #include "netbsd_queue.h"
 
+#include 
+
 #include 
 
 #ifndef NO_LUA_SUPPORT
@@ -259,7 +261,7 @@ void	debug__(bozohttpd_t *, int, const c
 /* be sure to always return this error up */
 int	bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
 
-int	bozo_check_special_files(bozo_httpreq_t *, const char *) BOZO_CHECKRET;
+int	bozo_check_special_files(bozo_httpreq_t *, const char *, bool) BOZO_CHECKRET;
 char	*bozo_http_date(char *, size_t);
 void

CVS commit: src/libexec/httpd

2019-01-17 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Jan 18 06:04:10 UTC 2019

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
rework size_arrays():
- avoid calloc, use bozomalloc
- minor CSE
- fix bozoprefs->size setting when increasing the size (new total was
  being added to the prior total.)  found by clang static analyzer
  from rajeev_v_pillai.

pass httpd to size_arrays() now.
free(NULL) is legal.


To generate a diff of this commit:
cvs rdiff -u -r1.109 -r1.110 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.109 src/libexec/httpd/bozohttpd.c:1.110
--- src/libexec/httpd/bozohttpd.c:1.109	Fri Jan 18 05:48:31 2019
+++ src/libexec/httpd/bozohttpd.c	Fri Jan 18 06:04:10 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.109 2019/01/18 05:48:31 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.110 2019/01/18 06:04:10 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -190,33 +190,21 @@ volatile sig_atomic_t	timeout_hit;
  * check there's enough space in the prefs and names arrays.
  */
 static int
-size_arrays(bozoprefs_t *bozoprefs, size_t needed)
+size_arrays(bozohttpd_t *httpd, bozoprefs_t *bozoprefs, size_t needed)
 {
-	char	**temp;
+	size_t	len = sizeof(char *) * needed;
 
 	if (bozoprefs->size == 0) {
 		/* only get here first time around */
-		bozoprefs->name = calloc(sizeof(char *), needed);
-		if (bozoprefs->name == NULL)
-			return 0;
-		bozoprefs->value = calloc(sizeof(char *), needed);
-		if (bozoprefs->value == NULL) {
-			free(bozoprefs->name);
-			return 0;
-		}
-		bozoprefs->size = needed;
+		bozoprefs->name = bozomalloc(httpd, len);
+		bozoprefs->value = bozomalloc(httpd, len);
 	} else if (bozoprefs->count == bozoprefs->size) {
 		/* only uses 'needed' when filled array */
-		temp = realloc(bozoprefs->name, sizeof(char *) * needed);
-		if (temp == NULL)
-			return 0;
-		bozoprefs->name = temp;
-		temp = realloc(bozoprefs->value, sizeof(char *) * needed);
-		if (temp == NULL)
-			return 0;
-		bozoprefs->value = temp;
-		bozoprefs->size += needed;
+		bozoprefs->name = bozorealloc(httpd, bozoprefs->name, len);
+		bozoprefs->value = bozorealloc(httpd, bozoprefs->value, len);
 	}
+
+	bozoprefs->size = needed;
 	return 1;
 }
 
@@ -239,14 +227,13 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr
 
 	if ((i = findvar(bozoprefs, name)) < 0) {
 		/* add the element to the array */
-		if (!size_arrays(bozoprefs, bozoprefs->size + 15))
+		if (!size_arrays(httpd, bozoprefs, bozoprefs->size + 15))
 			return 0;
 		i = bozoprefs->count++;
 		bozoprefs->name[i] = bozostrdup(httpd, NULL, name);
 	} else {
 		/* replace the element in the array */
-		if (bozoprefs->value[i])
-			free(bozoprefs->value[i]);
+		free(bozoprefs->value[i]);
 	}
 	bozoprefs->value[i] = bozostrdup(httpd, NULL, value);
 	return 1;

CVS commit: src/libexec/httpd

2019-01-17 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Jan 18 05:48:31 UTC 2019

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
fix a few problems pointed out by clang static analyzer, from rajeev_v_pillai:

- bozostrnsep() may return with "in = NULL", so check for it.
- nul terminating in bozo_escape_rfc3986() can be simpler
- don't use uniinit variables in check_remap()
- don't use re-used freed data in check_virtual().  this one is tricky as
  the original code was:
free(request->hr_file);
request->hr_file = bozostrdup(httpd, request, s ? s : "/");
  however, bozostrdup() may reference request->hr_file.


To generate a diff of this commit:
cvs rdiff -u -r1.108 -r1.109 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.108 src/libexec/httpd/bozohttpd.c:1.109
--- src/libexec/httpd/bozohttpd.c:1.108	Thu Jan 17 07:46:16 2019
+++ src/libexec/httpd/bozohttpd.c	Fri Jan 18 05:48:31 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.108 2019/01/17 07:46:16 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.109 2019/01/18 05:48:31 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -245,10 +245,8 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr
 		bozoprefs->name[i] = bozostrdup(httpd, NULL, name);
 	} else {
 		/* replace the element in the array */
-		if (bozoprefs->value[i]) {
+		if (bozoprefs->value[i])
 			free(bozoprefs->value[i]);
-			bozoprefs->value[i] = NULL;
-		}
 	}
 	bozoprefs->value[i] = bozostrdup(httpd, NULL, value);
 	return 1;
@@ -297,7 +295,7 @@ parse_request(bozohttpd_t *httpd, char *
 
 	len = (ssize_t)strlen(in);
 	val = bozostrnsep(, " \t\n\r", );
-	if (len < 1 || val == NULL)
+	if (len < 1 || val == NULL || in == NULL)
 		return;
 	*method = val;
 
@@ -996,7 +994,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, 
 		buf = bozorealloc(httpd, buf, buflen);
 	}
 
-	for (len = 0, s = url, d = buf; *s;) {
+	for (s = url, d = buf; *s;) {
 		if (*s & 0x80)
 			goto encode_it;
 		switch (*s) {
@@ -1028,16 +1026,14 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, 
 		encode_it:
 			snprintf(d, 4, "%%%02X", (unsigned char)*s++);
 			d += 3;
-			len += 3;
 			break;
 		default:
 		leave_it:
 			*d++ = *s++;
-			len++;
 			break;
 		}
 	}
-	buf[len] = 0;
+	*d = 0;
 
 	return buf;
 }
@@ -1195,7 +1191,7 @@ check_remap(bozo_httpreq_t *request)
 	bozohttpd_t *httpd = request->hr_httpd;
 	char *file = request->hr_file, *newfile;
 	void *fmap;
-	const char *replace, *map_to, *p;
+	const char *replace = NULL, *map_to = NULL, *p;
 	struct stat st;
 	int mapfile;
 	size_t avail, len, rlen, reqlen, num_esc = 0;
@@ -1324,6 +1320,9 @@ check_virtual(bozo_httpreq_t *request)
 	debug((httpd, DEBUG_OBESE,
 	   "checking for http:// virtual host in '%s'", file));
 	if (strncasecmp(file, "http://;, 7) == 0) {
+		/* bozostrdup() might access it. */
+		char *old_file = request->hr_file;
+
 		/* we would do virtual hosting here? */
 		file += 7;
 		/* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */
@@ -1332,8 +1331,8 @@ check_virtual(bozo_httpreq_t *request)
 		if ((s = strchr(request->hr_host, '/')) != NULL)
 			*s = '\0';
 		s = strchr(file, '/');
-		free(request->hr_file);
 		request->hr_file = bozostrdup(httpd, request, s ? s : "/");
+		free(old_file);
 		debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'",
 		request->hr_host, request->hr_file));
 	} else if (!request->hr_host)
@@ -1357,7 +1356,10 @@ check_virtual(bozo_httpreq_t *request)
 		if (request->hr_host) {
 			s = strrchr(request->hr_host, ':');
 			if (s != NULL)
-/* truncate Host: as we want to copy it without port part */
+/*
+ * truncate Host: as we want to copy it
+ * without port part
+ */
 *s = '\0';
 			request->hr_virthostname = bozostrdup(httpd, request,
 			  request->hr_host);

CVS commit: src/libexec/httpd

2019-01-16 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Jan 17 07:46:16 UTC 2019

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c cgi-bozo.c
daemon-bozo.c dir-index-bozo.c

Log Message:
- call this 20190116
- adjust the directory indexing again:
  - don't include "index.html" in html headers
  - additional escaping of names
  - re-add top/bottom borders
  - adds an aquamarine table header
  - Zebra-stripes table rows using CSS instead of code
  all from "Rajeev V. Pillai" 


To generate a diff of this commit:
cvs rdiff -u -r1.35 -r1.36 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.77 -r1.78 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.107 -r1.108 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.46 -r1.47 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.35 src/libexec/httpd/CHANGES:1.36
--- src/libexec/httpd/CHANGES:1.35	Thu Jan 17 07:34:06 2019
+++ src/libexec/httpd/CHANGES	Thu Jan 17 07:46:16 2019
@@ -1,8 +1,9 @@
-$NetBSD: CHANGES,v 1.35 2019/01/17 07:34:06 mrg Exp $
+$NetBSD: CHANGES,v 1.36 2019/01/17 07:46:16 mrg Exp $
 
 changes in bozohttpd 20190116:
-	o  fix CGI '+' parameter handling, and a double free.  from
-	   rajeev_v_pil...@yahoo.com
+	o  fix CGI '+' parameter handling, some error checking, and a double
+	   free.  from rajeev_v_pil...@yahoo.com
+	o  more directory indexing clean up.  from rajeev_v_pil...@yahoo.com
 
 changes in bozohttpd 20181215:
 	o  fix .htpasswd bypass for authenticated users.  reported by JP,

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.77 src/libexec/httpd/bozohttpd.8:1.78
--- src/libexec/httpd/bozohttpd.8:1.77	Tue Jan  8 06:04:29 2019
+++ src/libexec/httpd/bozohttpd.8	Thu Jan 17 07:46:16 2019
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.77 2019/01/08 06:04:29 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.78 2019/01/17 07:46:16 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -597,7 +597,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20181215.
+version 20190116.
 .Sh AUTHORS
 .An -nosplit
 .Nm
@@ -632,7 +632,7 @@ provided cgi-bin support fixes, and more
 .Aq Mt a...@netbsd.org
 cleaned up many internal interfaces, made
 .Nm
-linkable as a library and provided the Lua binding.
+linkable as a library and provided the Lua binding
 .It
 .An DEGROOTE Arnaud
 .Aq Mt degro...@netbsd.org
@@ -688,7 +688,7 @@ provided many fixes and enhancements for
 fixed memory leaks, various issues with userdir support,
 information disclosure issues, added support for using CGI handlers
 with directory indexing, found several security issues and provided
-various other fixes.
+various other fixes
 .It
 .An Arnaud Lacombe
 .Aq Mt a...@netbsd.org
@@ -706,7 +706,7 @@ provided a cgi-bin fix
 .Aq Mt j...@netbsd.org
 Added the
 .Fl P
-option (pidfile support) and provided some man page fixes.
+option (pidfile support) and provided some man page fixes
 .It
 .An Luke Mewburn
 .Aq Mt lu...@netbsd.org
@@ -715,7 +715,8 @@ HTTP basic authorization support and muc
 .It
 .An Rajeev V. Pillai
 .Aq Mt rajeev_v_pil...@yahoo.com
-provided several fixes for virtual hosting and directory indexing
+provided several fixes for virtual hosting and directory indexing and
+fixes for CGI
 .It
 .An Jeremy C. Reed
 .Aq Mt r...@netbsd.org
@@ -737,11 +738,11 @@ provided minor compile fixes and a CGI c
 .Aq Mt rum...@ephemeral.org
 provided the
 .Fl V
-option.
+option
 .It
 .An Thor Lancelot Simon
 .Aq Mt t...@netbsd.org
-enhanced cgi-bin support.
+enhanced cgi-bin support
 .It
 .An Joerg Sonnenberger
 .Aq Mt jo...@netbsd.org
@@ -758,7 +759,7 @@ provided http authorization fixes
 .Aq Mt x...@kittenz.org
 provided chroot and change-to-user support, and other various fixes
 .It
-Coyote Point provided various CGI fixes.
+Coyote Point provided various CGI fixes
 .El
 .Pp
 There are probably others I have forgotten (let me know if you care)

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.107 src/libexec/httpd/bozohttpd.c:1.108
--- src/libexec/httpd/bozohttpd.c:1.107	Sat Dec 15 12:52:36 2018
+++ src/libexec/httpd/bozohttpd.c	Thu Jan 17 07:46:16 2019
@@ -1,9 +1,9 @@
-/*	$NetBSD: bozohttpd.c,v 1.107 2018/12/15 12:52:36 leot Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.108 2019/01/17 07:46:16 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE

CVS commit: src/libexec/httpd

2019-01-16 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Jan 17 07:39:00 UTC 2019

Modified Files:
src/libexec/httpd: Makefile
src/libexec/httpd/testsuite: t11.out

Log Message:
add 'check' target to toplevel makefile.

fix the t11.out output now that CGI parsing works better.


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/Makefile
cvs rdiff -u -r1.1 -r1.2 src/libexec/httpd/testsuite/t11.out

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/Makefile
diff -u src/libexec/httpd/Makefile:1.27 src/libexec/httpd/Makefile:1.28
--- src/libexec/httpd/Makefile:1.27	Sun May 21 15:28:41 2017
+++ src/libexec/httpd/Makefile	Thu Jan 17 07:39:00 2019
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.27 2017/05/21 15:28:41 riastradh Exp $
+#	$NetBSD: Makefile,v 1.28 2019/01/17 07:39:00 mrg Exp $
 #
 #	$eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
 #
@@ -77,6 +77,9 @@ bozohttpd.8.txt: bozohttpd.8
 
 CLEANFILES+=	bozohttpd.8.html bozohttpd.8.txt
 
+check:
+	cd ${.CURDIR}/testsuite && ${MAKE} check
+
 # Create a distfile: uses /tmp
 BASE=bozohttpd-${BOZOVER}
 TAR=${BASE}.tar

Index: src/libexec/httpd/testsuite/t11.out
diff -u src/libexec/httpd/testsuite/t11.out:1.1 src/libexec/httpd/testsuite/t11.out:1.2
--- src/libexec/httpd/testsuite/t11.out:1.1	Tue Jan 31 14:33:54 2017
+++ src/libexec/httpd/testsuite/t11.out	Thu Jan 17 07:39:00 2019
@@ -1 +1,11 @@
 HTTP/1.1 200 OK
+Content-Type: text/html
+Content-Length: 194
+Server: bozohttpd/20181215
+Allow: GET, HEAD, POST
+
+404 Not Found
+404 Not Found
+cgi-bin/echo.bat: This item has not been found
+ 
+

CVS commit: src/libexec/httpd

2019-01-16 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Jan 17 07:34:06 UTC 2019

Modified Files:
src/libexec/httpd: CHANGES cgi-bozo.c daemon-bozo.c

Log Message:
- fix CGI '+' param and error handling.
- remove unused parameter to daemon_poll_err().

both from "Rajeev V. Pillai" 


To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.45 -r1.46 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/daemon-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.34 src/libexec/httpd/CHANGES:1.35
--- src/libexec/httpd/CHANGES:1.34	Wed Dec 19 12:40:32 2018
+++ src/libexec/httpd/CHANGES	Thu Jan 17 07:34:06 2019
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.34 2018/12/19 12:40:32 mrg Exp $
+$NetBSD: CHANGES,v 1.35 2019/01/17 07:34:06 mrg Exp $
+
+changes in bozohttpd 20190116:
+	o  fix CGI '+' parameter handling, and a double free.  from
+	   rajeev_v_pil...@yahoo.com
 
 changes in bozohttpd 20181215:
 	o  fix .htpasswd bypass for authenticated users.  reported by JP,

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.45 src/libexec/httpd/cgi-bozo.c:1.46
--- src/libexec/httpd/cgi-bozo.c:1.45	Sat Nov 24 13:03:15 2018
+++ src/libexec/httpd/cgi-bozo.c	Thu Jan 17 07:34:06 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.45 2018/11/24 13:03:15 christos Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.46 2019/01/17 07:34:06 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -241,10 +241,10 @@ parse_search_string(bozo_httpreq_t *requ
  
 	args[0] = str;
 	args[*args_len] = NULL;
-	for (s = str, i = 0; (s = strchr(s, '+')) != NULL;) {
+	for (s = str, i = 1; (s = strchr(s, '+')) != NULL; i++) {
 		*s = '\0';
 		s++;
-		args[i++] = s;
+		args[i] = s;
 	}
 
 	/*
@@ -333,8 +333,7 @@ parse_search_string(bozo_httpreq_t *requ
 
 parse_err:
 
-	free (str);
-	free (*args);
+	free(str);
 	free(args);
 	*args_len = 0;
 
@@ -610,9 +609,12 @@ bozo_process_cgi(bozo_httpreq_t *request
 		closelog();
 		bozo_daemon_closefds(httpd);
 
-		if (-1 == execve(path, argv, envp))
+		if (-1 == execve(path, argv, envp)) {
+			bozo_http_error(httpd, 404, request,
+"Cannot execute CGI");
 			bozoerr(httpd, 1, "child exec failed: %s: %s",
 			  path, strerror(errno));
+		}
 		/* NOT REACHED */
 		bozoerr(httpd, 1, "child execve returned?!");
 	}

Index: src/libexec/httpd/daemon-bozo.c
diff -u src/libexec/httpd/daemon-bozo.c:1.19 src/libexec/httpd/daemon-bozo.c:1.20
--- src/libexec/httpd/daemon-bozo.c:1.19	Thu Nov 22 08:54:08 2018
+++ src/libexec/httpd/daemon-bozo.c	Thu Jan 17 07:34:06 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: daemon-bozo.c,v 1.19 2018/11/22 08:54:08 mrg Exp $	*/
+/*	$NetBSD: daemon-bozo.c,v 1.20 2019/01/17 07:34:06 mrg Exp $	*/
 
 /*	$eterna: daemon-bozo.c,v 1.24 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -205,7 +205,7 @@ daemon_runchild(bozohttpd_t *httpd, int 
 }
 
 static int
-daemon_poll_err(bozohttpd_t *httpd, int fd, int idx)
+daemon_poll_err(bozohttpd_t *httpd, int idx)
 {
 	if ((httpd->fds[idx].revents & (POLLNVAL|POLLERR|POLLHUP)) == 0)
 		return 0;
@@ -284,7 +284,7 @@ again:
 		}
 
 		for (i = 0; i < httpd->nsock; i++) {
-			if (daemon_poll_err(httpd, fd, i))
+			if (daemon_poll_err(httpd, i))
 break;
 			if (httpd->fds[i].revents == 0)
 continue;

CVS commit: src/libexec/httpd

2019-01-07 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Jan  8 06:04:29 UTC 2019

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
remove reference to deleted -r option.  fixes PR#53840 from J. Lewis Muir.


