Module Name: src
Committed By: martin
Date: Sat Nov 24 17:23:48 UTC 2018
Modified Files:
src/libexec/httpd [netbsd-7-0]: CHANGES Makefile auth-bozo.c
bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c content-bozo.c
daemon-bozo.c dir-index-bozo.c lua-bozo.c main.c ssl-bozo.c
tilde-luzah-bozo.c
src/libexec/httpd/libbozohttpd [netbsd-7-0]: Makefile
src/libexec/httpd/lua [netbsd-7-0]: bozo.lua glue.c optparse.lua
src/libexec/httpd/testsuite [netbsd-7-0]: Makefile html_cmp t3.out
t5.out t6.out test-bigfile test-simple
Added Files:
src/libexec/httpd/testsuite [netbsd-7-0]: t12.in t12.out t13.in t13.out
t14.in t14.out t15.in t15.out
src/libexec/httpd/testsuite/data [netbsd-7-0]: .bzremap
Log Message:
Sync to HEAD (requested by mrg in ticket #1655):
libexec/httpd/testsuite/data/.bzremap up to 1.1
libexec/httpd/testsuite/t12.out up to 1.1
libexec/httpd/testsuite/t12.in up to 1.1
libexec/httpd/testsuite/t13.out up to 1.1
libexec/httpd/testsuite/t13.in up to 1.1
libexec/httpd/testsuite/t14.out up to 1.1
libexec/httpd/testsuite/t14.in up to 1.1
libexec/httpd/testsuite/t15.out up to 1.1
libexec/httpd/testsuite/t15.in up to 1.1
libexec/httpd/CHANGES up to 1.28
libexec/httpd/Makefile up to 1.27
libexec/httpd/auth-bozo.c up to 1.22
libexec/httpd/bozohttpd.8 up to 1.74
libexec/httpd/bozohttpd.c up to 1.96
libexec/httpd/bozohttpd.h up to 1.56
libexec/httpd/cgi-bozo.c up to 1.44
libexec/httpd/content-bozo.c up to 1.16
libexec/httpd/daemon-bozo.c up to 1.19
libexec/httpd/dir-index-bozo.c up to 1.28
libexec/httpd/lua-bozo.c up to 1.15
libexec/httpd/main.c up to 1.21
libexec/httpd/ssl-bozo.c up to 1.25
libexec/httpd/tilde-luzah-bozo.c up to 1.16
libexec/httpd/libbozohttpd/Makefile up to 1.3
libexec/httpd/lua/bozo.lua up to 1.3
libexec/httpd/lua/glue.c up to 1.5
libexec/httpd/lua/optparse.lua up to 1.2
libexec/httpd/testsuite/Makefile up to 1.11
libexec/httpd/testsuite/html_cmp up to 1.6
libexec/httpd/testsuite/t3.out up to 1.4
libexec/httpd/testsuite/t5.out up to 1.4
libexec/httpd/testsuite/t6.out up to 1.4
libexec/httpd/testsuite/test-bigfile up to 1.5
libexec/httpd/testsuite/test-simple up to 1.5
Cosmetic changes to Lua binding in bozohttpd.
- Don't use negative indicies to read arguments of Lua functions.
- On error, return nil, "error string".
- Use ssize_t for return values from bozo_read() and bozo_write().
- Prefer lstring especially when if saves you from appending NUL and
doing len + 1 which can potentially wraparound.
- Don't mix C allocations with Lua functions marked with "m" in the Lua
manual. Those functions may throw (longjump) and leak data allocated
by C function. In one case, I use luaL_Buffer, in the other case,
I rearranged calls a bit.
fix ordering of a couple of words. from Edgar Pettijohn in PR#52375.
thanks!
s/u_int/unsigned/.
from Jan Danielsson. increases/fixes portability.
PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism
sometimes with EFAULT due to not NULL terminated environment.
Document script handler issues with httpd(8).
>From martin@, addressing PR 52194.
While here, use American spelling consistently and upper-case some
abbreviations.
Bump date.
fix output since protocol agnostic change went in.
XXX: i thought someone hooked this into atf already, please do :)
Add support for remapping requested paths via a .bzredirect file.
Fixes PR 52772. Ok: mrg@
Bump date
Remove trailing whitespace.
use __func__ in debug().
fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP.
avoid memory leak in sending multiple auth headers.
mostly mitigated by previous patch to limit total header size,
but still a real problem here.
note the changes present in bozohttpd 20181118:
o add url remap support via .bzremap file, from martin%netbsd.org@localhost
o handle redirections for any protocol, not just http:
o fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP.
from CHANGES:
o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling responses
old timeouts:
60 seconds for initial request like, 60 seconds per header line,
and no whole timeout (though the recent total header size changes
do introduce one that would be about 11 hours.)
new timeouts:
30 seconds for initial request like, 10 seconds per header line,
and a total request time of 600 seconds.
the new global timeout is implemented using CLOCK_MONOTONIC, with
a fallback to CLOCK_REALTIME if monotonic time is unavailable.
reject multiple Host: headers. besides being protocol standard,
this closes one additional memory leak found by JP. add a simple
test to check this.
clean up option and usage handling some.
move some #if support into bozohttpd.h.
fix previous: have_debug was reversed.
also fix have_dynamic_content from the previous previous. re-order
the debug and dynamic content to match the same pattern as everything
else so similar problems are less likely in the future.
- move special files defines into bozohttpd.h, so we can ...
- consolidate all the special file checks into
bozo_check_special_files() so that all builds check the same
list of special files, regardless of build options.
- convert "(void)bozo_http_error(...); return -1;" into plain
"return bozo_http_error(...);"
- fix the call to bozo_check_special_files() to be used on all
input types. part of the fixes for failure to reject access
to /.htpasswd as reported by JP on tech-security.
- use warn_unused_result attribute on bozo_check_special_files(),
and fix the failures to return failure. second part of the
htpasswd access fix.
- update testsuite to use a fixed fake hostname.
call this bozohttpd 20181121.
two fixes reported by mouse:
- don't check contents of 'st' if stat(2) failed.
- round up instead of truncate. now 10000 byte files say 10kB not 9kB.
use MAP_SHARED for the bzremap file. avoids netbsd kernel complaining:
WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 15478 command
bozohttpd)
many clean ups:
- keep a list of special files and their human names
- remove (void) casts on bozo_http_error()
- fix a few more misuses of bozo_http_error()
- rename check_mapping() to check_remap() and perform some CSE
- switch away from ``%s'' to '%s'
- remove a bunch of #ifdef using new have_feature defines
alpha sort the option switch.
add an assert() check on array bounds.
minor style fixes. simplify bozo_match_content_map().
To generate a diff of this commit:
cvs rdiff -u -r1.19.2.1.2.3 -r1.19.2.1.2.4 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.22.2.1.2.1 -r1.22.2.1.2.2 src/libexec/httpd/Makefile
cvs rdiff -u -r1.13.2.1.2.1 -r1.13.2.1.2.2 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.46.4.4.2.3 -r1.46.4.4.2.4 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.56.2.4.2.3 -r1.56.2.4.2.4 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.33.2.2.2.3 -r1.33.2.2.2.4 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.25.2.2.2.5 -r1.25.2.2.2.6 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.10.2.2.2.2 -r1.10.2.2.2.3 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.16.6.1 -r1.16.6.2 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.19.4.1.2.1 -r1.19.4.1.2.2 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.10.2.1.2.1 -r1.10.2.1.2.2 src/libexec/httpd/lua-bozo.c
cvs rdiff -u -r1.8.4.2 -r1.8.4.3 src/libexec/httpd/main.c
cvs rdiff -u -r1.18.4.1 -r1.18.4.2 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.10.6.1 -r1.10.6.2 src/libexec/httpd/tilde-luzah-bozo.c
cvs rdiff -u -r1.2 -r1.2.12.1 src/libexec/httpd/libbozohttpd/Makefile
cvs rdiff -u -r1.1.1.1.32.1 -r1.1.1.1.32.2 src/libexec/httpd/lua/bozo.lua \
src/libexec/httpd/lua/glue.c
cvs rdiff -u -r1.1.1.1 -r1.1.1.1.32.1 src/libexec/httpd/lua/optparse.lua
cvs rdiff -u -r1.4.26.3 -r1.4.26.4 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r1.4.20.1 -r1.4.20.2 src/libexec/httpd/testsuite/html_cmp
cvs rdiff -u -r0 -r1.1.10.2 src/libexec/httpd/testsuite/t12.in \
src/libexec/httpd/testsuite/t12.out src/libexec/httpd/testsuite/t13.in \
src/libexec/httpd/testsuite/t13.out
cvs rdiff -u -r0 -r1.1.8.2 src/libexec/httpd/testsuite/t14.in \
src/libexec/httpd/testsuite/t14.out src/libexec/httpd/testsuite/t15.in \
src/libexec/httpd/testsuite/t15.out
cvs rdiff -u -r1.3 -r1.3.26.1 src/libexec/httpd/testsuite/t3.out \
src/libexec/httpd/testsuite/t5.out src/libexec/httpd/testsuite/t6.out
cvs rdiff -u -r1.1.1.1.32.3 -r1.1.1.1.32.4 \
src/libexec/httpd/testsuite/test-bigfile
cvs rdiff -u -r1.2.6.3 -r1.2.6.4 src/libexec/httpd/testsuite/test-simple
cvs rdiff -u -r0 -r1.1.10.2 src/libexec/httpd/testsuite/data/.bzremap
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.19.2.1.2.3 src/libexec/httpd/CHANGES:1.19.2.1.2.4
--- src/libexec/httpd/CHANGES:1.19.2.1.2.3 Sun Feb 12 21:59:44 2017
+++ src/libexec/httpd/CHANGES Sat Nov 24 17:23:47 2018
@@ -1,4 +1,15 @@
-$NetBSD: CHANGES,v 1.19.2.1.2.3 2017/02/12 21:59:44 snj Exp $
+$NetBSD: CHANGES,v 1.19.2.1.2.4 2018/11/24 17:23:47 martin Exp $
+
+changes in bozohttpd 20181121:
+ o add url remap support via .bzremap file, from [email protected]
+ o handle redirections for any protocol, not just http:
+ o fix a denial of service attack against header contents, which
+ is now bounded at 16KiB. reported by JP
+ o reduce default timeouts, and add expand timeouts to handle the
+ initial line, each header, and the total time spent
+ o add -T option to expose new timeout settings
+ o minor RFC fixes related to timeout handling
+ o fix special file (.htpasswd, .bz*) bypass. reported by JP.
changes in bozohttpd 20170201:
o fix an infinite loop in cgi processing
Index: src/libexec/httpd/Makefile
diff -u src/libexec/httpd/Makefile:1.22.2.1.2.1 src/libexec/httpd/Makefile:1.22.2.1.2.2
--- src/libexec/httpd/Makefile:1.22.2.1.2.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/Makefile Sat Nov 24 17:23:47 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.22.2.1.2.1 2016/04/15 18:55:49 snj Exp $
+# $NetBSD: Makefile,v 1.22.2.1.2.2 2018/11/24 17:23:47 martin Exp $
#
# $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
#
@@ -48,19 +48,9 @@ CPPFLAGS+= -DHAVE_NBUTIL_H
LDADD+= -lnbutil
.endif
-.include <bsd.own.mk>
-
-.if ${MKCRYPTO} != "no"
-
LDADD+= -lssl -lcrypto
DPADD+= ${LIBSSL} ${LIBCRYPTO}
-.else
-
-COPTS+= -DNO_SSL_SUPPORT
-
-.endif
-
#
# Build release things.
#
Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.13.2.1.2.1 src/libexec/httpd/auth-bozo.c:1.13.2.1.2.2
--- src/libexec/httpd/auth-bozo.c:1.13.2.1.2.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/auth-bozo.c Sat Nov 24 17:23:47 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: auth-bozo.c,v 1.13.2.1.2.1 2016/04/15 18:55:49 snj Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.13.2.1.2.2 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -42,10 +42,6 @@
#include "bozohttpd.h"
-#ifndef AUTH_FILE
-#define AUTH_FILE ".htpasswd"
-#endif
-
static ssize_t base64_decode(const unsigned char *, size_t,
unsigned char *, size_t);
@@ -68,7 +64,6 @@ bozo_auth_check(bozo_httpreq_t *request,
strcpy(dir, ".");
else {
*basename++ = '\0';
- /* ensure basename(file) != AUTH_FILE */
if (bozo_check_special_files(request, basename))
return 1;
}
@@ -122,6 +117,7 @@ bozo_auth_init(bozo_httpreq_t *request)
{
request->hr_authuser = NULL;
request->hr_authpass = NULL;
+ request->hr_authrealm = NULL;
}
void
@@ -147,6 +143,10 @@ bozo_auth_check_headers(bozo_httpreq_t *
char *pass = NULL;
ssize_t alen;
+ /* free prior entries. */
+ free(request->hr_authuser);
+ free(request->hr_authpass);
+
alen = base64_decode((unsigned char *)str + 6,
(size_t)(len - 6),
(unsigned char *)authbuf,
@@ -158,8 +158,6 @@ bozo_auth_check_headers(bozo_httpreq_t *
return bozo_http_error(httpd, 400, request,
"bad authorization field");
*pass++ = '\0';
- free(request->hr_authuser);
- free(request->hr_authpass);
request->hr_authuser = bozostrdup(httpd, request, authbuf);
request->hr_authpass = bozostrdup(httpd, request, pass);
debug((httpd, DEBUG_FAT,
@@ -171,18 +169,6 @@ bozo_auth_check_headers(bozo_httpreq_t *
return 0;
}
-int
-bozo_auth_check_special_files(bozo_httpreq_t *request,
- const char *name)
-{
- bozohttpd_t *httpd = request->hr_httpd;
-
- if (strcmp(name, AUTH_FILE) == 0)
- return bozo_http_error(httpd, 403, request,
- "no permission to open authfile");
- return 0;
-}
-
void
bozo_auth_check_401(bozo_httpreq_t *request, int code)
{
Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.46.4.4.2.3 src/libexec/httpd/bozohttpd.8:1.46.4.4.2.4
--- src/libexec/httpd/bozohttpd.8:1.46.4.4.2.3 Sun Feb 12 21:59:44 2017
+++ src/libexec/httpd/bozohttpd.8 Sat Nov 24 17:23:47 2018
@@ -1,8 +1,8 @@
-.\" $NetBSD: bozohttpd.8,v 1.46.4.4.2.3 2017/02/12 21:59:44 snj Exp $
+.\" $NetBSD: bozohttpd.8,v 1.46.4.4.2.4 2018/11/24 17:23:47 martin Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
-.\" Copyright (c) 1997-2017 Matthew R. Green
+.\" Copyright (c) 1997-2018 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd February 1, 2017
+.Dd November 19, 2018
.Dt BOZOHTTPD 8
.Os
.Sh NAME
@@ -41,6 +41,7 @@
.Op Fl M Ar suffix type encoding encoding11
.Op Fl P Ar pidfile
.Op Fl S Ar server_software
+.Op Fl T Ar type timeout
.Op Fl U Ar username
.Op Fl Z Ar cert privkey
.Op Fl c Ar cgibin
@@ -105,7 +106,7 @@ The
directory is expected to contain the CGI programs to be used.
.Nm
looks for URL's in the form of
-.Em /cgi-bin/\*[Lt]scriptname\*[Gt]
+.Em /cgi-bin/<scriptname>
where
.Aq scriptname
is a valid CGI program in the
@@ -219,7 +220,7 @@ option.
.It Fl P Ar pidfile
Causes
.Nm
-to create a pid file in
+to create a PID file in
.Ar pidfile
when run in daemon mode with the
.Fl b
@@ -236,6 +237,19 @@ Sets the internal server version to
.Ar server_software .
.It Fl s
Forces logging to be set to stderr always.
