Module Name: src
Committed By: martin
Date: Sat Mar 27 13:38:52 UTC 2021
Modified Files:
src/libexec/httpd [netbsd-8]: CHANGES Makefile Makefile.boot
auth-bozo.c bozohttpd.8 bozohttpd.c bozohttpd.h cgi-bozo.c
content-bozo.c daemon-bozo.c dir-index-bozo.c main.c printenv.lua
ssl-bozo.c
src/libexec/httpd/libbozohttpd [netbsd-8]: Makefile libbozohttpd.3
src/libexec/httpd/small [netbsd-8]: Makefile
src/libexec/httpd/testsuite [netbsd-8]: Makefile
Added Files:
src/libexec/httpd/testsuite [netbsd-8]: t16.in t16.out t17.in t17.out
t18.in t18.out
Log Message:
Pull up the following via patch, requested by mrg in ticket #1668:
Makefile 1.30-1.31
Makefile.boot 1.7-1.9
auth-bozo.c 1.25-1.26
bozohttpd.8 1.80-1.87
bozohttpd.c 1.114-1.123,1.125-1.128
bozohttpd.h 1.61-1.68
cgi-bozo.c 1.49-1.53
content-bozo.c 1.17-1.20
daemon-bozo.c 1-.22
dir-index-bozo.c 1.33-1.34
main.c 1.23-1.27
printenv.lua 1.4-1.5
ssl-bozo.c 1.27-1.29
libbozohttpd/libbozohttpd.3 1.5-1.6
small/Makefile 1.4
testsuite/Makefile 1.14
testsuite/t16.in 1.1
testsuite/t16.out 1.1
testsuite/t17.in 1.1
testsuite/t17.out 1.1
testsuite/t18.in 1.1
testsuite/t18.out 1.1
Update to bozohttpd 20210227.
changes in bozohttpd 20210227:
o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
.tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
.lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
netbsd PR#56026:
MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
changes in bozohttpd 20210211:
o fix various NULL derefs from malformed headers. mostly from
<[email protected]>.
o fix memory leaks in library interface: add bozo_cleanup().
changes in bozohttpd 20201014:
o also set -D_GNU_SOURCE in Makefile.boot. from
[email protected].
o fix array size botch (assertion, not exploitable.) from
[email protected].
o also match %2F as well as %2f. from [email protected].
o many manual and help fixes. clean ups for higher lint levels,
consistency/style clean ups. various option fixes including made
-f imply -b. from <[email protected]> for freebsd.
changes in bozohttpd 20200912:
o add .m4a and .m4v file extensions.
changes in bozohttpd 20200820:
o make this work on sun2 by reducing mmap window there.
o fix SSL shutdown sequence. from [email protected].
o add readme support to directory indexing. from [email protected]
o add blocklist(8) support. from [email protected].
To generate a diff of this commit:
cvs rdiff -u -r1.25.4.3 -r1.25.4.4 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.27.2.1 -r1.27.2.2 src/libexec/httpd/Makefile
cvs rdiff -u -r1.6 -r1.6.18.1 src/libexec/httpd/Makefile.boot
cvs rdiff -u -r1.18.8.2 -r1.18.8.3 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.65.4.2 -r1.65.4.3 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.86.4.5 -r1.86.4.6 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.47.4.3 -r1.47.4.4 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.37.4.4 -r1.37.4.5 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.14.6.1 -r1.14.6.2 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.17.8.2 -r1.17.8.3 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.25.8.2 -r1.25.8.3 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.16.6.2 -r1.16.6.3 src/libexec/httpd/main.c
cvs rdiff -u -r1.3 -r1.3.8.1 src/libexec/httpd/printenv.lua
cvs rdiff -u -r1.22.8.2 -r1.22.8.3 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.3 -r1.3.2.1 src/libexec/httpd/libbozohttpd/Makefile
cvs rdiff -u -r1.4 -r1.4.4.1 src/libexec/httpd/libbozohttpd/libbozohttpd.3
cvs rdiff -u -r1.3 -r1.3.16.1 src/libexec/httpd/small/Makefile
cvs rdiff -u -r1.7.4.2 -r1.7.4.3 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1.2.2 src/libexec/httpd/testsuite/t16.in \
src/libexec/httpd/testsuite/t17.in src/libexec/httpd/testsuite/t18.in
cvs rdiff -u -r0 -r1.1.4.2 src/libexec/httpd/testsuite/t16.out \
src/libexec/httpd/testsuite/t17.out src/libexec/httpd/testsuite/t18.out
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.25.4.3 src/libexec/httpd/CHANGES:1.25.4.4
--- src/libexec/httpd/CHANGES:1.25.4.3 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/CHANGES Sat Mar 27 13:38:51 2021
@@ -1,4 +1,35 @@
-$NetBSD: CHANGES,v 1.25.4.3 2019/06/12 10:32:00 martin Exp $
+$NetBSD: CHANGES,v 1.25.4.4 2021/03/27 13:38:51 martin Exp $
+
+changes in bozohttpd 20210227:
+ o new support for content types: .tar.bz2, .tar.xz, .tar.lz,
+ .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
+ .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar. should fix
+ netbsd PR#56026:
+ MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
+
+changes in bozohttpd 20210211:
+ o fix various NULL derefs from malformed headers. mostly from
+ <[email protected]>.
+ o fix memory leaks in library interface: add bozo_cleanup().
+
+changes in bozohttpd 20201014:
+ o also set -D_GNU_SOURCE in Makefile.boot. from
+ [email protected].
+ o fix array size botch (assertion, not exploitable.) from
+ [email protected].
+ o also match %2F as well as %2f. from [email protected].
+ o many manual and help fixes. clean ups for higher lint levels,
+ consistency/style clean ups. various option fixes including made
+ -f imply -b. from <[email protected]> for freebsd.
+
+changes in bozohttpd 20200912:
+ o add .m4a and .m4v file extensions.
+
+changes in bozohttpd 20200820:
+ o make this work on sun2 by reducing mmap window there.
+ o fix SSL shutdown sequence. from [email protected].