To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.76 src/libexec/httpd/bozohttpd.8:1.77
--- src/libexec/httpd/bozohttpd.8:1.76	Wed Dec 19 12:40:32 2018
+++ src/libexec/httpd/bozohttpd.8	Tue Jan  8 06:04:29 2019
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.76 2018/12/19 12:40:32 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.77 2019/01/08 06:04:29 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd December 18, 2018
+.Dd January 7, 2019
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -477,9 +477,7 @@ if a
 .Pa .bzdirect
 file is found (contents are irrelevant)
 .Nm
-will allow direct access even with the
-.Fl r
-option.
+will allow direct access.
 If a
 .Pa .bzredirect
 symbolic link is found,

CVS commit: src/libexec/httpd

2018-12-19 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Dec 19 12:40:32 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8

Log Message:
minor rewording.  fix alphabeta ordering of contributors.


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.75 -r1.76 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.33 src/libexec/httpd/CHANGES:1.34
--- src/libexec/httpd/CHANGES:1.33	Tue Dec 18 23:11:40 2018
+++ src/libexec/httpd/CHANGES	Wed Dec 19 12:40:32 2018
@@ -1,7 +1,7 @@
-$NetBSD: CHANGES,v 1.33 2018/12/18 23:11:40 mrg Exp $
+$NetBSD: CHANGES,v 1.34 2018/12/19 12:40:32 mrg Exp $
 
 changes in bozohttpd 20181215:
-	o  avoid .htpasswd exposure to authenticated users.  reported by JP,
+	o  fix .htpasswd bypass for authenticated users.  reported by JP,
 	   from l...@netbsd.org
 	o  avoid possible null dereference when receiving a big request that
 	   timeout.  reported by m...@netbsd.org, from l...@netbsd.org

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.75 src/libexec/httpd/bozohttpd.8:1.76
--- src/libexec/httpd/bozohttpd.8:1.75	Tue Dec  4 02:52:42 2018
+++ src/libexec/httpd/bozohttpd.8	Wed Dec 19 12:40:32 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.75 2018/12/04 02:52:42 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.76 2018/12/19 12:40:32 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd December 4, 2018
+.Dd December 18, 2018
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -599,7 +599,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20181204.
+version 20181215.
 .Sh AUTHORS
 .An -nosplit
 .Nm
@@ -610,14 +610,14 @@ was written by
 The large list of contributors includes:
 .Bl -dash
 .It
-.An Marc Balmer
-.Aq Mt mbal...@netbsd.org
-added Lua support for dynamic content creation
-.It
 .An Christoph Badura
 .Aq Mt b...@bsd.de
 provided Range: header support
 .It
+.An Marc Balmer
+.Aq Mt mbal...@netbsd.org
+added Lua support for dynamic content creation
+.It
 .An Sean Boudreau
 .Aq Mt se...@netbsd.org
 provided a security fix for virtual hosting
@@ -644,14 +644,14 @@ provided a fix for daemon mode
 .Aq Mt a...@netbsd.org
 provided directory indexing support
 .It
-.An Per Ekman
-.Aq Mt p...@pdc.kth.se
-provided a fix for a minor (non-security) buffer overflow condition
-.It
 .An Roland Dowdeswell
 .Aq Mt el...@netbsd.org
 added support for serving gzipped files and better SSL handling
 .It
+.An Per Ekman
+.Aq Mt p...@pdc.kth.se
+provided a fix for a minor (non-security) buffer overflow condition
+.It
 .An Jun-ichiro itojun Hagino, KAME
 .Aq Mt ito...@iijlab.net
 provided initial IPv6 support

CVS commit: src/libexec/httpd

2018-12-18 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Dec 18 23:11:40 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES

Log Message:
fix an old spell-o and a new format-o.


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 src/libexec/httpd/CHANGES

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.32 src/libexec/httpd/CHANGES:1.33
--- src/libexec/httpd/CHANGES:1.32	Sat Dec 15 12:52:36 2018
+++ src/libexec/httpd/CHANGES	Tue Dec 18 23:11:40 2018
@@ -1,4 +1,4 @@
-$NetBSD: CHANGES,v 1.32 2018/12/15 12:52:36 leot Exp $
+$NetBSD: CHANGES,v 1.33 2018/12/18 23:11:40 mrg Exp $
 
 changes in bozohttpd 20181215:
 	o  avoid .htpasswd exposure to authenticated users.  reported by JP,
@@ -7,9 +7,7 @@ changes in bozohttpd 20181215:
 	   timeout.  reported by m...@netbsd.org, from l...@netbsd.org
 	o  fix handling of -T option, from l...@netbsd.org
 	o  cleanups and portability improvements, from m...@netbsd.org
-
-changes in bozohttpd 20181204:
-	o  change directory indexing to use html tables.  from
+	o  change directory indexing to use html tables, from
 	   rajeev_v_pil...@yahoo.com
 
 changes in bozohttpd 20181125:
@@ -305,7 +303,7 @@ changes in bozohttpd 5.07 (20010610):
 	- add many new content-types, now support most common ones
 
 changes in bozohttpd 5.06 (2825):
-	- add IPv6 suppor from ito...@iijlab.net
+	- add IPv6 support from ito...@iijlab.net
 	- man page fixes from j...@netbsd.org
 
 changes in bozohttpd 5.05 (2815):

CVS commit: src/libexec/httpd

2018-12-15 Thread Leonardo Taccari 
Module Name:src
Committed By:   leot
Date:   Sat Dec 15 12:52:37 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.c

Log Message:
Document last changes and bump version to 20181215

Suggested by , thanks! (Possible mistakes are mine though!)


To generate a diff of this commit:
cvs rdiff -u -r1.31 -r1.32 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.106 -r1.107 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.31 src/libexec/httpd/CHANGES:1.32
--- src/libexec/httpd/CHANGES:1.31	Tue Dec  4 02:52:42 2018
+++ src/libexec/httpd/CHANGES	Sat Dec 15 12:52:36 2018
@@ -1,4 +1,12 @@
-$NetBSD: CHANGES,v 1.31 2018/12/04 02:52:42 mrg Exp $
+$NetBSD: CHANGES,v 1.32 2018/12/15 12:52:36 leot Exp $
+
+changes in bozohttpd 20181215:
+	o  avoid .htpasswd exposure to authenticated users.  reported by JP,
+	   from l...@netbsd.org
+	o  avoid possible null dereference when receiving a big request that
+	   timeout.  reported by m...@netbsd.org, from l...@netbsd.org
+	o  fix handling of -T option, from l...@netbsd.org
+	o  cleanups and portability improvements, from m...@netbsd.org
 
 changes in bozohttpd 20181204:
 	o  change directory indexing to use html tables.  from

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.106 src/libexec/httpd/bozohttpd.c:1.107
--- src/libexec/httpd/bozohttpd.c:1.106	Sat Dec 15 12:43:24 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Dec 15 12:52:36 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.106 2018/12/15 12:43:24 leot Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.107 2018/12/15 12:52:36 leot Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181125"
+#define SERVER_SOFTWARE		"bozohttpd/20181215"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

CVS commit: src/libexec/httpd

2018-12-15 Thread Leonardo Taccari 
Module Name:src
Committed By:   leot
Date:   Sat Dec 15 12:43:24 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing)


To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.105 src/libexec/httpd/bozohttpd.c:1.106
--- src/libexec/httpd/bozohttpd.c:1.105	Sat Dec 15 12:39:22 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Dec 15 12:43:24 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.105 2018/12/15 12:39:22 leot Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.106 2018/12/15 12:43:24 leot Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -398,7 +398,7 @@ int
 bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs,
 		 const char *target, const char *val)
 {
-	const char *cur, *timeouts[] = {
+	const char **cur, *timeouts[] = {
 		"initial timeout",
 		"header timeout",
 		"request timeout",
@@ -408,9 +408,9 @@ bozo_set_timeout(bozohttpd_t *httpd, boz
 	const size_t minlen = 1;
 	size_t len = strlen(target);
 
-	for (cur = timeouts[0]; len >= minlen && *cur; cur++) {
-		if (strncmp(target, cur, len) == 0) {
-			bozo_set_pref(httpd, prefs, cur, val);
+	for (cur = timeouts; len >= minlen && *cur; cur++) {
+		if (strncmp(target, *cur, len) == 0) {
+			bozo_set_pref(httpd, prefs, *cur, val);
 			return 0;
 		}
 	}

CVS commit: src/libexec/httpd

2018-12-15 Thread Leonardo Taccari 
Module Name:src
Committed By:   leot
Date:   Sat Dec 15 12:39:22 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Avoid .htpasswd exposure to authenticated users when .htpasswd is
in the slashdir too.

Problem reported by JP via tech-security@ and discussed with , thanks!


To generate a diff of this commit:
cvs rdiff -u -r1.104 -r1.105 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.104 src/libexec/httpd/bozohttpd.c:1.105
--- src/libexec/httpd/bozohttpd.c:1.104	Sat Dec 15 09:28:27 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Dec 15 12:39:22 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.104 2018/12/15 09:28:27 leot Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.105 2018/12/15 12:39:22 leot Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1467,7 +1467,7 @@ check_bzredirect(bozo_httpreq_t *request
 	} else if (basename == NULL) {
 		strcpy(path, ".");
 		strcpy(dir, "");
-		basename = dir;
+		basename = request->hr_file + 1;
 	} else {
 		*basename++ = '\0';
 		strcpy(path, dir);

CVS commit: src/libexec/httpd

2018-12-15 Thread Leonardo Taccari 
Module Name:src
Committed By:   leot
Date:   Sat Dec 15 09:28:27 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Avoid possible NULL dereference when sending a big request that timeout.

Problem reported by  and reviewed by  and , thanks!


To generate a diff of this commit:
cvs rdiff -u -r1.103 -r1.104 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.103 src/libexec/httpd/bozohttpd.c:1.104
--- src/libexec/httpd/bozohttpd.c:1.103	Sat Dec 15 02:03:24 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Dec 15 09:28:27 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.103 2018/12/15 02:03:24 maya Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.104 2018/12/15 09:28:27 leot Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -2260,7 +2260,8 @@ bozo_http_error(bozohttpd_t *httpd, int 
 	if (request && request->hr_allow)
 		bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
 	/* RFC 7231 (HTTP/1.1) 6.5.7 */
-	if (code == 408 && request->hr_proto == httpd->consts.http_11)
+	if (code == 408 && request &&
+	request->hr_proto == httpd->consts.http_11)
 		bozo_printf(httpd, "Connection: close\r\n");
 	bozo_printf(httpd, "\r\n");
 	/* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a

CVS commit: src/libexec/httpd

2018-12-14 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Sat Dec 15 02:03:24 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
strings.h for strcasecmp (on linux)


To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.103 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.102 src/libexec/httpd/bozohttpd.c:1.103
--- src/libexec/httpd/bozohttpd.c:1.102	Sat Dec 15 01:02:34 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Dec 15 02:03:24 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.102 2018/12/15 01:02:34 maya Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.103 2018/12/15 02:03:24 maya Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -141,6 +141,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include

CVS commit: src/libexec/httpd

2018-12-14 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Sat Dec 15 01:02:34 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Check against BOZO_HEADERS_MAX_SIZE in a way that isn't prone to overflow.
Note that this isn't reachable in practice as big requests time out.


To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.101 src/libexec/httpd/bozohttpd.c:1.102
--- src/libexec/httpd/bozohttpd.c:1.101	Tue Dec  4 02:52:42 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Dec 15 01:02:34 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.101 2018/12/04 02:52:42 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.102 2018/12/15 01:02:34 maya Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -585,12 +585,14 @@ process_method(bozo_httpreq_t *request, 
 static int
 bozo_got_header_length(bozo_httpreq_t *request, size_t len)
 {
+
+	if (len > BOZO_HEADERS_MAX_SIZE - request->hr_header_bytes)
+		return bozo_http_error(request->hr_httpd, 413, request,
+			"too many headers");
+
 	request->hr_header_bytes += len;
-	if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE)
-		return 0;
 
-	return bozo_http_error(request->hr_httpd, 413, request,
-		"too many headers");
+	return 0;
 }
 
 /*

CVS commit: src/libexec/httpd/testsuite

2018-12-14 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Fri Dec 14 23:57:22 UTC 2018

Modified Files:
src/libexec/httpd/testsuite: Makefile test-bigfile test-simple

Log Message:
Don't pass ${HOST} to test scripts.
htnl_cmp compares against the output of `hostname`.

This makes the tests pass on my machine.


To generate a diff of this commit:
cvs rdiff -u -r1.11 -r1.12 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/testsuite/test-bigfile \
src/libexec/httpd/testsuite/test-simple

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/testsuite/Makefile
diff -u src/libexec/httpd/testsuite/Makefile:1.11 src/libexec/httpd/testsuite/Makefile:1.12
--- src/libexec/httpd/testsuite/Makefile:1.11	Wed Nov 21 09:37:02 2018
+++ src/libexec/httpd/testsuite/Makefile	Fri Dec 14 23:57:22 2018
@@ -9,7 +9,6 @@ BOZOHTTPD?=	../debug/bozohttpd-debug
 WGET?=		wget
 DATA?=		$(.CURDIR)/data 
 VERBOSE?=	yes
-HOST?=		test.eterna
 
 .if ${VERBOSE} != "yes"
 SILENT=		@
@@ -28,17 +27,17 @@ check: check-simple check-cgi check-bigf
 
 check-simple:
 .for a in $(SIMPLETESTS)
-	${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" "${HOST}"
+	${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}"
 .endfor
 
 check-cgi:
 .for a in $(CGITESTS)
-	${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" "${HOST}" -c "${.CURDIR}/cgi-bin"
+	${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" -c "${.CURDIR}/cgi-bin"
 .endfor
 
 check-bigfile:
 .for a in $(BIGFILETESTS)
-	${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}" "${HOST}"
+	${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}"
 .endfor
 
 .include 

Index: src/libexec/httpd/testsuite/test-bigfile
diff -u src/libexec/httpd/testsuite/test-bigfile:1.5 src/libexec/httpd/testsuite/test-bigfile:1.6
--- src/libexec/httpd/testsuite/test-bigfile:1.5	Wed Nov 21 09:37:02 2018
+++ src/libexec/httpd/testsuite/test-bigfile	Fri Dec 14 23:57:22 2018
@@ -1,12 +1,11 @@
 #! /bin/sh
-# $NetBSD: test-bigfile,v 1.5 2018/11/21 09:37:02 mrg Exp $
+# $NetBSD: test-bigfile,v 1.6 2018/12/14 23:57:22 maya Exp $
 
 test="$1"; shift	# partial4000 or partial8000
 bozohttpd="$1"; shift
 wget="$1"; shift
 datadir="$1"; shift
 verbose="$1"; shift
-host="$1"; shift
 
 tmperr="tmp.$test.err"
 
Index: src/libexec/httpd/testsuite/test-simple
diff -u src/libexec/httpd/testsuite/test-simple:1.5 src/libexec/httpd/testsuite/test-simple:1.6
--- src/libexec/httpd/testsuite/test-simple:1.5	Wed Nov 21 09:37:02 2018
+++ src/libexec/httpd/testsuite/test-simple	Fri Dec 14 23:57:22 2018
@@ -1,12 +1,11 @@
 #! /bin/sh
-# $NetBSD: test-simple,v 1.5 2018/11/21 09:37:02 mrg Exp $
+# $NetBSD: test-simple,v 1.6 2018/12/14 23:57:22 maya Exp $
 
 test="$1"; shift
 bozohttpd="$1"; shift
 datadir="$1"; shift
 curdir="$1"; shift
 verbose="$1"; shift
-host="$1"; shift
 
 in="$curdir/$test.in"
 out="$curdir/$test.out"
@@ -21,7 +20,7 @@ fi
 
 bozotestport=1
 
-${bozohttpd} "$@" "${datadir}" "${host}" < "$in" > "$tmpout"
+${bozohttpd} "$@" "${datadir}" < "$in" > "$tmpout"
 if "$curdir/html_cmp" cmp "$out" "$tmpout"; then
 	exit 0
 else

CVS commit: src/libexec/httpd

2018-12-03 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Dec  4 02:52:42 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c dir-index-bozo.c

Log Message:
use html tables for directory index.
from "Rajeev V. Pillai" 

call this bozohttpd 20181204.