+.It Fl T Ar type timeout
+Set the timeout for
+.Ar type
+to
+.Ar timeout .
+The valid values of
+.Ar type
+are
+.Dq initial timeout ,
+.Dq header timeout ,
+and
+.Dq request timeout .
+The default values are 30 seconds, 10 seconds and 600 seconds, respectively.
.It Fl t Ar chrootdir
Makes
.Nm
@@ -284,7 +298,7 @@ If no directory exists in
for the request, then
.Ar slashdir
will be used.
-The default behaviour is to return 404 (Not Found.)
+The default behavior is to return 404 (Not Found.)
.It Fl v Ar virtualroot
Enables virtual hosting support.
Directories in
@@ -314,7 +328,7 @@ Sets the list of SSL ciphers (see
.Xr SSL_CTX_set_cipher_list 3 ) .
.It Fl Z Ar certificate_path privatekey_path
Sets the path to the server certificate file and the private key file
-in pem format.
+in PEM format.
It also causes
.Nm
to start SSL mode.
@@ -388,9 +402,9 @@ Lua support (NO_LUA_SUPPORT),
and SSL support (NO_SSL_SUPPORT)
by defining the listed macros when building
.Nm .
-.Ss HTTP BASIC AUTHORISATION
+.Ss HTTP BASIC AUTHORIZATION
.Nm
-has support for HTTP Basic Authorisation.
+has support for HTTP Basic Authorization.
If a file named
.Pa .htpasswd
exists in the directory of the current request,
@@ -406,7 +420,7 @@ This does not recursively protect any su
The
.Pa .htpasswd
file contains lines delimited with a colon containing
-usernames and passwords hashed with
+user names and passwords hashed with
.Xr crypt 3 ,
for example:
.Bd -literal
@@ -424,7 +438,7 @@ While
.Nm
distributed with
.Nx
-has support for HTTP Basic Authorisation enabled by default,
+has support for HTTP Basic Authorization enabled by default,
in the portable distribution it is excluded.
Compile
.Nm
@@ -458,7 +472,7 @@ looks for a couple of special files in d
to be provided on a per-directory basis.
In addition to the
.Pa .htpasswd
-used by HTTP basic authorisation,
+used by HTTP basic authorization,
if a
.Pa .bzdirect
file is found (contents are irrelevant)
@@ -478,7 +492,7 @@ If a
.Pa .bzabsredirect
symbolic link is found,
.Nm
-will redirect to the absolute url pointed to by this symlink.
+will redirect to the absolute URL pointed to by this symlink.
This is useful to redirect to different servers.
Two forms of redirection are supported - symbolic link without schema will use
.Em http://
@@ -488,7 +502,38 @@ will redirect to
.Em http://NetBSD.org/
Otherwise provided schema will be used i.e. symbolic link to
.Em ftp://NetBSD.org/
-will redirect to provided the URL.
+will redirect to the provided URL.
+If a
+.Pa .bzremap
+file is found at the root of a (virtual) server, it is expected to contain
+rewrite mappings for URLs.
+.Pp
+These remappings are performed internally in the server before authentication
+happens and can be used to hide implementation details, like the CGI handler
+specific suffix for non cgi scripts in authorized directories.
+.Pp
+The map file consists of lines two paths separated by a colon, where the left
+side needs to exactly match a (sub) path of the request and will be replaced
+by the right side.
+.Pp
+The first match always wins.
+.Pp
+A
+.Pa .bzremap
+file could look like this:
+.Bd -literal
+/nic/update:/auth-dir/updipv4.pl
+.Ed
+.Pp
+The remap file should be short, access to it is slow and needs to happen
+on each request.
+If a request path needs to include a colon
+.Pq Li \&:
+character, it can be escaped
+with a backslash
+.Pq Li \e
+The right hand side of the colon is always used verbatim, no escape sequences
+are interpreted.
.Sh EXAMPLES
To configure set of virtual hosts, one would use an
.Xr inetd.conf 5
@@ -514,6 +559,29 @@ Typically this will be like:
.Bd -literal
httpd -C .php /usr/pkg/bin/php-cgi /var/www
.Ed
+.Pp
+Note that a plain script interpreter can not be used directly as a cgihandler,
+as there are no command line options passed from
+.Nm
+to avoid security issues.
+.Pp
+If no CGI-aware wrapper exists, a simple shell script like the following
+might do.
+.Pp
+It would be invoked like:
+.Bd -literal
+httpd -C .pl /www-scripts/bin/run.perl /var/www
+.Ed
+and the script could look like:
+.Bd -literal
+#! /bin/sh
+
+if [ -r "$SCRIPT_FILENAME" -a -x "$SCRIPT_FILENAME" ]; then
+ exec /usr/pkg/bin/perl "$SCRIPT_FILENAME"
+fi
+
+exit 1
+.Ed
.Sh SEE ALSO
.Xr inetd.conf 5 ,
.Xr inetd 8
@@ -531,7 +599,7 @@ The focus has always been simplicity and
and regular code audits.
This manual documents
.Nm
-version 20170201.
+version 20181123.
.Sh AUTHORS
.An -nosplit
.Nm
@@ -590,7 +658,8 @@ provided initial IPv6 support
.It
.An Martin Husemann
.Aq Mt [email protected]
-provided .bzabsredirect support, and fixed various redirection issues
+provided .bzabsredirect and .bzredir support, and fixed various
+redirection issues
.It
.An Arto Huusko
.Aq Mt [email protected]
@@ -606,11 +675,11 @@ provided cgi-bin enhancements
.It
.An Nicolas Jombart
.Aq Mt [email protected]
-provided fixes for HTTP basic authorisation support
+provided fixes for HTTP basic authorization support
.It
.An Antti Kantee
.Aq Mt [email protected]
-provided fixes for HTTP basic authorisation support
+provided fixes for HTTP basic authorization support
.It
.An Thomas Klausner
.Aq Mt [email protected]
@@ -644,7 +713,7 @@ option (pidfile support) and provided so
.An Luke Mewburn
.Aq Mt [email protected]
provided many various fixes, including cgi-bin fixes and enhancements,
-HTTP basic authorisation support and much code clean up
+HTTP basic authorization support and much code clean up
.It
.An Rajeev V. Pillai
.Aq Mt [email protected]
@@ -686,7 +755,7 @@ provided a man page fix
.It
.An Holger Weiss
.Aq Mt [email protected]
-provided http authorisation fixes
+provided http authorization fixes
.It
.Aq Mt [email protected]
provided chroot and change-to-user support, and other various fixes
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.56.2.4.2.3 src/libexec/httpd/bozohttpd.c:1.56.2.4.2.4
--- src/libexec/httpd/bozohttpd.c:1.56.2.4.2.3 Sun Feb 12 21:59:44 2017
+++ src/libexec/httpd/bozohttpd.c Sat Nov 24 17:23:47 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: bozohttpd.c,v 1.56.2.4.2.3 2017/02/12 21:59:44 snj Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.56.2.4.2.4 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2017 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -109,16 +109,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20170201"
-#endif
-#ifndef DIRECT_ACCESS_FILE
-#define DIRECT_ACCESS_FILE ".bzdirect"
-#endif
-#ifndef REDIRECT_FILE
-#define REDIRECT_FILE ".bzredirect"
-#endif
-#ifndef ABSREDIRECT_FILE
-#define ABSREDIRECT_FILE ".bzabsredirect"
+#define SERVER_SOFTWARE "bozohttpd/20181124"
#endif
#ifndef PUBLIC_HTML
#define PUBLIC_HTML "public_html"
@@ -149,6 +140,7 @@
#include <signal.h>
#include <stdarg.h>
#include <stdlib.h>
+#include <stdbool.h>
#include <string.h>
#include <syslog.h>
#include <time.h>
@@ -156,8 +148,19 @@
#include "bozohttpd.h"
-#ifndef MAX_WAIT_TIME
-#define MAX_WAIT_TIME 60 /* hang around for 60 seconds max */
+#ifndef INITIAL_TIMEOUT
+#define INITIAL_TIMEOUT "30" /* wait for 30 seconds initially */
+#endif
+#ifndef HEADER_WAIT_TIME
+#define HEADER_WAIT_TIME "10" /* need more headers every 10 seconds */
+#endif
+#ifndef TOTAL_MAX_REQ_TIME
+#define TOTAL_MAX_REQ_TIME "600" /* must have total request in 600 */
+#endif /* seconds */
+
+/* if monotonic time is not available try real time. */
+#ifndef CLOCK_MONOTONIC
+#define CLOCK_MONOTONIC CLOCK_REALTIME
#endif
/* variables and functions */
@@ -165,7 +168,22 @@
#define LOG_FTP LOG_DAEMON
#endif
-volatile sig_atomic_t alarmhit;
+/*
+ * List of special file that we should never serve.
+ */
+struct {
+ const char *file;
+ const char *name;
+} specials[] = {
+ { DIRECT_ACCESS_FILE, "rejected direct access request" },
+ { REDIRECT_FILE, "rejected redirect request" },
+ { ABSREDIRECT_FILE, "rejected absredirect request" },
+ { REMAP_FILE, "rejected remap request" },
+ { AUTH_FILE, "rejected authfile request" },
+ { NULL, NULL },
+};
+
+volatile sig_atomic_t timeout_hit;
/*
* check there's enough space in the prefs and names arrays.
@@ -368,7 +386,34 @@ bozo_clean_request(bozo_httpreq_t *reque
static void
alarmer(int sig)
{
- alarmhit = 1;
+ timeout_hit = 1;
+}
+
+
+/*
+ * set a timeout for "initial", "header", or "request".
+ */
+int
+bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs,
+ const char *target, const char *val)
+{
+ const char *cur, *timeouts[] = {
+ "initial timeout",
+ "header timeout",
+ "request timeout",
+ NULL,
+ };
+ /* adjust minlen if more timeouts appear with conflicting names */
+ const size_t minlen = 1;
+ size_t len = strlen(target);
+
+ for (cur = timeouts[0]; len >= minlen && *cur; cur++) {
+ if (strncmp(target, cur, len) == 0) {
+ bozo_set_pref(httpd, prefs, cur, val);
+ return 0;
+ }
+ }
+ return 1;
}
/*
@@ -536,6 +581,18 @@ process_method(bozo_httpreq_t *request,
return bozo_http_error(httpd, 404, request, "unknown method");
}
+/* check header byte count */
+static int
+bozo_got_header_length(bozo_httpreq_t *request, size_t len)
+{
+ request->hr_header_bytes += len;
+ if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE)
+ return 0;
+
+ return bozo_http_error(request->hr_httpd, 413, request,
+ "too many headers");
+}
+
/*
* This function reads a http request from stdin, returning a pointer to a
* bozo_httpreq_t structure, describing the request.
@@ -553,6 +610,7 @@ bozo_read_request(bozohttpd_t *httpd)
int line = 0;
socklen_t slen;
bozo_httpreq_t *request;
+ struct timespec ots, ts;
/*
* if we're in daemon mode, bozo_daemon_fork() will return here twice
@@ -635,21 +693,44 @@ bozo_read_request(bozohttpd_t *httpd)
sa.sa_flags = 0;
sigaction(SIGALRM, &sa, NULL);
- alarm(MAX_WAIT_TIME);
+ if (clock_gettime(CLOCK_MONOTONIC, &ots) != 0) {
+ bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
+ goto cleanup;
+ }
+
+ alarm(httpd->initial_timeout);
while ((str = bozodgetln(httpd, STDIN_FILENO, &len, bozo_read)) != NULL) {
alarm(0);
- if (alarmhit) {
- (void)bozo_http_error(httpd, 408, NULL,
- "request timed out");
+
+ if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) {
+ bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
+ goto cleanup;
+ }
+ /*
+ * don't timeout if old tv_sec is not more than current
+ * tv_sec, or if current tv_sec is less than the request
+ * timeout (these shouldn't happen, but the first could
+ * if monotonic time is not available.)
+ *
+ * the other timeout and header size checks should ensure
+ * that even if time it set backwards or forwards a very
+ * long way, timeout will eventually happen, even if this
+ * one fails.
+ */
+ if (ts.tv_sec > ots.tv_sec &&
+ ts.tv_sec > httpd->request_timeout &&
+ ts.tv_sec - httpd->request_timeout > ots.tv_sec)
+ timeout_hit = 1;
+
+ if (timeout_hit) {
+ bozo_http_error(httpd, 408, NULL, "request timed out");
goto cleanup;
}
line++;
if (line == 1) {
-
if (len < 1) {
- (void)bozo_http_error(httpd, 404, NULL,
- "null method");
+ bozo_http_error(httpd, 404, NULL, "null method");
goto cleanup;
}
bozowarn(httpd,
@@ -663,13 +744,11 @@ bozo_read_request(bozohttpd_t *httpd)
request->hr_file = file;
request->hr_query = query;
if (method == NULL) {
- (void)bozo_http_error(httpd, 404, NULL,
- "null method");
+ bozo_http_error(httpd, 404, NULL, "null method");
goto cleanup;
}
if (file == NULL) {
- (void)bozo_http_error(httpd, 404, NULL,
- "null file");
+ bozo_http_error(httpd, 404, NULL, "null file");
goto cleanup;
}
@@ -697,12 +776,10 @@ bozo_read_request(bozohttpd_t *httpd)
break;
val = bozostrnsep(&str, ":", &len);
- debug((httpd, DEBUG_EXPLODING,
- "read_req2: after bozostrnsep: str ``%s'' val ``%s''",
- str, val));
+ debug((httpd, DEBUG_EXPLODING, "read_req2: after "
+ "bozostrnsep: str `%s' val `%s'", str, val));
if (val == NULL || len == -1) {
- (void)bozo_http_error(httpd, 404, request,
- "no header");
+ bozo_http_error(httpd, 404, request, "no header");
goto cleanup;
}
while (*str == ' ' || *str == '\t')
@@ -710,6 +787,9 @@ bozo_read_request(bozohttpd_t *httpd)
while (*val == ' ' || *val == '\t')
val++;
+ if (bozo_got_header_length(request, len))
+ goto cleanup;
+
if (bozo_auth_check_headers(request, val, str, len))
goto next_header;
@@ -719,12 +799,19 @@ bozo_read_request(bozohttpd_t *httpd)
request->hr_content_type = hdr->h_value;
else if (strcasecmp(hdr->h_header, "content-length") == 0)
request->hr_content_length = hdr->h_value;
- else if (strcasecmp(hdr->h_header, "host") == 0)
+ else if (strcasecmp(hdr->h_header, "host") == 0) {
+ if (request->hr_host) {
+ /* RFC 7230 (HTTP/1.1): 5.4 */
+ bozo_http_error(httpd, 400, request,
+ "Only allow one Host: header");
+ goto cleanup;
+ }
request->hr_host = bozostrdup(httpd, request,
hdr->h_value);
+ }
/* RFC 2616 (HTTP/1.1): 14.20 */
else if (strcasecmp(hdr->h_header, "expect") == 0) {
- (void)bozo_http_error(httpd, 417, request,
+ bozo_http_error(httpd, 417, request,
"we don't support Expect:");
goto cleanup;
}
@@ -744,7 +831,7 @@ bozo_read_request(bozohttpd_t *httpd)
hdr->h_header, hdr->h_value));
}
next_header:
- alarm(MAX_WAIT_TIME);
+ alarm(httpd->header_timeout);
}
/* now, clear it all out */
@@ -754,8 +841,7 @@ next_header:
/* RFC1945, 8.3 */
if (request->hr_method == HTTP_POST &&
request->hr_content_length == NULL) {
- (void)bozo_http_error(httpd, 400, request,
- "missing content length");
+ bozo_http_error(httpd, 400, request, "missing content length");
goto cleanup;
}
@@ -763,8 +849,7 @@ next_header:
if (request->hr_proto == httpd->consts.http_11 &&
/*(strncasecmp(request->hr_file, "http://";, 7) != 0) &&*/
request->hr_host == NULL) {
- (void)bozo_http_error(httpd, 400, request,
- "missing Host header");
+ bozo_http_error(httpd, 400, request, "missing Host header");
goto cleanup;
}
@@ -1069,6 +1154,153 @@ head:
}
/*
+ * Like strncmp(), but s_esc may contain characters escaped by \.