+ o add readme support to directory indexing. from [email protected]
+ o add blocklist(8) support. from [email protected].
changes in bozohttpd 20190228:
o extend timeout facility to ssl and stop servers hanging forever
Index: src/libexec/httpd/Makefile
diff -u src/libexec/httpd/Makefile:1.27.2.1 src/libexec/httpd/Makefile:1.27.2.2
--- src/libexec/httpd/Makefile:1.27.2.1 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/Makefile Sat Mar 27 13:38:51 2021
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.27.2.1 2019/06/12 10:32:00 martin Exp $
+# $NetBSD: Makefile,v 1.27.2.2 2021/03/27 13:38:51 martin Exp $
#
# $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
#
@@ -23,7 +23,7 @@
# for setting CFLAGS relevant to your make, eg
# % make COPTS="-DDO_HTPASSWD"
-COPTS+= -DDO_HTPASSWD
+COPTS+= -DDO_HTPASSWD -DNO_BLOCKLIST_SUPPORT
PROG= bozohttpd
LINKS= ${BINDIR}/bozohttpd ${BINDIR}/httpd
MAN= bozohttpd.8
@@ -80,6 +80,12 @@ CLEANFILES+= bozohttpd.8.html bozohttpd.
check:
cd ${.CURDIR}/testsuite && ${MAKE} check
+.if empty(BOZOVER)
+BOZOVER!= sed -n \
+ -e s/\"$$// -e \
+ 's/\#define[ ]*SERVER_SOFTWARE[ ]*\"bozohttpd\///p' ${.PARSEDIR}/bozohttpd.c
+.endif
+
# Create a distfile: uses /tmp
BASE=bozohttpd-${BOZOVER}
TAR=${BASE}.tar
Index: src/libexec/httpd/Makefile.boot
diff -u src/libexec/httpd/Makefile.boot:1.6 src/libexec/httpd/Makefile.boot:1.6.18.1
--- src/libexec/httpd/Makefile.boot:1.6 Thu Jan 2 08:30:22 2014
+++ src/libexec/httpd/Makefile.boot Sat Mar 27 13:38:51 2021
@@ -6,18 +6,20 @@
CC= cc
OPT= -O
LARGE_CFLAGS= -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-LOCAL_CFLAGS= -DNO_LUA_SUPPORT
+LOCAL_CFLAGS= -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT -D_GNU_SOURCE -D_DEFAULT_SOURCE
CFLAGS= $(OPT) $(LARGE_CFLAGS) $(LOCAL_CFLAGS)
GROFF= groff -Tascii
CRYPTOLIBDIR= # -L/usr/local/lib
CRYPTOLIBS= $(CRYPTOLIBDIR) -lcrypto -lssl
+LIBS= $(CRYPTOLIBS) $(EXTRALIBS)
+
FILES= bozohttpd.c auth-bozo.c cgi-bozo.c content-bozo.c daemon-bozo.c \
dir-index-bozo.c lua-bozo.c ssl-bozo.c tilde-luzah-bozo.c main.c
all:
- $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(CRYPTOLIBS)
+ $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) -o bozohttpd $(FILES) $(LIBS)
man:
$(GROFF) -mandoc bozohttpd.8 > bozohttpd.cat8
Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.18.8.2 src/libexec/httpd/auth-bozo.c:1.18.8.3
--- src/libexec/httpd/auth-bozo.c:1.18.8.2 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/auth-bozo.c Sat Mar 27 13:38:51 2021
@@ -1,9 +1,9 @@
-/* $NetBSD: auth-bozo.c,v 1.18.8.2 2019/06/12 10:32:00 martin Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.18.8.3 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -105,6 +105,11 @@ bozo_auth_check(bozo_httpreq_t *request,
pass) != 0)
break;
fclose(fp);
+
+#ifndef NO_BLOCKLIST_SUPPORT
+ pfilter_notify(BLOCKLIST_AUTH_OK, 200);
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
return 0;
}
}
Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.65.4.2 src/libexec/httpd/bozohttpd.8:1.65.4.3
--- src/libexec/httpd/bozohttpd.8:1.65.4.2 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/bozohttpd.8 Sat Mar 27 13:38:51 2021
@@ -1,8 +1,8 @@
-.\" $NetBSD: bozohttpd.8,v 1.65.4.2 2019/06/12 10:32:00 martin Exp $
+.\" $NetBSD: bozohttpd.8,v 1.65.4.3 2021/03/27 13:38:51 martin Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
-.\" Copyright (c) 1997-2019 Matthew R. Green
+.\" Copyright (c) 1997-2021 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd February 27, 2019
+.Dd February 27, 2021
.Dt BOZOHTTPD 8
.Os
.Sh NAME
@@ -34,13 +34,14 @@
.Nd hyper text transfer protocol version 1.1 daemon
.Sh SYNOPSIS
.Nm
-.Op Fl EGHVXefhnsu
+.Op Fl EGHVXdefhnsu
.Op Fl C Ar suffix cgihandler
.Op Fl I Ar port
.Op Fl L Ar prefix script
.Op Fl M Ar suffix type encoding encoding11
.Op Fl P Ar pidfile
-.Op Fl S Ar server_software
+.Op Fl R Ar readme
+.Op Fl S Ar version
.Op Fl T Ar type timeout
.Op Fl U Ar username
.Op Fl Z Ar cert privkey
@@ -119,6 +120,15 @@ Note that the CGI/1.1 interface is avail
translation using
.Fl E
switch.
+.It Fl d
+Enables debug support.
+.It Fl E
+Enables CGI/1.1 interface for
+.Em ~user
+translation.
+Note that enabling this support implies that users can run commands
+as the web server user.
+This may have security implications.
.It Fl e
Causes
.Nm
@@ -130,9 +140,12 @@ options.
.It Fl f
Stops the
.Fl b
-flag from
+flag from detaching
.Nm
-detaching from the tty and going into the background.
+from the tty and going into the background.
+This implies the
+.Fl b
+flag.
.It Fl G
Get the
.Nm
@@ -211,12 +224,10 @@ options may be passed.