To generate a diff of this commit:
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.74 -r1.75 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.100 -r1.101 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.30 src/libexec/httpd/CHANGES:1.31
--- src/libexec/httpd/CHANGES:1.30	Sun Nov 25 23:48:14 2018
+++ src/libexec/httpd/CHANGES	Tue Dec  4 02:52:42 2018
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.30 2018/11/25 23:48:14 mrg Exp $
+$NetBSD: CHANGES,v 1.31 2018/12/04 02:52:42 mrg Exp $
+
+changes in bozohttpd 20181204:
+	o  change directory indexing to use html tables.  from
+	   rajeev_v_pil...@yahoo.com
 
 changes in bozohttpd 20181125:
 	o  fixes for option parsing introduced in bozohttpd 20181123

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.74 src/libexec/httpd/bozohttpd.8:1.75
--- src/libexec/httpd/bozohttpd.8:1.74	Fri Nov 23 08:11:20 2018
+++ src/libexec/httpd/bozohttpd.8	Tue Dec  4 02:52:42 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.74 2018/11/23 08:11:20 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.75 2018/12/04 02:52:42 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 19, 2018
+.Dd December 4, 2018
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -599,7 +599,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20181123.
+version 20181204.
 .Sh AUTHORS
 .An -nosplit
 .Nm
@@ -717,7 +717,7 @@ HTTP basic authorization support and muc
 .It
 .An Rajeev V. Pillai
 .Aq Mt rajeev_v_pil...@yahoo.com
-provided several fixes for virtual hosting
+provided several fixes for virtual hosting and directory indexing
 .It
 .An Jeremy C. Reed
 .Aq Mt r...@netbsd.org

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.100 src/libexec/httpd/bozohttpd.c:1.101
--- src/libexec/httpd/bozohttpd.c:1.100	Tue Dec  4 00:26:15 2018
+++ src/libexec/httpd/bozohttpd.c	Tue Dec  4 02:52:42 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.100 2018/12/04 00:26:15 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.101 2018/12/04 02:52:42 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1441,7 +1441,7 @@ check_bzredirect(bozo_httpreq_t *request
 	bozohttpd_t *httpd = request->hr_httpd;
 	struct stat sb;
 	char dir[MAXPATHLEN], redir[MAXPATHLEN], redirpath[MAXPATHLEN + 1],
-	path[MAXPATHLEN];
+	path[MAXPATHLEN + 1];
 	char *basename, *finalredir;
 	int rv, absolute;
 
@@ -2076,6 +2076,9 @@ bozo_escape_html(bozohttpd_t *httpd, con
 		case '&':
 			j += 5;
 			break;
+		case '"':
+			j += 6;
+			break;
 		}
 	}
 
@@ -2106,6 +2109,10 @@ bozo_escape_html(bozohttpd_t *httpd, con
 			memcpy(tmp + j, "", 5);
 			j += 5;
 			break;
+		case '"':
+			memcpy(tmp + j, "", 6);
+			j += 6;
+			break;
 		default:
 			tmp[j++] = url[i];
 		}

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.28 src/libexec/httpd/dir-index-bozo.c:1.29
--- src/libexec/httpd/dir-index-bozo.c:1.28	Thu Nov 22 08:54:08 2018
+++ src/libexec/httpd/dir-index-bozo.c	Tue Dec  4 02:52:42 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.28 2018/11/22 08:54:08 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.29 2018/12/04 02:52:42 mrg Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -45,14 +45,6 @@
 
 #include "bozohttpd.h"
 
-static void
-directory_hr(bozohttpd_t *httpd)
-{
-
-	bozo_printf(httpd,
-		"\r\n\r\n");
-}
-
 /*
  * output a directory index.  return 1 if it actually did something..
  */
@@ -62,12 +54,10 @@ bozo_dir_index(bozo_httpreq_t *request, 
 	bozohttpd_t *httpd = request->hr_httpd;
 	struct stat sb;
 	struct dirent **de, **deo;
-	struct tm *tm;
 	DIR *dp;
 	char buf[MAXPATHLEN];
-	char spacebuf[48];
 	char *file = NULL, *printname = NULL;
-	int l, k, j, i;
+	int k, j, i;
 
 	if (!isindex || !httpd->dir_indexing)
 		return 0;
@@ -117,23 +107,19 @@ bozo_dir_index(bozo_httpreq_t *request, 
 	printname = bozostrdup(httpd, request, request->hr_file);
 #endif /* !NO_USER_SUPPORT */
 
-	bozo_printf(httpd,
-		"Index of %s\r\n",
+	bozo_printf(httpd, "\r\n");
+	bozo_printf(httpd, "\r\n");
+	bozo_printf(httpd, "tr.o {background:#f4f4f4;}\r\n");
+	bozo_printf(httpd, "Index of %s\r\n",
 		printname);
 	bozo_printf(httpd, "Index of %s\r\n",
 		printname);
-	bozo_printf(httpd,

CVS commit: src/libexec/httpd

2018-12-03 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Dec  4 00:26:15 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
avoid sign extension in % handling (and printing 0xFF before
wanted values.)  from Rajeev V. Pillai.


To generate a diff of this commit:
cvs rdiff -u -r1.99 -r1.100 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.99 src/libexec/httpd/bozohttpd.c:1.100
--- src/libexec/httpd/bozohttpd.c:1.99	Sun Nov 25 07:37:20 2018
+++ src/libexec/httpd/bozohttpd.c	Tue Dec  4 00:26:15 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.99 2018/11/25 07:37:20 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.100 2018/12/04 00:26:15 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1023,7 +1023,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, 
 		case '\r':
 		case ' ':
 		encode_it:
-			snprintf(d, 4, "%%%02X", *s++);
+			snprintf(d, 4, "%%%02X", (unsigned char)*s++);
 			d += 3;
 			len += 3;
 			break;

CVS commit: src/libexec/httpd

2018-11-25 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Nov 25 23:48:14 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES

Log Message:
normalise some messages.


To generate a diff of this commit:
cvs rdiff -u -r1.29 -r1.30 src/libexec/httpd/CHANGES

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.29 src/libexec/httpd/CHANGES:1.30
--- src/libexec/httpd/CHANGES:1.29	Sun Nov 25 23:37:09 2018
+++ src/libexec/httpd/CHANGES	Sun Nov 25 23:48:14 2018
@@ -1,7 +1,7 @@
-$NetBSD: CHANGES,v 1.29 2018/11/25 23:37:09 mrg Exp $
+$NetBSD: CHANGES,v 1.30 2018/11/25 23:48:14 mrg Exp $
 
 changes in bozohttpd 20181125:
-	o  fixes for option parsing introduced in bozohttpd 20181123.
+	o  fixes for option parsing introduced in bozohttpd 20181123
 
 changes in bozohttpd 20181121:
 	o  add url remap support via .bzremap file, from mar...@netbsd.org
@@ -12,7 +12,7 @@ changes in bozohttpd 20181121:
 	   initial line, each header, and the total time spent
 	o  add -T option to expose new timeout settings
 	o  minor RFC fixes related to timeout handling
-	o  fix special file (.htpasswd, .bz*) bypass.  reported by JP.
+	o  fix special file (.htpasswd, .bz*) bypass.  reported by JP
 
 changes in bozohttpd 20170201:
 	o  fix an infinite loop in cgi processing
@@ -97,7 +97,7 @@ changes in bozohttpd 20100617:
 
 changes in bozohttpd 20100509:
 	o  major rework and clean up of internal interfaces.  move the main
-	   program into main.c, the remaining parts are useable as library.
+	   program into main.c, the remaining parts are useable as library
 	   add bindings for lua.  by Alistair G. Crooks 
 	o  fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325

CVS commit: src/libexec/httpd

2018-11-25 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Nov 25 23:37:09 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES

Log Message:
add option fixes here.


To generate a diff of this commit:
cvs rdiff -u -r1.28 -r1.29 src/libexec/httpd/CHANGES

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.28 src/libexec/httpd/CHANGES:1.29
--- src/libexec/httpd/CHANGES:1.28	Wed Nov 21 09:37:02 2018
+++ src/libexec/httpd/CHANGES	Sun Nov 25 23:37:09 2018
@@ -1,4 +1,7 @@
-$NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $
+$NetBSD: CHANGES,v 1.29 2018/11/25 23:37:09 mrg Exp $
+
+changes in bozohttpd 20181125:
+	o  fixes for option parsing introduced in bozohttpd 20181123.
 
 changes in bozohttpd 20181121:
 	o  add url remap support via .bzremap file, from mar...@netbsd.org

CVS commit: src/libexec/httpd

2018-11-24 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Nov 25 07:37:20 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c main.c

Log Message:
fix -X option parsing.  noted by Rajeev V. Pillai.


To generate a diff of this commit:
cvs rdiff -u -r1.98 -r1.99 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.98 src/libexec/httpd/bozohttpd.c:1.99
--- src/libexec/httpd/bozohttpd.c:1.98	Sat Nov 24 18:38:59 2018
+++ src/libexec/httpd/bozohttpd.c	Sun Nov 25 07:37:20 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.98 2018/11/24 18:38:59 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.99 2018/11/25 07:37:20 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181124"
+#define SERVER_SOFTWARE		"bozohttpd/20181125"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.21 src/libexec/httpd/main.c:1.22
--- src/libexec/httpd/main.c:1.21	Sat Nov 24 02:30:56 2018
+++ src/libexec/httpd/main.c	Sun Nov 25 07:37:20 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.21 2018/11/24 02:30:56 mrg Exp $	*/
+/*	$NetBSD: main.c,v 1.22 2018/11/25 07:37:20 mrg Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
@@ -336,10 +336,6 @@ main(int argc, char **argv)
 			bozo_set_pref(, , "enable users", "true");
 			break;
 
-			bozo_set_pref(, , "directory indexing",
-  "true");
-			break;
-
 		case 'V':
 			bozo_set_pref(, , "unknown slash", "true");
 			break;
@@ -352,6 +348,10 @@ main(int argc, char **argv)
 			if (!have_dirindex)
 goto no_dirindex_support;
 
+			bozo_set_pref(, , "directory indexing",
+  "true");
+			break;
+
 		case 'x':
 			bozo_set_pref(, , "index.html", optarg);
 			break;

CVS commit: src/libexec/httpd

2018-11-24 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sat Nov 24 18:38:59 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
avoid c99ism.


To generate a diff of this commit:
cvs rdiff -u -r1.97 -r1.98 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.97 src/libexec/httpd/bozohttpd.c:1.98
--- src/libexec/httpd/bozohttpd.c:1.97	Sat Nov 24 13:08:10 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Nov 24 18:38:59 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.97 2018/11/24 13:08:10 christos Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.98 2018/11/24 18:38:59 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1924,8 +1924,9 @@ int
 bozo_check_special_files(bozo_httpreq_t *request, const char *name)
 {
 	bozohttpd_t *httpd = request->hr_httpd;
+	size_t i;
 
-	for (size_t i = 0; specials[i].file; i++)
+	for (i = 0; specials[i].file; i++)
 		if (strcmp(name, specials[i].file) == 0)
 			return bozo_http_error(httpd, 403, request,
 	   specials[i].name);

CVS commit: src/libexec/httpd

2018-11-24 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Nov 24 13:08:11 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
- add FALLTHROUGH comment
- one return is usually enough.


To generate a diff of this commit:
cvs rdiff -u -r1.96 -r1.97 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.96 src/libexec/httpd/bozohttpd.c:1.97
--- src/libexec/httpd/bozohttpd.c:1.96	Fri Nov 23 21:35:13 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Nov 24 08:08:10 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.96 2018/11/24 02:35:13 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.97 2018/11/24 13:08:10 christos Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1018,6 +1018,7 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, 
 		case '"':
 			if (absolute)
 goto leave_it;
+			/*FALLTHROUGH*/
 		case '\n':
 		case '\r':
 		case ' ':
@@ -1026,8 +1027,8 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, 
 			d += 3;
 			len += 3;
 			break;
-		leave_it:
 		default:
+		leave_it:
 			*d++ = *s++;
 			len++;
 			break;
@@ -1477,7 +1478,6 @@ check_bzredirect(bozo_httpreq_t *request
 			 REDIRECT_FILE) >= sizeof(redir)) {
 		return bozo_http_error(httpd, 404, request,
 		"redirectfile path too long");
-		return -1;
 	}
 	if (lstat(redir, ) == 0) {
 		if (!S_ISLNK(sb.st_mode))

CVS commit: src/libexec/httpd

2018-11-24 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Nov 24 13:03:15 UTC 2018

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
appease lint


To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.44 src/libexec/httpd/cgi-bozo.c:1.45
--- src/libexec/httpd/cgi-bozo.c:1.44	Fri Nov 23 03:11:20 2018
+++ src/libexec/httpd/cgi-bozo.c	Sat Nov 24 08:03:15 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.44 2018/11/23 08:11:20 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.45 2018/11/24 13:03:15 christos Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -234,14 +234,14 @@ parse_search_string(bozo_httpreq_t *requ
 	 */
 	*args_len = 1;
 	/* count '+' in str */
-	for (s = str; (s = strchr(s, '+')); (*args_len)++)
+	for (s = str; (s = strchr(s, '+')) != NULL; (*args_len)++)
 		s++;
 	
 	args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1));
  
 	args[0] = str;
 	args[*args_len] = NULL;
-	for (s = str, i = 0; (s = strchr(s, '+'));) {
+	for (s = str, i = 0; (s = strchr(s, '+')) != NULL;) {
 		*s = '\0';
 		s++;
 		args[i++] = s;

CVS commit: src/libexec/httpd

2018-11-24 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Sat Nov 24 13:02:46 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.h

Log Message:
one semicolon is usually enough.


To generate a diff of this commit:
cvs rdiff -u -r1.56 -r1.57 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.56 src/libexec/httpd/bozohttpd.h:1.57
--- src/libexec/httpd/bozohttpd.h:1.56	Thu Nov 22 03:54:08 2018
+++ src/libexec/httpd/bozohttpd.h	Sat Nov 24 08:02:46 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.56 2018/11/22 08:54:08 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.57 2018/11/24 13:02:46 christos Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -407,7 +407,7 @@ void	bozo_add_content_map_cgi(bozohttpd_
 #endif
 
 /* I/O */
-int bozo_printf(bozohttpd_t *, const char *, ...) BOZO_PRINTFLIKE(2, 3);;
+int bozo_printf(bozohttpd_t *, const char *, ...) BOZO_PRINTFLIKE(2, 3);
 ssize_t bozo_read(bozohttpd_t *, int, void *, size_t);
 ssize_t bozo_write(bozohttpd_t *, int, const void *, size_t);
 int bozo_flush(bozohttpd_t *, FILE *);

CVS commit: src/libexec/httpd

2018-11-23 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sat Nov 24 02:35:13 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
call this bozohttpd 20181124.


To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.96 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.95 src/libexec/httpd/bozohttpd.c:1.96
--- src/libexec/httpd/bozohttpd.c:1.95	Sat Nov 24 00:47:51 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Nov 24 02:35:13 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.95 2018/11/24 00:47:51 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.96 2018/11/24 02:35:13 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181123"
+#define SERVER_SOFTWARE		"bozohttpd/20181124"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"

CVS commit: src/libexec/httpd

2018-11-23 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sat Nov 24 02:30:56 UTC 2018

Modified Files:
src/libexec/httpd: main.c

Log Message:
fix a bug in the rework for -i option:  move the real code in place.

for some reason gcc does not warn about this:

   case 'x':
 stuff_here();
 break;

 other_stuff_here();
 break;

and the other_stuff_here() was what was mis-placed.

should fix atf failures in networking.


To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.20 src/libexec/httpd/main.c:1.21
--- src/libexec/httpd/main.c:1.20	Thu Nov 22 18:21:59 2018
+++ src/libexec/httpd/main.c	Sat Nov 24 02:30:56 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.20 2018/11/22 18:21:59 mrg Exp $	*/
+/*	$NetBSD: main.c,v 1.21 2018/11/24 02:30:56 mrg Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
@@ -253,6 +253,9 @@ main(int argc, char **argv)
 			if (!have_daemon_mode)
 goto no_daemon_mode;
 
+			bozo_set_pref(, , "bind address", optarg);
+			break;
+
 		case 'L':
 			if (!have_lua)
 bozoerr(, 1, "Lua support not enabled");
@@ -371,9 +374,6 @@ main(int argc, char **argv)
 			bozo_ssl_set_ciphers(, optarg);
 			break;
 
-			bozo_set_pref(, , "bind address", optarg);
-			break;
-
 		default:
 			usage(, progname);
 			/* NOTREACHED */

CVS commit: src/libexec/httpd

2018-11-23 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sat Nov 24 00:47:52 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
s/time/val/ to avoid shadowing a global indentifier.


To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.94 src/libexec/httpd/bozohttpd.c:1.95
--- src/libexec/httpd/bozohttpd.c:1.94	Fri Nov 23 08:11:20 2018
+++ src/libexec/httpd/bozohttpd.c	Sat Nov 24 00:47:51 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.94 2018/11/23 08:11:20 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.95 2018/11/24 00:47:51 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -395,7 +395,7 @@ alarmer(int sig)
  */
 int
 bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs,
-		 const char *target, const char *time)
+		 const char *target, const char *val)
 {
 	const char *cur, *timeouts[] = {
 		"initial timeout",
@@ -409,7 +409,7 @@ bozo_set_timeout(bozohttpd_t *httpd, boz
 
 	for (cur = timeouts[0]; len >= minlen && *cur; cur++) {
 		if (strncmp(target, cur, len) == 0) {
-			bozo_set_pref(httpd, prefs, cur, time);
+			bozo_set_pref(httpd, prefs, cur, val);
 			return 0;
 		}
 	}

CVS commit: src/libexec/httpd

2018-11-23 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Nov 23 08:11:20 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.8 bozohttpd.c cgi-bozo.c content-bozo.c

Log Message:
minor style fixes.  simplify bozo_match_content_map().