+ * The len argument does not include the backslashes used for escaping,
+ * that is: it gives the raw len, after unescaping the string.
+ */
+static int
+esccmp(const char *s_plain, const char *s_esc, size_t len)
+{
+ bool esc = false;
+
+ while (len) {
+ if (!esc && *s_esc == '\\') {
+ esc = true;
+ s_esc++;
+ continue;
+ }
+ esc = false;
+ if (*s_plain == 0 || *s_esc == 0 || *s_plain != *s_esc)
+ return *s_esc - *s_plain;
+ s_esc++;
+ s_plain++;
+ len--;
+ }
+ return 0;
+}
+
+/*
+ * Check if the request refers to a uri that is mapped via a .bzremap.
+ * We have /requested/path:/re/mapped/to/this.html lines in there,
+ * and the : separator may be use in the left hand side escaped with
+ * \ to encode a path containig a : character.
+ */
+static void
+check_remap(bozo_httpreq_t *request)
+{
+ bozohttpd_t *httpd = request->hr_httpd;
+ char *file = request->hr_file, *newfile;
+ void *fmap;
+ const char *replace, *map_to, *p;
+ struct stat st;
+ int mapfile;
+ size_t avail, len, rlen, reqlen, num_esc = 0;
+ bool escaped = false;
+
+ mapfile = open(REMAP_FILE, O_RDONLY, 0);
+ if (mapfile == -1)
+ return;
+ debug((httpd, DEBUG_FAT, "remap file found"));
+ if (fstat(mapfile, &st) == -1) {
+ bozowarn(httpd, "could not stat " REMAP_FILE ", errno: %d",
+ errno);
+ goto out;
+ }
+
+ fmap = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, mapfile, 0);
+ if (fmap == NULL) {
+ bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d",
+ errno);
+ goto out;
+ }
+ reqlen = strlen(file);
+ for (p = fmap, avail = st.st_size; avail; ) {
+ /*
+ * We have lines like:
+ * /this/url:/replacement/that/url
+ * If we find a matching left hand side, replace will point
+ * to it and len will be its length. map_to will point to
+ * the right hand side and rlen wil be its length.
+ * If we have no match, both pointers will be NULL.
+ */
+
+ /* skip empty lines */
+ while ((*p == '\r' || *p == '\n') && avail) {
+ p++;
+ avail--;
+ }
+ replace = p;
+ escaped = false;
+ while (avail) {
+ if (*p == '\r' || *p == '\n')
+ break;
+ if (!escaped && *p == ':')
+ break;
+ if (escaped) {
+ escaped = false;
+ num_esc++;
+ } else if (*p == '\\') {
+ escaped = true;
+ }
+ p++;
+ avail--;
+ }
+ if (!avail || *p != ':') {
+ replace = NULL;
+ map_to = NULL;
+ break;
+ }
+ len = p - replace - num_esc;
+ /*
+ * reqlen < len: the left hand side is too long, can't be a
+ * match
+ * reqlen == len: full string has to match
+ * reqlen > len: make sure there is a path separator at 'len'
+ * avail < 2: we are at eof, missing right hand side
+ */
+ if (avail < 2 || reqlen < len ||
+ (reqlen == len && esccmp(file, replace, len) != 0) ||
+ (reqlen > len && (file[len] != '/' ||
+ esccmp(file, replace, len) != 0))) {
+
+ /* non-match, skip to end of line and continue */
+ while (*p != '\r' && *p != '\n' && avail) {
+ p++;
+ avail--;
+ }
+ replace = NULL;
+ map_to = NULL;
+ continue;
+ }
+ p++;
+ avail--;
+
+ /* found a match, parse the target */
+ map_to = p;
+ while (*p != '\r' && *p != '\n' && avail) {
+ p++;
+ avail--;
+ }
+ rlen = p - map_to;
+ break;
+ }
+
+ if (replace && map_to) {
+ newfile = bozomalloc(httpd, strlen(file) + rlen - len + 1);
+ memcpy(newfile, map_to, rlen);
+ strcpy(newfile+rlen, file + len);
+ debug((httpd, DEBUG_NORMAL, "remapping found '%s'",
+ newfile));
+ free(request->hr_file);
+ request->hr_file = newfile;
+ }
+
+ munmap(fmap, st.st_size);
+out:
+ close(mapfile);
+}
+
+/*
* deal with virtual host names; we do this:
* if we have a virtual path root (httpd->virtbase), and we are given a
* virtual host spec (Host: ho.st or http://ho.st/), see if this
@@ -1085,8 +1317,8 @@ check_virtual(bozo_httpreq_t *request)
/*
* convert http://virtual.host/ to request->hr_host
*/
- debug((httpd, DEBUG_OBESE, "checking for http:// virtual host in ``%s''",
- file));
+ debug((httpd, DEBUG_OBESE,
+ "checking for http:// virtual host in '%s'", file));
if (strncasecmp(file, "http://";, 7) == 0) {
/* we would do virtual hosting here? */
file += 7;
@@ -1098,7 +1330,7 @@ check_virtual(bozo_httpreq_t *request)
s = strchr(file, '/');
free(request->hr_file);
request->hr_file = bozostrdup(httpd, request, s ? s : "/");
- debug((httpd, DEBUG_OBESE, "got host ``%s'' file is now ``%s''",
+ debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'",
request->hr_host, request->hr_file));
} else if (!request->hr_host)
goto use_slashdir;
@@ -1113,13 +1345,11 @@ check_virtual(bozo_httpreq_t *request)
}
if (!httpd->virtbase) {
-
/*
* if we don't use vhost support, then set virthostname if
* user supplied Host header. It will be used for possible
* redirections
*/
-
if (request->hr_host) {
s = strrchr(request->hr_host, ':');
if (s != NULL)
@@ -1131,7 +1361,6 @@ check_virtual(bozo_httpreq_t *request)
/* fix Host: again, if we truncated it */
*s = ':';
}
-
goto use_slashdir;
}
@@ -1146,7 +1375,7 @@ check_virtual(bozo_httpreq_t *request)
"for file `%s'",
request->hr_host, httpd->virtbase, request->hr_file));
if (strncasecmp(httpd->virthostname, request->hr_host, len) != 0) {
- s = 0;
+ s = NULL;
DIR *dirp;
struct dirent *d;
@@ -1156,7 +1385,7 @@ check_virtual(bozo_httpreq_t *request)
strcmp(d->d_name, "..") == 0) {
continue;
}
- debug((httpd, DEBUG_OBESE, "looking at dir``%s''",
+ debug((httpd, DEBUG_OBESE, "looking at dir '%s'",
d->d_name));
if (strcmp(d->d_name, request->hr_host) == 0) {
/* found it, punch it */
@@ -1191,6 +1420,12 @@ use_slashdir:
if (chdir(s) < 0)
return bozo_http_error(httpd, 404, request,
"can't chdir to slashdir");
+
+ /*
+ * is there a mapping for this request?
+ */
+ check_remap(request);
+
return 0;
}
@@ -1213,10 +1448,9 @@ check_bzredirect(bozo_httpreq_t *request
* if this pathname is really a directory, but doesn't end in /,
* use it as the directory to look for the redir file.
*/
- if((size_t)snprintf(dir, sizeof(dir), "%s", request->hr_file + 1) >=
- sizeof(dir)) {
- bozo_http_error(httpd, 404, request,
- "file path too long");
+ if ((size_t)snprintf(dir, sizeof(dir), "%s", request->hr_file + 1) >=
+ sizeof(dir)) {
+ bozo_http_error(httpd, 404, request, "file path too long");
return -1;
}
debug((httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
@@ -1225,20 +1459,23 @@ check_bzredirect(bozo_httpreq_t *request
if ((!basename || basename[1] != '\0') &&
lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode)) {
strcpy(path, dir);
+ basename = dir;
} else if (basename == NULL) {
strcpy(path, ".");
strcpy(dir, "");
+ basename = dir;
} else {
*basename++ = '\0';
- bozo_check_special_files(request, basename);
strcpy(path, dir);
}
+ if (bozo_check_special_files(request, basename))
+ return -1;
debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path));
if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
- REDIRECT_FILE) >= sizeof(redir)) {
- bozo_http_error(httpd, 404, request,
+ REDIRECT_FILE) >= sizeof(redir)) {
+ return bozo_http_error(httpd, 404, request,
"redirectfile path too long");
return -1;
}
@@ -1247,10 +1484,10 @@ check_bzredirect(bozo_httpreq_t *request
return 0;
absolute = 0;
} else {
- if((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
- ABSREDIRECT_FILE) >= sizeof(redir)) {
+ if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
+ ABSREDIRECT_FILE) >= sizeof(redir)) {
bozo_http_error(httpd, 404, request,
- "redirectfile path too long");
+ "redirectfile path too long");
return -1;
}
if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode))
@@ -1276,7 +1513,7 @@ check_bzredirect(bozo_httpreq_t *request
if ((size_t)snprintf(finalredir = redir, sizeof(redir), "%s%s/%s",
(strlen(dir) > 0 ? "/" : ""), dir, redirpath) >= sizeof(redir)) {
bozo_http_error(httpd, 404, request,
- "redirect path too long");
+ "redirect path too long");
return -1;
}
} else
@@ -1313,21 +1550,15 @@ bozo_decode_url_percent(bozo_httpreq_t *
debug((httpd, DEBUG_EXPLODING,
"fu_%%: got s == %%, s[1]s[2] == %c%c",
s[1], s[2]));
- if (s[1] == '\0' || s[2] == '\0') {
- (void)bozo_http_error(httpd, 400, request,
+ if (s[1] == '\0' || s[2] == '\0')
+ return bozo_http_error(httpd, 400, request,
"percent hack missing two chars afterwards");
- return 1;
- }
- if (s[1] == '0' && s[2] == '0') {
- (void)bozo_http_error(httpd, 404, request,
- "percent hack was %00");
- return 1;
- }
- if (s[1] == '2' && s[2] == 'f') {
- (void)bozo_http_error(httpd, 404, request,
- "percent hack was %2f (/)");
- return 1;
- }
+ if (s[1] == '0' && s[2] == '0')
+ return bozo_http_error(httpd, 404, request,
+ "percent hack was %00");
+ if (s[1] == '2' && s[2] == 'f')
+ return bozo_http_error(httpd, 404, request,
+ "percent hack was %2f (/)");
buf[0] = *++s;
buf[1] = *++s;
@@ -1336,11 +1567,9 @@ bozo_decode_url_percent(bozo_httpreq_t *
*t = (char)strtol(buf, NULL, 16);
debug((httpd, DEBUG_EXPLODING,
"fu_%%: strtol put '%02x' into *t", *t));
- if (*t++ == '\0') {
- (void)bozo_http_error(httpd, 400, request,
- "percent hack got a 0 back");
- return 1;
- }
+ if (*t++ == '\0')
+ return bozo_http_error(httpd, 400, request,
+ "percent hack got a 0 back");
while (*s && *s != '%') {
if (end && s >= end)
@@ -1381,16 +1610,15 @@ transform_request(bozo_httpreq_t *reques
file = NULL;
*isindex = 0;
debug((httpd, DEBUG_FAT, "tf_req: file %s", request->hr_file));
- if (bozo_decode_url_percent(request, request->hr_file)) {
- goto bad_done;
- }
- if (check_virtual(request)) {
+
+ if (bozo_decode_url_percent(request, request->hr_file) ||
+ check_virtual(request))
goto bad_done;
- }
+
file = request->hr_file;
if (file[0] != '/') {
- (void)bozo_http_error(httpd, 404, request, "unknown URL");
+ bozo_http_error(httpd, 404, request, "unknown URL");
goto bad_done;
}
@@ -1407,12 +1635,13 @@ transform_request(bozo_httpreq_t *reques
/* first of all expand user path */
if (len > 1 && httpd->enable_users && file[1] == '~') {
if (file[2] == '\0') {
- (void)bozo_http_error(httpd, 404, request,
- "missing username");
+ bozo_http_error(httpd, 404, request,
+ "missing username");
goto bad_done;
}
if (strchr(file + 2, '/') == NULL) {
char *userredirecturl;
+
bozoasprintf(httpd, &userredirecturl, "%s/", file);
handle_redirect(request, userredirecturl, 0);
free(userredirecturl);
@@ -1432,7 +1661,9 @@ transform_request(bozo_httpreq_t *reques
switch (check_bzredirect(request)) {
case -1:
goto bad_done;
- case 1:
+ case 0:
+ break;
+ default:
return 0;
}
@@ -1452,13 +1683,12 @@ transform_request(bozo_httpreq_t *reques
newfile = bozostrdup(httpd, request, httpd->index_html);
*isindex = 1;
} else { /* len == 0 ? */
- (void)bozo_http_error(httpd, 500, request,
- "request->hr_file is nul?");
+ bozo_http_error(httpd, 500, request, "request->hr_file is nul");
goto bad_done;
}
if (newfile == NULL) {
- (void)bozo_http_error(httpd, 500, request, "internal failure");
+ bozo_http_error(httpd, 500, request, "internal failure");
goto bad_done;
}
@@ -1473,7 +1703,7 @@ transform_request(bozo_httpreq_t *reques
if (*newfile == '/' || strcmp(newfile, "..") == 0 ||
strstr(newfile, "/..") || strstr(newfile, "../")) {
- (void)bozo_http_error(httpd, 403, request, "illegal request");
+ bozo_http_error(httpd, 403, request, "illegal request");
goto bad_done;
}
@@ -1485,14 +1715,13 @@ transform_request(bozo_httpreq_t *reques
request->hr_file = newfile;
}
- if (bozo_process_cgi(request))
- return 0;
-
- if (bozo_process_lua(request))
+ if (bozo_process_cgi(request) ||
+ bozo_process_lua(request))
return 0;
debug((httpd, DEBUG_FAT, "transform_request set: %s", newfile));
return 1;
+
bad_done:
debug((httpd, DEBUG_FAT, "transform_request returning: 0"));
free(newfile);
@@ -1591,23 +1820,22 @@ bozo_process_request(bozo_httpreq_t *req
switch (errno) {
case EPERM:
case EACCES:
- (void)bozo_http_error(httpd, 403, request,
- "no permission to open file");
+ bozo_http_error(httpd, 403, request,
+ "no permission to open file");
break;
case ENAMETOOLONG:
/*FALLTHROUGH*/
case ENOENT:
if (!bozo_dir_index(request, file, isindex))
- (void)bozo_http_error(httpd, 404, request,
- "no file");
+ bozo_http_error(httpd, 404, request, "no file");
break;
default:
- (void)bozo_http_error(httpd, 500, request, "open file");
+ bozo_http_error(httpd, 500, request, "open file");
}
goto cleanup_nofd;
}
if (fstat(fd, &sb) < 0) {
- (void)bozo_http_error(httpd, 500, request, "can't fstat");
+ bozo_http_error(httpd, 500, request, "can't fstat");
goto cleanup;
}
if (S_ISDIR(sb.st_mode)) {
@@ -1697,17 +1925,12 @@ bozo_check_special_files(bozo_httpreq_t
{
bozohttpd_t *httpd = request->hr_httpd;