.It Fl n
Stops
.Nm
-from doing IP address to name resolution of hosts for setting the
+from doing IP address to name resolution of remote hosts.
+This affects the
.Ev REMOTE_HOST
-variable before running a CGI program.
-This option has no effect without the
-.Fl c
-option.
+environment variable for CGI programs and Lua scripts.
.It Fl P Ar pidfile
Causes
.Nm
@@ -232,9 +243,13 @@ translations from
.Dq public_html
to
.Ar pubdir .
-.It Fl S Ar server_software
+.It Fl R Ar readme
+When directory indexing is enabled, include the contents of the file
+.Ar readme
+in the footer of the directory index.
+.It Fl S Ar version
Sets the internal server version to
-.Ar server_software .
+.Ar version .
.It Fl s
Forces logging to be set to stderr always.
.It Fl T Ar type timeout
@@ -285,12 +300,6 @@ into the directory
(but see the
.Fl p
option above).
-.It Fl E
-Enables CGI/1.1 interface for
-.Em ~user
-translation.
-Note that enabling this support implies that users can run
-commands as web server user, this may have security implications.
.It Fl V
Sets the backup virtual host directory to the
.Ar slashdir
@@ -325,15 +334,15 @@ Changes the default file read for direct
.Dq index.html
to
.Ar index .
-.It Fl z Ar ciphers
-Sets the list of SSL ciphers (see
-.Xr SSL_CTX_set_cipher_list 3 ) .
.It Fl Z Ar certificate_path privatekey_path
Sets the path to the server certificate file and the private key file
in PEM format.
It also causes
.Nm
to start SSL mode.
+.It Fl z Ar ciphers
+Sets the list of SSL ciphers (see
+.Xr SSL_CTX_set_cipher_list 3 ) .
.El
.Pp
Note that in
@@ -449,6 +458,44 @@ with
on the compiler command line to enable this support.
It may require linking with the crypt library, using
.Dq -lcrypt .
+.Ss BLOCKLIST SUPPORT
+On
+.Nx ,
+.Nm
+supports
+.Xr blocklistd 8
+by default.
+The support can be disabled with the
+.Dq -DNO_BLOCKLIST_SUPPORT
+compilation option.
+.Pp
+Upon occurrence,
+.Nm
+reports two HTTP status codes to
+.Xr blocklistd 8
+as failures:
+.Em 401
+(``Unauthorized'')
+and
+.Em 403
+(``Forbidden'') .
+Of these,
+.Em 401
+is the one received upon authorization failure with the
+HTTP Basic Authorization mechanism.
+A successful authorization decreases the counter kept by
+.Xr blocklistd 8 .
+.Pp
+Note that the implementation of the HTTP Basic Authorization mechanism
+uses a redirection; a status code
+.Em 401
+is always initially received.
+Therefore, a single authorization failure of
+.Pa .htpasswd
+is reported as two failures to
+.Xr blocklistd 8 ,
+but no failures are recorded upon successful authorization
+due to the decrease of the failure counter.
.Ss SSL SUPPORT
.Nm
has support for TLSv1.1 and TLSv1.2 protocols that are included by
@@ -599,7 +646,7 @@ The focus has always been simplicity and
and regular code audits.
This manual documents
.Nm
-version 20190116.
+version 20210227.
.Sh AUTHORS
.An -nosplit
.Nm
@@ -652,14 +699,17 @@ added support for serving gzipped files
.Aq Mt [email protected]
provided a fix for a minor (non-security) buffer overflow condition
.It
+.Aq Mt [email protected]
+provided fixes for some bad request parsing
+.It
.An Jun-ichiro itojun Hagino, KAME
.Aq Mt [email protected]
provided initial IPv6 support
.It
.An Martin Husemann
.Aq Mt [email protected]
-provided .bzabsredirect and .bzredir support, and fixed various
-redirection issues
+provided .bzabsredirect and .bzredir support, fixed various
+redirection issues and more
.It
.An Arto Huusko
.Aq Mt [email protected]
@@ -704,6 +754,10 @@ provided man page fixes
.Aq Mt [email protected]
provided a cgi-bin fix
.It
+.An Jared McNeill
+.Aq Mt [email protected]
+added support for readme in directory indexing
+.It
.An Julio Merino
.Aq Mt [email protected]
Added the
@@ -742,6 +796,11 @@ provided the
.Fl V
option
.It
+.An Jukka Ruohonen
+.Aq Mt [email protected]
+provided support for
+.Xr blocklistd 8
+.It
.An Thor Lancelot Simon
.Aq Mt [email protected]
enhanced cgi-bin support
@@ -760,6 +819,11 @@ provided http authorization fixes
.It
.Aq Mt [email protected]
provided chroot and change-to-user support, and other various fixes
+
+.It
+.An S.P.Zeidler
+.Aq Mt [email protected]
+fixed several SSL shutdown issues
.It
Coyote Point provided various CGI fixes
.El
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.86.4.5 src/libexec/httpd/bozohttpd.c:1.86.4.6
--- src/libexec/httpd/bozohttpd.c:1.86.4.5 Thu Nov 19 11:27:22 2020
+++ src/libexec/httpd/bozohttpd.c Sat Mar 27 13:38:51 2021
@@ -1,9 +1,9 @@
-/* $NetBSD: bozohttpd.c,v 1.86.4.5 2020/11/19 11:27:22 martin Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.86.4.6 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -40,7 +40,6 @@
* - CGI/1.1 this will only be provided for "system" scripts
* - automatic "missing trailing slash" redirections
* - configurable translation of /~user/ to ~user/public_html,
- * however, this does not include cgi-bin support
* - access lists via libwrap via inetd/tcpd
* - virtual hosting
* - not that we do not even pretend to understand MIME, but
@@ -109,7 +108,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20190228"
+#define SERVER_SOFTWARE "bozohttpd/20210227"
#endif
#ifndef PUBLIC_HTML