To generate a diff of this commit:
cvs rdiff -u -r1.73 -r1.74 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.93 -r1.94 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.43 -r1.44 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.15 -r1.16 src/libexec/httpd/content-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.73 src/libexec/httpd/bozohttpd.8:1.74
--- src/libexec/httpd/bozohttpd.8:1.73	Tue Nov 20 01:06:46 2018
+++ src/libexec/httpd/bozohttpd.8	Fri Nov 23 08:11:20 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.73 2018/11/20 01:06:46 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.74 2018/11/23 08:11:20 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -599,7 +599,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20181119.
+version 20181123.
 .Sh AUTHORS
 .An -nosplit
 .Nm

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.93 src/libexec/httpd/bozohttpd.c:1.94
--- src/libexec/httpd/bozohttpd.c:1.93	Thu Nov 22 08:54:08 2018
+++ src/libexec/httpd/bozohttpd.c	Fri Nov 23 08:11:20 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.93 2018/11/22 08:54:08 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.94 2018/11/23 08:11:20 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,9 +109,8 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181122"
+#define SERVER_SOFTWARE		"bozohttpd/20181123"
 #endif
-
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
 #endif

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.43 src/libexec/httpd/cgi-bozo.c:1.44
--- src/libexec/httpd/cgi-bozo.c:1.43	Thu Nov 22 18:42:06 2018
+++ src/libexec/httpd/cgi-bozo.c	Fri Nov 23 08:11:20 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.43 2018/11/22 18:42:06 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.44 2018/11/23 08:11:20 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -147,7 +147,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 "%s: writing HTTP header "
 "from status %s ..", __func__, hdr_value));
 			bozo_printf(httpd, "%s %s\r\n", request->hr_proto,
-	hdr_value);
+hdr_value);
 			bozo_flush(httpd, stdout);
 			write_header = 0;
 			free(hdr_name);
@@ -174,7 +174,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 			"%s:  writing delayed HTTP headers ..", __func__));
 		SIMPLEQ_FOREACH_SAFE(hdr, , h_next, nhdr) {
 			bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
-	hdr->h_value);
+hdr->h_value);
 			free(hdr->h_header);
 			free(hdr);
 		}
@@ -190,7 +190,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 
 		while (rbytes) {
 			wbytes = bozo_write(httpd, STDOUT_FILENO, buf,
-		(size_t)rbytes);
+	(size_t)rbytes);
 			if (wbytes > 0) {
 rbytes -= wbytes;
 bp += wbytes;
@@ -223,9 +223,8 @@ parse_search_string(bozo_httpreq_t *requ
 	*args_len = 0;
 
 	/* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */
-	if (strchr(query, '=')) {
+	if (strchr(query, '='))
 		return NULL;
-	}
 
 	str = bozostrdup(httpd, request, query);
 
@@ -289,7 +288,7 @@ parse_search_string(bozo_httpreq_t *requ
 		/* search-word MUST have at least one schar */
 		if (*s == '\0')
 			goto parse_err;
-		while(*s) {
+		while (*s) {
 			/* check if it's unreserved */
 			if (isalpha((int)*s) || isdigit((int)*s) ||
 			strchr(UNRESERVED_CHAR, *s)) {
@@ -348,7 +347,7 @@ bozo_cgi_setbin(bozohttpd_t *httpd, cons
 {
 	httpd->cgibin = bozostrdup(httpd, NULL, path);
 	debug((httpd, DEBUG_OBESE, "cgibin (cgi-bin directory) is %s",
-		httpd->cgibin));
+	   httpd->cgibin));
 }
 
 /* help build up the environ pointer */
@@ -444,7 +443,7 @@ bozo_process_cgi(bozo_httpreq_t *request
 	} else if (len - 1 == CGIBIN_PREFIX_LEN)	/* url is "/cgi-bin/" */
 		append_index_html(httpd, );
 
-	/* RFC3875  sect. 4.4. - search-string support */
+	/* RFC3875 sect. 4.4. - search-string support */
 	if (query != NULL) {
 		search_string_argv = parse_search_string(request, query,
 		_string_argc);

Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.15 src/libexec/httpd/content-bozo.c:1.16
--- src/libexec/httpd/content-bozo.c:1.15	Tue Nov 20 01:06:46 2018
+++ src/libexec/httpd/content-bozo.c	Fri Nov 23 08:11:20 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: content-bozo.c,v 1.15 2018/11/20 01:06:46 mrg Exp $	*/
+/*	$NetBSD: content-bozo.c,v 1.16 2018/11/23 08:11:20 mrg Exp $	*/
 
 /*	$eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/

CVS commit: src/libexec/httpd

2018-11-22 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Nov 22 18:42:06 UTC 2018

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
add an assert() check on array bounds.


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.42 src/libexec/httpd/cgi-bozo.c:1.43
--- src/libexec/httpd/cgi-bozo.c:1.42	Thu Nov 22 08:54:08 2018
+++ src/libexec/httpd/cgi-bozo.c	Thu Nov 22 18:42:06 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.42 2018/11/22 08:54:08 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.43 2018/11/22 18:42:06 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -45,6 +45,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -380,6 +381,7 @@ bozo_process_cgi(bozo_httpreq_t *request
 	const char *type, *clen, *info, *cgihandler;
 	char	*query, *s, *t, *path, *env, *command, *file, *url;
 	char	**envp, **curenvp, **argv, **search_string_argv = NULL;
+	char	**lastenvp;
 	char	*uri;
 	size_t	i, len, search_string_argc = 0;
 	ssize_t rbytes;
@@ -506,6 +508,7 @@ bozo_process_cgi(bozo_httpreq_t *request
 	for (ix = 0; ix < envpsize; ix++)
 		envp[ix] = NULL;
 	curenvp = envp;
+	lastenvp = envp + envpsize;
 
 	SIMPLEQ_FOREACH(headp, >hr_headers, h_next) {
 		const char *s2;
@@ -587,6 +590,7 @@ bozo_process_cgi(bozo_httpreq_t *request
 strerror(errno));
 
 	*curenvp = 0;
+	assert(lastenvp > curenvp);
 
 	/*
 	 * We create 2 procs: one to become the CGI, one read from

CVS commit: src/libexec/httpd

2018-11-22 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Nov 22 18:21:59 UTC 2018

Modified Files:
src/libexec/httpd: main.c

Log Message:
alpha sort the option switch.


To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.19 src/libexec/httpd/main.c:1.20
--- src/libexec/httpd/main.c:1.19	Thu Nov 22 08:54:08 2018
+++ src/libexec/httpd/main.c	Thu Nov 22 18:21:59 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.19 2018/11/22 08:54:08 mrg Exp $	*/
+/*	$NetBSD: main.c,v 1.20 2018/11/22 18:21:59 mrg Exp $	*/
 
 /*	$eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $	*/
 /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp 	*/
@@ -163,92 +163,53 @@ main(int argc, char **argv)
 	"C:EGHI:L:M:P:S:T:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
 		switch (c) {
 
-		case 'L':
-			if (!have_lua)
-bozoerr(, 1, "Lua support not enabled");
-
-			/* make sure there's two argument */
-			if (argc - optind < 1)
-usage(, progname);
-			bozo_add_lua_map(, optarg, argv[optind]);
-			optind++;
-			break;
-		case 'M':
-			if (!have_dynamic_content)
-bozoerr(, 1,
-"dynamic mime content support not enabled");
+		case 'b':
+			if (!have_daemon_mode)
+ no_daemon_mode:
+bozoerr(, 1, "Daemon mode not enabled");
 
-			/* make sure there're four arguments */
-			if (argc - optind < 3)
-usage(, progname);
-			bozo_add_content_map_mime(, optarg, argv[optind],
-			argv[optind+1], argv[optind+2]);
-			optind += 3;
+			/*
+			 * test suite support - undocumented
+			 * background == 2 (aka, -b -b) means to
+			 * only process 1 per kid
+			 */
+			val = bozo_get_pref(, "background") == NULL ?
+			"1" : "2";
+			bozo_set_pref(, , "background", val);
 			break;
 
-		case 'n':
-			bozo_set_pref(, , "numeric", "true");
-			break;
+		case 'c':
+			if (!have_cgibin)
+bozoerr(, 1, "CGI not enabled");
 
-		case 's':
-			bozo_set_pref(, , "log to stderr", "true");
+			bozo_cgi_setbin(, optarg);
 			break;
 
-		case 'S':
-			bozo_set_pref(, , "server software",
-  optarg);
-			break;
-		case 'Z':
-			if (!have_ssl)
- no_ssl:
-bozoerr(, 1, "ssl support not enabled");
+		case 'C':
+			if (!have_dynamic_content && !have_cgibin)
+bozoerr(, 1,
+"dynamic CGI handler support not enabled");
 
 			/* make sure there's two arguments */
 			if (argc - optind < 1)
 usage(, progname);
-			bozo_ssl_set_opts(, optarg, argv[optind++]);
-			break;
-
-		case 'z':
-			if (!have_ssl)
-goto no_ssl;
-
-			bozo_ssl_set_ciphers(, optarg);
-			break;
-
-		case 'U':
-			bozo_set_pref(, , "username", optarg);
-			break;
-
-		case 'V':
-			bozo_set_pref(, , "unknown slash", "true");
-			break;
-
-		case 'v':
-			bozo_set_pref(, , "virtual base", optarg);
-			break;
-
-		case 'x':
-			bozo_set_pref(, , "index.html", optarg);
+			bozo_add_content_map_cgi(, optarg,
+	argv[optind++]);
 			break;
 
-		case 'I':
-			bozo_set_pref(, , "port number", optarg);
+		case 'd':
+			if (!have_debug)
+bozowarn(, "Debugging not enabled");
+			httpd.debug++;
 			break;
 
-		case 'b':
-			if (!have_daemon_mode)
- no_daemon_mode:
-bozoerr(, 1, "Daemon mode not enabled");
+		case 'E':
+			if (have_user &&
+			have_cgibin)
+bozoerr(, 1, "CGI not enabled");
 
-			/*
-			 * test suite support - undocumented
-			 * background == 2 (aka, -b -b) means to
-			 * only process 1 per kid
-			 */
-			val = bozo_get_pref(, "background") == NULL ?
-			"1" : "2";
-			bozo_set_pref(, , "background", val);
+			bozo_set_pref(, , "enable user cgibin",
+  "true");
 			break;
 
 		case 'e':
@@ -266,11 +227,58 @@ main(int argc, char **argv)
 			bozo_set_pref(, , "foreground", "true");
 			break;
 
+		case 'G':
+			{
+char	version[128];
+
+bozo_get_version(version, sizeof(version));
+printf("bozohttpd version %s\n", version);
+			}
+			return 0;
+
+		case 'H':
+			if (!have_dirindex)
+ no_dirindex_support:
+bozoerr(, 1,
+	"directory indexing not enabled");
+
+			bozo_set_pref(, , "hide dots", "true");
+			break;
+
+		case 'I':
+			bozo_set_pref(, , "port number", optarg);
+			break;
+
 		case 'i':
 			if (!have_daemon_mode)
 goto no_daemon_mode;
 
-			bozo_set_pref(, , "bind address", optarg);
+		case 'L':
+			if (!have_lua)
+bozoerr(, 1, "Lua support not enabled");
+
+			/* make sure there's two argument */
+			if (argc - optind < 1)
+usage(, progname);
+			bozo_add_lua_map(, optarg, argv[optind]);
+			optind++;
+			break;
+
+		case 'M':
+			if (!have_dynamic_content)
+bozoerr(, 1,
+"dynamic mime content support not enabled");
+
+			/* make sure there're four arguments */
+			if (argc - optind < 3)
+usage(, progname);
+			bozo_add_content_map_mime(, optarg, argv[optind],
+			argv[optind+1], argv[optind+2]);
+			optind +=

CVS commit: src/libexec/httpd

2018-11-22 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Nov 22 08:54:08 UTC 2018

Modified Files:
src/libexec/httpd: auth-bozo.c bozohttpd.c bozohttpd.h cgi-bozo.c
daemon-bozo.c dir-index-bozo.c main.c ssl-bozo.c tilde-luzah-bozo.c

Log Message:
many clean ups:
- keep a list of special files and their human names
- remove (void) casts on bozo_http_error()
- fix a few more misuses of bozo_http_error()
- rename check_mapping() to check_remap() and perform some CSE
- switch away from ``%s'' to '%s'
- remove a bunch of #ifdef using new have_feature defines


To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.92 -r1.93 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.55 -r1.56 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.41 -r1.42 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/daemon-bozo.c \
src/libexec/httpd/main.c
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.15 -r1.16 src/libexec/httpd/tilde-luzah-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.21 src/libexec/httpd/auth-bozo.c:1.22
--- src/libexec/httpd/auth-bozo.c:1.21	Wed Nov 21 09:37:02 2018
+++ src/libexec/httpd/auth-bozo.c	Thu Nov 22 08:54:08 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-bozo.c,v 1.21 2018/11/21 09:37:02 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.22 2018/11/22 08:54:08 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -117,6 +117,7 @@ bozo_auth_init(bozo_httpreq_t *request)
 {
 	request->hr_authuser = NULL;
 	request->hr_authpass = NULL;
+	request->hr_authrealm = NULL;
 }
 
 void

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.92 src/libexec/httpd/bozohttpd.c:1.93
--- src/libexec/httpd/bozohttpd.c:1.92	Wed Nov 21 17:39:19 2018
+++ src/libexec/httpd/bozohttpd.c	Thu Nov 22 08:54:08 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.92 2018/11/21 17:39:19 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.93 2018/11/22 08:54:08 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181121"
+#define SERVER_SOFTWARE		"bozohttpd/20181122"
 #endif
 
 #ifndef PUBLIC_HTML
@@ -169,6 +169,21 @@
 #define LOG_FTP LOG_DAEMON
 #endif
 
+/*
+ * List of special file that we should never serve.
+ */
+struct {
+	const char *file;
+	const char *name;
+} specials[] = {
+	{ DIRECT_ACCESS_FILE, "rejected direct access request" },
+	{ REDIRECT_FILE,  "rejected redirect request" },
+	{ ABSREDIRECT_FILE,   "rejected absredirect request" },
+	{ REMAP_FILE, "rejected remap request" },
+	{ AUTH_FILE,  "rejected authfile request" },
+	{ NULL,   NULL },
+};
+
 volatile sig_atomic_t	timeout_hit;
 
 /*
@@ -680,8 +695,7 @@ bozo_read_request(bozohttpd_t *httpd)
 	sigaction(SIGALRM, , NULL);
 
 	if (clock_gettime(CLOCK_MONOTONIC, ) != 0) {
-		(void)bozo_http_error(httpd, 500, NULL,
-			"clock_gettime failed");
+		bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
 		goto cleanup;
 	}
 
@@ -690,8 +704,7 @@ bozo_read_request(bozohttpd_t *httpd)
 		alarm(0);
 
 		if (clock_gettime(CLOCK_MONOTONIC, ) != 0) {
-			(void)bozo_http_error(httpd, 500, NULL,
-"clock_gettime failed");
+			bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
 			goto cleanup;
 		}
 		/*
@@ -711,16 +724,14 @@ bozo_read_request(bozohttpd_t *httpd)
 			timeout_hit = 1;
 
 		if (timeout_hit) {
-			(void)bozo_http_error(httpd, 408, NULL,
-	"request timed out");
+			bozo_http_error(httpd, 408, NULL, "request timed out");
 			goto cleanup;
 		}
 		line++;
 
 		if (line == 1) {
 			if (len < 1) {
-(void)bozo_http_error(httpd, 404, NULL,
-		"null method");
+bozo_http_error(httpd, 404, NULL, "null method");
 goto cleanup;
 			}
 			bozowarn(httpd,
@@ -734,13 +745,11 @@ bozo_read_request(bozohttpd_t *httpd)
 			request->hr_file = file;
 			request->hr_query = query;
 			if (method == NULL) {
-(void)bozo_http_error(httpd, 404, NULL,
-		"null method");
+bozo_http_error(httpd, 404, NULL, "null method");
 goto cleanup;
 			}
 			if (file == NULL) {
-(void)bozo_http_error(httpd, 404, NULL,
-		"null file");
+bozo_http_error(httpd, 404, NULL, "null file");
 goto cleanup;
 			}
 
@@ -768,12 +777,10 @@ bozo_read_request(bozohttpd_t *httpd)
 break;
 
 			val = bozostrnsep(, ":", );
-			debug((httpd, DEBUG_EXPLODING,
-			"read_req2: after bozostrnsep: str ``%s'' val ``%s''",
-			str, val));
+			debug((httpd, DEBUG_EXPLODING, "read_req2: after "
+			"bozostrnsep: str `%s' val `%s'", str, val));
 			if (val == NULL || len == -1) {
-

CVS commit: src/libexec/httpd

2018-11-21 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Nov 21 17:39:19 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
use MAP_SHARED for the bzremap file.  avoids netbsd kernel complaining:

WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 15478 command 
bozohttpd)


To generate a diff of this commit:
cvs rdiff -u -r1.91 -r1.92 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.91 src/libexec/httpd/bozohttpd.c:1.92
--- src/libexec/httpd/bozohttpd.c:1.91	Wed Nov 21 09:37:02 2018
+++ src/libexec/httpd/bozohttpd.c	Wed Nov 21 17:39:19 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.91 2018/11/21 09:37:02 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.92 2018/11/21 17:39:19 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1204,7 +1204,7 @@ check_mapping(bozo_httpreq_t *request)
 		return;
 	}
 
-	fmap = mmap(NULL, st.st_size, PROT_READ, 0, mapfile, 0);
+	fmap = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, mapfile, 0);
 	if (fmap == NULL) {
 		bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d",
 		errno);

CVS commit: src/libexec/httpd

2018-11-21 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Nov 21 10:25:17 UTC 2018

Modified Files:
src/libexec/httpd: dir-index-bozo.c

Log Message:
two fixes reported by mouse:
- don't check contents of 'st' if stat(2) failed.
- round up instead of truncate.  now 1 byte files say 10kB not 9kB.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.26 src/libexec/httpd/dir-index-bozo.c:1.27
--- src/libexec/httpd/dir-index-bozo.c:1.26	Tue Nov 20 01:06:46 2018
+++ src/libexec/httpd/dir-index-bozo.c	Wed Nov 21 10:25:17 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.26 2018/11/20 01:06:46 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.27 2018/11/21 10:25:17 mrg Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -157,7 +157,7 @@ bozo_dir_index(bozo_httpreq_t *request, 
 		if (strcmp(name, "..") == 0) {
 			bozo_printf(httpd, "");
 			l += bozo_printf(httpd, "Parent Directory");
-		} else if (S_ISDIR(sb.st_mode)) {
+		} else if (!nostat && S_ISDIR(sb.st_mode)) {
 			bozo_printf(httpd, "", urlname);
 			l += bozo_printf(httpd, "%s/", htmlname);
 		} else if (strchr(name, ':') != NULL) {
@@ -185,6 +185,10 @@ bozo_dir_index(bozo_httpreq_t *request, 
 		if (nostat)
 			bozo_printf(httpd, "? ?");
 		else {
+			unsigned long long len;
+
+			len = ((unsigned long long)sb.st_size + 1023) / 1024;
+
 			tm = gmtime(_mtime);
 			strftime(buf, sizeof buf, "%d-%b-%Y %R", tm);
 			l += bozo_printf(httpd, "%s", buf);
@@ -199,8 +203,7 @@ bozo_dir_index(bozo_httpreq_t *request, 
 			spacebuf[i] = '\0';
 			bozo_printf(httpd, "%s", spacebuf);
 
-			bozo_printf(httpd, "%12llukB",
-(unsigned long long)sb.st_size >> 10);
+			bozo_printf(httpd, "%12llukB", len);
 		}
 		bozo_printf(httpd, "\r\n");
 	}

CVS commit: src/libexec/httpd

2018-11-21 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Wed Nov 21 09:37:02 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h
src/libexec/httpd/testsuite: Makefile html_cmp test-bigfile test-simple

Log Message:
- move special files defines into bozohttpd.h, so we can ...
- consolidate all the special file checks into
  bozo_check_special_files() so that all builds check the same
  list of special files, regardless of build options.
- convert "(void)bozo_http_error(...); return -1;" into plain
  "return bozo_http_error(...);"
- fix the call to bozo_check_special_files() to be used on all
  input types.  part of the fixes for failure to reject access
  to /.htpasswd as reported by JP on tech-security.
- use warn_unused_result attribute on bozo_check_special_files(),
  and fix the failures to return failure.  second part of the
  htpasswd access fix.
- update testsuite to use a fixed fake hostname.

call this bozohttpd 20181121.