- /* ensure basename(name) != special files */
- if (strcmp(name, DIRECT_ACCESS_FILE) == 0)
- return bozo_http_error(httpd, 403, request,
- "no permission to open direct access file");
- if (strcmp(name, REDIRECT_FILE) == 0)
- return bozo_http_error(httpd, 403, request,
- "no permission to open redirect file");
- if (strcmp(name, ABSREDIRECT_FILE) == 0)
- return bozo_http_error(httpd, 403, request,
- "no permission to open redirect file");
- return bozo_auth_check_special_files(request, name);
+ for (size_t i = 0; specials[i].file; i++)
+ if (strcmp(name, specials[i].file) == 0)
+ return bozo_http_error(httpd, 403, request,
+ specials[i].name);
+
+ return 0;
}
/* generic header printing routine */
@@ -1902,6 +2125,7 @@ static struct errors_map {
{ 403, "403 Forbidden", "Access to this item has been denied",},
{ 404, "404 Not Found", "This item has not been found", },
{ 408, "408 Request Timeout", "This request took too long", },
+ { 413, "413 Payload Too Large", "Use smaller requests", },
{ 417, "417 Expectation Failed","Expectations not available", },
{ 420, "420 Enhance Your Calm","Chill, Winston", },
{ 500, "500 Internal Error", "An error occured on the server", },
@@ -1963,7 +2187,7 @@ bozo_http_error(bozohttpd_t *httpd, int
portbuf[0] = '\0';
if (request && request->hr_file) {
- char *file = NULL, *user = NULL, *user_escaped = NULL;
+ char *file = NULL, *user = NULL;
int file_alloc = 0;
const char *hostname = BOZOHOST(httpd, request);
@@ -1976,6 +2200,8 @@ bozo_http_error(bozohttpd_t *httpd, int
#ifndef NO_USER_SUPPORT
if (request->hr_user != NULL) {
+ char *user_escaped;
+
user_escaped = bozo_escape_html(NULL, request->hr_user);
if (user_escaped == NULL)
user_escaped = request->hr_user;
@@ -1990,7 +2216,7 @@ bozo_http_error(bozohttpd_t *httpd, int
"<html><head><title>%s</title></head>\n"
"<body><h1>%s</h1>\n"
"%s%s: <pre>%s</pre>\n"
- "<hr><address><a href=\"http://%s%s/\";>%s%s</a></address>\n"
+ "<hr><address><a href=\"//%s%s/\">%s%s</a></address>\n"
"</body></html>\n",
header, header,
user ? user : "", file,
@@ -2022,6 +2248,9 @@ bozo_http_error(bozohttpd_t *httpd, int
bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
if (request && request->hr_allow)
bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
+ /* RFC 7231 (HTTP/1.1) 6.5.7 */
+ if (code == 408 && request->hr_proto == httpd->consts.http_11)
+ bozo_printf(httpd, "Connection: close\r\n");
bozo_printf(httpd, "\r\n");
/* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a
* message-body in the response */
@@ -2136,7 +2365,7 @@ bozodgetln(bozohttpd_t *httpd, int fd, s
}
httpd->getln_buffer[len] = '\0';
- debug((httpd, DEBUG_OBESE, "bozodgetln returns: ``%s'' with len %zd",
+ debug((httpd, DEBUG_OBESE, "bozodgetln returns: '%s' with len %zd",
httpd->getln_buffer, len));
*lenp = len;
return httpd->getln_buffer;
@@ -2151,7 +2380,7 @@ bozorealloc(bozohttpd_t *httpd, void *pt
if (p)
return p;
- (void)bozo_http_error(httpd, 500, NULL, "memory allocation failure");
+ bozo_http_error(httpd, 500, NULL, "memory allocation failure");
exit(EXIT_FAILURE);
}
@@ -2164,7 +2393,7 @@ bozomalloc(bozohttpd_t *httpd, size_t si
if (p)
return p;
- (void)bozo_http_error(httpd, 500, NULL, "memory allocation failure");
+ bozo_http_error(httpd, 500, NULL, "memory allocation failure");
exit(EXIT_FAILURE);
}
@@ -2180,7 +2409,7 @@ bozostrdup(bozohttpd_t *httpd, bozo_http
if (!request)
bozoerr(httpd, EXIT_FAILURE, "strdup");
- (void)bozo_http_error(httpd, 500, request, "memory allocation failure");
+ bozo_http_error(httpd, 500, request, "memory allocation failure");
exit(EXIT_FAILURE);
}
@@ -2202,7 +2431,7 @@ bozo_init_httpd(bozohttpd_t *httpd)
/* error buffer for bozo_http_error() */
if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) {
- (void) fprintf(stderr,
+ fprintf(stderr,
"bozohttpd: memory_allocation failure\n");
return 0;
}
@@ -2216,16 +2445,26 @@ bozo_init_httpd(bozohttpd_t *httpd)
int
bozo_init_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
{
+ int rv = 0;
+
/* make sure everything is clean */
(void) memset(prefs, 0x0, sizeof(*prefs));
/* set up default values */
- if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE) ||
- !bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML) ||
- !bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML))
- return 0;
+ if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "initial timeout", INITIAL_TIMEOUT))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "request timeout", TOTAL_MAX_REQ_TIME))
+ rv = 1;
- return 1;
+ return rv;
}
/* set default values */
@@ -2318,6 +2557,15 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
httpd->public_html = bozostrdup(httpd, NULL, cp);
}
+ if ((cp = bozo_get_pref(prefs, "initial timeout")) != NULL) {
+ httpd->initial_timeout = atoi(cp);
+ }
+ if ((cp = bozo_get_pref(prefs, "header timeout")) != NULL) {
+ httpd->header_timeout = atoi(cp);
+ }
+ if ((cp = bozo_get_pref(prefs, "request timeout")) != NULL) {
+ httpd->request_timeout = atoi(cp);
+ }
httpd->server_software =
bozostrdup(httpd, NULL, bozo_get_pref(prefs, "server software"));
httpd->index_html =
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.33.2.2.2.3 src/libexec/httpd/bozohttpd.h:1.33.2.2.2.4
--- src/libexec/httpd/bozohttpd.h:1.33.2.2.2.3 Sun Feb 12 21:59:44 2017
+++ src/libexec/httpd/bozohttpd.h Sat Nov 24 17:23:47 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: bozohttpd.h,v 1.33.2.2.2.3 2017/02/12 21:59:44 snj Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.33.2.2.2.4 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2017 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -117,6 +117,9 @@ typedef struct bozohttpd_t {
int hide_dots; /* hide .* */
int process_cgi; /* use the cgi handler */
char *cgibin; /* cgi-bin directory */
+ unsigned initial_timeout;/* first line timeout */
+ unsigned header_timeout; /* header lines timeout */
+ unsigned request_timeout;/* total session timeout */
#ifndef NO_LUA_SUPPORT
int process_lua; /* use the Lua handler */
SIMPLEQ_HEAD(, lua_state_map) lua_states;
@@ -175,7 +178,8 @@ typedef struct bozo_httpreq_t {
#endif
struct qheaders hr_headers;
struct qheaders hr_replheaders;
- int hr_nheaders;
+ unsigned hr_nheaders;
+ size_t hr_header_bytes;
} bozo_httpreq_t;
/* helper to access the "active" host name from a httpd/request pair */
@@ -199,6 +203,9 @@ typedef struct bozoprefs_t {
#define BOZO_MMAPSZ (BOZO_WRSZ * 1024)
#endif
+/* only allow this many total headers bytes */
+#define BOZO_HEADERS_MAX_SIZE (16 * 1024)
+
/* debug flags */
#define DEBUG_NORMAL 1
#define DEBUG_FAT 2
@@ -207,21 +214,52 @@ typedef struct bozoprefs_t {
#define strornull(x) ((x) ? (x) : "<null>")
-#if defined(__GNUC__) && __GNUC__ >= 3
+#if (defined(__GNUC__) && __GNUC__ >= 3) || defined(__lint__)
#define BOZO_PRINTFLIKE(x,y) __attribute__((__format__(__printf__, x,y)))
#define BOZO_DEAD __attribute__((__noreturn__))
+#define BOZO_CHECKRET __attribute__((__warn_unused_result__))
+#else
+#define BOZO_PRINTFLIKE(x,y)
+#define BOZO_DEAD
+#define BOZO_CHECKRET
#endif
-#ifndef NO_DEBUG
+#ifdef NO_DEBUG
+#define debug(x)
+#define have_debug (0)
+#else
void debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4);
#define debug(x) debug__ x
-#else
-#define debug(x)
+#define have_debug (1)
#endif /* NO_DEBUG */
+/*
+ * bozohttpd special files. avoid serving these out.
+ *
+ * When you add some .bz* file, make sure to also check it in
+ * bozo_check_special_files()
+ */
+
+#ifndef DIRECT_ACCESS_FILE
+#define DIRECT_ACCESS_FILE ".bzdirect"
+#endif
+#ifndef REDIRECT_FILE
+#define REDIRECT_FILE ".bzredirect"
+#endif
+#ifndef ABSREDIRECT_FILE
+#define ABSREDIRECT_FILE ".bzabsredirect"
+#endif
+#ifndef REMAP_FILE
+#define REMAP_FILE ".bzremap"
+#endif
+#ifndef AUTH_FILE
+#define AUTH_FILE ".htpasswd"
+#endif
+
+/* be sure to always return this error up */
int bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
-int bozo_check_special_files(bozo_httpreq_t *, const char *);
+int bozo_check_special_files(bozo_httpreq_t *, const char *) BOZO_CHECKRET;
char *bozo_http_date(char *, size_t);
void bozo_print_header(bozo_httpreq_t *, struct stat *, const char *,
const char *);
@@ -246,19 +284,23 @@ char *bozostrdup(bozohttpd_t *, bozo_htt
#define bozo_noop do { /* nothing */ } while (/*CONSTCOND*/0)
+#define have_all (1)
+
/* ssl-bozo.c */
#ifdef NO_SSL_SUPPORT
-#define bozo_ssl_set_opts(w, x, y) bozo_noop
-#define bozo_ssl_set_ciphers(w, x, y) bozo_noop
-#define bozo_ssl_init(x) bozo_noop
-#define bozo_ssl_accept(x) (0)
-#define bozo_ssl_destroy(x) bozo_noop
+#define bozo_ssl_set_opts(w, x, y) bozo_noop
+#define bozo_ssl_set_ciphers(w, x) bozo_noop
+#define bozo_ssl_init(x) bozo_noop
+#define bozo_ssl_accept(x) (0)
+#define bozo_ssl_destroy(x) bozo_noop
+#define have_ssl (0)
#else
void bozo_ssl_set_opts(bozohttpd_t *, const char *, const char *);
void bozo_ssl_set_ciphers(bozohttpd_t *, const char *);
void bozo_ssl_init(bozohttpd_t *);
int bozo_ssl_accept(bozohttpd_t *);
void bozo_ssl_destroy(bozohttpd_t *);
+#define have_ssl (1)
#endif
@@ -268,69 +310,78 @@ void bozo_auth_init(bozo_httpreq_t *);
int bozo_auth_check(bozo_httpreq_t *, const char *);
void bozo_auth_cleanup(bozo_httpreq_t *);
int bozo_auth_check_headers(bozo_httpreq_t *, char *, char *, ssize_t);
-int bozo_auth_check_special_files(bozo_httpreq_t *, const char *);
void bozo_auth_check_401(bozo_httpreq_t *, int);
void bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***);
int bozo_auth_cgi_count(bozo_httpreq_t *);
#else
-#define bozo_auth_init(x) bozo_noop
-#define bozo_auth_check(x, y) 0
-#define bozo_auth_cleanup(x) bozo_noop
-#define bozo_auth_check_headers(y, z, a, b) 0
-#define bozo_auth_check_special_files(x, y) 0
-#define bozo_auth_check_401(x, y) bozo_noop
-#define bozo_auth_cgi_setenv(x, y) bozo_noop
-#define bozo_auth_cgi_count(x) 0
+#define bozo_auth_init(x) bozo_noop
+#define bozo_auth_check(x, y) (0)
+#define bozo_auth_cleanup(x) bozo_noop
+#define bozo_auth_check_headers(y, z, a, b) (0)
+#define bozo_auth_check_401(x, y) bozo_noop
+#define bozo_auth_cgi_setenv(x, y) bozo_noop
+#define bozo_auth_cgi_count(x) (0)
#endif /* DO_HTPASSWD */
/* cgi-bozo.c */
#ifdef NO_CGIBIN_SUPPORT
-#define bozo_process_cgi(h) 0
+#define bozo_cgi_setbin(h,s) bozo_noop
+#define bozo_process_cgi(h) (0)
+#define have_cgibin (0)
#else
void bozo_cgi_setbin(bozohttpd_t *, const char *);
void bozo_setenv(bozohttpd_t *, const char *, const char *, char **);
int bozo_process_cgi(bozo_httpreq_t *);
-void bozo_add_content_map_cgi(bozohttpd_t *, const char *, const char *);
+#define have_cgibin (1)
#endif /* NO_CGIBIN_SUPPORT */
/* lua-bozo.c */
#ifdef NO_LUA_SUPPORT
-#define bozo_process_lua(h) 0
+#define bozo_process_lua(h) (0)
+#define bozo_add_lua_map(h,s,t) bozo_noop
+#define have_lua (0)
#else
void bozo_add_lua_map(bozohttpd_t *, const char *, const char *);
int bozo_process_lua(bozo_httpreq_t *);
+#define have_lua (1)
#endif /* NO_LUA_SUPPORT */
/* daemon-bozo.c */
#ifdef NO_DAEMON_MODE
#define bozo_daemon_init(x) bozo_noop
-#define bozo_daemon_fork(x) 0
+#define bozo_daemon_fork(x) (0)
#define bozo_daemon_closefds(x) bozo_noop
+#define have_daemon_mode (0)
#else
void bozo_daemon_init(bozohttpd_t *);
int bozo_daemon_fork(bozohttpd_t *);
void bozo_daemon_closefds(bozohttpd_t *);
+#define have_daemon_mode (1)
#endif /* NO_DAEMON_MODE */
/* tilde-luzah-bozo.c */
#ifdef NO_USER_SUPPORT
-#define bozo_user_transform(x) 0
-#define bozo_user_free(x) 0
+#define bozo_user_transform(x) (0)
+#define bozo_user_free(x) /* nothing */
+#define have_user (0)
#else
int bozo_user_transform(bozo_httpreq_t *);
-#define bozo_user_free(x) free(x)
+#define bozo_user_free(x) free(x)
+#define have_user (1)
#endif /* NO_USER_SUPPORT */
/* dir-index-bozo.c */
#ifdef NO_DIRINDEX_SUPPORT
-#define bozo_dir_index(a, b, c) 0
+#define bozo_dir_index(a, b, c) (0)
+#define have_dirindex (0)
#else
int bozo_dir_index(bozo_httpreq_t *, const char *, int);
+#define have_dirindex (1)
#endif /* NO_DIRINDEX_SUPPORT */
@@ -339,9 +390,20 @@ const char *bozo_content_type(bozo_httpr
const char *bozo_content_encoding(bozo_httpreq_t *, const char *);
bozo_content_map_t *bozo_match_content_map(bozohttpd_t *, const char *, int);
bozo_content_map_t *bozo_get_content_map(bozohttpd_t *, const char *);
-#ifndef NO_DYNAMIC_CONTENT
+#ifdef NO_DYNAMIC_CONTENT