#define PUBLIC_HTML "public_html"
@@ -240,6 +239,20 @@ bozo_set_pref(bozohttpd_t *httpd, bozopr
return 1;
}
+static void
+bozo_clear_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
+{
+ size_t i;
+
+ for (i = 0; i < prefs->count; i++) {
+ free(prefs->name[i]);
+ free(prefs->value[i]);
+ }
+
+ free(prefs->name);
+ free(prefs->value);
+}
+
/*
* get a variable's value, or NULL
*/
@@ -317,7 +330,7 @@ parse_request(bozohttpd_t *httpd, char *
debug((httpd, DEBUG_FAT,
"url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"",
- *method, *file, *query, *proto));
+ *method, *file, *query ? *query : "", *proto ? *proto : ""));
}
/*
@@ -339,8 +352,12 @@ bozo_clean_request(bozo_httpreq_t *reque
free(request->hr_remoteaddr);
free(request->hr_serverport);
free(request->hr_virthostname);
- free(request->hr_file);
- free(request->hr_oldfile);
+ free(request->hr_file_free);
+ /* XXX this is gross */
+ if (request->hr_file_free != request->hr_oldfile)
+ free(request->hr_oldfile);
+ else
+ free(request->hr_file);
free(request->hr_query);
free(request->hr_host);
bozo_user_free(request->hr_user);
@@ -373,6 +390,7 @@ bozo_clean_request(bozo_httpreq_t *reque
static void
alarmer(int sig)
{
+ USE_ARG(sig);
bozo_timeout_hit = 1;
}
@@ -496,7 +514,7 @@ got_proto_09:
if (strncasecmp(proto, "HTTP/", 5) != 0)
goto bad;
- strncpy(majorstr, proto + 5, sizeof majorstr);
+ strncpy(majorstr, proto + 5, sizeof(majorstr)-1);
majorstr[sizeof(majorstr)-1] = 0;
minorstr = strchr(majorstr, '.');
if (minorstr == NULL)
@@ -619,6 +637,7 @@ bozo_read_request(bozohttpd_t *httpd)
request->hr_last_byte_pos = -1;
request->hr_if_modified_since = NULL;
request->hr_virthostname = NULL;
+ request->hr_file_free = NULL;
request->hr_file = NULL;
request->hr_oldfile = NULL;
SIMPLEQ_INIT(&request->hr_replheaders);
@@ -651,7 +670,7 @@ bozo_read_request(bozohttpd_t *httpd)
* if passed through a proxy that doesn't rewrite the port.
*/
if (httpd->bindport) {
- if (strcmp(httpd->bindport, "80") != 0)
+ if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0)
port = httpd->bindport;
else
port = NULL;
@@ -735,7 +754,7 @@ bozo_read_request(bozohttpd_t *httpd)
/* we allocate return space in file and query only */
parse_request(httpd, str, &method, &file, &query, &proto);
- request->hr_file = file;
+ request->hr_file_free = request->hr_file = file;
request->hr_query = query;
if (method == NULL) {
bozo_http_error(httpd, 404, NULL, "null method");
@@ -771,11 +790,17 @@ bozo_read_request(bozohttpd_t *httpd)
val = bozostrnsep(&str, ":", &len);
debug((httpd, DEBUG_EXPLODING, "read_req2: after "
- "bozostrnsep: str `%s' val `%s'", str, val));
+ "bozostrnsep: str `%s' val `%s'",
+ str ? str : "<null>", val ? val : "<null>"));
if (val == NULL || len == -1) {
bozo_http_error(httpd, 404, request, "no header");
goto cleanup;
}
+ if (str == NULL) {
+ bozo_http_error(httpd, 404, request,
+ "malformed header");
+ goto cleanup;
+ }
while (*str == ' ' || *str == '\t')
len--, str++;
while (*val == ' ' || *val == '\t')
@@ -914,7 +939,7 @@ mmap_and_write_part(bozohttpd_t *httpd,
wroffset = (size_t)(first_byte_pos - mappedoffset);
addr = mmap(0, mappedsz, PROT_READ, MAP_SHARED, fd, mappedoffset);
- if (addr == (char *)-1) {
+ if (addr == MAP_FAILED) {
bozowarn(httpd, "mmap failed: %s", strerror(errno));
return -1;
}
@@ -1099,7 +1124,7 @@ handle_redirect(bozo_httpreq_t *request,
hostname = "";
portbuf[0] = '\0';
} else {
- const char *defport = httpd->sslinfo ? "443" : "80";
+ const char *defport = httpd->sslinfo ? BOZO_HTTPS_PORT : BOZO_HTTP_PORT;
if (request->hr_serverport &&
strcmp(request->hr_serverport, defport) != 0)
@@ -1201,7 +1226,7 @@ check_remap(bozo_httpreq_t *request)
}
fmap = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, mapfile, 0);
- if (fmap == NULL) {
+ if (fmap == MAP_FAILED) {
bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d",
errno);
goto out;
@@ -1284,8 +1309,8 @@ check_remap(bozo_httpreq_t *request)
strcpy(newfile+rlen, file + len);
debug((httpd, DEBUG_NORMAL, "remapping found '%s'",
newfile));
- free(request->hr_file);
- request->hr_file = newfile;
+ free(request->hr_file_free);
+ request->hr_file_free = request->hr_file = newfile;
}
munmap(fmap, st.st_size);
@@ -1313,9 +1338,6 @@ check_virtual(bozo_httpreq_t *request)
debug((httpd, DEBUG_OBESE,
"checking for http:// virtual host in '%s'", file));
if (strncasecmp(file, "http://";, 7) == 0) {
- /* bozostrdup() might access it. */
- char *old_file = request->hr_file;
-
/* we would do virtual hosting here? */
file += 7;
/* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */
@@ -1324,8 +1346,9 @@ check_virtual(bozo_httpreq_t *request)
if ((s = strchr(request->hr_host, '/')) != NULL)
*s = '\0';
s = strchr(file, '/');
- request->hr_file = bozostrdup(httpd, request, s ? s : "/");
- free(old_file);
+ free(request->hr_file_free);
+ request->hr_file_free = request->hr_file =
+ bozostrdup(httpd, request, s ? s : "/");
debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'",
request->hr_host, request->hr_file));
} else if (!request->hr_host)
@@ -1335,7 +1358,8 @@ check_virtual(bozo_httpreq_t *request)
* canonicalise hr_host - that is, remove any :80.