To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.20 -r1.21 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.90 -r1.91 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.54 -r1.55 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.10 -r1.11 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r1.5 -r1.6 src/libexec/httpd/testsuite/html_cmp
cvs rdiff -u -r1.4 -r1.5 src/libexec/httpd/testsuite/test-bigfile \
src/libexec/httpd/testsuite/test-simple

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.27 src/libexec/httpd/CHANGES:1.28
--- src/libexec/httpd/CHANGES:1.27	Tue Nov 20 01:06:46 2018
+++ src/libexec/httpd/CHANGES	Wed Nov 21 09:37:02 2018
@@ -1,6 +1,6 @@
-$NetBSD: CHANGES,v 1.27 2018/11/20 01:06:46 mrg Exp $
+$NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $
 
-changes in bozohttpd 20181118:
+changes in bozohttpd 20181121:
 	o  add url remap support via .bzremap file, from mar...@netbsd.org
 	o  handle redirections for any protocol, not just http:
 	o  fix a denial of service attack against header contents, which
@@ -9,6 +9,7 @@ changes in bozohttpd 20181118:
 	   initial line, each header, and the total time spent
 	o  add -T option to expose new timeout settings
 	o  minor RFC fixes related to timeout handling
+	o  fix special file (.htpasswd, .bz*) bypass.  reported by JP.
 
 changes in bozohttpd 20170201:
 	o  fix an infinite loop in cgi processing

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.20 src/libexec/httpd/auth-bozo.c:1.21
--- src/libexec/httpd/auth-bozo.c:1.20	Tue Nov 20 01:06:46 2018
+++ src/libexec/httpd/auth-bozo.c	Wed Nov 21 09:37:02 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-bozo.c,v 1.20 2018/11/20 01:06:46 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.21 2018/11/21 09:37:02 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -42,10 +42,6 @@
 
 #include "bozohttpd.h"
 
-#ifndef AUTH_FILE
-#define AUTH_FILE		".htpasswd"
-#endif
-
 static	ssize_t	base64_decode(const unsigned char *, size_t,
 			unsigned char *, size_t);
 
@@ -68,7 +64,6 @@ bozo_auth_check(bozo_httpreq_t *request,
 		strcpy(dir, ".");
 	else {
 		*basename++ = '\0';
-			/* ensure basename(file) != AUTH_FILE */
 		if (bozo_check_special_files(request, basename))
 			return 1;
 	}
@@ -173,18 +168,6 @@ bozo_auth_check_headers(bozo_httpreq_t *
 	return 0;
 }
 
-int
-bozo_auth_check_special_files(bozo_httpreq_t *request,
-const char *name)
-{
-	bozohttpd_t *httpd = request->hr_httpd;
-
-	if (strcmp(name, AUTH_FILE) == 0)
-		return bozo_http_error(httpd, 403, request,
-"no permission to open authfile");
-	return 0;
-}
-
 void
 bozo_auth_check_401(bozo_httpreq_t *request, int code)
 {

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.90 src/libexec/httpd/bozohttpd.c:1.91
--- src/libexec/httpd/bozohttpd.c:1.90	Tue Nov 20 01:06:46 2018
+++ src/libexec/httpd/bozohttpd.c	Wed Nov 21 09:37:02 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.90 2018/11/20 01:06:46 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.91 2018/11/21 09:37:02 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,26 +109,9 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181119"
-#endif
-#ifndef DIRECT_ACCESS_FILE
-#define DIRECT_ACCESS_FILE	".bzdirect"
-#endif
-#ifndef REDIRECT_FILE
-#define REDIRECT_FILE		".bzredirect"
-#endif
-#ifndef ABSREDIRECT_FILE
-#define ABSREDIRECT_FILE	".bzabsredirect"
-#endif
-#ifndef REMAP_FILE
-#define REMAP_FILE		".bzremap"
+#define SERVER_SOFTWARE		"bozohttpd/20181121"
 #endif
 
-/*
- * When you add some .bz* file, make sure to also check it in
- * bozo_check_special_files()
- */
-
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
 #endif
@@ -696,7 +679,6 @@

CVS commit: src/libexec/httpd

2018-11-19 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Nov 20 01:23:06 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.h

Log Message:
also fix have_dynamic_content from the previous previous.  re-order
the debug and dynamic content to match the same pattern as everything
else so similar problems are less likely in the future.


To generate a diff of this commit:
cvs rdiff -u -r1.53 -r1.54 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.53 src/libexec/httpd/bozohttpd.h:1.54
--- src/libexec/httpd/bozohttpd.h:1.53	Tue Nov 20 01:19:51 2018
+++ src/libexec/httpd/bozohttpd.h	Tue Nov 20 01:23:06 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.53 2018/11/20 01:19:51 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.54 2018/11/20 01:23:06 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -222,13 +222,13 @@ typedef struct bozoprefs_t {
 #define BOZO_DEAD
 #endif
 
-#ifndef NO_DEBUG
+#ifdef NO_DEBUG
+#define	debug(x)
+#define have_debug	(0)
+#else
 void	debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4);
 #define debug(x)	debug__ x
 #define have_debug	(1)
-#else
-#define	debug(x)
-#define have_debug	(0)
 #endif /* NO_DEBUG */
 
 int	bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
@@ -365,11 +365,11 @@ const char *bozo_content_type(bozo_httpr
 const char *bozo_content_encoding(bozo_httpreq_t *, const char *);
 bozo_content_map_t *bozo_match_content_map(bozohttpd_t *, const char *, int);
 bozo_content_map_t *bozo_get_content_map(bozohttpd_t *, const char *);
-#ifndef NO_DYNAMIC_CONTENT
-void	bozo_add_content_map_mime(bozohttpd_t *, const char *, const char *,
-  const char *, const char *);
+#ifdef NO_DYNAMIC_CONTENT
 #define have_dynamic_content(0)
 #else
+void	bozo_add_content_map_mime(bozohttpd_t *, const char *, const char *,
+  const char *, const char *);
 #define have_dynamic_content(1)
 #endif

CVS commit: src/libexec/httpd

2018-11-19 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Nov 20 01:15:50 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.h main.c

Log Message:
move some #if support into bozohttpd.h.


To generate a diff of this commit:
cvs rdiff -u -r1.51 -r1.52 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/main.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.51 src/libexec/httpd/bozohttpd.h:1.52
--- src/libexec/httpd/bozohttpd.h:1.51	Tue Nov 20 01:06:46 2018
+++ src/libexec/httpd/bozohttpd.h	Tue Nov 20 01:15:50 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.51 2018/11/20 01:06:46 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.52 2018/11/20 01:15:50 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -225,8 +225,10 @@ typedef struct bozoprefs_t {
 #ifndef NO_DEBUG
 void	debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4);
 #define debug(x)	debug__ x
+#define have_debug	(0)
 #else
 #define	debug(x)
+#define have_debug	(1)
 #endif /* NO_DEBUG */
 
 int	bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
@@ -256,19 +258,23 @@ char	*bozostrdup(bozohttpd_t *, bozo_htt
 
 #define bozo_noop	do { /* nothing */ } while (/*CONSTCOND*/0)
 
+#define have_all	(1)
+
 /* ssl-bozo.c */
 #ifdef NO_SSL_SUPPORT
-#define bozo_ssl_set_opts(w, x, y)	bozo_noop
-#define bozo_ssl_set_ciphers(w, x, y)	bozo_noop
-#define bozo_ssl_init(x)		bozo_noop
-#define bozo_ssl_accept(x)		(0)
-#define bozo_ssl_destroy(x)		bozo_noop
+#define bozo_ssl_set_opts(w, x, y)			bozo_noop
+#define bozo_ssl_set_ciphers(w, x, y)			bozo_noop
+#define bozo_ssl_init(x)bozo_noop
+#define bozo_ssl_accept(x)(0)
+#define bozo_ssl_destroy(x)bozo_noop
+#define have_ssl	(0)
 #else
 void	bozo_ssl_set_opts(bozohttpd_t *, const char *, const char *);
 void	bozo_ssl_set_ciphers(bozohttpd_t *, const char *);
 void	bozo_ssl_init(bozohttpd_t *);
 int	bozo_ssl_accept(bozohttpd_t *);
 void	bozo_ssl_destroy(bozohttpd_t *);
+#define have_ssl	(1)
 #endif
 
 
@@ -283,64 +289,74 @@ void	bozo_auth_check_401(bozo_httpreq_t 
 void	bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***);
 int	bozo_auth_cgi_count(bozo_httpreq_t *);
 #else
-#define	bozo_auth_init(x)			bozo_noop
-#define	bozo_auth_check(x, y)			0
-#define	bozo_auth_cleanup(x)			bozo_noop
-#define	bozo_auth_check_headers(y, z, a, b)	0
-#define	bozo_auth_check_special_files(x, y)	0
-#define	bozo_auth_check_401(x, y)		bozo_noop
-#define	bozo_auth_cgi_setenv(x, y)		bozo_noop
-#define	bozo_auth_cgi_count(x)			0
+#define	bozo_auth_init(x)bozo_noop
+#define	bozo_auth_check(x, y)(0)
+#define	bozo_auth_cleanup(x)bozo_noop
+#define	bozo_auth_check_headers(y, z, a, b)		(0)
+#define	bozo_auth_check_special_files(x, y)		(0)
+#define	bozo_auth_check_401(x, y)			bozo_noop
+#define	bozo_auth_cgi_setenv(x, y)			bozo_noop
+#define	bozo_auth_cgi_count(x)(0)
 #endif /* DO_HTPASSWD */
 
 
 /* cgi-bozo.c */
 #ifdef NO_CGIBIN_SUPPORT
-#define	bozo_process_cgi(h)0
+#define	bozo_process_cgi(h)(0)
+#define have_cgibin	(0)
 #else
 void	bozo_cgi_setbin(bozohttpd_t *, const char *);
 void	bozo_setenv(bozohttpd_t *, const char *, const char *, char **);
 int	bozo_process_cgi(bozo_httpreq_t *);
 void	bozo_add_content_map_cgi(bozohttpd_t *, const char *, const char *);
+#define have_cgibin	(1)
 #endif /* NO_CGIBIN_SUPPORT */
 
 
 /* lua-bozo.c */
 #ifdef NO_LUA_SUPPORT
-#define bozo_process_lua(h)0
+#define bozo_process_lua(h)(0)
+#define have_lua	(0)
 #else
 void	bozo_add_lua_map(bozohttpd_t *, const char *, const char *);
 int	bozo_process_lua(bozo_httpreq_t *);
+#define have_lua	(1)
 #endif /* NO_LUA_SUPPORT */
 
 
 /* daemon-bozo.c */
 #ifdef NO_DAEMON_MODE
 #define bozo_daemon_init(x)bozo_noop
-#define bozo_daemon_fork(x)0
+#define bozo_daemon_fork(x)(0)
 #define bozo_daemon_closefds(x)bozo_noop
+#define have_daemon_mode(0)
 #else
 void	bozo_daemon_init(bozohttpd_t *);
 int	bozo_daemon_fork(bozohttpd_t *);
 void	bozo_daemon_closefds(bozohttpd_t *);
+#define have_daemon_mode(1)
 #endif /* NO_DAEMON_MODE */
 
 
 /* tilde-luzah-bozo.c */
 #ifdef NO_USER_SUPPORT
-#define bozo_user_transform(x)0
+#define bozo_user_transform(x)(0)
 #define bozo_user_free(x)/* nothing */
+#define have_user	(0)
 #else
 int	bozo_user_transform(bozo_httpreq_t *);
 #define bozo_user_free(x)free(x)
+#define have_user	(1)
 #endif /* NO_USER_SUPPORT */
 
 
 /* dir-index-bozo.c */
 #ifdef NO_DIRINDEX_SUPPORT
-#define bozo_dir_index(a, b, c)0
+#define bozo_dir_index(a, b, c)(0)
+#define have_dirindex	(0)
 #else
 int	bozo_dir_index(bozo_httpreq_t *, const char *, int);
+#define have_dirindex	(1)
 #endif /* NO_DIRINDEX_SUPPORT */
 
 
@@ -352,6 +368,9 @@ bozo_content_map_t *bozo_get_content_map

CVS commit: src/libexec/httpd

2018-11-19 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Nov 20 01:19:52 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.h

Log Message:
fix previous: have_debug was reversed.


To generate a diff of this commit:
cvs rdiff -u -r1.52 -r1.53 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.52 src/libexec/httpd/bozohttpd.h:1.53
--- src/libexec/httpd/bozohttpd.h:1.52	Tue Nov 20 01:15:50 2018
+++ src/libexec/httpd/bozohttpd.h	Tue Nov 20 01:19:51 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.52 2018/11/20 01:15:50 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.53 2018/11/20 01:19:51 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -225,10 +225,10 @@ typedef struct bozoprefs_t {
 #ifndef NO_DEBUG
 void	debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4);
 #define debug(x)	debug__ x
-#define have_debug	(0)
+#define have_debug	(1)
 #else
 #define	debug(x)
-#define have_debug	(1)
+#define have_debug	(0)
 #endif /* NO_DEBUG */
 
 int	bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);

CVS commit: src/libexec/httpd

2018-11-19 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Tue Nov 20 01:06:47 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c
bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c
dir-index-bozo.c main.c ssl-bozo.c tilde-luzah-bozo.c
src/libexec/httpd/testsuite: Makefile
Added Files:
src/libexec/httpd/testsuite: t15.in t15.out

Log Message:
from CHANGES:

o  reduce default timeouts, and add expand timeouts to handle the
   initial line, each header, and the total time spent
o  add -T option to expose new timeout settings
o  minor RFC fixes related to timeout handling responses

old timeouts:
60 seconds for initial request like, 60 seconds per header line,
and no whole timeout (though the recent total header size changes
do introduce one that would be about 11 hours.)
new timeouts:
30 seconds for initial request like, 10 seconds per header line,
and a total request time of 600 seconds.

the new global timeout is implemented using CLOCK_MONOTONIC, with
a fallback to CLOCK_REALTIME if monotonic time is unavailable.

reject multiple Host: headers.  besides being protocol standard,
this closes one additional memory leak found by JP.  add a simple
test to check this.

clean up option and usage handling some.


To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.40 -r1.41 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.14 -r1.15 src/libexec/httpd/content-bozo.c \
src/libexec/httpd/tilde-luzah-bozo.c
cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.16 -r1.17 src/libexec/httpd/main.c
cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.9 -r1.10 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t15.in \
src/libexec/httpd/testsuite/t15.out

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.26 src/libexec/httpd/CHANGES:1.27
--- src/libexec/httpd/CHANGES:1.26	Mon Nov 19 04:14:59 2018
+++ src/libexec/httpd/CHANGES	Tue Nov 20 01:06:46 2018
@@ -1,10 +1,14 @@
-$NetBSD: CHANGES,v 1.26 2018/11/19 04:14:59 mrg Exp $
+$NetBSD: CHANGES,v 1.27 2018/11/20 01:06:46 mrg Exp $
 
 changes in bozohttpd 20181118:
 	o  add url remap support via .bzremap file, from mar...@netbsd.org
 	o  handle redirections for any protocol, not just http:
 	o  fix a denial of service attack against header contents, which
-	   is now bounded at 16KiB.  reported by JP.
+	   is now bounded at 16KiB.  reported by JP
+	o  reduce default timeouts, and add expand timeouts to handle the
+	   initial line, each header, and the total time spent
+	o  add -T option to expose new timeout settings
+	o  minor RFC fixes related to timeout handling
 
 changes in bozohttpd 20170201:
 	o  fix an infinite loop in cgi processing

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.19 src/libexec/httpd/auth-bozo.c:1.20
--- src/libexec/httpd/auth-bozo.c:1.19	Mon Nov 19 04:13:09 2018
+++ src/libexec/httpd/auth-bozo.c	Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/*	$NetBSD: auth-bozo.c,v 1.19 2018/11/19 04:13:09 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.20 2018/11/20 01:06:46 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.72 src/libexec/httpd/bozohttpd.8:1.73
--- src/libexec/httpd/bozohttpd.8:1.72	Mon Nov 19 04:14:59 2018
+++ src/libexec/httpd/bozohttpd.8	Tue Nov 20 01:06:46 2018
@@ -1,8 +1,8 @@
-.\"	$NetBSD: bozohttpd.8,v 1.72 2018/11/19 04:14:59 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.73 2018/11/20 01:06:46 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2017 Matthew R. Green
+.\" Copyright (c) 1997-2018 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 24, 2018
+.Dd November 19, 2018
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -41,6 +41,7 @@
 .Op Fl M Ar suffix type encoding encoding11
 .Op Fl P Ar pidfile
 .Op Fl S Ar server_software
+.Op Fl T Ar type timeout
 .Op Fl U Ar username
 .Op Fl Z Ar cert privkey
 .Op Fl c Ar cgibin
@@ -236,6 +237,19 @@ Sets

CVS commit: src/libexec/httpd

2018-11-18 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Mon Nov 19 04:15:00 UTC 2018

Modified Files:
src/libexec/httpd: CHANGES bozohttpd.8

Log Message:
note the changes present in bozohttpd 20181118:

o  add url remap support via .bzremap file, from mar...@netbsd.org
o  handle redirections for any protocol, not just http:
o  fix a denial of service attack against header contents, which
   is now bounded at 16KiB.  reported by JP.


