Module Name: src
Committed By: mrg
Date: Thu Feb 11 09:23:56 UTC 2021
Modified Files:
src/libexec/httpd: CHANGES bozohttpd.c bozohttpd.h cgi-bozo.c
src/libexec/httpd/testsuite: Makefile
Added Files:
src/libexec/httpd/testsuite: t16.in t16.out t17.in t17.out t18.in
t18.out
Log Message:
changes in bozohttpd 20210210:
o fix various NULL derefs from malformed headers. mostly from
<[email protected]>.
To generate a diff of this commit:
cvs rdiff -u -r1.44 -r1.45 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.124 -r1.125 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.65 -r1.66 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.51 -r1.52 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.13 -r1.14 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t16.in \
src/libexec/httpd/testsuite/t16.out src/libexec/httpd/testsuite/t17.in \
src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.in \
src/libexec/httpd/testsuite/t18.out
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.44 src/libexec/httpd/CHANGES:1.45
--- src/libexec/httpd/CHANGES:1.44 Thu Oct 15 04:21:53 2020
+++ src/libexec/httpd/CHANGES Thu Feb 11 09:23:55 2021
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $
+$NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $
+
+changes in bozohttpd 20210210:
+ o fix various NULL derefs from malformed headers. mostly from
+ <[email protected]>.
changes in bozohttpd 20201014:
o also set -D_GNU_SOURCE in Makefile.boot. from
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.124 src/libexec/httpd/bozohttpd.c:1.125
--- src/libexec/httpd/bozohttpd.c:1.124 Thu Nov 19 10:45:36 2020
+++ src/libexec/httpd/bozohttpd.c Thu Feb 11 09:23:55 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.124 2020/11/19 10:45:36 hannken Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.125 2021/02/11 09:23:55 mrg Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -108,7 +108,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20201014"
+#define SERVER_SOFTWARE "bozohttpd/20210210"
#endif
#ifndef PUBLIC_HTML
#define PUBLIC_HTML "public_html"
@@ -338,8 +338,9 @@ bozo_clean_request(bozo_httpreq_t *reque
free(request->hr_remoteaddr);
free(request->hr_serverport);
free(request->hr_virthostname);
- free(request->hr_file);
- free(request->hr_oldfile);
+ free(request->hr_file_free);
+ if (request->hr_file_free != request->hr_oldfile)
+ free(request->hr_oldfile);
free(request->hr_query);
free(request->hr_host);
bozo_user_free(request->hr_user);
@@ -619,6 +620,7 @@ bozo_read_request(bozohttpd_t *httpd)
request->hr_last_byte_pos = -1;
request->hr_if_modified_since = NULL;
request->hr_virthostname = NULL;
+ request->hr_file_free = NULL;
request->hr_file = NULL;
request->hr_oldfile = NULL;
SIMPLEQ_INIT(&request->hr_replheaders);
@@ -735,7 +737,7 @@ bozo_read_request(bozohttpd_t *httpd)
/* we allocate return space in file and query only */
parse_request(httpd, str, &method, &file, &query, &proto);
- request->hr_file = file;
+ request->hr_file_free = request->hr_file = file;
request->hr_query = query;
if (method == NULL) {
bozo_http_error(httpd, 404, NULL, "null method");
@@ -771,11 +773,17 @@ bozo_read_request(bozohttpd_t *httpd)
val = bozostrnsep(&str, ":", &len);
debug((httpd, DEBUG_EXPLODING, "read_req2: after "
- "bozostrnsep: str `%s' val `%s'", str, val ? val : ""));
+ "bozostrnsep: str `%s' val `%s'",
+ str ? str : "<null>", val ? val : "<null>"));
if (val == NULL || len == -1) {
bozo_http_error(httpd, 404, request, "no header");
goto cleanup;
}
+ if (str == NULL) {
+ bozo_http_error(httpd, 404, request,
+ "malformed header");
+ goto cleanup;
+ }
while (*str == ' ' || *str == '\t')
len--, str++;
while (*val == ' ' || *val == '\t')
@@ -1284,8 +1292,8 @@ check_remap(bozo_httpreq_t *request)
strcpy(newfile+rlen, file + len);
debug((httpd, DEBUG_NORMAL, "remapping found '%s'",
newfile));
- free(request->hr_file);
- request->hr_file = newfile;
+ free(request->hr_file_free);
+ request->hr_file_free = request->hr_file = newfile;
}
munmap(fmap, st.st_size);
@@ -1313,9 +1321,6 @@ check_virtual(bozo_httpreq_t *request)
debug((httpd, DEBUG_OBESE,
"checking for http:// virtual host in '%s'", file));
if (strncasecmp(file, "http://";, 7) == 0) {
- /* bozostrdup() might access it. */
- char *old_file = request->hr_file;
-
/* we would do virtual hosting here? */
file += 7;
/* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */
@@ -1324,8 +1329,9 @@ check_virtual(bozo_httpreq_t *request)
if ((s = strchr(request->hr_host, '/')) != NULL)
*s = '\0';
s = strchr(file, '/');
- request->hr_file = bozostrdup(httpd, request, s ? s : "/");
- free(old_file);
+ free(request->hr_file_free);
+ request->hr_file_free = request->hr_file =
+ bozostrdup(httpd, request, s ? s : "/");
debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'",
request->hr_host, request->hr_file));
} else if (!request->hr_host)
@@ -1710,7 +1716,7 @@ transform_request(bozo_httpreq_t *reques
goto bad_done;
if (strlen(newfile)) {
- request->hr_oldfile = request->hr_file;
+ request->hr_oldfile = request->hr_file_free;
request->hr_file = newfile;
}
@@ -2420,6 +2426,11 @@ bozodgetln(bozohttpd_t *httpd, int fd, s
return httpd->getln_buffer;
}
+/*
+ * allocation frontends with error handling.
