Re: httpd fastcgi diff
OK, but would it be worth adding a comment referencing the RFC?
On 2015/03/25 22:58, Florian Obser wrote:
> On Wed, Mar 25, 2015 at 10:20:53PM +0100, Tim van der Molen wrote:
> > I'm using the hgweb.cgi Python script to serve Mercurial repositories
> > over HTTP. When served by httpd, hgweb.cgi does not work well with the
> > hg command-line utility. For example, this doesn't work:
> >
> > $ hg clone http://example.org/hgweb.cgi/repo
> >
> > The problem is that the hg utility sends an HTTP header with the name
> > "x-hgarg-1" which httpd translates to "HTTP_X_HGARG__" (i.e. the "1" is
> > lost).
> >
> > The diff below fixes this (in the sense that it makes hg work again). I
> > know very little about CGI, so I hope it doesn't open Pandora's box.
>
> Looks like I picked the wrong week to quit sniffing glue when I wrote
> that...
>
> We need to allow some more characters.
>
> RFC 3875:
>Meta-variables with names beginning with "HTTP_" contain values read
>from the client request header fields, if the protocol used is HTTP.
>The HTTP header field name is converted to upper case, has all
>occurrences of "-" replaced with "_" and has "HTTP_" prepended to
>give the meta-variable name.
>
> RFC 7230:
> header-field = field-name ":" OWS field-value OWS
>
> field-name = token
>
> token = 1*tchar
>
> tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
> / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
> / DIGIT / ALPHA
> ; any VCHAR, except delimiters
>
> OK?
>
> diff --git server_fcgi.c server_fcgi.c
> index 33603a0..158dc0c 100644
> --- server_fcgi.c
> +++ server_fcgi.c
> @@ -655,7 +655,10 @@ server_fcgi_writeheader(struct client *clt, struct kv
> *hdr, void *arg)
> for (p = name; *p != '\0'; p++) {
> if (isalpha((unsigned char)*p))
> *p = toupper((unsigned char)*p);
> - else
> + else if (!(*p == '!' || *p == '#' || *p == '$' || *p == '%' ||
> + *p == '&' || *p == '\'' || *p == '*' || *p == '+' ||
> + *p == '.' || *p == '^' || *p == '`' || *p == '|' ||
> + *p == '~' || isdigit((unsigned char)*p)))
> *p = '_';
> }
>
> --
> I'm not entirely sure you are real.
>
Re: httpd fastcgi diff
On Wed, Mar 25, 2015 at 10:20:53PM +0100, Tim van der Molen wrote:
> I'm using the hgweb.cgi Python script to serve Mercurial repositories
> over HTTP. When served by httpd, hgweb.cgi does not work well with the
> hg command-line utility. For example, this doesn't work:
>
> $ hg clone http://example.org/hgweb.cgi/repo
>
> The problem is that the hg utility sends an HTTP header with the name
> "x-hgarg-1" which httpd translates to "HTTP_X_HGARG__" (i.e. the "1" is
> lost).
>
> The diff below fixes this (in the sense that it makes hg work again). I
> know very little about CGI, so I hope it doesn't open Pandora's box.
Looks like I picked the wrong week to quit sniffing glue when I wrote
that...
We need to allow some more characters.
RFC 3875:
Meta-variables with names beginning with "HTTP_" contain values read
from the client request header fields, if the protocol used is HTTP.
The HTTP header field name is converted to upper case, has all
occurrences of "-" replaced with "_" and has "HTTP_" prepended to
give the meta-variable name.
RFC 7230:
header-field = field-name ":" OWS field-value OWS
field-name = token
token = 1*tchar
tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*"
/ "+" / "-" / "." / "^" / "_" / "`" / "|" / "~"
/ DIGIT / ALPHA
; any VCHAR, except delimiters
OK?
diff --git server_fcgi.c server_fcgi.c
index 33603a0..158dc0c 100644
--- server_fcgi.c
+++ server_fcgi.c
@@ -655,7 +655,10 @@ server_fcgi_writeheader(struct client *clt, struct kv
*hdr, void *arg)
for (p = name; *p != '\0'; p++) {
if (isalpha((unsigned char)*p))
*p = toupper((unsigned char)*p);
- else
+ else if (!(*p == '!' || *p == '#' || *p == '$' || *p == '%' ||
+ *p == '&' || *p == '\'' || *p == '*' || *p == '+' ||
+ *p == '.' || *p == '^' || *p == '`' || *p == '|' ||
+ *p == '~' || isdigit((unsigned char)*p)))
*p = '_';
}
--
I'm not entirely sure you are real.