To generate a diff of this commit:
cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.71 -r1.72 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.25 src/libexec/httpd/CHANGES:1.26
--- src/libexec/httpd/CHANGES:1.25	Tue Jan 31 14:33:54 2017
+++ src/libexec/httpd/CHANGES	Mon Nov 19 04:14:59 2018
@@ -1,4 +1,10 @@
-$NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $
+$NetBSD: CHANGES,v 1.26 2018/11/19 04:14:59 mrg Exp $
+
+changes in bozohttpd 20181118:
+	o  add url remap support via .bzremap file, from mar...@netbsd.org
+	o  handle redirections for any protocol, not just http:
+	o  fix a denial of service attack against header contents, which
+	   is now bounded at 16KiB.  reported by JP.
 
 changes in bozohttpd 20170201:
 	o  fix an infinite loop in cgi processing

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.71 src/libexec/httpd/bozohttpd.8:1.72
--- src/libexec/httpd/bozohttpd.8:1.71	Fri Aug 24 14:24:50 2018
+++ src/libexec/httpd/bozohttpd.8	Mon Nov 19 04:14:59 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.71 2018/08/24 14:24:50 wiz Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.72 2018/11/19 04:14:59 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -585,7 +585,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20180824.
+version 20181118.
 .Sh AUTHORS
 .An -nosplit
 .Nm
@@ -644,7 +644,8 @@ provided initial IPv6 support
 .It
 .An Martin Husemann
 .Aq Mt mar...@netbsd.org
-provided .bzabsredirect support, and fixed various redirection issues
+provided .bzabsredirect and .bzredir support, and fixed various
+redirection issues
 .It
 .An Arto Huusko
 .Aq Mt arto.huu...@pp2.inet.fi

CVS commit: src/libexec/httpd

2018-11-18 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Mon Nov 19 04:13:09 UTC 2018

Modified Files:
src/libexec/httpd: auth-bozo.c

Log Message:
avoid memory leak in sending multiple auth headers.
mostly mitigated by previous patch to limit total header size,
but still a real problem here.


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 src/libexec/httpd/auth-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.18 src/libexec/httpd/auth-bozo.c:1.19
--- src/libexec/httpd/auth-bozo.c:1.18	Sun Dec 27 10:21:35 2015
+++ src/libexec/httpd/auth-bozo.c	Mon Nov 19 04:13:09 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-bozo.c,v 1.18 2015/12/27 10:21:35 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.19 2018/11/19 04:13:09 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -147,6 +147,10 @@ bozo_auth_check_headers(bozo_httpreq_t *
 		char	*pass = NULL;
 		ssize_t	alen;
 
+		/* free prior entries. */
+		free(request->hr_authuser);
+		free(request->hr_authpass);
+
 		alen = base64_decode((unsigned char *)str + 6,
 	(size_t)(len - 6),
 	(unsigned char *)authbuf,
@@ -158,8 +162,6 @@ bozo_auth_check_headers(bozo_httpreq_t *
 			return bozo_http_error(httpd, 400, request,
 			"bad authorization field");
 		*pass++ = '\0';
-		free(request->hr_authuser);
-		free(request->hr_authpass);
 		request->hr_authuser = bozostrdup(httpd, request, authbuf);
 		request->hr_authpass = bozostrdup(httpd, request, pass);
 		debug((httpd, DEBUG_FAT,

CVS commit: src/libexec/httpd

2018-11-18 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Mon Nov 19 04:12:22 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c bozohttpd.h
src/libexec/httpd/testsuite: Makefile
Added Files:
src/libexec/httpd/testsuite: t14.in t14.out

Log Message:
fix a denial of service attack against header contents, which
is now bounded at 16KiB.  reported by JP.


To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.89 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.49 -r1.50 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.8 -r1.9 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t14.in \
src/libexec/httpd/testsuite/t14.out

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.88 src/libexec/httpd/bozohttpd.c:1.89
--- src/libexec/httpd/bozohttpd.c:1.88	Fri Aug 24 11:41:16 2018
+++ src/libexec/httpd/bozohttpd.c	Mon Nov 19 04:12:22 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.88 2018/08/24 11:41:16 martin Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.89 2018/11/19 04:12:22 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20180824"
+#define SERVER_SOFTWARE		"bozohttpd/20181118"
 #endif
 #ifndef DIRECT_ACCESS_FILE
 #define DIRECT_ACCESS_FILE	".bzdirect"
@@ -546,6 +546,18 @@ process_method(bozo_httpreq_t *request, 
 	return bozo_http_error(httpd, 404, request, "unknown method");
 }
 
+/* check header byte count */
+static int
+bozo_got_header_length(bozo_httpreq_t *request, size_t len)
+{
+	request->hr_header_bytes += len;
+	if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE)
+		return 0;
+
+	return bozo_http_error(request->hr_httpd, 413, request,
+		"too many headers");
+}
+
 /*
  * This function reads a http request from stdin, returning a pointer to a
  * bozo_httpreq_t structure, describing the request.
@@ -720,6 +732,9 @@ bozo_read_request(bozohttpd_t *httpd)
 			while (*val == ' ' || *val == '\t')
 val++;
 
+			if (bozo_got_header_length(request, len))
+goto cleanup;
+
 			if (bozo_auth_check_headers(request, val, str, len))
 goto next_header;
 
@@ -2069,6 +2084,7 @@ static struct errors_map {
 	{ 403,	"403 Forbidden",	"Access to this item has been denied",},
 	{ 404, 	"404 Not Found",	"This item has not been found", },
 	{ 408, 	"408 Request Timeout",	"This request took too long", },
+	{ 413, 	"413 Payload Too Large", "Use smaller requests", },
 	{ 417,	"417 Expectation Failed","Expectations not available", },
 	{ 420,	"420 Enhance Your Calm","Chill, Winston", },
 	{ 500,	"500 Internal Error",	"An error occured on the server", },

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.49 src/libexec/httpd/bozohttpd.h:1.50
--- src/libexec/httpd/bozohttpd.h:1.49	Fri May  4 18:07:23 2018
+++ src/libexec/httpd/bozohttpd.h	Mon Nov 19 04:12:22 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.49 2018/05/04 18:07:23 christos Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.50 2018/11/19 04:12:22 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -175,7 +175,8 @@ typedef struct bozo_httpreq_t {
 #endif
 	struct qheaders		hr_headers;
 	struct qheaders		hr_replheaders;
-	int			hr_nheaders;
+	unsigned		hr_nheaders;
+	size_t			hr_header_bytes;
 } bozo_httpreq_t;
 
 /* helper to access the "active" host name from a httpd/request pair */
@@ -199,6 +200,9 @@ typedef struct bozoprefs_t {
 #define BOZO_MMAPSZ	(BOZO_WRSZ * 1024)
 #endif
 
+/* only allow this many total headers bytes */
+#define BOZO_HEADERS_MAX_SIZE (16 * 1024)
+
 /* debug flags */
 #define DEBUG_NORMAL	1
 #define DEBUG_FAT	2

Index: src/libexec/httpd/testsuite/Makefile
diff -u src/libexec/httpd/testsuite/Makefile:1.8 src/libexec/httpd/testsuite/Makefile:1.9
--- src/libexec/httpd/testsuite/Makefile:1.8	Fri Aug 24 11:41:16 2018
+++ src/libexec/httpd/testsuite/Makefile	Mon Nov 19 04:12:22 2018
@@ -1,6 +1,6 @@
 #	$eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $
 
-SIMPLETESTS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13
+SIMPLETESTS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14
 CGITESTS=	t11
 BIGFILETESTS=	partial4000 partial8000
 

Added files:

Index: src/libexec/httpd/testsuite/t14.in
diff -u /dev/null src/libexec/httpd/testsuite/t14.in:1.1
--- /dev/null	Mon Nov 19 04:12:23 2018
+++ src/libexec/httpd/testsuite/t14.in	Mon Nov 19 04:12:22 2018
@@ -0,0 +1,194 @@
+GET / HTTP/1.1
+Host:
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader:

CVS commit: src/libexec/httpd

2018-11-18 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Sun Nov 18 11:22:11 UTC 2018

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
use __func__ in debug().


To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.40 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.39 src/libexec/httpd/cgi-bozo.c:1.40
--- src/libexec/httpd/cgi-bozo.c:1.39	Tue Nov 28 10:33:51 2017
+++ src/libexec/httpd/cgi-bozo.c	Sun Nov 18 11:22:11 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.39 2017/11/28 10:33:51 martin Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.40 2018/11/18 11:22:11 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -103,7 +103,7 @@ parse_header(bozo_httpreq_t *request, co
 	*hdr_val = value;
 
 	return 0;
-} 
+}
 
 /*
  * handle parsing a CGI header output, transposing a Status: header
@@ -144,8 +144,8 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 		 */
 		if (strcasecmp(hdr_name, "status") == 0) {
 			debug((httpd, DEBUG_OBESE,
-"bozo_process_cgi:  writing HTTP header "
-"from status %s ..", hdr_value));
+"%s: writing HTTP header "
+"from status %s ..", __func__, hdr_value));
 			bozo_printf(httpd, "%s %s\r\n", request->hr_proto,
 	hdr_value);
 			bozo_flush(httpd, stdout);
@@ -163,7 +163,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 
 	if (write_header) {
 		debug((httpd, DEBUG_OBESE,
-			"bozo_process_cgi:  writing HTTP header .."));
+			"%s: writing HTTP header ..", __func__));
 		bozo_printf(httpd,
 			"%s 200 OK\r\n", request->hr_proto);
 		bozo_flush(httpd, stdout);
@@ -171,7 +171,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
 
 	if (nheaders) {
 		debug((httpd, DEBUG_OBESE,
-			"bozo_process_cgi:  writing delayed HTTP headers .."));
+			"%s:  writing delayed HTTP headers ..", __func__));
 		SIMPLEQ_FOREACH_SAFE(hdr, , h_next, nhdr) {
 			bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
 	hdr->h_value);
@@ -415,7 +415,7 @@ bozo_process_cgi(bozo_httpreq_t *request
 		 file,
 		 query ? "?" : "",
 		 query ? query : "");
-	debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: url `%s'", url));
+	debug((httpd, DEBUG_NORMAL, "%s: url `%s'", __func__, url));
 
 	path = NULL;
 	envp = NULL;
@@ -433,13 +433,13 @@ bozo_process_cgi(bozo_httpreq_t *request
 		cgihandler = content_cgihandler(httpd, request, file + 1);
 		if (cgihandler == NULL) {
 			debug((httpd, DEBUG_FAT,
-"bozo_process_cgi: no handler, returning"));
+"%s: no handler, returning", __func__));
 			goto out;
 		}
 		if (len == 0 || file[len - 1] == '/')
 			append_index_html(httpd, );
-		debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: cgihandler `%s'",
-		cgihandler));
+		debug((httpd, DEBUG_NORMAL, "%s: cgihandler `%s'",
+		__func__, cgihandler));
 	} else if (len - 1 == CGIBIN_PREFIX_LEN)	/* url is "/cgi-bin/" */
 		append_index_html(httpd, );
 
@@ -498,8 +498,8 @@ bozo_process_cgi(bozo_httpreq_t *request
 	(request->hr_serverport && *request->hr_serverport ? 1 : 0);
 
 	debug((httpd, DEBUG_FAT,
-		"bozo_process_cgi: path `%s', cmd `%s', info `%s', "
-		"query `%s', nph `%d', envpsize `%d'",
+		"%s: path `%s', cmd `%s', info `%s', "
+		"query `%s', nph `%d', envpsize `%d'", __func__,
 		path, command, strornull(info),
 		strornull(query), nph, envpsize));
 
@@ -575,11 +575,11 @@ bozo_process_cgi(bozo_httpreq_t *request
 		bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++);
 	bozo_auth_cgi_setenv(request, );
 
-	debug((httpd, DEBUG_FAT, "bozo_process_cgi: going exec %s with args:",
+	debug((httpd, DEBUG_FAT, "%s: going exec %s with args:", __func__,
 	path));
 
 	for (i = 0; argv[i] != NULL; i++) {
-		debug((httpd, DEBUG_FAT, "bozo_process_cgi: argv[%zu] = `%s'",
+		debug((httpd, DEBUG_FAT, "%s: argv[%zu] = `%s'", __func__,
 		i, argv[i]));
 	}

CVS commit: src/libexec/httpd

2018-08-24 Thread Thomas Klausner 
Module Name:src
Committed By:   wiz
Date:   Fri Aug 24 14:24:50 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
Remove trailing whitespace.


To generate a diff of this commit:
cvs rdiff -u -r1.70 -r1.71 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.70 src/libexec/httpd/bozohttpd.8:1.71
--- src/libexec/httpd/bozohttpd.8:1.70	Fri Aug 24 11:43:13 2018
+++ src/libexec/httpd/bozohttpd.8	Fri Aug 24 14:24:50 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.70 2018/08/24 11:43:13 martin Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.71 2018/08/24 14:24:50 wiz Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -513,7 +513,7 @@ file could look like this:
 .Pp
 The remap file should be short, access to it is slow and needs to happen
 on each request.
-If a request path needs to include a colon 
+If a request path needs to include a colon
 .Pq Li \&:
 character, it can be escaped
 with a backslash

CVS commit: src/libexec/httpd

2018-08-24 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Fri Aug 24 11:43:13 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
Bump date


To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.69 src/libexec/httpd/bozohttpd.8:1.70
--- src/libexec/httpd/bozohttpd.8:1.69	Fri Aug 24 11:41:16 2018
+++ src/libexec/httpd/bozohttpd.8	Fri Aug 24 11:43:13 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.69 2018/08/24 11:41:16 martin Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.70 2018/08/24 11:43:13 martin Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 28, 2017
+.Dd August 24, 2018
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME

CVS commit: src/libexec/httpd

2018-08-24 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Fri Aug 24 11:41:16 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.8 bozohttpd.c
src/libexec/httpd/testsuite: Makefile
Added Files:
src/libexec/httpd/testsuite: t12.in t12.out t13.in t13.out
src/libexec/httpd/testsuite/data: .bzremap

Log Message:
Add support for remapping requested paths via a .bzredirect file.
Fixes PR 52772. Ok: mrg@


To generate a diff of this commit:
cvs rdiff -u -r1.68 -r1.69 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.87 -r1.88 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.7 -r1.8 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t12.in \
src/libexec/httpd/testsuite/t12.out src/libexec/httpd/testsuite/t13.in \
src/libexec/httpd/testsuite/t13.out
cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/data/.bzremap

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.68 src/libexec/httpd/bozohttpd.8:1.69
--- src/libexec/httpd/bozohttpd.8:1.68	Tue Nov 28 12:22:27 2017
+++ src/libexec/httpd/bozohttpd.8	Fri Aug 24 11:41:16 2018
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.68 2017/11/28 12:22:27 wiz Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.69 2018/08/24 11:41:16 martin Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -489,6 +489,37 @@ will redirect to
 Otherwise provided schema will be used i.e. symbolic link to
 .Em ftp://NetBSD.org/
 will redirect to the provided URL.
+If a
+.Pa .bzremap
+file is found at the root of a (virtual) server, it is expected to contain
+rewrite mappings for URLs.
+.Pp
+These remappings are performed internally in the server before authentication
+happens and can be used to hide implementation details, like the CGI handler
+specific suffix for non cgi scripts in authorized directories.
+.Pp
+The map file consists of lines two paths separated by a colon, where the left
+side needs to exactly match a (sub) path of the request and will be replaced
+by the right side.
+.Pp
+The first match always wins.
+.Pp
+A
+.Pa .bzremap
+file could look like this:
+.Bd -literal
+/nic/update:/auth-dir/updipv4.pl
+.Ed
+.Pp
+The remap file should be short, access to it is slow and needs to happen
+on each request.
+If a request path needs to include a colon 
+.Pq Li \&:
+character, it can be escaped
+with a backslash
+.Pq Li \e
+The right hand side of the colon is always used verbatim, no escape sequences
+are interpreted.
 .Sh EXAMPLES
 To configure set of virtual hosts, one would use an
 .Xr inetd.conf 5
@@ -554,7 +585,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20170201.
+version 20180824.
 .Sh AUTHORS
 .An -nosplit
 .Nm

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.87 src/libexec/httpd/bozohttpd.c:1.88
--- src/libexec/httpd/bozohttpd.c:1.87	Sun Jan 28 13:37:39 2018
+++ src/libexec/httpd/bozohttpd.c	Fri Aug 24 11:41:16 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.87 2018/01/28 13:37:39 maya Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.88 2018/08/24 11:41:16 martin Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20170201"
+#define SERVER_SOFTWARE		"bozohttpd/20180824"
 #endif
 #ifndef DIRECT_ACCESS_FILE
 #define DIRECT_ACCESS_FILE	".bzdirect"
@@ -120,6 +120,15 @@
 #ifndef ABSREDIRECT_FILE
 #define ABSREDIRECT_FILE	".bzabsredirect"
 #endif
+#ifndef REMAP_FILE
+#define REMAP_FILE		".bzremap"
+#endif
+
+/*
+ * When you add some .bz* file, make sure to also check it in
+ * bozo_check_special_files()
+ */
+
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
 #endif
@@ -149,6 +158,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
@@ -1069,6 +1079,154 @@ head:
 }
 
 /*
+ * Like strncmp(), but s_esc may contain characters escaped by \.
+ * The len argument does not include the backslashes used for escaping,
+ * that is: it gives the raw len, after unescaping the string.
+ */
+static int
+esccmp(const char *s_plain, const char *s_esc, size_t len)
+{
+	bool esc = false;
+
+	while (len) {
+		if (!esc && *s_esc == '\\') {
+			esc = true;
+			s_esc++;
+			continue;
+		}
+		esc = false;
+		if (*s_plain == 0 || *s_esc == 0 || *s_plain != *s_esc)
+			return *s_esc - *s_plain;
+		s_esc++;
+		s_plain++; 
+		len--;
+	}
+	return 0;
+}
+
+/*
+ * Check if the request refers to a uri that is mapped via a .bzremap.
+ * We have  /requested/path:/re/mapped/to/this.html lines in there,
+ * and the : separator may be use in the left hand side escaped with
+ * \ to encode a path containig a : character.
+ */
+static void
+check_mapping(bozo_httpreq_t *request)
+{
+	bozohttpd_t *httpd =

CVS commit: src/libexec/httpd/testsuite

2018-08-24 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Aug 24 10:04:41 UTC 2018

Modified Files:
src/libexec/httpd/testsuite: t3.out t5.out t6.out

Log Message:
fix output since protocol agnostic change went in.