*/
len = strlen(request->hr_host);
- if (len > 3 && strcmp(request->hr_host + len - 3, ":80") == 0) {
+ if (len > 3 &&
+ strcmp(request->hr_host + len - 3, ":" BOZO_HTTP_PORT) == 0) {
request->hr_host[len - 3] = '\0';
len = strlen(request->hr_host);
}
@@ -1554,7 +1578,7 @@ bozo_decode_url_percent(bozo_httpreq_t *
if (s[1] == '0' && s[2] == '0')
return bozo_http_error(httpd, 404, request,
"percent hack was %00");
- if (s[1] == '2' && s[2] == 'f')
+ if (s[1] == '2' && (s[2] == 'f' || s[2] == 'F'))
return bozo_http_error(httpd, 404, request,
"percent hack was %2f (/)");
@@ -1709,7 +1733,7 @@ transform_request(bozo_httpreq_t *reques
goto bad_done;
if (strlen(newfile)) {
- request->hr_oldfile = request->hr_file;
+ request->hr_oldfile = request->hr_file_free;
request->hr_file = newfile;
}
@@ -1912,6 +1936,8 @@ bozo_process_request(bozo_httpreq_t *req
cleanup:
close(fd);
cleanup_nofd:
+ /* If SSL enabled send close_notify. */
+ bozo_ssl_shutdown(request->hr_httpd);
close(STDIN_FILENO);
close(STDOUT_FILENO);
/*close(STDERR_FILENO);*/
@@ -2133,6 +2159,7 @@ static struct errors_map {
const char *shortmsg; /* short version of message */
const char *longmsg; /* long version of message */
} errors_map[] = {
+ { 200, "200 OK", "The request was valid", },
{ 400, "400 Bad Request", "The request was not valid", },
{ 401, "401 Unauthorized", "No authorization", },
{ 403, "403 Forbidden", "Access to this item has been denied",},
@@ -2170,8 +2197,24 @@ http_errors_long(int code)
return (help);
}
+#ifndef NO_BLOCKLIST_SUPPORT
+static struct blocklist *blstate;
+
+void
+pfilter_notify(const int what, const int code)
+{
+
+ if (blstate == NULL)
+ blstate = blocklist_open();
+
+ if (blstate == NULL)
+ return;
+
+ (void)blocklist_r(blstate, what, 0, http_errors_short(code));
+}
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
/* the follow functions and variables are used in handling HTTP errors */
-/* ARGSUSED */
int
bozo_http_error(bozohttpd_t *httpd, int code, bozo_httpreq_t *request,
const char *msg)
@@ -2184,6 +2227,8 @@ bozo_http_error(bozohttpd_t *httpd, int
int size;
bozoheaders_t *hdr;
+ USE_ARG(msg);
+
debug((httpd, DEBUG_FAT, "bozo_http_error %d: %s", code, msg));
if (header == NULL || reason == NULL) {
bozoerr(httpd, 1,
@@ -2193,7 +2238,7 @@ bozo_http_error(bozohttpd_t *httpd, int
}
if (request && request->hr_serverport &&
- strcmp(request->hr_serverport, "80") != 0)
+ strcmp(request->hr_serverport, BOZO_HTTP_PORT) != 0)
snprintf(portbuf, sizeof(portbuf), ":%s",
request->hr_serverport);
else
@@ -2272,6 +2317,19 @@ bozo_http_error(bozohttpd_t *httpd, int
bozo_printf(httpd, "%s", httpd->errorbuf);
bozo_flush(httpd, stdout);
+#ifndef NO_BLOCKLIST_SUPPORT
+ switch(code) {
+
+ case 401:
+ pfilter_notify(BLOCKLIST_AUTH_FAIL, code);
+ break;
+
+ case 403:
+ pfilter_notify(BLOCKLIST_ABUSIVE_BEHAVIOR, code);
+ break;
+ }
+#endif /* !NO_BLOCKLIST_SUPPORT */
+
return code;
}
@@ -2385,6 +2443,11 @@ bozodgetln(bozohttpd_t *httpd, int fd, s
return httpd->getln_buffer;
}
+/*
+ * allocation frontends with error handling.
+ *
+ * note that these may access members of the httpd and/or request.
+ */
void *
bozorealloc(bozohttpd_t *httpd, void *ptr, size_t size)
{
@@ -2570,6 +2633,9 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
strcmp(cp, "true") == 0) {
httpd->dir_indexing = 1;
}
+ if ((cp = bozo_get_pref(prefs, "directory index readme")) != NULL) {
+ httpd->dir_readme = bozostrdup(httpd, NULL, cp);
+ }
if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
httpd->public_html = bozostrdup(httpd, NULL, cp);
}
@@ -2645,6 +2711,23 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
return 1;
}
+void
+bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs)
+{
+ bozo_clear_prefs(httpd, prefs);
+
+ free(httpd->virthostname);
+ free(httpd->errorbuf);
+ free(httpd->getln_buffer);
+ free(httpd->slashdir);
+#define bozo_unconst(x) ((void *)(uintptr_t)x)
+ free(bozo_unconst(httpd->server_software));
+ free(bozo_unconst(httpd->index_html));
+ free(bozo_unconst(httpd->dir_readme));
+ free(bozo_unconst(httpd->public_html));
+#undef bozo_unconst
+}
+
int
bozo_get_version(char *buf, size_t size)
{
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.47.4.3 src/libexec/httpd/bozohttpd.h:1.47.4.4
--- src/libexec/httpd/bozohttpd.h:1.47.4.3 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/bozohttpd.h Sat Mar 27 13:38:51 2021
@@ -1,9 +1,9 @@
-/* $NetBSD: bozohttpd.h,v 1.47.4.3 2019/06/12 10:32:00 martin Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.47.4.4 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -29,12 +29,13 @@
* SUCH DAMAGE.
