Re: httpd fastcgi diff
OK, but would it be worth adding a comment referencing the RFC? On 2015/03/25 22:58, Florian Obser wrote: > On Wed, Mar 25, 2015 at 10:20:53PM +0100, Tim van der Molen wrote: > > I'm using the hgweb.cgi Python script to serve Mercurial repositories > > over HTTP. When served by httpd, hgweb.cgi does not work well with the > > hg command-line utility. For example, this doesn't work: > > > > $ hg clone http://example.org/hgweb.cgi/repo > > > > The problem is that the hg utility sends an HTTP header with the name > > "x-hgarg-1" which httpd translates to "HTTP_X_HGARG__" (i.e. the "1" is > > lost). > > > > The diff below fixes this (in the sense that it makes hg work again). I > > know very little about CGI, so I hope it doesn't open Pandora's box. > > Looks like I picked the wrong week to quit sniffing glue when I wrote > that... > > We need to allow some more characters. > > RFC 3875: >Meta-variables with names beginning with "HTTP_" contain values read >from the client request header fields, if the protocol used is HTTP. >The HTTP header field name is converted to upper case, has all >occurrences of "-" replaced with "_" and has "HTTP_" prepended to >give the meta-variable name. > > RFC 7230: > header-field = field-name ":" OWS field-value OWS > > field-name = token > > token = 1*tchar > > tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" > / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" > / DIGIT / ALPHA > ; any VCHAR, except delimiters > > OK? > > diff --git server_fcgi.c server_fcgi.c > index 33603a0..158dc0c 100644 > --- server_fcgi.c > +++ server_fcgi.c > @@ -655,7 +655,10 @@ server_fcgi_writeheader(struct client *clt, struct kv > *hdr, void *arg) > for (p = name; *p != '\0'; p++) { > if (isalpha((unsigned char)*p)) > *p = toupper((unsigned char)*p); > - else > + else if (!(*p == '!' || *p == '#' || *p == '$' || *p == '%' || > + *p == '&' || *p == '\'' || *p == '*' || *p == '+' || > + *p == '.' || *p == '^' || *p == '`' || *p == '|' || > + *p == '~' || isdigit((unsigned char)*p))) > *p = '_'; > } > > -- > I'm not entirely sure you are real. >
Re: httpd fastcgi diff
On Wed, Mar 25, 2015 at 10:20:53PM +0100, Tim van der Molen wrote: > I'm using the hgweb.cgi Python script to serve Mercurial repositories > over HTTP. When served by httpd, hgweb.cgi does not work well with the > hg command-line utility. For example, this doesn't work: > > $ hg clone http://example.org/hgweb.cgi/repo > > The problem is that the hg utility sends an HTTP header with the name > "x-hgarg-1" which httpd translates to "HTTP_X_HGARG__" (i.e. the "1" is > lost). > > The diff below fixes this (in the sense that it makes hg work again). I > know very little about CGI, so I hope it doesn't open Pandora's box. Looks like I picked the wrong week to quit sniffing glue when I wrote that... We need to allow some more characters. RFC 3875: Meta-variables with names beginning with "HTTP_" contain values read from the client request header fields, if the protocol used is HTTP. The HTTP header field name is converted to upper case, has all occurrences of "-" replaced with "_" and has "HTTP_" prepended to give the meta-variable name. RFC 7230: header-field = field-name ":" OWS field-value OWS field-name = token token = 1*tchar tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." / "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA ; any VCHAR, except delimiters OK? diff --git server_fcgi.c server_fcgi.c index 33603a0..158dc0c 100644 --- server_fcgi.c +++ server_fcgi.c @@ -655,7 +655,10 @@ server_fcgi_writeheader(struct client *clt, struct kv *hdr, void *arg) for (p = name; *p != '\0'; p++) { if (isalpha((unsigned char)*p)) *p = toupper((unsigned char)*p); - else + else if (!(*p == '!' || *p == '#' || *p == '$' || *p == '%' || + *p == '&' || *p == '\'' || *p == '*' || *p == '+' || + *p == '.' || *p == '^' || *p == '`' || *p == '|' || + *p == '~' || isdigit((unsigned char)*p))) *p = '_'; } -- I'm not entirely sure you are real.