+ *
+ * note that these may access members of the httpd and/or request.
+ */
void *
bozorealloc(bozohttpd_t *httpd, void *ptr, size_t size)
{
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.65 src/libexec/httpd/bozohttpd.h:1.66
--- src/libexec/httpd/bozohttpd.h:1.65 Thu Oct 15 04:21:53 2020
+++ src/libexec/httpd/bozohttpd.h Thu Feb 11 09:23:55 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.65 2020/10/15 04:21:53 mrg Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.66 2021/02/11 09:23:55 mrg Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
@@ -159,7 +159,8 @@ typedef struct bozo_httpreq_t {
const char *hr_methodstr;
char *hr_virthostname; /* server name (if not identical
to hr_httpd->virthostname) */
- char *hr_file;
+ char *hr_file_free; /* pointer to file buffer to free() */
+ char *hr_file; /* pointer into file buffer */
char *hr_oldfile; /* if we added an index_html */
char *hr_query;
char *hr_host; /* HTTP/1.1 Host: or virtual hostname,
Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.51 src/libexec/httpd/cgi-bozo.c:1.52
--- src/libexec/httpd/cgi-bozo.c:1.51 Thu Oct 15 04:21:53 2020
+++ src/libexec/httpd/cgi-bozo.c Thu Feb 11 09:23:55 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: cgi-bozo.c,v 1.51 2020/10/15 04:21:53 mrg Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.52 2021/02/11 09:23:55 mrg Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
@@ -610,10 +610,16 @@ bozo_process_cgi(bozo_httpreq_t *request
bozo_daemon_closefds(httpd);
if (-1 == execve(path, argv, envp)) {
+ int saveerrno = errno;
bozo_http_error(httpd, 404, request,
"Cannot execute CGI");
- bozoerr(httpd, 1, "child exec failed: %s: %s",
- path, strerror(errno));
+ /* don't log easy to trigger events */
+ if (saveerrno != ENOENT &&
+ saveerrno != EISDIR &&
+ saveerrno != EACCES)
+ bozoerr(httpd, 1, "child exec failed: %s: %s",
+ path, strerror(saveerrno));
+ _exit(1);
}
/* NOT REACHED */
bozoerr(httpd, 1, "child execve returned?!");
Index: src/libexec/httpd/testsuite/Makefile
diff -u src/libexec/httpd/testsuite/Makefile:1.13 src/libexec/httpd/testsuite/Makefile:1.14
--- src/libexec/httpd/testsuite/Makefile:1.13 Wed Mar 27 04:50:30 2019
+++ src/libexec/httpd/testsuite/Makefile Thu Feb 11 09:23:55 2021
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.13 2019/03/27 04:50:30 mrg Exp $
+# $NetBSD: Makefile,v 1.14 2021/02/11 09:23:55 mrg Exp $
# $eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $
-SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15
+SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15 t16 t17 t18
CGITESTS= t11
BIGFILETESTS= partial4000 partial8000
Added files:
Index: src/libexec/httpd/testsuite/t16.in
Binary files are different
Index: src/libexec/httpd/testsuite/t16.out
diff -u /dev/null src/libexec/httpd/testsuite/t16.out:1.1
--- /dev/null Thu Feb 11 09:23:56 2021
+++ src/libexec/httpd/testsuite/t16.out Thu Feb 11 09:23:55 2021
@@ -0,0 +1,11 @@
+HTTP/1.1 404 Not Found
+Content-Type: text/html
+Content-Length: 251
+Server: bozohttpd/20201014
+Allow: GET, HEAD, POST
+
+<html><head><title>404 Not Found</title></head>
+<body><h1>404 Not Found</h1>
+/: <pre>This item has not been found</pre>
+<hr><address><a href="//yesterday-when-i-was-mad.eterna23.net/">yesterday-when-i-was-mad.eterna23.net</a></address>
+</body></html>
Index: src/libexec/httpd/testsuite/t17.in
Binary files are different
Index: src/libexec/httpd/testsuite/t17.out
diff -u /dev/null src/libexec/httpd/testsuite/t17.out:1.1
--- /dev/null Thu Feb 11 09:23:56 2021
+++ src/libexec/httpd/testsuite/t17.out Thu Feb 11 09:23:55 2021
@@ -0,0 +1,2 @@
+HTTP/0.9 200 OK
+this is the bozohttpd testsuite ./data/index.html file
Index: src/libexec/httpd/testsuite/t18.in
Binary files are different
Index: src/libexec/httpd/testsuite/t18.out
diff -u /dev/null src/libexec/httpd/testsuite/t18.out:1.1
--- /dev/null Thu Feb 11 09:23:56 2021
+++ src/libexec/httpd/testsuite/t18.out Thu Feb 11 09:23:55 2021
@@ -0,0 +1,10 @@
+HTTP/0.9 403 Forbidden
+Content-Type: text/html
+Content-Length: 260
+Server: bozohttpd/20201014
+
+<html><head><title>403 Forbidden</title></head>
+<body><h1>403 Forbidden</h1>
+/..: <pre>Access to this item has been denied</pre>
+<hr><address><a href="//yesterday-when-i-was-mad.eterna23.net/">yesterday-when-i-was-mad.eterna23.net</a></address>
+</body></html>