*
*/
-#ifndef BOZOHTTOPD_H_
-#define BOZOHTTOPD_H_ 1
+#ifndef BOZOHTTPD_H_
+#define BOZOHTTPD_H_ 1
#include "netbsd_queue.h"
#include <stdbool.h>
+#include <stdio.h>
#include <signal.h>
#include <sys/stat.h>
@@ -42,7 +43,11 @@
#ifndef NO_LUA_SUPPORT
#include <lua.h>
#endif
-#include <stdio.h>
+
+#ifndef NO_BLOCKLIST_SUPPORT
+#include <blocklist.h>
+void pfilter_notify(const int, const int);
+#endif
/* QNX provides a lot of NetBSD things in nbutil.h */
#ifdef HAVE_NBUTIL_H
@@ -117,6 +122,7 @@ typedef struct bozohttpd_t {
struct pollfd *fds; /* current poll fd set */
int request_times; /* # times a request was processed */
int dir_indexing; /* handle directories */
+ const char *dir_readme; /* include README footer in indexes */
int hide_dots; /* hide .* */
int process_cgi; /* use the cgi handler */
char *cgibin; /* cgi-bin directory */
@@ -153,7 +159,8 @@ typedef struct bozo_httpreq_t {
const char *hr_methodstr;
char *hr_virthostname; /* server name (if not identical
to hr_httpd->virthostname) */
- char *hr_file;
+ char *hr_file_free; /* pointer to file buffer to free() */
+ char *hr_file; /* pointer into file buffer */
char *hr_oldfile; /* if we added an index_html */
char *hr_query;
char *hr_host; /* HTTP/1.1 Host: or virtual hostname,
@@ -247,6 +254,9 @@ void debug__(bozohttpd_t *, int, const c
#define have_debug (1)
#endif /* NO_DEBUG */
+#define BOZO_HTTP_PORT "80"
+#define BOZO_HTTPS_PORT "443"
+
/*
* bozohttpd special files. avoid serving these out.
*
@@ -298,7 +308,7 @@ char *bozostrdup(bozohttpd_t *, bozo_htt
#define bozo_noop do { /* nothing */ } while (/*CONSTCOND*/0)
-#define have_all (1)
+#define have_core (1)
/* ssl-bozo.c */
#ifdef NO_SSL_SUPPORT
@@ -306,6 +316,7 @@ char *bozostrdup(bozohttpd_t *, bozo_htt
#define bozo_ssl_set_ciphers(w, x) bozo_noop
#define bozo_ssl_init(x) bozo_noop
#define bozo_ssl_accept(x) (0)
+#define bozo_ssl_shutdown(x) bozo_noop
#define bozo_ssl_destroy(x) bozo_noop
#define have_ssl (0)
#else
@@ -313,6 +324,7 @@ void bozo_ssl_set_opts(bozohttpd_t *, co
void bozo_ssl_set_ciphers(bozohttpd_t *, const char *);
void bozo_ssl_init(bozohttpd_t *);
int bozo_ssl_accept(bozohttpd_t *);
+void bozo_ssl_shutdown(bozohttpd_t *);
void bozo_ssl_destroy(bozohttpd_t *);
#define have_ssl (1)
#endif
@@ -431,6 +443,7 @@ int bozo_init_httpd(bozohttpd_t *);
int bozo_init_prefs(bozohttpd_t *, bozoprefs_t *);
int bozo_set_defaults(bozohttpd_t *, bozoprefs_t *);
int bozo_setup(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
+void bozo_cleanup(bozohttpd_t *, bozoprefs_t *);
bozo_httpreq_t *bozo_read_request(bozohttpd_t *);
void bozo_process_request(bozo_httpreq_t *);
void bozo_clean_request(bozo_httpreq_t *);
@@ -448,4 +461,4 @@ int bozo_get_version(char */*buf*/, size
extern volatile sig_atomic_t bozo_timeout_hit;
-#endif /* BOZOHTTOPD_H_ */
+#endif /* BOZOHTTPD_H_ */
Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.37.4.4 src/libexec/httpd/cgi-bozo.c:1.37.4.5
--- src/libexec/httpd/cgi-bozo.c:1.37.4.4 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/cgi-bozo.c Sat Mar 27 13:38:51 2021
@@ -1,9 +1,9 @@
-/* $NetBSD: cgi-bozo.c,v 1.37.4.4 2019/06/12 10:32:00 martin Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.37.4.5 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -137,7 +137,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
* return it in the response. If the cgi program does
* not return any `Status:' header then the server should
* respond with 200 OK.
- * XXX The CGI 1.1 and 1.2 specification differ slightly on
+ * The CGI 1.1 and 1.2 specification differ slightly on
* this in that v1.2 says that the script MUST NOT return a
* `Status:' header if it is returning a `Location:' header.
* For compatibility we are going with the CGI 1.1 behavior.