wsdisplay.c: change variable 'no' to 'idx' for clarity/consistency
--- sys/dev/wscons/wsdisplay.c.orig Mon Oct 27 16:28:53 2014 +++ sys/dev/wscons/wsdisplay.c Wed Mar 25 17:24:11 2015 @@ -1641,7 +1641,7 @@ int wsdisplay_switch3(void *arg, int error, int waitok) { struct wsdisplay_softc *sc = arg; - int no; + int idx; struct wsscreen *scr; #ifdef WSDISPLAY_COMPAT_USL @@ -1650,12 +1650,12 @@ wsdisplay_switch3(void *arg, int error, int waitok) return (EINVAL); } - no = sc->sc_screenwanted; - if (no < 0 || no >= WSDISPLAY_MAXSCREEN) - panic("wsdisplay_switch3: invalid screen %d", no); - scr = sc->sc_scr[no]; + idx = sc->sc_screenwanted; + if (idx < 0 || idx >= WSDISPLAY_MAXSCREEN) + panic("wsdisplay_switch3: invalid screen %d", idx); + scr = sc->sc_scr[idx]; if (!scr) { - printf("wsdisplay_switch3: screen %d disappeared\n", no); + printf("wsdisplay_switch3: screen %d disappeared\n", idx); error = ENXIO; } @@ -1682,8 +1682,8 @@ wsdisplay_switch3(void *arg, int error, int waitok) * wsdisplay_switch2 which has already validated our arguments * and did not sleep. */ - no = sc->sc_screenwanted; - scr = sc->sc_scr[no]; + idx = sc->sc_screenwanted; + scr = sc->sc_scr[idx]; #endif CLR(sc->sc_flags, SC_SWITCHPENDING); @@ -1697,7 +1697,7 @@ int wsdisplay_switch2(void *arg, int error, int waitok) { struct wsdisplay_softc *sc = arg; - int no; + int idx; struct wsscreen *scr; if (!ISSET(sc->sc_flags, SC_SWITCHPENDING)) { @@ -1705,12 +1705,12 @@ wsdisplay_switch2(void *arg, int error, int waitok) return (EINVAL); } - no = sc->sc_screenwanted; - if (no < 0 || no >= WSDISPLAY_MAXSCREEN) - panic("wsdisplay_switch2: invalid screen %d", no); - scr = sc->sc_scr[no]; + idx = sc->sc_screenwanted; + if (idx < 0 || idx >= WSDISPLAY_MAXSCREEN) + panic("wsdisplay_switch2: invalid screen %d", idx); + scr = sc->sc_scr[idx]; if (!scr) { - printf("wsdisplay_switch2: screen %d disappeared\n", no); + printf("wsdisplay_switch2: screen %d disappeared\n", idx); error = ENXIO; } @@ -1729,7 +1729,7 @@ wsdisplay_switch2(void *arg, int error, int waitok) return (wsdisplay_switch1(arg, 0, waitok)); } - sc->sc_focusidx = no; + sc->sc_focusidx = idx; sc->sc_focus = scr; #ifdef WSDISPLAY_COMPAT_RAWKBD @@ -1757,7 +1757,7 @@ int wsdisplay_switch1(void *arg, int error, int waitok) { struct wsdisplay_softc *sc = arg; - int no; + int idx; struct wsscreen *scr; if (!ISSET(sc->sc_flags, SC_SWITCHPENDING)) { @@ -1765,8 +1765,8 @@ wsdisplay_switch1(void *arg, int error, int waitok) return (EINVAL); } - no = sc->sc_screenwanted; - if (no == WSDISPLAY_NULLSCREEN) { + idx = sc->sc_screenwanted; + if (idx == WSDISPLAY_NULLSCREEN) { CLR(sc->sc_flags, SC_SWITCHPENDING); if (!error) { sc->sc_focus = 0; @@ -1774,11 +1774,11 @@ wsdisplay_switch1(void *arg, int error, int waitok) wakeup(sc); return (error); } - if (no < 0 || no >= WSDISPLAY_MAXSCREEN) - panic("wsdisplay_switch1: invalid screen %d", no); - scr = sc->sc_scr[no]; + if (idx < 0 || idx >= WSDISPLAY_MAXSCREEN) + panic("wsdisplay_switch1: invalid screen %d", idx); + scr = sc->sc_scr[idx]; if (!scr) { - printf("wsdisplay_switch1: screen %d disappeared\n", no); + printf("wsdisplay_switch1: screen %d disappeared\n", idx); error = ENXIO; } @@ -1800,16 +1800,16 @@ wsdisplay_switch1(void *arg, int error, int waitok) } int -wsdisplay_switch(struct device *dev, int no, int waitok) +wsdisplay_switch(struct device *dev, int idx, int waitok) { struct wsdisplay_softc *sc = (struct wsdisplay_softc *)dev; int s, res = 0; struct wsscreen *scr; - if (no != WSDISPLAY_NULLSCREEN) { - if (no < 0 || no >= WSDISPLAY_MAXSCREEN) + if (idx != WSDISPLAY_NULLSCREEN) { + if (idx < 0 || idx >= WSDISPLAY_MAXSCREEN) return (EINVAL); - if (sc->sc_scr[no] == NULL) + if (sc->sc_scr[idx] == NULL) return (ENXIO); } @@ -1822,8 +1822,8 @@ wsdisplay_switch(struct device *dev, int no, int waito return (res); } - if ((sc->sc_focus && no == sc->sc_focusidx) || - (sc->sc_focus == NULL && no == WSDISPLAY_NULLSCREEN)) { + if ((sc->sc_focus && idx == sc->sc_focusidx) || + (sc->sc_focus == NULL && idx == WSDISPLAY_NULLSCREEN)) {
httpd fastcgi diff
I'm using the hgweb.cgi Python script to serve Mercurial repositories over HTTP. When served by httpd, hgweb.cgi does not work well with the hg command-line utility. For example, this doesn't work: $ hg clone http://example.org/hgweb.cgi/repo The problem is that the hg utility sends an HTTP header with the name "x-hgarg-1" which httpd translates to "HTTP_X_HGARG__" (i.e. the "1" is lost). The diff below fixes this (in the sense that it makes hg work again). I know very little about CGI, so I hope it doesn't open Pandora's box. Index: server_fcgi.c === RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v retrieving revision 1.52 diff -p -u -r1.52 server_fcgi.c --- server_fcgi.c 23 Feb 2015 19:22:43 - 1.52 +++ server_fcgi.c 25 Mar 2015 20:45:17 - @@ -655,7 +655,7 @@ server_fcgi_writeheader(struct client *c for (p = name; *p != '\0'; p++) { if (isalpha((unsigned char)*p)) *p = toupper((unsigned char)*p); - else + else if (!isdigit((unsigned char)*p)) *p = '_'; }
awk: out of bounds error
ss10:~$ awk -f foo awk: can't open file foo source line number 1 source file foo context is >>> ΓΏ <<< Oh look, the international sign for buffer overflow. Don't print context when ebuf is empty --- lib.c.orig Wed Mar 25 17:11:49 2015 +++ lib.c Wed Mar 25 17:11:27 2015 @@ -648,7 +648,8 @@ void eprint(void) /* try to print context around error static int been_here = 0; extern char ebuf[], *ep; - if (compile_time == 2 || compile_time == 0 || been_here++ > 0) + if (compile_time == 2 || compile_time == 0 || been_here++ > 0 || + ebuf == ep) return; p = ep - 1; if (p > ebuf && *p == '\n')