+#define bozo_add_content_map_mime(h,s,t,u,v) bozo_noop
+#define have_dynamic_content (0)
+#else
void bozo_add_content_map_mime(bozohttpd_t *, const char *, const char *,
const char *, const char *);
+#define have_dynamic_content (1)
+#endif
+
+/* additional cgi-bozo.c */
+#if have_cgibin && have_dynamic_content
+void bozo_add_content_map_cgi(bozohttpd_t *, const char *, const char *);
+#else
+#define bozo_add_content_map_cgi(h,s,t)
#endif
/* I/O */
@@ -358,6 +420,7 @@ int bozo_setup(bozohttpd_t *, bozoprefs_
bozo_httpreq_t *bozo_read_request(bozohttpd_t *);
void bozo_process_request(bozo_httpreq_t *);
void bozo_clean_request(bozo_httpreq_t *);
+int bozo_set_timeout(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
bozoheaders_t *addmerge_reqheader(bozo_httpreq_t *, const char *,
const char *, ssize_t);
bozoheaders_t *addmerge_replheader(bozo_httpreq_t *, const char *,
Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.25.2.2.2.5 src/libexec/httpd/cgi-bozo.c:1.25.2.2.2.6
--- src/libexec/httpd/cgi-bozo.c:1.25.2.2.2.5 Wed Jan 3 20:30:06 2018
+++ src/libexec/httpd/cgi-bozo.c Sat Nov 24 17:23:47 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: cgi-bozo.c,v 1.25.2.2.2.5 2018/01/03 20:30:06 snj Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.25.2.2.2.6 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2017 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -45,6 +45,7 @@
#include <string.h>
#include <syslog.h>
#include <unistd.h>
+#include <assert.h>
#include <netinet/in.h>
@@ -62,7 +63,7 @@
*/
static const char *
content_cgihandler(bozohttpd_t *httpd, bozo_httpreq_t *request,
- const char *file)
+ const char *file)
{
bozo_content_map_t *map;
@@ -103,7 +104,7 @@ parse_header(bozo_httpreq_t *request, co
*hdr_val = value;
return 0;
-}
+}
/*
* handle parsing a CGI header output, transposing a Status: header
@@ -123,7 +124,6 @@ finish_cgi_output(bozohttpd_t *httpd, bo
/* much of this code is like bozo_read_request()'s header loop. */
SIMPLEQ_INIT(&headers);
write_header = nph == 0;
- /* was read(2) here - XXX - agc */
while (nph == 0 &&
(str = bozodgetln(httpd, in, &len, bozo_read)) != NULL) {
char *hdr_name, *hdr_value;
@@ -144,10 +144,10 @@ finish_cgi_output(bozohttpd_t *httpd, bo
*/
if (strcasecmp(hdr_name, "status") == 0) {
debug((httpd, DEBUG_OBESE,
- "bozo_process_cgi: writing HTTP header "
- "from status %s ..", hdr_value));
+ "%s: writing HTTP header "
+ "from status %s ..", __func__, hdr_value));
bozo_printf(httpd, "%s %s\r\n", request->hr_proto,
- hdr_value);
+ hdr_value);
bozo_flush(httpd, stdout);
write_header = 0;
free(hdr_name);
@@ -163,7 +163,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
if (write_header) {
debug((httpd, DEBUG_OBESE,
- "bozo_process_cgi: writing HTTP header .."));
+ "%s: writing HTTP header ..", __func__));
bozo_printf(httpd,
"%s 200 OK\r\n", request->hr_proto);
bozo_flush(httpd, stdout);
@@ -171,10 +171,10 @@ finish_cgi_output(bozohttpd_t *httpd, bo
if (nheaders) {
debug((httpd, DEBUG_OBESE,
- "bozo_process_cgi: writing delayed HTTP headers .."));
+ "%s: writing delayed HTTP headers ..", __func__));
SIMPLEQ_FOREACH_SAFE(hdr, &headers, h_next, nhdr) {
bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
- hdr->h_value);
+ hdr->h_value);
free(hdr->h_header);
free(hdr);
}
@@ -190,7 +190,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
while (rbytes) {
wbytes = bozo_write(httpd, STDOUT_FILENO, buf,
- (size_t)rbytes);
+ (size_t)rbytes);
if (wbytes > 0) {
rbytes -= wbytes;
bp += wbytes;
@@ -223,9 +223,8 @@ parse_search_string(bozo_httpreq_t *requ
*args_len = 0;
/* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */
- if (strchr(query, '=')) {
+ if (strchr(query, '='))
return NULL;
- }
str = bozostrdup(httpd, request, query);
@@ -289,7 +288,7 @@ parse_search_string(bozo_httpreq_t *requ
/* search-word MUST have at least one schar */
if (*s == '\0')
goto parse_err;
- while(*s) {
+ while (*s) {
/* check if it's unreserved */
if (isalpha((int)*s) || isdigit((int)*s) ||
strchr(UNRESERVED_CHAR, *s)) {
@@ -348,7 +347,7 @@ bozo_cgi_setbin(bozohttpd_t *httpd, cons
{
httpd->cgibin = bozostrdup(httpd, NULL, path);
debug((httpd, DEBUG_OBESE, "cgibin (cgi-bin directory) is %s",
- httpd->cgibin));
+ httpd->cgibin));
}
/* help build up the environ pointer */
@@ -381,6 +380,7 @@ bozo_process_cgi(bozo_httpreq_t *request
const char *type, *clen, *info, *cgihandler;
char *query, *s, *t, *path, *env, *command, *file, *url;
char **envp, **curenvp, **argv, **search_string_argv = NULL;
+ char **lastenvp;
char *uri;
size_t i, len, search_string_argc = 0;
ssize_t rbytes;
@@ -415,7 +415,7 @@ bozo_process_cgi(bozo_httpreq_t *request
file,
query ? "?" : "",
query ? query : "");
- debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: url `%s'", url));
+ debug((httpd, DEBUG_NORMAL, "%s: url `%s'", __func__, url));
path = NULL;
envp = NULL;
@@ -433,17 +433,17 @@ bozo_process_cgi(bozo_httpreq_t *request
cgihandler = content_cgihandler(httpd, request, file + 1);
if (cgihandler == NULL) {
debug((httpd, DEBUG_FAT,
- "bozo_process_cgi: no handler, returning"));
+ "%s: no handler, returning", __func__));
goto out;
}
if (len == 0 || file[len - 1] == '/')
append_index_html(httpd, &file);
- debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: cgihandler `%s'",
- cgihandler));
+ debug((httpd, DEBUG_NORMAL, "%s: cgihandler `%s'",
+ __func__, cgihandler));
} else if (len - 1 == CGIBIN_PREFIX_LEN) /* url is "/cgi-bin/" */
append_index_html(httpd, &file);
- /* RFC3875 sect. 4.4. - search-string support */
+ /* RFC3875 sect. 4.4. - search-string support */
if (query != NULL) {
search_string_argv = parse_search_string(request, query,
&search_string_argc);
@@ -498,8 +498,8 @@ bozo_process_cgi(bozo_httpreq_t *request
(request->hr_serverport && *request->hr_serverport ? 1 : 0);
debug((httpd, DEBUG_FAT,
- "bozo_process_cgi: path `%s', cmd `%s', info `%s', "
- "query `%s', nph `%d', envpsize `%d'",
+ "%s: path `%s', cmd `%s', info `%s', "
+ "query `%s', nph `%d', envpsize `%d'", __func__,
path, command, strornull(info),
strornull(query), nph, envpsize));
@@ -507,6 +507,7 @@ bozo_process_cgi(bozo_httpreq_t *request
for (ix = 0; ix < envpsize; ix++)
envp[ix] = NULL;
curenvp = envp;
+ lastenvp = envp + envpsize;
SIMPLEQ_FOREACH(headp, &request->hr_headers, h_next) {
const char *s2;
@@ -517,8 +518,8 @@ bozo_process_cgi(bozo_httpreq_t *request
strcpy(t, "HTTP_");
t += strlen(t);
for (s2 = headp->h_header; *s2; t++, s2++)
- if (islower((u_int)*s2))
- *t = toupper((u_int)*s2);
+ if (islower((unsigned)*s2))
+ *t = toupper((unsigned)*s2);
else if (*s2 == '-')
*t = '_';
else
@@ -575,11 +576,11 @@ bozo_process_cgi(bozo_httpreq_t *request
bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++);
bozo_auth_cgi_setenv(request, &curenvp);
- debug((httpd, DEBUG_FAT, "bozo_process_cgi: going exec %s with args:",
+ debug((httpd, DEBUG_FAT, "%s: going exec %s with args:", __func__,
path));
for (i = 0; argv[i] != NULL; i++) {
- debug((httpd, DEBUG_FAT, "bozo_process_cgi: argv[%zu] = `%s'",
+ debug((httpd, DEBUG_FAT, "%s: argv[%zu] = `%s'", __func__,
i, argv[i]));
}
@@ -588,6 +589,7 @@ bozo_process_cgi(bozo_httpreq_t *request
strerror(errno));
*curenvp = 0;
+ assert(lastenvp > curenvp);
/*
* We create 2 procs: one to become the CGI, one read from
Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.10.2.2.2.2 src/libexec/httpd/content-bozo.c:1.10.2.2.2.3
--- src/libexec/httpd/content-bozo.c:1.10.2.2.2.2 Fri Dec 23 07:47:40 2016
+++ src/libexec/httpd/content-bozo.c Sat Nov 24 17:23:47 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: content-bozo.c,v 1.10.2.2.2.2 2016/12/23 07:47:40 snj Exp $ */
+/* $NetBSD: content-bozo.c,v 1.10.2.2.2.3 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2015 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -181,6 +181,7 @@ static bozo_content_map_t static_content
static bozo_content_map_t *
search_map(bozo_content_map_t *map, const char *name, size_t len)
{
+
for ( ; map && map->name; map++) {
const size_t namelen = strlen(map->name);
@@ -194,21 +195,17 @@ search_map(bozo_content_map_t *map, cons
/* match a suffix on a file - dynamiconly means no static content search */
bozo_content_map_t *
bozo_match_content_map(bozohttpd_t *httpd, const char *name,
- const int dynamiconly)
+ const int dynamiconly)
{
bozo_content_map_t *map;
size_t len;
len = strlen(name);
- if ((map = search_map(httpd->dynamic_content_map, name, len)) != NULL) {
- return map;
- }
- if (!dynamiconly) {
- if ((map = search_map(static_content_map, name, len)) != NULL) {
- return map;
- }
- }
- return NULL;
+ map = search_map(httpd->dynamic_content_map, name, len);
+ if (map == NULL && !dynamiconly)
+ map = search_map(static_content_map, name, len);
+
+ return map;
}
/*
Index: src/libexec/httpd/daemon-bozo.c
diff -u src/libexec/httpd/daemon-bozo.c:1.16.6.1 src/libexec/httpd/daemon-bozo.c:1.16.6.2
--- src/libexec/httpd/daemon-bozo.c:1.16.6.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/daemon-bozo.c Sat Nov 24 17:23:47 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: daemon-bozo.c,v 1.16.6.1 2016/04/15 18:55:49 snj Exp $ */
+/* $NetBSD: daemon-bozo.c,v 1.16.6.2 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: daemon-bozo.c,v 1.24 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -70,8 +70,9 @@ static pid_t pidfile_pid = 0;
static void
sigchild(int signo)
{
- while (waitpid(-1, NULL, WNOHANG) > 0) {
- }
+
+ while (waitpid(-1, NULL, WNOHANG) > 0)
+ /* nothing */;
}
/* Signal handler to exit in a controlled manner. This ensures that
Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.19.4.1.2.1 src/libexec/httpd/dir-index-bozo.c:1.19.4.1.2.2
--- src/libexec/httpd/dir-index-bozo.c:1.19.4.1.2.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/dir-index-bozo.c Sat Nov 24 17:23:47 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: dir-index-bozo.c,v 1.19.4.1.2.1 2016/04/15 18:55:49 snj Exp $ */
+/* $NetBSD: dir-index-bozo.c,v 1.19.4.1.2.2 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -80,17 +80,16 @@ bozo_dir_index(bozo_httpreq_t *request,
file[strlen(file) - strlen(httpd->index_html)] = '\0';
dirpath = file;
}
- debug((httpd, DEBUG_FAT, "bozo_dir_index: dirpath ``%s''", dirpath));
+ debug((httpd, DEBUG_FAT, "bozo_dir_index: dirpath '%s'", dirpath));
if (stat(dirpath, &sb) < 0 ||
(dp = opendir(dirpath)) == NULL) {
if (errno == EPERM)
- (void)bozo_http_error(httpd, 403, request,
- "no permission to open directory");
+ bozo_http_error(httpd, 403, request,
+ "no permission to open directory");
else if (errno == ENOENT)
- (void)bozo_http_error(httpd, 404, request, "no file");
+ bozo_http_error(httpd, 404, request, "no file");
else
- (void)bozo_http_error(httpd, 500, request,
- "open directory");
+ bozo_http_error(httpd, 500, request, "open directory");
goto done;
/* NOTREACHED */
}
@@ -157,7 +156,7 @@ bozo_dir_index(bozo_httpreq_t *request,
if (strcmp(name, "..") == 0) {
bozo_printf(httpd, "<a href=\"../\">");
l += bozo_printf(httpd, "Parent Directory");
- } else if (S_ISDIR(sb.st_mode)) {
+ } else if (!nostat && S_ISDIR(sb.st_mode)) {
bozo_printf(httpd, "<a href=\"%s/\">", urlname);
l += bozo_printf(httpd, "%s/", htmlname);
} else if (strchr(name, ':') != NULL) {
@@ -185,6 +184,10 @@ bozo_dir_index(bozo_httpreq_t *request,
if (nostat)
bozo_printf(httpd, "? ?");
else {
+ unsigned long long len;
+
+ len = ((unsigned long long)sb.st_size + 1023) / 1024;
+
tm = gmtime(&sb.st_mtime);
strftime(buf, sizeof buf, "%d-%b-%Y %R", tm);
l += bozo_printf(httpd, "%s", buf);
@@ -199,8 +202,7 @@ bozo_dir_index(bozo_httpreq_t *request,
spacebuf[i] = '\0';
bozo_printf(httpd, "%s", spacebuf);
- bozo_printf(httpd, "%12llukB",
- (unsigned long long)sb.st_size >> 10);
+ bozo_printf(httpd, "%12llukB", len);
}
bozo_printf(httpd, "\r\n");
}
Index: src/libexec/httpd/lua-bozo.c
diff -u src/libexec/httpd/lua-bozo.c:1.10.2.1.2.1 src/libexec/httpd/lua-bozo.c:1.10.2.1.2.2
--- src/libexec/httpd/lua-bozo.c:1.10.2.1.2.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/lua-bozo.c Sat Nov 24 17:23:47 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: lua-bozo.c,v 1.10.2.1.2.1 2016/04/15 18:55:49 snj Exp $ */
+/* $NetBSD: lua-bozo.c,v 1.10.2.1.2.2 2018/11/24 17:23:47 martin Exp $ */
/*
* Copyright (c) 2013 Marc Balmer <[email protected]>
@@ -51,8 +51,8 @@
#define FORM "application/x-www-form-urlencoded"
-static int