wsdisplay.c: change variable 'no' to 'idx' for clarity/consistency
--- sys/dev/wscons/wsdisplay.c.orig Mon Oct 27 16:28:53 2014
+++ sys/dev/wscons/wsdisplay.c Wed Mar 25 17:24:11 2015
@@ -1641,7 +1641,7 @@ int
wsdisplay_switch3(void *arg, int error, int waitok)
{
struct wsdisplay_softc *sc = arg;
- int no;
+ int idx;
struct wsscreen *scr;
#ifdef WSDISPLAY_COMPAT_USL
@@ -1650,12 +1650,12 @@ wsdisplay_switch3(void *arg, int error, int waitok)
return (EINVAL);
}
- no = sc->sc_screenwanted;
- if (no < 0 || no >= WSDISPLAY_MAXSCREEN)
- panic("wsdisplay_switch3: invalid screen %d", no);
- scr = sc->sc_scr[no];
+ idx = sc->sc_screenwanted;
+ if (idx < 0 || idx >= WSDISPLAY_MAXSCREEN)
+ panic("wsdisplay_switch3: invalid screen %d", idx);
+ scr = sc->sc_scr[idx];
if (!scr) {
- printf("wsdisplay_switch3: screen %d disappeared\n", no);
+ printf("wsdisplay_switch3: screen %d disappeared\n", idx);
error = ENXIO;
}
@@ -1682,8 +1682,8 @@ wsdisplay_switch3(void *arg, int error, int waitok)
* wsdisplay_switch2 which has already validated our arguments
* and did not sleep.
*/
- no = sc->sc_screenwanted;
- scr = sc->sc_scr[no];
+ idx = sc->sc_screenwanted;
+ scr = sc->sc_scr[idx];
#endif
CLR(sc->sc_flags, SC_SWITCHPENDING);
@@ -1697,7 +1697,7 @@ int
wsdisplay_switch2(void *arg, int error, int waitok)
{
struct wsdisplay_softc *sc = arg;
- int no;
+ int idx;
struct wsscreen *scr;
if (!ISSET(sc->sc_flags, SC_SWITCHPENDING)) {
@@ -1705,12 +1705,12 @@ wsdisplay_switch2(void *arg, int error, int waitok)
return (EINVAL);
}
- no = sc->sc_screenwanted;
- if (no < 0 || no >= WSDISPLAY_MAXSCREEN)
- panic("wsdisplay_switch2: invalid screen %d", no);
- scr = sc->sc_scr[no];
+ idx = sc->sc_screenwanted;
+ if (idx < 0 || idx >= WSDISPLAY_MAXSCREEN)
+ panic("wsdisplay_switch2: invalid screen %d", idx);
+ scr = sc->sc_scr[idx];
if (!scr) {
- printf("wsdisplay_switch2: screen %d disappeared\n", no);
+ printf("wsdisplay_switch2: screen %d disappeared\n", idx);
error = ENXIO;
}
@@ -1729,7 +1729,7 @@ wsdisplay_switch2(void *arg, int error, int waitok)
return (wsdisplay_switch1(arg, 0, waitok));
}
- sc->sc_focusidx = no;
+ sc->sc_focusidx = idx;
sc->sc_focus = scr;
#ifdef WSDISPLAY_COMPAT_RAWKBD
@@ -1757,7 +1757,7 @@ int
wsdisplay_switch1(void *arg, int error, int waitok)
{
struct wsdisplay_softc *sc = arg;
- int no;
+ int idx;
struct wsscreen *scr;
if (!ISSET(sc->sc_flags, SC_SWITCHPENDING)) {
@@ -1765,8 +1765,8 @@ wsdisplay_switch1(void *arg, int error, int waitok)
return (EINVAL);
}
- no = sc->sc_screenwanted;
- if (no == WSDISPLAY_NULLSCREEN) {
+ idx = sc->sc_screenwanted;
+ if (idx == WSDISPLAY_NULLSCREEN) {
CLR(sc->sc_flags, SC_SWITCHPENDING);
if (!error) {
sc->sc_focus = 0;
@@ -1774,11 +1774,11 @@ wsdisplay_switch1(void *arg, int error, int waitok)
wakeup(sc);
return (error);
}
- if (no < 0 || no >= WSDISPLAY_MAXSCREEN)