@@ -182,8 +182,7 @@ finish_cgi_output(bozohttpd_t *httpd, bo
bozo_flush(httpd, stdout);
}
- /* XXX we should have some goo that times us out
- */
+ /* CGI programs should perform their own timeouts */
while ((rbytes = read(in, buf, sizeof buf)) > 0) {
ssize_t wbytes;
char *bp = buf;
@@ -611,10 +610,16 @@ bozo_process_cgi(bozo_httpreq_t *request
bozo_daemon_closefds(httpd);
if (-1 == execve(path, argv, envp)) {
+ int saveerrno = errno;
bozo_http_error(httpd, 404, request,
"Cannot execute CGI");
- bozoerr(httpd, 1, "child exec failed: %s: %s",
- path, strerror(errno));
+ /* don't log easy to trigger events */
+ if (saveerrno != ENOENT &&
+ saveerrno != EISDIR &&
+ saveerrno != EACCES)
+ bozoerr(httpd, 1, "child exec failed: %s: %s",
+ path, strerror(saveerrno));
+ _exit(1);
}
/* NOT REACHED */
bozoerr(httpd, 1, "child execve returned?!");
@@ -638,6 +643,8 @@ bozo_process_cgi(bozo_httpreq_t *request
/* child reader/writer */
close(STDIN_FILENO);
finish_cgi_output(httpd, request, sv[0], nph);
+ /* if we do SSL, send a SSL_shutdown now */
+ bozo_ssl_shutdown(request->hr_httpd);
/* if we're done output, our parent is useless... */
kill(getppid(), SIGKILL);
debug((httpd, DEBUG_FAT, "done processing cgi output"));
@@ -645,8 +652,7 @@ bozo_process_cgi(bozo_httpreq_t *request
}
close(STDOUT_FILENO);
- /* XXX we should have some goo that times us out
- */
+ /* CGI programs should perform their own timeouts */
while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) {
ssize_t wbytes;
char *bp = buf;
Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.14.6.1 src/libexec/httpd/content-bozo.c:1.14.6.2
--- src/libexec/httpd/content-bozo.c:1.14.6.1 Sat Nov 24 17:13:51 2018
+++ src/libexec/httpd/content-bozo.c Sat Mar 27 13:38:51 2021
@@ -1,9 +1,9 @@
-/* $NetBSD: content-bozo.c,v 1.14.6.1 2018/11/24 17:13:51 martin Exp $ */
+/* $NetBSD: content-bozo.c,v 1.14.6.2 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -63,11 +63,18 @@ static bozo_content_map_t static_content
{ ".pa", "application/x-ns-proxy-autoconfig", "", "", NULL },
{ ".tar", "multipart/x-tar", "", "", NULL },
{ ".gtar", "application/x-gtar-compressed", "", "", NULL },
- { ".tar.Z", "application/x-gtar-compressed", "", "", NULL },
{ ".tar.gz", "application/x-gtar-compressed", "", "", NULL },
- { ".taz", "application/x-gtar-compressed", "", "", NULL },
+ { ".tar.bz2", "application/x-gtar-compressed", "", "", NULL },
+ { ".tar.xz", "application/x-gtar-compressed", "", "", NULL },
+ { ".tar.lz", "application/x-gtar-compressed", "", "", NULL },
+ { ".tar.zst", "application/x-gtar-compressed", "", "", NULL },
{ ".tgz", "application/x-gtar-compressed", "", "", NULL },
+ { ".tbz2", "application/x-gtar-compressed", "", "", NULL },
+ { ".txz", "application/x-gtar-compressed", "", "", NULL },
+ { ".tlz", "application/x-gtar-compressed", "", "", NULL },
{ ".tar.z", "application/x-gtar-compressed", "", "", NULL },
+ { ".tar.Z", "application/x-gtar-compressed", "", "", NULL },
+ { ".taz", "application/x-gtar-compressed", "", "", NULL },
{ ".Z", "application/x-compress", "", "", NULL },
{ ".gz", "application/x-gzip", "", "", NULL },
{ ".z", "unknown", "", "", NULL },
@@ -131,10 +138,24 @@ static bozo_content_map_t static_content
{ ".ustar", "application/x-ustar", "", "", NULL },
{ ".src", "application/x-wais-source", "", "", NULL },
{ ".zip", "application/zip", "", "", NULL },
+ { ".zipx", "application/zip", "", "", NULL },
+ { ".xz", "application/x-xz", "", "", NULL },
+ { ".zst", "application/x-zstd", "", "", NULL },
+ { ".sz", "application/x-snappy-framed", "", "", NULL },
+ { ".lz", "application/x-lzip", "", "", NULL },
+ { ".lzma", "application/x-lzma", "", "", NULL },
+ { ".lzo", "application/x-lzop", "", "", NULL },
+ { ".7z", "application/x-7z-compressed", "", "", NULL },
+ { ".lzo", "application/x-lzop", "", "", NULL },
+ { ".cab", "application/vnd.ms-cab-compressed", "", "", NULL },
+ { ".dmg", "application/x-apple-diskimage","", "", NULL },
+ { ".jar", "application/java-archive", "", "", NULL },
+ { ".rar", "application/x-rar-compressed", "", "", NULL },
{ ".au", "audio/basic", "", "", NULL },
{ ".snd", "audio/basic", "", "", NULL },
{ ".mpga", "audio/mpeg", "", "", NULL },
{ ".mp2", "audio/mpeg", "", "", NULL },
+ { ".m4a", "audio/mp4", "", "", NULL },
{ ".aif", "audio/x-aiff", "", "", NULL },
{ ".aiff", "audio/x-aiff", "", "", NULL },
{ ".aifc", "audio/x-aiff", "", "", NULL },
@@ -167,6 +188,7 @@ static bozo_content_map_t static_content
{ ".ts", "video/mpeg", "", "", NULL },
{ ".vob", "video/mpeg", "", "", NULL },
{ ".mp4", "video/mp4", "", "", NULL },
+ { ".m4v", "video/mp4", "", "", NULL },
{ ".qt", "video/quicktime", "", "", NULL },
{ ".mov", "video/quicktime", "", "", NULL },
{ ".avi", "video/x-msvideo", "", "", NULL },
@@ -211,7 +233,6 @@ bozo_match_content_map(bozohttpd_t *http
/*
* given the file name, return a valid Content-Type: value.