-lua_flush(lua_State *L)
+static bozohttpd_t *
+httpd_instance(lua_State *L)
{
bozohttpd_t *httpd;
@@ -61,6 +61,14 @@ lua_flush(lua_State *L)
httpd = lua_touserdata(L, -1);
lua_pop(L, 1);
+ return httpd;
+}
+
+static int
+lua_flush(lua_State *L)
+{
+ bozohttpd_t *httpd = httpd_instance(L);
+
bozo_flush(httpd, stdout);
return 0;
}
@@ -68,63 +76,57 @@ lua_flush(lua_State *L)
static int
lua_print(lua_State *L)
{
- bozohttpd_t *httpd;
-
- lua_pushstring(L, "bozohttpd");
- lua_gettable(L, LUA_REGISTRYINDEX);
- httpd = lua_touserdata(L, -1);
- lua_pop(L, 1);
+ bozohttpd_t *httpd = httpd_instance(L);
- bozo_printf(httpd, "%s\r\n", lua_tostring(L, -1));
+ bozo_printf(httpd, "%s\r\n", lua_tostring(L, 1));
return 0;
}
static int
lua_read(lua_State *L)
{
- bozohttpd_t *httpd;
- int n, len;
+ bozohttpd_t *httpd = httpd_instance(L);
+ luaL_Buffer lbuf;
char *data;
+ lua_Integer len;
+ ssize_t n;
- lua_pushstring(L, "bozohttpd");
- lua_gettable(L, LUA_REGISTRYINDEX);
- httpd = lua_touserdata(L, -1);
- lua_pop(L, 1);
+ len = luaL_checkinteger(L, 1);
+ data = luaL_buffinitsize(L, &lbuf, (size_t)len);
- len = luaL_checkinteger(L, -1);
- data = bozomalloc(httpd, len + 1);
- n = bozo_read(httpd, STDIN_FILENO, data, len);
- if (n >= 0) {
- data[n] = '\0';
- lua_pushstring(L, data);
- } else
+ if ((n = bozo_read(httpd, STDIN_FILENO, data, len)) >= 0) {
+ luaL_pushresultsize(&lbuf, n);
+ return 1;
+ } else {
lua_pushnil(L);
- free(data);
- return 1;
+ lua_pushstring(L, "bozo_read() call failed");
+ return 2;
+ }
}
static int
lua_register_handler(lua_State *L)
{
+ bozohttpd_t *httpd = httpd_instance(L);
lua_state_map_t *map;
lua_handler_t *handler;
- bozohttpd_t *httpd;
+ const char *name;
+ int ref;
lua_pushstring(L, "lua_state_map");
lua_gettable(L, LUA_REGISTRYINDEX);
map = lua_touserdata(L, -1);
- lua_pushstring(L, "bozohttpd");
- lua_gettable(L, LUA_REGISTRYINDEX);
- httpd = lua_touserdata(L, -1);
- lua_pop(L, 2);
+ lua_pop(L, 1);
+
+ name = luaL_checkstring(L, 1);
- luaL_checkstring(L, 1);
luaL_checktype(L, 2, LUA_TFUNCTION);
+ lua_pushvalue(L, 2);
+ ref = luaL_ref(L, LUA_REGISTRYINDEX);
handler = bozomalloc(httpd, sizeof(lua_handler_t));
-
- handler->name = bozostrdup(httpd, NULL, lua_tostring(L, 1));
- handler->ref = luaL_ref(L, LUA_REGISTRYINDEX);
+ handler->name = bozostrdup(httpd, NULL, name);
+ handler->ref = ref;
SIMPLEQ_INSERT_TAIL(&map->handlers, handler, h_next);
httpd->process_lua = 1;
return 0;
@@ -133,23 +135,26 @@ lua_register_handler(lua_State *L)
static int
lua_write(lua_State *L)
{
- bozohttpd_t *httpd;
+ bozohttpd_t *httpd = httpd_instance(L);
const char *data;
+ size_t len;
+ ssize_t n;
- lua_pushstring(L, "bozohttpd");
- lua_gettable(L, LUA_REGISTRYINDEX);
- httpd = lua_touserdata(L, -1);
- lua_pop(L, 1);
-
- data = luaL_checkstring(L, -1);
- lua_pushinteger(L, bozo_write(httpd, STDIN_FILENO, data, strlen(data)));
- return 1;
+ data = luaL_checklstring(L, 1, &len);
+ if ((n = bozo_write(httpd, STDIN_FILENO, data, len)) >= 0) {
+ lua_pushinteger(L, n);
+ return 1;
+ } else {
+ lua_pushnil(L);
+ lua_pushstring(L, "bozo_write() call failed");
+ return 2;
+ }
}
static int
luaopen_httpd(lua_State *L)
{
- struct luaL_Reg functions[] = {
+ static struct luaL_Reg functions[] = {
{ "flush", lua_flush },
{ "print", lua_print },
{ "read", lua_read },
Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.8.4.2 src/libexec/httpd/main.c:1.8.4.3
--- src/libexec/httpd/main.c:1.8.4.2 Fri Dec 23 07:47:40 2016
+++ src/libexec/httpd/main.c Sat Nov 24 17:23:47 2018
@@ -1,10 +1,10 @@
-/* $NetBSD: main.c,v 1.8.4.2 2016/12/23 07:47:40 snj Exp $ */
+/* $NetBSD: main.c,v 1.8.4.3 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */
/* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */
/*
- * Copyright (c) 1997-2016 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -61,65 +61,75 @@ usage(bozohttpd_t *httpd, char *progname
bozowarn(httpd, "usage: %s [options] slashdir [virtualhostname]",
progname);
bozowarn(httpd, "options:");
-#ifndef NO_DEBUG
- bozowarn(httpd, " -d\t\t\tenable debug support");
-#endif
- bozowarn(httpd, " -s\t\t\talways log to stderr");
-#ifndef NO_DYNAMIC_CONTENT
- bozowarn(httpd, " -M arg t c c11\tadd this mime extenstion");
-#endif
-#ifndef NO_USER_SUPPORT
- bozowarn(httpd, " -u\t\t\tenable ~user/public_html support");
- bozowarn(httpd, " -p dir\t\tchange `public_html' directory name");
-#ifndef NO_CGIBIN_SUPPORT
- bozowarn(httpd, " -E\t\t\tenable CGI support for user dirs");
-#endif
-#endif
-#ifndef NO_CGIBIN_SUPPORT
-#ifndef NO_DYNAMIC_CONTENT
- bozowarn(httpd, " -C arg prog\t\tadd this CGI handler");
-#endif
- bozowarn(httpd,
- " -c cgibin\t\tenable cgi-bin support in this directory");
-#endif
-#ifndef NO_LUA_SUPPORT
- bozowarn(httpd, " -L arg script\tadd this Lua script");
-#endif
- bozowarn(httpd, " -I port\t\tbind or use on this port");
-#ifndef NO_DAEMON_MODE
- bozowarn(httpd, " -b\t\t\tbackground and go into daemon mode");
- bozowarn(httpd, " -f\t\t\tkeep daemon mode in the foreground");
- bozowarn(httpd,
- " -i address\t\tbind on this address (daemon mode only)");
- bozowarn(httpd, " -P pidfile\t\tpath to the pid file to create");
-#endif
- bozowarn(httpd, " -S version\t\tset server version string");
- bozowarn(httpd, " -t dir\t\tchroot to `dir'");
- bozowarn(httpd, " -U username\t\tchange user to `user'");
- bozowarn(httpd,
- " -e\t\t\tdon't clean the environment (-t and -U only)");
- bozowarn(httpd,
- " -v virtualroot\tenable virtual host support "
- "in this directory");
- bozowarn(httpd, " -V\t\tUnknown virtual hosts go to `slashdir'");
-#ifndef NO_DIRINDEX_SUPPORT
- bozowarn(httpd,
- " -X\t\t\tenable automatic directory index support");
- bozowarn(httpd,
- " -H\t\t\thide files starting with a period (.)"
- " in index mode");
-#endif
- bozowarn(httpd,
- " -x index\t\tchange default `index.html' file name");
-#ifndef NO_SSL_SUPPORT
- bozowarn(httpd,
- " -z ciphers\t\tspecify SSL ciphers");
- bozowarn(httpd,
- " -Z cert privkey\tspecify path to server certificate"
- " and private key file\n"
- "\t\t\tin pem format and enable bozohttpd in SSL mode");
-#endif /* NO_SSL_SUPPORT */
- bozowarn(httpd, " -G print version number and exit");
+
+ if (have_daemon_mode)
+ bozowarn(httpd, " -b\t\t\tbackground and go into daemon mode");
+ if (have_cgibin &&
+ have_dynamic_content)
+ bozowarn(httpd, " -C arg prog\t\tadd this CGI handler");
+ if (have_cgibin)
+ bozowarn(httpd, " -c cgibin\t\tenable cgi-bin support in "
+ "this directory");
+ if (have_debug)
+ bozowarn(httpd, " -d\t\t\tenable debug support");
+ if (have_cgibin)
+ bozowarn(httpd, " -E\t\t\tenable CGI support for user dirs");
+ if (have_user &&
+ have_cgibin)
+ bozowarn(httpd, " -e\t\t\tdon't clean the environment "
+ "(-t and -U only)");
+ if (have_daemon_mode)
+ bozowarn(httpd, " -f\t\t\tforeground in daemon mode");
+ if (have_all)
+ bozowarn(httpd, " -G print version number and exit");
+ if (have_dirindex)
+ bozowarn(httpd, " -H\t\t\thide files starting with a period "
+ "(.) in index mode");
+ if (have_all)
+ bozowarn(httpd, " -I port\t\tbind or use on this port");
+ if (have_daemon_mode)
+ bozowarn(httpd, " -i address\t\tbind on this address "
+ "(daemon mode only)");
+ if (have_lua)
+ bozowarn(httpd, " -L arg script\tadd this Lua script");
+ if (have_dynamic_content)
+ bozowarn(httpd, " -M arg t c c11\tadd this mime extenstion");
+ if (have_daemon_mode)
+ bozowarn(httpd, " -P pidfile\t\tpid file path");
+ if (have_user)
+ bozowarn(httpd, " -p dir\t\t\"public_html\" directory name");
+
+ if (have_all) {
+ bozowarn(httpd, " -S version\t\tset server version string");
+ bozowarn(httpd, " -s\t\t\talways log to stderr");
+ bozowarn(httpd, " -T type timeout\tset `type' timeout");
+ bozowarn(httpd, " -t dir\t\tchroot to `dir'");
+ bozowarn(httpd, " -U username\t\tchange user to `user'");
+ }
+ if (have_user)
+ bozowarn(httpd, " -u\t\t\tenable ~user/public_html support");
+
+ if (have_all) {
+ bozowarn(httpd, " -V\t\t\tUnknown virtual hosts go to "
+ "`slashdir'");
+ bozowarn(httpd, " -v virtualroot\tenable virtual host "
+ "support in this directory");
+ }
+
+ if (have_dirindex)
+ bozowarn(httpd, " -X\t\t\tdirectory index support");
+ if (have_all)
+ bozowarn(httpd, " -x index\t\tdefault \"index.html\" "
+ "file name");
+
+ if (have_ssl) {
+ bozowarn(httpd, " -Z cert privkey\tspecify path to server "
+ "certificate and private key file\n"
+ "\t\t\tin pem format and enable bozohttpd in "
+ "SSL mode");
+ bozowarn(httpd, " -z ciphers\t\tspecify SSL ciphers");
+ }
+
bozoerr(httpd, 1, "%s failed to start", progname);
}
@@ -150,217 +160,219 @@ main(int argc, char **argv)
*/
while ((c = getopt(argc, argv,
- "C:EGHI:L:M:P:S:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
+ "C:EGHI:L:M:P:S:T:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
switch (c) {
- case 'L':
-#ifdef NO_LUA_SUPPORT
- bozoerr(&httpd, 1,
- "Lua support is not enabled");
- /* NOTREACHED */
-#else
- /* make sure there's two argument */
- if (argc - optind < 1)
- usage(&httpd, progname);
- bozo_add_lua_map(&httpd, optarg, argv[optind]);
- optind++;
- break;
-#endif /* NO_LUA_SUPPORT */
- case 'M':
-#ifdef NO_DYNAMIC_CONTENT
- bozoerr(&httpd, 1,
- "dynamic mime content support is not enabled");
- /* NOTREACHED */
-#else
- /* make sure there's four arguments */
- if (argc - optind < 3)
- usage(&httpd, progname);
- bozo_add_content_map_mime(&httpd, optarg, argv[optind],
- argv[optind+1], argv[optind+2]);
- optind += 3;
- break;
-#endif /* NO_DYNAMIC_CONTENT */
+ case 'b':
+ if (!have_daemon_mode)
+ no_daemon_mode:
+ bozoerr(&httpd, 1, "Daemon mode not enabled");
- case 'n':
- bozo_set_pref(&httpd, &prefs, "numeric", "true");
+ /*
+ * test suite support - undocumented
+ * background == 2 (aka, -b -b) means to
+ * only process 1 per kid
+ */
+ val = bozo_get_pref(&prefs, "background") == NULL ?
+ "1" : "2";
+ bozo_set_pref(&httpd, &prefs, "background", val);
break;
- case 's':
- bozo_set_pref(&httpd, &prefs, "log to stderr", "true");
- break;
+ case 'c':
+ if (!have_cgibin)
+ bozoerr(&httpd, 1, "CGI not enabled");
- case 'S':
- bozo_set_pref(&httpd, &prefs, "server software",
- optarg);
+ bozo_cgi_setbin(&httpd, optarg);
break;
- case 'Z':
-#ifdef NO_SSL_SUPPORT
- bozoerr(&httpd, 1, "ssl support is not enabled");
- /* NOT REACHED */
-#else
+
+ case 'C':
+ if (!have_dynamic_content && !have_cgibin)
+ bozoerr(&httpd, 1,
+ "dynamic CGI handler support not enabled");
+
/* make sure there's two arguments */
if (argc - optind < 1)
usage(&httpd, progname);
- bozo_ssl_set_opts(&httpd, optarg, argv[optind++]);
+ bozo_add_content_map_cgi(&httpd, optarg,
+ argv[optind++]);
break;
-#endif /* NO_SSL_SUPPORT */
- case 'z':
-#ifdef NO_SSL_SUPPORT
- bozoerr(&httpd, 1, "ssl support is not enabled");
- /* NOT REACHED */
-#else
- bozo_ssl_set_ciphers(&httpd, optarg);
+ case 'd':
+ if (!have_debug)
+ bozowarn(&httpd, "Debugging not enabled");
+ httpd.debug++;
break;
-#endif /* NO_SSL_SUPPORT */
- case 'U':
- bozo_set_pref(&httpd, &prefs, "username", optarg);
+ case 'E':
+ if (have_user &&
+ have_cgibin)
+ bozoerr(&httpd, 1, "CGI not enabled");
+
+ bozo_set_pref(&httpd, &prefs, "enable user cgibin",
+ "true");
break;
- case 'V':
- bozo_set_pref(&httpd, &prefs, "unknown slash", "true");
+ case 'e':
+ if (!have_daemon_mode)
+ goto no_daemon_mode;
+
+ bozo_set_pref(&httpd, &prefs, "dirty environment",
+ "true");
break;
- case 'v':
- bozo_set_pref(&httpd, &prefs, "virtual base", optarg);
+ case 'f':
+ if (!have_daemon_mode)
+ goto no_daemon_mode;
+
+ bozo_set_pref(&httpd, &prefs, "foreground", "true");
break;
- case 'x':
- bozo_set_pref(&httpd, &prefs, "index.html", optarg);
+ case 'G':
+ {
+ char version[128];
+
+ bozo_get_version(version, sizeof(version));
+ printf("bozohttpd version %s\n", version);
+ }
+ return 0;
+
+ case 'H':
+ if (!have_dirindex)
+ no_dirindex_support:
+ bozoerr(&httpd, 1,
+ "directory indexing not enabled");
+
+ bozo_set_pref(&httpd, &prefs, "hide dots", "true");
break;
case 'I':
bozo_set_pref(&httpd, &prefs, "port number", optarg);
break;
-#ifdef NO_DAEMON_MODE
- case 'b':
- case 'e':
- case 'f':
case 'i':
- case 'P':
- bozoerr(&httpd, 1, "Daemon mode is not enabled");
- /* NOTREACHED */
-#else
- case 'b':
- /*
- * test suite support - undocumented
- * background == 2 (aka, -b -b) means to
- * only process 1 per kid
- */
- val = bozo_get_pref(&prefs, "background") == NULL ?