XXX: i thought someone hooked this into atf already, please do :)


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/testsuite/t3.out \
src/libexec/httpd/testsuite/t5.out src/libexec/httpd/testsuite/t6.out

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/testsuite/t3.out
diff -u src/libexec/httpd/testsuite/t3.out:1.3 src/libexec/httpd/testsuite/t3.out:1.4
--- src/libexec/httpd/testsuite/t3.out:1.3	Sat Apr 18 07:48:02 2009
+++ src/libexec/httpd/testsuite/t3.out	Fri Aug 24 10:04:41 2018
@@ -7,5 +7,5 @@ Allow: GET, HEAD, POST
 400 Bad Request
 400 Bad Request
 /: The request was not valid
-http://madrugada.eterna.com.au/;>madrugada.eterna.com.au
+madrugada.eterna.com.au
 
Index: src/libexec/httpd/testsuite/t5.out
diff -u src/libexec/httpd/testsuite/t5.out:1.3 src/libexec/httpd/testsuite/t5.out:1.4
--- src/libexec/httpd/testsuite/t5.out:1.3	Sat Apr 18 07:48:02 2009
+++ src/libexec/httpd/testsuite/t5.out	Fri Aug 24 10:04:41 2018
@@ -6,5 +6,5 @@ Server: bozohttpd/20030206
 403 Forbidden
 403 Forbidden
 /cgi-bin/..M-@M-/..M-@M-/..M-@M-/..M-@M-/..M-@M-/../winnt/system32/cmd.exe: Access to this item has been denied
-http://what-time-is-love.eterna.com.au/;>what-time-is-love.eterna.com.au
+what-time-is-love.eterna.com.au
 
Index: src/libexec/httpd/testsuite/t6.out
diff -u src/libexec/httpd/testsuite/t6.out:1.3 src/libexec/httpd/testsuite/t6.out:1.4
--- src/libexec/httpd/testsuite/t6.out:1.3	Sat Apr 18 07:48:02 2009
+++ src/libexec/httpd/testsuite/t6.out	Fri Aug 24 10:04:41 2018
@@ -6,5 +6,5 @@ Server: bozohttpd/5.15
 404 Not Found
 404 Not Found
 x: This item has not been found
-http://splode.eterna.com.au/;>splode.eterna.com.au
+splode.eterna.com.au

CVS commit: src/libexec/httpd/lua

2018-05-04 Thread Sevan Janiyan 
Module Name:src
Committed By:   sevan
Date:   Fri May  4 19:45:27 UTC 2018

Modified Files:
src/libexec/httpd/lua: glue.c

Log Message:
Do not try and process empty requests. This resolves a crash when issuing a
carriage return to read_request() in foreground mode.
In the C daemon, a NULL check is performed on bozo_read_request in main.c
before moving on to bozo_process_request & bozo_clean_request. Here,
process_request & clean_request just return instead.


To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/libexec/httpd/lua/glue.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/lua/glue.c
diff -u src/libexec/httpd/lua/glue.c:1.3 src/libexec/httpd/lua/glue.c:1.4
--- src/libexec/httpd/lua/glue.c:1.3	Tue May  1 23:51:53 2018
+++ src/libexec/httpd/lua/glue.c	Fri May  4 19:45:27 2018
@@ -155,6 +155,9 @@ l_bozo_process_request(lua_State *L)
 	bozo_httpreq_t	*req;
 
 	req = lua_touserdata(L, 1);
+	if (req == NULL) {
+		return 0;
+	}
 	bozo_process_request(req);
 	lua_pushnumber(L, 1);
 	return 1;
@@ -167,6 +170,9 @@ l_bozo_clean_request(lua_State *L)
 	bozo_httpreq_t	*req;
 
 	req = lua_touserdata(L, 1);
+	if (req == NULL) {
+		return 0;
+	}
 	bozo_clean_request(req);
 	lua_pushnumber(L, 1);
 	return 1;

CVS commit: src/libexec/httpd

2018-05-04 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri May  4 18:07:23 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.h

Log Message:
fix the rest of the compilers.


To generate a diff of this commit:
cvs rdiff -u -r1.48 -r1.49 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.48 src/libexec/httpd/bozohttpd.h:1.49
--- src/libexec/httpd/bozohttpd.h:1.48	Fri May  4 14:06:44 2018
+++ src/libexec/httpd/bozohttpd.h	Fri May  4 14:07:23 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.48 2018/05/04 18:06:44 christos Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.49 2018/05/04 18:07:23 christos Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -210,6 +210,9 @@ typedef struct bozoprefs_t {
 #if (defined(__GNUC__) && __GNUC__ >= 3) || defined(__lint__)
 #define BOZO_PRINTFLIKE(x,y) __attribute__((__format__(__printf__, x,y)))
 #define BOZO_DEAD __attribute__((__noreturn__))
+#else
+#define BOZO_PRINTFLIKE(x,y)
+#define BOZO_DEAD
 #endif
 
 #ifndef NO_DEBUG

CVS commit: src/libexec/httpd

2018-05-04 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Fri May  4 18:06:44 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.h

Log Message:
fix lint


To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/libexec/httpd/bozohttpd.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.47 src/libexec/httpd/bozohttpd.h:1.48
--- src/libexec/httpd/bozohttpd.h:1.47	Tue Jan 31 09:36:09 2017
+++ src/libexec/httpd/bozohttpd.h	Fri May  4 14:06:44 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.47 2017/01/31 14:36:09 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.48 2018/05/04 18:06:44 christos Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -207,7 +207,7 @@ typedef struct bozoprefs_t {
 
 #define	strornull(x)	((x) ? (x) : "")
 
-#if defined(__GNUC__) && __GNUC__ >= 3
+#if (defined(__GNUC__) && __GNUC__ >= 3) || defined(__lint__)
 #define BOZO_PRINTFLIKE(x,y) __attribute__((__format__(__printf__, x,y)))
 #define BOZO_DEAD __attribute__((__noreturn__))
 #endif

CVS commit: src/libexec/httpd/lua

2018-05-01 Thread Sevan Janiyan 
Module Name:src
Committed By:   sevan
Date:   Wed May  2 00:03:27 UTC 2018

Modified Files:
src/libexec/httpd/lua: optparse.lua

Log Message:
Unbreak script for Lua 5.3.
This change breaks support for older releases of Lua.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.1 -r1.2 src/libexec/httpd/lua/optparse.lua

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/lua/optparse.lua
diff -u src/libexec/httpd/lua/optparse.lua:1.1.1.1 src/libexec/httpd/lua/optparse.lua:1.2
--- src/libexec/httpd/lua/optparse.lua:1.1.1.1	Mon May 10 03:30:04 2010
+++ src/libexec/httpd/lua/optparse.lua	Wed May  2 00:03:27 2018
@@ -42,7 +42,7 @@ function OptionParser(t)
   end
   function o.parse_args()
 -- expand options (e.g. "--input=file" -> "--input", "file")
-local arg = {unpack(arg)}
+local arg = {table.unpack(arg)}
 for i=#arg,1,-1 do local v = arg[i]
   local flag, val = v:match('^(%-%-%w+)=(.*)')
   if flag then

CVS commit: src/libexec/httpd/lua

2018-05-01 Thread Sevan Janiyan 
Module Name:src
Committed By:   sevan
Date:   Wed May  2 00:00:30 UTC 2018

Modified Files:
src/libexec/httpd/lua: bozo.lua

Log Message:
Pass the expected httpd instance when calling set_pref()
process_request() only takes a single argument.


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/libexec/httpd/lua/bozo.lua

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/lua/bozo.lua
diff -u src/libexec/httpd/lua/bozo.lua:1.2 src/libexec/httpd/lua/bozo.lua:1.3
--- src/libexec/httpd/lua/bozo.lua:1.2	Wed Oct 28 09:20:15 2015
+++ src/libexec/httpd/lua/bozo.lua	Wed May  2 00:00:30 2018
@@ -32,7 +32,7 @@
 -- command line args
 dofile "optparse.lua"
 
-opt = OptionParser{usage="%prog [options] root [vhost]", version="20091105"}   
+opt = OptionParser{usage="%prog [options] root [vhost]", version="20180502"}   
 
 opt.add_option{"-C", "--cgimap", action="store", dest="cgimap", help="--cgimap 's t'"}
 opt.add_option{"-E", "--enable-user-cgibin", action="store_true", dest="enableusercgibin", help="--enable-user-cgibin"}
@@ -75,22 +75,22 @@ prefs = bozohttpd.init_prefs()
 -- parse command line args
 options,args = opt.parse_args()
 if options.portnum then
-bozohttpd.set_pref(prefs, "port number", options.portnum)
+bozohttpd.set_pref(httpd, prefs, "port number", options.portnum)
 end
 if options.background then
-bozohttpd.set_pref(prefs, "background", options.background)
+bozohttpd.set_pref(httpd, prefs, "background", options.background)
 end
 if options.numeric then
-bozohttpd.set_pref(prefs, "numeric", "true")
+bozohttpd.set_pref(httpd, prefs, "numeric", "true")
 end
 if options.logstderr then
-bozohttpd.set_pref(prefs, "log to stderr", "true")
+bozohttpd.set_pref(httpd, prefs, "log to stderr", "true")
 end
 if options.foreground then
-bozohttpd.set_pref(prefs, "foreground", "true")
+bozohttpd.set_pref(httpd, prefs, "foreground", "true")
 end
 if options.trustedref then
-bozohttpd.set_pref(prefs, "trusted referal", "true")
+bozohttpd.set_pref(httpd, prefs, "trusted referal", "true")
 end
 if options.dynmime then
 	suffix, type, s1, s2 = string.find(options.dynmime,
@@ -98,29 +98,29 @@ if options.dynmime then
 bozohttpd.dynamic_mime(httpd, suffix, type, s1, s2)
 end
 if options.serversw then
-bozohttpd.set_pref(prefs, "server software", options.serversw)
+bozohttpd.set_pref(httpd, prefs, "server software", options.serversw)
 end
 if options.ssl then
 	cert, priv = string.find(options.ssl, "(%S+)%s+(%S+)")
 bozohttpd.dynamic_mime(httpd, cert, priv)
 end
 if options.username then
-bozohttpd.set_pref(prefs, "username", options.username)
+bozohttpd.set_pref(httpd, prefs, "username", options.username)
 end
 if options.unknownslash then
-bozohttpd.set_pref(prefs, "unknown slash", "true")
+bozohttpd.set_pref(httpd, prefs, "unknown slash", "true")
 end
 if options.virtbase then
-bozohttpd.set_pref(prefs, "virtual base", options.virtbase)
+bozohttpd.set_pref(httpd, prefs, "virtual base", options.virtbase)
 end
 if options.indexhtml then
-bozohttpd.set_pref(prefs, "index.html", options.indexhtml)
+bozohttpd.set_pref(httpd, prefs, "index.html", options.indexhtml)
 end
 if options.dirtyenv then
-bozohttpd.set_pref(prefs, "dirty environment", "true")
+bozohttpd.set_pref(httpd, prefs, "dirty environment", "true")
 end
 if options.bindaddr then
-bozohttpd.set_pref(prefs, "bind address", options.bindaddr)
+bozohttpd.set_pref(httpd, prefs, "bind address", options.bindaddr)
 end
 if options.cgibin then
 bozohttpd.cgi_setbin(httpd, options.cgibin)
@@ -130,22 +130,22 @@ if options.cgimap then
 bozohttpd.cgi_map(httpd, name, handler)
 end
 if options.public_html then
-bozohttpd.set_pref(prefs, "public_html", options.public_html)
+bozohttpd.set_pref(httpd, prefs, "public_html", options.public_html)
 end
 if options.chroot then
-bozohttpd.set_pref(prefs, "chroot dir", options.chroot)
+bozohttpd.set_pref(httpd, prefs, "chroot dir", options.chroot)
 end
 if options.enableusers then
-bozohttpd.set_pref(prefs, "enable users", "true")
+bozohttpd.set_pref(httpd, prefs, "enable users", "true")
 end
 if options.hidedots then
-bozohttpd.set_pref(prefs, "hide dots", "true")
+bozohttpd.set_pref(httpd, prefs, "hide dots", "true")
 end
 if options.enableusercgibin then
-bozohttpd.set_pref(prefs, "enable user cgibin", "true")
+bozohttpd.set_pref(httpd, prefs, "enable user cgibin", "true")
 end
 if options.dirindex then
-bozohttpd.set_pref(prefs, "directory indexing", "true")
+bozohttpd.set_pref(httpd, prefs, "directory indexing", "true")

CVS commit: src/libexec/httpd/lua

2018-05-01 Thread Sevan Janiyan 
Module Name:src
Committed By:   sevan
Date:   Tue May  1 23:51:53 UTC 2018

Modified Files:
src/libexec/httpd/lua: glue.c

Log Message:
Enable checking arguments for validity.
Remove disabled code.
Fix function parameters.
Add support for Lua 5.3


To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/libexec/httpd/lua/glue.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/lua/glue.c
diff -u src/libexec/httpd/lua/glue.c:1.2 src/libexec/httpd/lua/glue.c:1.3
--- src/libexec/httpd/lua/glue.c:1.2	Sun Dec 27 10:21:35 2015
+++ src/libexec/httpd/lua/glue.c	Tue May  1 23:51:53 2018
@@ -38,6 +38,7 @@
 #include 
 
 #define LUA_LIB
+#define LUA_USE_APICHECK
 #include 
 #include 
 #include 
@@ -48,24 +49,6 @@
 
 int luaopen_bozohttpd(lua_State *);
 
-#if 0
-typedef struct strarg_t {
-	const char	*s;	/* string */
-	const int	 n;	/* corresponding int value */
-} strarg_t;
-
-/* map a string onto an int */
-static int
-findtype(strarg_t *strs, const char *s)
-{
-	strarg_t	*sp;
-
-	for (sp = strs ; sp->s && strcasecmp(sp->s, s) != 0 ; sp++) {
-	}
-	return sp->n;
-}
-#endif
-
 /* init() */
 static int
 l_new(lua_State *L)
@@ -102,18 +85,20 @@ l_init_prefs(lua_State *L)
 	return 1;
 }
 
-/* bozo_set_pref(prefs, name, value) */
+/* bozo_set_pref(httpd, prefs, name, value) */
 static int
 l_bozo_set_pref(lua_State *L)
 {
+	bozohttpd_t	*httpd;
 	bozoprefs_t	*prefs;
 	const char	*name;
 	const char	*value;
 
-	prefs = lua_touserdata(L, 1);
-	name = luaL_checkstring(L, 2);
-	value = luaL_checkstring(L, 3);
-	lua_pushnumber(L, bozo_set_pref(prefs, name, value));
+	httpd = lua_touserdata(L, 1);
+	prefs = lua_touserdata(L, 2);
+	name = luaL_checkstring(L, 3);
+	value = luaL_checkstring(L, 4);
+	lua_pushnumber(L, bozo_set_pref(httpd, prefs, name, value));
 	return 1;
 }
 
@@ -163,16 +148,14 @@ l_bozo_read_request(lua_State *L)
 	return 1;
 }
 
-/* bozo_process_request(httpd, req) */
+/* bozo_process_request(req) */
 static int
 l_bozo_process_request(lua_State *L)
 {
 	bozo_httpreq_t	*req;
-	bozohttpd_t	*httpd;
 
-	httpd = lua_touserdata(L, 1);
-	req = lua_touserdata(L, 2);
-	bozo_process_request(httpd, req);
+	req = lua_touserdata(L, 1);
+	bozo_process_request(req);
 	lua_pushnumber(L, 1);
 	return 1;
 }
@@ -250,7 +233,7 @@ l_bozo_cgi_map(lua_State *L)
 	return 1;
 }
 
-const struct luaL_reg libluabozohttpd[] = {
+const struct luaL_Reg libluabozohttpd[] = {
 	{ "new",		l_new },
 	{ "init_httpd",		l_init_httpd },
 	{ "init_prefs",		l_init_prefs },
@@ -273,6 +256,10 @@ const struct luaL_reg libluabozohttpd[] 
 int 
 luaopen_bozohttpd(lua_State *L)
 {
-	luaL_openlib(L, "bozohttpd", libluabozohttpd, 0);
+#if LUA_VERSION_NUM >= 502
+luaL_newlib(L, libluabozohttpd);
+#else
+luaL_register(L, "bozohttpd", libluabozohttpd); 
+#endif
 	return 1;
 }

CVS commit: src/libexec/httpd

2018-02-06 Thread Christos Zoulas 
Module Name:src
Committed By:   christos
Date:   Tue Feb  6 15:48:46 UTC 2018

Modified Files:
src/libexec/httpd: ssl-bozo.c

Log Message:
- need string.h
- cast options to long for OpenSSL-1.1


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/libexec/httpd/ssl-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.22 src/libexec/httpd/ssl-bozo.c:1.23
--- src/libexec/httpd/ssl-bozo.c:1.22	Mon Dec 28 02:37:59 2015
+++ src/libexec/httpd/ssl-bozo.c	Tue Feb  6 10:48:46 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: ssl-bozo.c,v 1.22 2015/12/28 07:37:59 mrg Exp $	*/
+/*	$NetBSD: ssl-bozo.c,v 1.23 2018/02/06 15:48:46 christos Exp $	*/
 
 /*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -34,6 +34,7 @@
 
 #include 
 #include 
+#include 
 #include 
 #include 
 
@@ -62,7 +63,7 @@
 
 #ifndef BOZO_SSL_OPTIONS
 #define BOZO_SSL_OPTIONS	\
-	(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1)
+	((long)(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1))
 #endif
 
   /* this structure encapsulates the ssl info */

CVS commit: src/libexec/httpd

2018-01-28 Thread Maya Rashish 
Module Name:src
Committed By:   maya
Date:   Sun Jan 28 13:37:39 UTC 2018

Modified Files:
src/libexec/httpd: bozohttpd.c

Log Message:
Use a protocol-agnostic URL (don't degrade HTTPS->HTTP)

Suggested by Travis Paul in PR bin/52958.