- panic("wsdisplay_switch1: invalid screen %d", no);
- scr = sc->sc_scr[no];
+ if (idx < 0 || idx >= WSDISPLAY_MAXSCREEN)
+ panic("wsdisplay_switch1: invalid screen %d", idx);
+ scr = sc->sc_scr[idx];
if (!scr) {
- printf("wsdisplay_switch1: screen %d disappeared\n", no);
+ printf("wsdisplay_switch1: screen %d disappeared\n", idx);
error = ENXIO;
}
@@ -1800,16 +1800,16 @@ wsdisplay_switch1(void *arg, int error, int waitok)
}
int
-wsdisplay_switch(struct device *dev, int no, int waitok)
+wsdisplay_switch(struct device *dev, int idx, int waitok)
{
struct wsdisplay_softc *sc = (struct wsdisplay_softc *)dev;
int s, res = 0;
struct wsscreen *scr;
- if (no != WSDISPLAY_NULLSCREEN) {
- if (no < 0 || no >= WSDISPLAY_MAXSCREEN)
+ if (idx != WSDISPLAY_NULLSCREEN) {
+ if (idx < 0 || idx >= WSDISPLAY_MAXSCREEN)
return (EINVAL);
- if (sc->sc_scr[no] == NULL)
+ if (sc->sc_scr[idx] == NULL)
return (ENXIO);
}
@@ -1822,8 +1822,8 @@ wsdisplay_switch(struct device *dev, int no, int waito
return (res);
}
- if ((sc->sc_focus && no == sc->sc_focusidx) ||
- (sc->sc_focus == NULL && no == WSDISPLAY_NULLSCREEN)) {
+ if ((sc->sc_focus && idx == sc->sc_focusidx) ||
+ (sc->sc_focus == NULL && idx == WSDISPLAY_NULLSCREEN)) {
httpd fastcgi diff
I'm using the hgweb.cgi Python script to serve Mercurial repositories
over HTTP. When served by httpd, hgweb.cgi does not work well with the
hg command-line utility. For example, this doesn't work:
$ hg clone http://example.org/hgweb.cgi/repo
The problem is that the hg utility sends an HTTP header with the name
"x-hgarg-1" which httpd translates to "HTTP_X_HGARG__" (i.e. the "1" is
lost).
The diff below fixes this (in the sense that it makes hg work again). I
know very little about CGI, so I hope it doesn't open Pandora's box.
Index: server_fcgi.c
===
RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v
retrieving revision 1.52
diff -p -u -r1.52 server_fcgi.c
--- server_fcgi.c 23 Feb 2015 19:22:43 - 1.52
+++ server_fcgi.c 25 Mar 2015 20:45:17 -
@@ -655,7 +655,7 @@ server_fcgi_writeheader(struct client *c
for (p = name; *p != '\0'; p++) {
if (isalpha((unsigned char)*p))
*p = toupper((unsigned char)*p);
- else
+ else if (!isdigit((unsigned char)*p))
*p = '_';
}
awk: out of bounds error
ss10:~$ awk -f foo awk: can't open file foo source line number 1 source file foo context is >>> ΓΏ <<< Oh look, the international sign for buffer overflow. Don't print context when ebuf is empty --- lib.c.orig Wed Mar 25 17:11:49 2015 +++ lib.c Wed Mar 25 17:11:27 2015 @@ -648,7 +648,8 @@ void eprint(void) /* try to print context around error static int been_here = 0; extern char ebuf[], *ep; - if (compile_time == 2 || compile_time == 0 || been_here++ > 0) + if (compile_time == 2 || compile_time == 0 || been_here++ > 0 || + ebuf == ep) return; p = ep - 1; if (p > ebuf && *p == '\n')