- "1" : "2";
- bozo_set_pref(&httpd, &prefs, "background", val);
+ if (!have_daemon_mode)
+ goto no_daemon_mode;
+
+ bozo_set_pref(&httpd, &prefs, "bind address", optarg);
break;
- case 'e':
- bozo_set_pref(&httpd, &prefs, "dirty environment",
- "true");
+ case 'L':
+ if (!have_lua)
+ bozoerr(&httpd, 1, "Lua support not enabled");
+
+ /* make sure there's two argument */
+ if (argc - optind < 1)
+ usage(&httpd, progname);
+ bozo_add_lua_map(&httpd, optarg, argv[optind]);
+ optind++;
break;
- case 'f':
- bozo_set_pref(&httpd, &prefs, "foreground", "true");
+ case 'M':
+ if (!have_dynamic_content)
+ bozoerr(&httpd, 1,
+ "dynamic mime content support not enabled");
+
+ /* make sure there're four arguments */
+ if (argc - optind < 3)
+ usage(&httpd, progname);
+ bozo_add_content_map_mime(&httpd, optarg, argv[optind],
+ argv[optind+1], argv[optind+2]);
+ optind += 3;
break;
- case 'i':
- bozo_set_pref(&httpd, &prefs, "bind address", optarg);
+ case 'n':
+ bozo_set_pref(&httpd, &prefs, "numeric", "true");
break;
case 'P':
+ if (!have_daemon_mode)
+ goto no_daemon_mode;
+
bozo_set_pref(&httpd, &prefs, "pid file", optarg);
break;
-#endif /* NO_DAEMON_MODE */
-#ifdef NO_CGIBIN_SUPPORT
- case 'c':
- case 'C':
- bozoerr(&httpd, 1, "CGI is not enabled");
- /* NOTREACHED */
-#else
- case 'c':
- bozo_cgi_setbin(&httpd, optarg);
+ case 'p':
+ if (!have_user)
+ no_user_support:
+ bozoerr(&httpd, 1, "User support not enabled");
+
+ bozo_set_pref(&httpd, &prefs, "public_html", optarg);
break;
- case 'C':
-# ifdef NO_DYNAMIC_CONTENT
- bozoerr(&httpd, 1,
- "dynamic CGI handler support is not enabled");
- /* NOTREACHED */
-# else
- /* make sure there's two arguments */
- if (argc - optind < 1)
- usage(&httpd, progname);
- bozo_add_content_map_cgi(&httpd, optarg,
- argv[optind++]);
+ case 'S':
+ bozo_set_pref(&httpd, &prefs, "server software",
+ optarg);
break;
-# endif /* NO_DYNAMIC_CONTENT */
-#endif /* NO_CGIBIN_SUPPORT */
- case 'd':
- httpd.debug++;
-#ifdef NO_DEBUG
- if (httpd.debug == 1)
- bozowarn(&httpd, "Debugging is not enabled");
-#endif /* NO_DEBUG */
+ case 's':
+ bozo_set_pref(&httpd, &prefs, "log to stderr", "true");
+ break;
+
+ case 'T':
+ /* make sure there're two arguments */
+ if (argc - optind < 1)
+ usage(&httpd, progname);
+ if (bozo_set_timeout(&httpd, &prefs,
+ optarg, argv[optind])) {
+ bozoerr(&httpd, 1,
+ "invalid type '%s'", optarg);
+ /* NOTREACHED */
+ }
+ optind++;
break;
case 't':
bozo_set_pref(&httpd, &prefs, "chroot dir", optarg);
break;
-#ifdef NO_USER_SUPPORT
- case 'p':
- case 'u':
- case 'E':
- bozoerr(&httpd, 1, "User support is not enabled");
- /* NOTREACHED */
-#else
- case 'p':
- bozo_set_pref(&httpd, &prefs, "public_html", optarg);
+ case 'U':
+ bozo_set_pref(&httpd, &prefs, "username", optarg);
break;
case 'u':
+ if (!have_user)
+ goto no_user_support;
+
bozo_set_pref(&httpd, &prefs, "enable users", "true");
break;
-#ifndef NO_CGIBIN_SUPPORT
- case 'E':
- bozo_set_pref(&httpd, &prefs, "enable user cgibin",
+
+ bozo_set_pref(&httpd, &prefs, "directory indexing",
"true");
break;
-#else
- case 'E':
- bozoerr(&httpd, 1, "CGI is not enabled");
- /* NOTREACHED */
-#endif /* NO_CGIBIN_SPPORT */
-#endif /* NO_USER_SUPPORT */
-#ifdef NO_DIRINDEX_SUPPORT
- case 'H':
- case 'X':
- bozoerr(&httpd, 1,
- "directory indexing is not enabled");
- /* NOTREACHED */
-#else
- case 'H':
- bozo_set_pref(&httpd, &prefs, "hide dots", "true");
+ case 'V':
+ bozo_set_pref(&httpd, &prefs, "unknown slash", "true");
+ break;
+
+ case 'v':
+ bozo_set_pref(&httpd, &prefs, "virtual base", optarg);
break;
case 'X':
- bozo_set_pref(&httpd, &prefs, "directory indexing",
- "true");
+ if (!have_dirindex)
+ goto no_dirindex_support;
+
+ case 'x':
+ bozo_set_pref(&httpd, &prefs, "index.html", optarg);
break;
-#endif /* NO_DIRINDEX_SUPPORT */
+ case 'Z':
+ if (!have_ssl)
+ no_ssl:
+ bozoerr(&httpd, 1, "ssl support not enabled");
- case 'G':
- {
- char version[128];
+ /* make sure there's two arguments */
+ if (argc - optind < 1)
+ usage(&httpd, progname);
+ bozo_ssl_set_opts(&httpd, optarg, argv[optind++]);
+ break;
- bozo_get_version(version, sizeof(version));
- printf("bozohttpd version %s\n", version);
- }
- return 0;
+ case 'z':
+ if (!have_ssl)
+ goto no_ssl;
+
+ bozo_ssl_set_ciphers(&httpd, optarg);
+ break;
default:
usage(&httpd, progname);
Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.18.4.1 src/libexec/httpd/ssl-bozo.c:1.18.4.2
--- src/libexec/httpd/ssl-bozo.c:1.18.4.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/ssl-bozo.c Sat Nov 24 17:23:47 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: ssl-bozo.c,v 1.18.4.1 2016/04/15 18:55:49 snj Exp $ */
+/* $NetBSD: ssl-bozo.c,v 1.18.4.2 2018/11/24 17:23:47 martin Exp $ */
/* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -34,6 +34,7 @@
#include <stdarg.h>
#include <stdio.h>
+#include <string.h>
#include <syslog.h>
#include <unistd.h>
@@ -62,7 +63,7 @@
#ifndef BOZO_SSL_OPTIONS
#define BOZO_SSL_OPTIONS \
- (SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1)
+ ((long)(SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1))
#endif
/* this structure encapsulates the ssl info */
@@ -322,6 +323,10 @@ bozo_ssl_set_ciphers(bozohttpd_t *httpd,
#endif /* NO_SSL_SUPPORT */
+/*
+ * These functions are always present, so that caller code can simply
+ * use bozo_*() for IO, regardless of SSL.
+ */
int
bozo_printf(bozohttpd_t *httpd, const char *fmt, ...)
{
Index: src/libexec/httpd/tilde-luzah-bozo.c
diff -u src/libexec/httpd/tilde-luzah-bozo.c:1.10.6.1 src/libexec/httpd/tilde-luzah-bozo.c:1.10.6.2
--- src/libexec/httpd/tilde-luzah-bozo.c:1.10.6.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/tilde-luzah-bozo.c Sat Nov 24 17:23:48 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: tilde-luzah-bozo.c,v 1.10.6.1 2016/04/15 18:55:49 snj Exp $ */
+/* $NetBSD: tilde-luzah-bozo.c,v 1.10.6.2 2018/11/24 17:23:48 martin Exp $ */
/* $eterna: tilde-luzah-bozo.c,v 1.16 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -53,7 +53,7 @@
* ala transform_request().
*
* transform_request() is supposed to check that we have user support
- * enabled.
+ * enabled. returns 0 if handled/error, 1 if continue.
*/
int
bozo_user_transform(bozo_httpreq_t *request)
@@ -90,7 +90,7 @@ bozo_user_transform(bozo_httpreq_t *requ
if (pw == NULL) {
free(request->hr_user);
request->hr_user = NULL;
- (void)bozo_http_error(httpd, 404, request, "no such user");
+ bozo_http_error(httpd, 404, request, "no such user");
return 0;
}
@@ -101,15 +101,14 @@ bozo_user_transform(bozo_httpreq_t *requ
if (chdir(pw->pw_dir) < 0) {
bozowarn(httpd, "chdir1 error: %s: %s", pw->pw_dir,
strerror(errno));
- (void)bozo_http_error(httpd, 404, request,
- "can't chdir to homedir");
+ bozo_http_error(httpd, 404, request, "can't chdir to homedir");
return 0;
}
if (chdir(httpd->public_html) < 0) {
bozowarn(httpd, "chdir2 error: %s: %s", httpd->public_html,
strerror(errno));
- (void)bozo_http_error(httpd, 404, request,
- "can't chdir to public_html");
+ bozo_http_error(httpd, 404, request,
+ "can't chdir to public_html");
return 0;
}
if (s == NULL || *s == '\0') {
Index: src/libexec/httpd/libbozohttpd/Makefile
diff -u src/libexec/httpd/libbozohttpd/Makefile:1.2 src/libexec/httpd/libbozohttpd/Makefile:1.2.12.1
--- src/libexec/httpd/libbozohttpd/Makefile:1.2 Sun Feb 2 03:14:58 2014
+++ src/libexec/httpd/libbozohttpd/Makefile Sat Nov 24 17:23:48 2018
@@ -21,17 +21,7 @@ WARNS= 4
INCS= bozohttpd.h
INCSDIR= /usr/include
-.include <bsd.own.mk>
-
-.if ${MKCRYPTO} != "no"
-
LDADD+= -lssl -lcrypto
DPADD+= ${LIBSSL} ${LIBCRYPTO}
-.else
-
-COPTS+= -DNO_SSL_SUPPORT
-
-.endif
-
.include <bsd.lib.mk>
Index: src/libexec/httpd/lua/bozo.lua
diff -u src/libexec/httpd/lua/bozo.lua:1.1.1.1.32.1 src/libexec/httpd/lua/bozo.lua:1.1.1.1.32.2
--- src/libexec/httpd/lua/bozo.lua:1.1.1.1.32.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/lua/bozo.lua Sat Nov 24 17:23:48 2018
@@ -32,7 +32,7 @@
-- command line args
dofile "optparse.lua"
-opt = OptionParser{usage="%prog [options] root [vhost]", version="20091105"}
+opt = OptionParser{usage="%prog [options] root [vhost]", version="20180502"}
opt.add_option{"-C", "--cgimap", action="store", dest="cgimap", help="--cgimap 's t'"}
opt.add_option{"-E", "--enable-user-cgibin", action="store_true", dest="enableusercgibin", help="--enable-user-cgibin"}
@@ -75,22 +75,22 @@ prefs = bozohttpd.init_prefs()
-- parse command line args
options,args = opt.parse_args()
if options.portnum then
- bozohttpd.set_pref(prefs, "port number", options.portnum)
+ bozohttpd.set_pref(httpd, prefs, "port number", options.portnum)
end
if options.background then
- bozohttpd.set_pref(prefs, "background", options.background)
+ bozohttpd.set_pref(httpd, prefs, "background", options.background)
end
if options.numeric then
- bozohttpd.set_pref(prefs, "numeric", "true")
+ bozohttpd.set_pref(httpd, prefs, "numeric", "true")
end
if options.logstderr then
- bozohttpd.set_pref(prefs, "log to stderr", "true")
+ bozohttpd.set_pref(httpd, prefs, "log to stderr", "true")
end
if options.foreground then
- bozohttpd.set_pref(prefs, "foreground", "true")
+ bozohttpd.set_pref(httpd, prefs, "foreground", "true")
end
if options.trustedref then
- bozohttpd.set_pref(prefs, "trusted referal", "true")
+ bozohttpd.set_pref(httpd, prefs, "trusted referal", "true")
end
if options.dynmime then
suffix, type, s1, s2 = string.find(options.dynmime,
@@ -98,29 +98,29 @@ if options.dynmime then
bozohttpd.dynamic_mime(httpd, suffix, type, s1, s2)
end
if options.serversw then
- bozohttpd.set_pref(prefs, "server software", options.serversw)
+ bozohttpd.set_pref(httpd, prefs, "server software", options.serversw)
end
if options.ssl then
cert, priv = string.find(options.ssl, "(%S+)%s+(%S+)")
bozohttpd.dynamic_mime(httpd, cert, priv)
end
if options.username then
- bozohttpd.set_pref(prefs, "username", options.username)
+ bozohttpd.set_pref(httpd, prefs, "username", options.username)
end
if options.unknownslash then
- bozohttpd.set_pref(prefs, "unknown slash", "true")
+ bozohttpd.set_pref(httpd, prefs, "unknown slash", "true")
end
if options.virtbase then
- bozohttpd.set_pref(prefs, "virtual base", options.virtbase)
+ bozohttpd.set_pref(httpd, prefs, "virtual base", options.virtbase)
end
if options.indexhtml then
- bozohttpd.set_pref(prefs, "index.html", options.indexhtml)
+ bozohttpd.set_pref(httpd, prefs, "index.html", options.indexhtml)
end
if options.dirtyenv then
- bozohttpd.set_pref(prefs, "dirty environment", "true")
+ bozohttpd.set_pref(httpd, prefs, "dirty environment", "true")
end
if options.bindaddr then
- bozohttpd.set_pref(prefs, "bind address", options.bindaddr)
+ bozohttpd.set_pref(httpd, prefs, "bind address", options.bindaddr)
end
if options.cgibin then
bozohttpd.cgi_setbin(httpd, options.cgibin)
@@ -130,22 +130,22 @@ if options.cgimap then
bozohttpd.cgi_map(httpd, name, handler)
end
if options.public_html then
- bozohttpd.set_pref(prefs, "public_html", options.public_html)
+ bozohttpd.set_pref(httpd, prefs, "public_html", options.public_html)
end
if options.chroot then
- bozohttpd.set_pref(prefs, "chroot dir", options.chroot)
+ bozohttpd.set_pref(httpd, prefs, "chroot dir", options.chroot)
end
if options.enableusers then
- bozohttpd.set_pref(prefs, "enable users", "true")
+ bozohttpd.set_pref(httpd, prefs, "enable users", "true")
end
if options.hidedots then
- bozohttpd.set_pref(prefs, "hide dots", "true")
+ bozohttpd.set_pref(httpd, prefs, "hide dots", "true")
end
if options.enableusercgibin then
- bozohttpd.set_pref(prefs, "enable user cgibin", "true")
+ bozohttpd.set_pref(httpd, prefs, "enable user cgibin", "true")
end
if options.dirindex then
- bozohttpd.set_pref(prefs, "directory indexing", "true")
+ bozohttpd.set_pref(httpd, prefs, "directory indexing", "true")
end
if #args < 1 then
@@ -159,7 +159,7 @@ else
local numreps = options.background or 0
repeat
req = bozohttpd.read_request(httpd)
- bozohttpd.process_request(httpd, req)
+ bozohttpd.process_request(req)
bozohttpd.clean_request(req)
until numreps == 0
end
Index: src/libexec/httpd/lua/glue.c
diff -u src/libexec/httpd/lua/glue.c:1.1.1.1.32.1 src/libexec/httpd/lua/glue.c:1.1.1.1.32.2
--- src/libexec/httpd/lua/glue.c:1.1.1.1.32.1 Fri Apr 15 18:55:49 2016
+++ src/libexec/httpd/lua/glue.c Sat Nov 24 17:23:48 2018