To generate a diff of this commit:
cvs rdiff -u -r1.86 -r1.87 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.86 src/libexec/httpd/bozohttpd.c:1.87
--- src/libexec/httpd/bozohttpd.c:1.86	Sun Feb  5 01:55:03 2017
+++ src/libexec/httpd/bozohttpd.c	Sun Jan 28 13:37:39 2018
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.86 2017/02/05 01:55:03 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.87 2018/01/28 13:37:39 maya Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -1990,7 +1990,7 @@ bozo_http_error(bozohttpd_t *httpd, int 
 		"%s\n"
 		"%s\n"
 		"%s%s: %s\n"
- 		"http://%s%s/\;>%s%s\n"
+ 		"%s%s\n"
 		"\n",
 		header, header,
 		user ? user : "", file,

CVS commit: src/libexec/httpd

2017-11-28 Thread Thomas Klausner 
Module Name:src
Committed By:   wiz
Date:   Tue Nov 28 12:22:27 UTC 2017

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
Document script handler issues with httpd(8).
>From martin@, addressing PR 52194.

While here, use American spelling consistently and upper-case some
abbreviations.

Bump date.


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.67 src/libexec/httpd/bozohttpd.8:1.68
--- src/libexec/httpd/bozohttpd.8:1.67	Fri Jul  7 07:05:49 2017
+++ src/libexec/httpd/bozohttpd.8	Tue Nov 28 12:22:27 2017
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.67 2017/07/07 07:05:49 mrg Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.68 2017/11/28 12:22:27 wiz Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd February 1, 2017
+.Dd November 28, 2017
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -219,7 +219,7 @@ option.
 .It Fl P Ar pidfile
 Causes
 .Nm
-to create a pid file in
+to create a PID file in
 .Ar pidfile
 when run in daemon mode with the
 .Fl b
@@ -284,7 +284,7 @@ If no directory exists in
 for the request, then
 .Ar slashdir
 will be used.
-The default behaviour is to return 404 (Not Found.)
+The default behavior is to return 404 (Not Found.)
 .It Fl v Ar virtualroot
 Enables virtual hosting support.
 Directories in
@@ -314,7 +314,7 @@ Sets the list of SSL ciphers (see
 .Xr SSL_CTX_set_cipher_list 3 ) .
 .It Fl Z Ar certificate_path privatekey_path
 Sets the path to the server certificate file and the private key file
-in pem format.
+in PEM format.
 It also causes
 .Nm
 to start SSL mode.
@@ -388,9 +388,9 @@ Lua support (NO_LUA_SUPPORT),
 and SSL support (NO_SSL_SUPPORT)
 by defining the listed macros when building
 .Nm .
-.Ss HTTP BASIC AUTHORISATION
+.Ss HTTP BASIC AUTHORIZATION
 .Nm
-has support for HTTP Basic Authorisation.
+has support for HTTP Basic Authorization.
 If a file named
 .Pa .htpasswd
 exists in the directory of the current request,
@@ -406,7 +406,7 @@ This does not recursively protect any su
 The
 .Pa .htpasswd
 file contains lines delimited with a colon containing
-usernames and passwords hashed with
+user names and passwords hashed with
 .Xr crypt 3 ,
 for example:
 .Bd -literal
@@ -424,7 +424,7 @@ While
 .Nm
 distributed with
 .Nx
-has support for HTTP Basic Authorisation enabled by default,
+has support for HTTP Basic Authorization enabled by default,
 in the portable distribution it is excluded.
 Compile
 .Nm
@@ -458,7 +458,7 @@ looks for a couple of special files in d
 to be provided on a per-directory basis.
 In addition to the
 .Pa .htpasswd
-used by HTTP basic authorisation,
+used by HTTP basic authorization,
 if a
 .Pa .bzdirect
 file is found (contents are irrelevant)
@@ -478,7 +478,7 @@ If a
 .Pa .bzabsredirect
 symbolic link is found,
 .Nm
-will redirect to the absolute url pointed to by this symlink.
+will redirect to the absolute URL pointed to by this symlink.
 This is useful to redirect to different servers.
 Two forms of redirection are supported - symbolic link without schema will use
 .Em http://
@@ -514,6 +514,29 @@ Typically this will be like:
 .Bd -literal
 httpd -C .php /usr/pkg/bin/php-cgi /var/www
 .Ed
+.Pp
+Note that a plain script interpreter can not be used directly as a cgihandler,
+as there are no command line options passed from
+.Nm
+to avoid security issues.
+.Pp
+If no CGI-aware wrapper exists, a simple shell script like the following
+might do.
+.Pp
+It would be invoked like:
+.Bd -literal
+httpd -C .pl /www-scripts/bin/run.perl /var/www
+.Ed
+and the script could look like:
+.Bd -literal
+#! /bin/sh
+
+if [ -r "$SCRIPT_FILENAME" -a -x "$SCRIPT_FILENAME" ]; then
+	exec /usr/pkg/bin/perl "$SCRIPT_FILENAME"
+fi
+
+exit 1
+.Ed
 .Sh SEE ALSO
 .Xr inetd.conf 5 ,
 .Xr inetd 8
@@ -606,11 +629,11 @@ provided cgi-bin enhancements
 .It
 .An Nicolas Jombart
 .Aq Mt e...@ipv42.net
-provided fixes for HTTP basic authorisation support
+provided fixes for HTTP basic authorization support
 .It
 .An Antti Kantee
 .Aq Mt po...@netbsd.org
-provided fixes for HTTP basic authorisation support
+provided fixes for HTTP basic authorization support
 .It
 .An Thomas Klausner
 .Aq Mt w...@netbsd.org
@@ -644,7 +667,7 @@ option (pidfile support) and provided so
 .An Luke Mewburn
 .Aq Mt lu...@netbsd.org
 provided many various fixes, including cgi-bin fixes and enhancements,
-HTTP basic authorisation support and much code clean up
+HTTP basic authorization support and much code clean up
 .It
 .An Rajeev V. Pillai
 .Aq Mt rajeev_v_pil...@yahoo.com
@@ -686,7 +709,7 @@ provided a man page fix
 .It
 .An Holger Weiss
 .Aq Mt hol...@cis.fu-berlin.de
-provided http authorisation

CVS commit: src/libexec/httpd

2017-11-28 Thread Martin Husemann 
Module Name:src
Committed By:   martin
Date:   Tue Nov 28 10:33:51 UTC 2017

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism
sometimes with EFAULT due to not NULL terminated environment.


To generate a diff of this commit:
cvs rdiff -u -r1.38 -r1.39 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.38 src/libexec/httpd/cgi-bozo.c:1.39
--- src/libexec/httpd/cgi-bozo.c:1.38	Thu Oct  5 04:22:41 2017
+++ src/libexec/httpd/cgi-bozo.c	Tue Nov 28 10:33:51 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.38 2017/10/05 04:22:41 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.39 2017/11/28 10:33:51 martin Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -587,6 +587,8 @@ bozo_process_cgi(bozo_httpreq_t *request
 		bozoerr(httpd, 1, "child socketpair failed: %s",
 strerror(errno));
 
+	*curenvp = 0;
+
 	/*
 	 * We create 2 procs: one to become the CGI, one read from
 	 * the CGI and output to the network, and this parent will

CVS commit: src/libexec/httpd

2017-10-04 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Thu Oct  5 04:22:41 UTC 2017

Modified Files:
src/libexec/httpd: cgi-bozo.c

Log Message:
s/u_int/unsigned/.

from Jan Danielsson.  increases/fixes portability.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/libexec/httpd/cgi-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.37 src/libexec/httpd/cgi-bozo.c:1.38
--- src/libexec/httpd/cgi-bozo.c:1.37	Tue Jan 31 14:36:09 2017
+++ src/libexec/httpd/cgi-bozo.c	Thu Oct  5 04:22:41 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.37 2017/01/31 14:36:09 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.38 2017/10/05 04:22:41 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -517,8 +517,8 @@ bozo_process_cgi(bozo_httpreq_t *request
 		strcpy(t, "HTTP_");
 		t += strlen(t);
 		for (s2 = headp->h_header; *s2; t++, s2++)
-			if (islower((u_int)*s2))
-*t = toupper((u_int)*s2);
+			if (islower((unsigned)*s2))
+*t = toupper((unsigned)*s2);
 			else if (*s2 == '-')
 *t = '_';
 			else

CVS commit: src/libexec/httpd

2017-07-07 Thread matthew green 
Module Name:src
Committed By:   mrg
Date:   Fri Jul  7 07:05:49 UTC 2017

Modified Files:
src/libexec/httpd: bozohttpd.8

Log Message:
fix ordering of a couple of words.  from Edgar Pettijohn in PR#52375.
thanks!


To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.67 src/libexec/httpd/bozohttpd.8

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.66 src/libexec/httpd/bozohttpd.8:1.67
--- src/libexec/httpd/bozohttpd.8:1.66	Mon Jul  3 21:35:48 2017
+++ src/libexec/httpd/bozohttpd.8	Fri Jul  7 07:05:49 2017
@@ -1,4 +1,4 @@
-.\"	$NetBSD: bozohttpd.8,v 1.66 2017/07/03 21:35:48 wiz Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.67 2017/07/07 07:05:49 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
@@ -488,7 +488,7 @@ will redirect to
 .Em http://NetBSD.org/
 Otherwise provided schema will be used i.e. symbolic link to
 .Em ftp://NetBSD.org/
-will redirect to provided the URL.
+will redirect to the provided URL.
 .Sh EXAMPLES
 To configure set of virtual hosts, one would use an
 .Xr inetd.conf 5

CVS commit: src/libexec/httpd

2017-05-28 Thread Alexander Nasonov 
Module Name:src
Committed By:   alnsn
Date:   Sun May 28 22:37:36 UTC 2017

Modified Files:
src/libexec/httpd: lua-bozo.c

Log Message:
Cosmetic changes to Lua binding in bozohttpd.

- Don't use negative indicies to read arguments of Lua functions.
- On error, return nil, "error string".
- Use ssize_t for return values from bozo_read() and bozo_write().
- Prefer lstring especially when if saves you from appending NUL and
  doing len + 1 which can potentially wraparound.
- Don't mix C allocations with Lua functions marked with "m" in the Lua
  manual. Those functions may throw (longjump) and leak data allocated
  by C function. In one case, I use luaL_Buffer, in the other case,
  I rearranged calls a bit.


To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/libexec/httpd/lua-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/lua-bozo.c
diff -u src/libexec/httpd/lua-bozo.c:1.14 src/libexec/httpd/lua-bozo.c:1.15
--- src/libexec/httpd/lua-bozo.c:1.14	Mon Dec 28 07:37:59 2015
+++ src/libexec/httpd/lua-bozo.c	Sun May 28 22:37:36 2017
@@ -1,4 +1,4 @@
-/*	$NetBSD: lua-bozo.c,v 1.14 2015/12/28 07:37:59 mrg Exp $	*/
+/*	$NetBSD: lua-bozo.c,v 1.15 2017/05/28 22:37:36 alnsn Exp $	*/
 
 /*
  * Copyright (c) 2013 Marc Balmer 
@@ -51,8 +51,8 @@
 
 #define FORM	"application/x-www-form-urlencoded"
 
-static int
-lua_flush(lua_State *L)
+static bozohttpd_t *
+httpd_instance(lua_State *L)
 {
 	bozohttpd_t *httpd;
 
@@ -61,6 +61,14 @@ lua_flush(lua_State *L)
 	httpd = lua_touserdata(L, -1);
 	lua_pop(L, 1);
 
+	return httpd;
+}
+
+static int
+lua_flush(lua_State *L)
+{
+	bozohttpd_t *httpd = httpd_instance(L);
+
 	bozo_flush(httpd, stdout);
 	return 0;
 }
@@ -68,63 +76,57 @@ lua_flush(lua_State *L)
 static int
 lua_print(lua_State *L)
 {
-	bozohttpd_t *httpd;
-
-	lua_pushstring(L, "bozohttpd");
-	lua_gettable(L, LUA_REGISTRYINDEX);
-	httpd = lua_touserdata(L, -1);
-	lua_pop(L, 1);
+	bozohttpd_t *httpd = httpd_instance(L);
 
-	bozo_printf(httpd, "%s\r\n", lua_tostring(L, -1));
+	bozo_printf(httpd, "%s\r\n", lua_tostring(L, 1));
 	return 0;
 }
 
 static int
 lua_read(lua_State *L)
 {
-	bozohttpd_t *httpd;
-	int n, len;
+	bozohttpd_t *httpd = httpd_instance(L);
+	luaL_Buffer lbuf;
 	char *data;
+	lua_Integer len;
+	ssize_t n;
 
-	lua_pushstring(L, "bozohttpd");
-	lua_gettable(L, LUA_REGISTRYINDEX);
-	httpd = lua_touserdata(L, -1);
-	lua_pop(L, 1);
+	len = luaL_checkinteger(L, 1);
+	data = luaL_buffinitsize(L, , (size_t)len);
 
-	len = luaL_checkinteger(L, -1);
-	data = bozomalloc(httpd, len + 1);
-	n = bozo_read(httpd, STDIN_FILENO, data, len);
-	if (n >= 0) {
-		data[n] = '\0';
-		lua_pushstring(L, data);
-	} else
+	if ((n = bozo_read(httpd, STDIN_FILENO, data, len)) >= 0) {
+		luaL_pushresultsize(, n);
+		return 1;
+	} else {
 		lua_pushnil(L);
-	free(data);
-	return 1;
+		lua_pushstring(L, "bozo_read() call failed");
+		return 2;
+	}
 }
 
 static int
 lua_register_handler(lua_State *L)
 {
+	bozohttpd_t *httpd = httpd_instance(L);
 	lua_state_map_t *map;
 	lua_handler_t *handler;
-	bozohttpd_t *httpd;
+	const char *name;
+	int ref;
 
 	lua_pushstring(L, "lua_state_map");
 	lua_gettable(L, LUA_REGISTRYINDEX);
 	map = lua_touserdata(L, -1);
-	lua_pushstring(L, "bozohttpd");
-	lua_gettable(L, LUA_REGISTRYINDEX);
-	httpd = lua_touserdata(L, -1);
-	lua_pop(L, 2);
+	lua_pop(L, 1);
+
+	name = luaL_checkstring(L, 1);
 
-	luaL_checkstring(L, 1);
 	luaL_checktype(L, 2, LUA_TFUNCTION);
+	lua_pushvalue(L, 2);
+	ref = luaL_ref(L, LUA_REGISTRYINDEX);
 
 	handler = bozomalloc(httpd, sizeof(lua_handler_t));
-
-	handler->name = bozostrdup(httpd, NULL, lua_tostring(L, 1));
-	handler->ref = luaL_ref(L, LUA_REGISTRYINDEX);
+	handler->name = bozostrdup(httpd, NULL, name);
+	handler->ref = ref;
 	SIMPLEQ_INSERT_TAIL(>handlers, handler, h_next);
 	httpd->process_lua = 1;
 	return 0;
@@ -133,23 +135,26 @@ lua_register_handler(lua_State *L)
 static int
 lua_write(lua_State *L)
 {
-	bozohttpd_t *httpd;
+	bozohttpd_t *httpd = httpd_instance(L);
 	const char *data;
+	size_t len;
+	ssize_t n;
 
-	lua_pushstring(L, "bozohttpd");
-	lua_gettable(L, LUA_REGISTRYINDEX);
-	httpd = lua_touserdata(L, -1);
-	lua_pop(L, 1);
-
-	data = luaL_checkstring(L, -1);
-	lua_pushinteger(L, bozo_write(httpd, STDIN_FILENO, data, strlen(data)));
-	return 1;
+	data = luaL_checklstring(L, 1, );
+	if ((n = bozo_write(httpd, STDIN_FILENO, data, len)) >= 0) {
+		lua_pushinteger(L, n);
+		return 1;
+	} else {
+		lua_pushnil(L);
+		lua_pushstring(L, "bozo_write() call failed");
+		return 2;
+	}
 }
 
 static int
 luaopen_httpd(lua_State *L)
 {
-	struct luaL_Reg functions[] = {
+	static struct luaL_Reg functions[] = {
 		{ "flush",		lua_flush },
 		{ "print",		lua_print },
 		{ "read",		lua_read },

  1   2   3   >