@@ -48,24 +48,6 @@
int luaopen_bozohttpd(lua_State *);
-#if 0
-typedef struct strarg_t {
- const char *s; /* string */
- const int n; /* corresponding int value */
-} strarg_t;
-
-/* map a string onto an int */
-static int
-findtype(strarg_t *strs, const char *s)
-{
- strarg_t *sp;
-
- for (sp = strs ; sp->s && strcasecmp(sp->s, s) != 0 ; sp++) {
- }
- return sp->n;
-}
-#endif
-
/* init() */
static int
l_new(lua_State *L)
@@ -102,18 +84,20 @@ l_init_prefs(lua_State *L)
return 1;
}
-/* bozo_set_pref(prefs, name, value) */
+/* bozo_set_pref(httpd, prefs, name, value) */
static int
l_bozo_set_pref(lua_State *L)
{
+ bozohttpd_t *httpd;
bozoprefs_t *prefs;
const char *name;
const char *value;
- prefs = lua_touserdata(L, 1);
- name = luaL_checkstring(L, 2);
- value = luaL_checkstring(L, 3);
- lua_pushnumber(L, bozo_set_pref(prefs, name, value));
+ httpd = lua_touserdata(L, 1);
+ prefs = lua_touserdata(L, 2);
+ name = luaL_checkstring(L, 3);
+ value = luaL_checkstring(L, 4);
+ lua_pushnumber(L, bozo_set_pref(httpd, prefs, name, value));
return 1;
}
@@ -163,16 +147,17 @@ l_bozo_read_request(lua_State *L)
return 1;
}
-/* bozo_process_request(httpd, req) */
+/* bozo_process_request(req) */
static int
l_bozo_process_request(lua_State *L)
{
bozo_httpreq_t *req;
- bozohttpd_t *httpd;
- httpd = lua_touserdata(L, 1);
- req = lua_touserdata(L, 2);
- bozo_process_request(httpd, req);
+ req = lua_touserdata(L, 1);
+ if (req == NULL) {
+ return 0;
+ }
+ bozo_process_request(req);
lua_pushnumber(L, 1);
return 1;
}
@@ -184,6 +169,9 @@ l_bozo_clean_request(lua_State *L)
bozo_httpreq_t *req;
req = lua_touserdata(L, 1);
+ if (req == NULL) {
+ return 0;
+ }
bozo_clean_request(req);
lua_pushnumber(L, 1);
return 1;
@@ -250,7 +238,7 @@ l_bozo_cgi_map(lua_State *L)
return 1;
}
-const struct luaL_reg libluabozohttpd[] = {
+const struct luaL_Reg libluabozohttpd[] = {
{ "new", l_new },
{ "init_httpd", l_init_httpd },
{ "init_prefs", l_init_prefs },
@@ -273,6 +261,10 @@ const struct luaL_reg libluabozohttpd[]
int
luaopen_bozohttpd(lua_State *L)
{
- luaL_openlib(L, "bozohttpd", libluabozohttpd, 0);
+#if LUA_VERSION_NUM >= 502
+ luaL_newlib(L, libluabozohttpd);
+#else
+ luaL_register(L, "bozohttpd", libluabozohttpd);
+#endif
return 1;
}
Index: src/libexec/httpd/lua/optparse.lua
diff -u src/libexec/httpd/lua/optparse.lua:1.1.1.1 src/libexec/httpd/lua/optparse.lua:1.1.1.1.32.1
--- src/libexec/httpd/lua/optparse.lua:1.1.1.1 Mon May 10 03:30:04 2010
+++ src/libexec/httpd/lua/optparse.lua Sat Nov 24 17:23:48 2018
@@ -42,7 +42,7 @@ function OptionParser(t)
end
function o.parse_args()
-- expand options (e.g. "--input=file" -> "--input", "file")
- local arg = {unpack(arg)}
+ local arg = {table.unpack(arg)}
for i=#arg,1,-1 do local v = arg[i]
local flag, val = v:match('^(%-%-%w+)=(.*)')
if flag then
Index: src/libexec/httpd/testsuite/Makefile
diff -u src/libexec/httpd/testsuite/Makefile:1.4.26.3 src/libexec/httpd/testsuite/Makefile:1.4.26.4
--- src/libexec/httpd/testsuite/Makefile:1.4.26.3 Sun Feb 12 21:59:45 2017
+++ src/libexec/httpd/testsuite/Makefile Sat Nov 24 17:23:48 2018
@@ -1,6 +1,6 @@
# $eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $
-SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10
+SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15
CGITESTS= t11
BIGFILETESTS= partial4000 partial8000
@@ -9,6 +9,7 @@ BOZOHTTPD?= ../debug/bozohttpd-debug
WGET?= wget
DATA?= $(.CURDIR)/data
VERBOSE?= yes
+HOST?= test.eterna
.if ${VERBOSE} != "yes"
SILENT= @
@@ -27,17 +28,17 @@ check: check-simple check-cgi check-bigf
check-simple:
.for a in $(SIMPLETESTS)
- ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}"
+ ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" "${HOST}"
.endfor
check-cgi:
.for a in $(CGITESTS)
- ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" -c "${.CURDIR}/cgi-bin"
+ ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" "${HOST}" -c "${.CURDIR}/cgi-bin"
.endfor
check-bigfile:
.for a in $(BIGFILETESTS)
- ${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}"
+ ${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}" "${HOST}"
.endfor
.include <bsd.obj.mk>
Index: src/libexec/httpd/testsuite/html_cmp
diff -u src/libexec/httpd/testsuite/html_cmp:1.4.20.1 src/libexec/httpd/testsuite/html_cmp:1.4.20.2
--- src/libexec/httpd/testsuite/html_cmp:1.4.20.1 Sun Feb 12 21:59:45 2017
+++ src/libexec/httpd/testsuite/html_cmp Sat Nov 24 17:23:48 2018
@@ -22,6 +22,7 @@ h=`hostname || uname -n`
sedcmd="s/^Date: .*/Date: nowish/;
s/^Last-Modified: .*/Last-Modified: nowish/;
s/[a-zA-Z0-9-]*\.eterna\.com\.au/$h/g;
+ s/[a-zA-Z0-9-]*\.eterna23\.net/$h/g;
s/^Server: .*/^Server: bozotic HTTP server version 5.08/;
s/^Content-Length: .*/Content-Length: 223/;"
Index: src/libexec/httpd/testsuite/t3.out
diff -u src/libexec/httpd/testsuite/t3.out:1.3 src/libexec/httpd/testsuite/t3.out:1.3.26.1
--- src/libexec/httpd/testsuite/t3.out:1.3 Sat Apr 18 07:48:02 2009
+++ src/libexec/httpd/testsuite/t3.out Sat Nov 24 17:23:48 2018
@@ -7,5 +7,5 @@ Allow: GET, HEAD, POST
<html><head><title>400 Bad Request</title></head>
<body><h1>400 Bad Request</h1>
/: <pre>The request was not valid</pre>
-<hr><address><a href="http://madrugada.eterna.com.au/";>madrugada.eterna.com.au</a></address>
+<hr><address><a href="//madrugada.eterna.com.au/">madrugada.eterna.com.au</a></address>
</body></html>
Index: src/libexec/httpd/testsuite/t5.out
diff -u src/libexec/httpd/testsuite/t5.out:1.3 src/libexec/httpd/testsuite/t5.out:1.3.26.1
--- src/libexec/httpd/testsuite/t5.out:1.3 Sat Apr 18 07:48:02 2009
+++ src/libexec/httpd/testsuite/t5.out Sat Nov 24 17:23:48 2018
@@ -6,5 +6,5 @@ Server: bozohttpd/20030206
<html><head><title>403 Forbidden</title></head>
<body><h1>403 Forbidden</h1>
/cgi-bin/..M-@M-/..M-@M-/..M-@M-/..M-@M-/..M-@M-/../winnt/system32/cmd.exe: <pre>Access to this item has been denied</pre>
-<hr><address><a href="http://what-time-is-love.eterna.com.au/";>what-time-is-love.eterna.com.au</a></address>
+<hr><address><a href="//what-time-is-love.eterna.com.au/">what-time-is-love.eterna.com.au</a></address>
</body></html>
Index: src/libexec/httpd/testsuite/t6.out
diff -u src/libexec/httpd/testsuite/t6.out:1.3 src/libexec/httpd/testsuite/t6.out:1.3.26.1
--- src/libexec/httpd/testsuite/t6.out:1.3 Sat Apr 18 07:48:02 2009
+++ src/libexec/httpd/testsuite/t6.out Sat Nov 24 17:23:48 2018
@@ -6,5 +6,5 @@ Server: bozohttpd/5.15
<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found</h1>
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx: <pre>This item has not been found</pre>
-<hr><address><a href="http://splode.eterna.com.au/";>splode.eterna.com.au</a></address>
+<hr><address><a href="//splode.eterna.com.au/">splode.eterna.com.au</a></address>
</body></html>
Index: src/libexec/httpd/testsuite/test-bigfile
diff -u src/libexec/httpd/testsuite/test-bigfile:1.1.1.1.32.3 src/libexec/httpd/testsuite/test-bigfile:1.1.1.1.32.4
--- src/libexec/httpd/testsuite/test-bigfile:1.1.1.1.32.3 Sun Feb 12 21:59:45 2017
+++ src/libexec/httpd/testsuite/test-bigfile Sat Nov 24 17:23:48 2018
@@ -1,11 +1,12 @@
#! /bin/sh
-# $NetBSD: test-bigfile,v 1.1.1.1.32.3 2017/02/12 21:59:45 snj Exp $
+# $NetBSD: test-bigfile,v 1.1.1.1.32.4 2018/11/24 17:23:48 martin Exp $
-test="$1" # partial4000 or partial8000
-bozohttpd="$2"
-wget="$3"
-datadir="$4"
-verbose="$5"
+test="$1"; shift # partial4000 or partial8000
+bozohttpd="$1"; shift
+wget="$1"; shift
+datadir="$1"; shift
+verbose="$1"; shift
+host="$1"; shift
tmperr="tmp.$test.err"
@@ -21,7 +22,7 @@ bozotestport=11111
cp "${datadir}/bigfile.${test}" ./bigfile
# fire up bozohttpd
-${bozohttpd} -b -b -I ${bozotestport} -n -s -f "${datadir}" &
+${bozohttpd} -b -b -I ${bozotestport} -n -s -f "$@" "${datadir}" "${host}" &
bozopid=$!
"${wget}" -c http://localhost:${bozotestport}/bigfile
Index: src/libexec/httpd/testsuite/test-simple
diff -u src/libexec/httpd/testsuite/test-simple:1.2.6.3 src/libexec/httpd/testsuite/test-simple:1.2.6.4
--- src/libexec/httpd/testsuite/test-simple:1.2.6.3 Sun Feb 12 21:59:45 2017
+++ src/libexec/httpd/testsuite/test-simple Sat Nov 24 17:23:48 2018
@@ -1,11 +1,12 @@
#! /bin/sh
-# $NetBSD: test-simple,v 1.2.6.3 2017/02/12 21:59:45 snj Exp $
+# $NetBSD: test-simple,v 1.2.6.4 2018/11/24 17:23:48 martin Exp $
test="$1"; shift
bozohttpd="$1"; shift
datadir="$1"; shift
curdir="$1"; shift
verbose="$1"; shift
+host="$1"; shift
in="$curdir/$test.in"
out="$curdir/$test.out"
@@ -20,7 +21,7 @@ fi
bozotestport=11111
-${bozohttpd} "$@" "${datadir}" < "$in" > "$tmpout"
+${bozohttpd} "$@" "${datadir}" "${host}" < "$in" > "$tmpout"
if "$curdir/html_cmp" cmp "$out" "$tmpout"; then
exit 0
else
Added files:
Index: src/libexec/httpd/testsuite/t12.in
diff -u /dev/null src/libexec/httpd/testsuite/t12.in:1.1.10.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/t12.in Sat Nov 24 17:23:48 2018
@@ -0,0 +1,2 @@
+get /nic/update HTTP/1.1
+Host:
Index: src/libexec/httpd/testsuite/t12.out
diff -u /dev/null src/libexec/httpd/testsuite/t12.out:1.1.10.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/t12.out Sat Nov 24 17:23:48 2018
@@ -0,0 +1,11 @@
+HTTP/1.1 404 Not Found
+Content-Type: text/html
+Content-Length: 197
+Server: bozohttpd/20170201
+Allow: GET, HEAD, POST
+
+<html><head><title>404 Not Found</title></head>
+<body><h1>404 Not Found</h1>
+auth-dir/updipv4.pl: <pre>This item has not been found</pre>
+<hr><address><a href="// /"> </a></address>
+</body></html>
Index: src/libexec/httpd/testsuite/t13.in
diff -u /dev/null src/libexec/httpd/testsuite/t13.in:1.1.10.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/t13.in Sat Nov 24 17:23:48 2018
@@ -0,0 +1,2 @@
+get /update:all HTTP/1.1
+Host:
Index: src/libexec/httpd/testsuite/t13.out
diff -u /dev/null src/libexec/httpd/testsuite/t13.out:1.1.10.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/t13.out Sat Nov 24 17:23:48 2018
@@ -0,0 +1,11 @@
+HTTP/1.1 404 Not Found
+Content-Type: text/html
+Content-Length: 196
+Server: bozohttpd/20170201
+Allow: GET, HEAD, POST
+
+<html><head><title>404 Not Found</title></head>
+<body><h1>404 Not Found</h1>
+auth-dir/updall.pl: <pre>This item has not been found</pre>
+<hr><address><a href="// /"> </a></address>
+</body></html>
Index: src/libexec/httpd/testsuite/t14.in
diff -u /dev/null src/libexec/httpd/testsuite/t14.in:1.1.8.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/t14.in Sat Nov 24 17:23:48 2018
@@ -0,0 +1,194 @@
+GET / HTTP/1.1
+Host:
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
+LongHeader: abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd
Index: src/libexec/httpd/testsuite/t14.out
diff -u /dev/null src/libexec/httpd/testsuite/t14.out:1.1.8.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/t14.out Sat Nov 24 17:23:48 2018
@@ -0,0 +1,11 @@
+HTTP/1.1 413 Payload Too Large
+Content-Type: text/html
+Content-Length: 239
+Server: bozohttpd/20180824
+Allow: GET, HEAD, POST
+
+<html><head><title>413 Payload Too Large</title></head>
+<body><h1>413 Payload Too Large</h1>
+/: <pre>Use smaller requests</pre>
+<hr><address><a href="//space-bird.eterna23.net/">space-bird.eterna23.net</a></address>
+</body></html>
Index: src/libexec/httpd/testsuite/t15.in
diff -u /dev/null src/libexec/httpd/testsuite/t15.in:1.1.8.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/t15.in Sat Nov 24 17:23:48 2018
@@ -0,0 +1,4 @@
+GET / HTTP/1.1
+Host:
+Host:
+
Index: src/libexec/httpd/testsuite/t15.out
diff -u /dev/null src/libexec/httpd/testsuite/t15.out:1.1.8.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/t15.out Sat Nov 24 17:23:48 2018
@@ -0,0 +1,11 @@
+HTTP/1.1 400 Bad Request
+Content-Type: text/html
+Content-Length: 224
+Server: bozohttpd/20181118
+Allow: GET, HEAD, POST
+
+<html><head><title>400 Bad Request</title></head>
+<body><h1>400 Bad Request</h1>
+/: <pre>The request was not valid</pre>
+<hr><address><a href="//space-bird.eterna23.net/">space-bird.eterna23.net</a></address>
+</body></html>
Index: src/libexec/httpd/testsuite/data/.bzremap
diff -u /dev/null src/libexec/httpd/testsuite/data/.bzremap:1.1.10.2
--- /dev/null Sat Nov 24 17:23:48 2018
+++ src/libexec/httpd/testsuite/data/.bzremap Sat Nov 24 17:23:48 2018
@@ -0,0 +1,2 @@
+/nic/update:/auth-dir/updipv4.pl
+/update\:all:/auth-dir/updall.pl