*/
-/* ARGSUSED */
const char *
bozo_content_type(bozo_httpreq_t *request, const char *file)
{
Index: src/libexec/httpd/daemon-bozo.c
diff -u src/libexec/httpd/daemon-bozo.c:1.17.8.2 src/libexec/httpd/daemon-bozo.c:1.17.8.3
--- src/libexec/httpd/daemon-bozo.c:1.17.8.2 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/daemon-bozo.c Sat Mar 27 13:38:51 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: daemon-bozo.c,v 1.17.8.2 2019/06/12 10:32:00 martin Exp $ */
+/* $NetBSD: daemon-bozo.c,v 1.17.8.3 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: daemon-bozo.c,v 1.24 2011/11/18 09:21:15 mrg Exp $ */
@@ -62,26 +62,27 @@ static void sigchild(int); /* SIGCHLD ha
#ifndef INFTIM
#define INFTIM -1
#endif
+#ifndef USE_ARG
+#define USE_ARG(x) /*LINTED*/(void)&(x)
+#endif
static const char* pidfile_path = NULL;
static pid_t pidfile_pid = 0;
-/* ARGSUSED */
static void
sigchild(int signo)
{
-
+ USE_ARG(signo);
while (waitpid(-1, NULL, WNOHANG) > 0)
/* nothing */;
}
/* Signal handler to exit in a controlled manner. This ensures that
* any atexit(3) handlers are properly executed. */
-/* ARGSUSED */
BOZO_DEAD static void
controlled_exit(int signo)
{
-
+ USE_ARG(signo);
exit(EXIT_SUCCESS);
}
@@ -128,9 +129,12 @@ bozo_daemon_init(bozohttpd_t *httpd)
const char *portnum;
int e, i, on = 1;
- if (!httpd->background)
+ if (!httpd->background && !httpd->foreground)
return;
+ if (!httpd->background)
+ httpd->background = 1;
+
portnum = (httpd->bindport) ? httpd->bindport : "http";
memset(&h, 0, sizeof(h));
Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.25.8.2 src/libexec/httpd/dir-index-bozo.c:1.25.8.3
--- src/libexec/httpd/dir-index-bozo.c:1.25.8.2 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/dir-index-bozo.c Sat Mar 27 13:38:51 2021
@@ -1,9 +1,9 @@
-/* $NetBSD: dir-index-bozo.c,v 1.25.8.2 2019/06/12 10:32:00 martin Exp $ */
+/* $NetBSD: dir-index-bozo.c,v 1.25.8.3 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -38,9 +38,11 @@
#include <dirent.h>
#include <errno.h>
+#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
+#include <unistd.h>
#include <assert.h>
#include "bozohttpd.h"
@@ -57,7 +59,8 @@ bozo_dir_index(bozo_httpreq_t *request,
DIR *dp;
char buf[MAXPATHLEN];
char *file = NULL, *printname = NULL, *p;
- int k, j;
+ int k, j, fd;
+ ssize_t rlen;
if (!isindex || !httpd->dir_indexing)
return 0;
@@ -197,6 +200,23 @@ bozo_dir_index(bozo_httpreq_t *request,
free(deo[k]);
free(deo);
bozo_printf(httpd, "</table>\r\n");
+ if (httpd->dir_readme != NULL) {
+ if (httpd->dir_readme[0] == '/')
+ snprintf(buf, sizeof buf, "%s", httpd->dir_readme);
+ else
+ snprintf(buf, sizeof buf, "%s/%s", dirpath, httpd->dir_readme);
+ fd = open(buf, O_RDONLY);
+ if (fd != -1) {
+ bozo_flush(httpd, stdout);
+ do {
+ rlen = read(fd, buf, sizeof buf);
+ if (rlen <= 0)
+ break;
+ bozo_write(httpd, STDOUT_FILENO, buf, rlen);
+ } while (1);
+ close(fd);
+ }
+ }
bozo_printf(httpd, "</body></html>\r\n\r\n");
bozo_flush(httpd, stdout);
Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.16.6.2 src/libexec/httpd/main.c:1.16.6.3
--- src/libexec/httpd/main.c:1.16.6.2 Wed Nov 28 19:50:37 2018
+++ src/libexec/httpd/main.c Sat Mar 27 13:38:51 2021
@@ -1,10 +1,10 @@
-/* $NetBSD: main.c,v 1.16.6.2 2018/11/28 19:50:37 martin Exp $ */
+/* $NetBSD: main.c,v 1.16.6.3 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */
/* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */
/*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -63,53 +63,58 @@ usage(bozohttpd_t *httpd, char *progname
bozowarn(httpd, "options:");
if (have_daemon_mode)
- bozowarn(httpd, " -b\t\t\tbackground and go into daemon mode");
+ bozowarn(httpd, " -b\t\t\tbackground in daemon mode");
if (have_cgibin &&
have_dynamic_content)
- bozowarn(httpd, " -C arg prog\t\tadd this CGI handler");
+ bozowarn(httpd, " -C suffix handler\tadd this CGI handler "
+ "for paths ending with `suffix'");
if (have_cgibin)
bozowarn(httpd, " -c cgibin\t\tenable cgi-bin support in "
"this directory");
if (have_debug)
bozowarn(httpd, " -d\t\t\tenable debug support");
- if (have_cgibin)
- bozowarn(httpd, " -E\t\t\tenable CGI support for user dirs");
if (have_user &&
have_cgibin)
+ bozowarn(httpd, " -E\t\t\tenable CGI support for user dirs");
+ if (have_core)
bozowarn(httpd, " -e\t\t\tdon't clean the environment "
"(-t and -U only)");
if (have_daemon_mode)
bozowarn(httpd, " -f\t\t\tforeground in daemon mode");
- if (have_all)
- bozowarn(httpd, " -G print version number and exit");
+ if (have_core)
+ bozowarn(httpd, " -G\t\t\tprint version number and exit");
if (have_dirindex)
bozowarn(httpd, " -H\t\t\thide files starting with a period "
"(.) in index mode");
- if (have_all)
+ if (have_core)
bozowarn(httpd, " -I port\t\tbind or use on this port");
if (have_daemon_mode)
bozowarn(httpd, " -i address\t\tbind on this address "
"(daemon mode only)");
if (have_lua)
- bozowarn(httpd, " -L arg script\tadd this Lua script");
+ bozowarn(httpd, " -L prefix script\tadd this Lua script for "
+ "paths starting with `prefix'");
if (have_dynamic_content)
- bozowarn(httpd, " -M arg t c c11\tadd this mime extenstion");
+ bozowarn(httpd, " -M suffix t c c11\tadd this mime entry");
+ if (have_core)
+ bozowarn(httpd, " -n\t\t\tdon't resolve host names");
if (have_daemon_mode)
bozowarn(httpd, " -P pidfile\t\tpid file path");
if (have_user)
bozowarn(httpd, " -p dir\t\t\"public_html\" directory name");
- if (have_all) {
+ if (have_core) {
bozowarn(httpd, " -S version\t\tset server version string");
bozowarn(httpd, " -s\t\t\talways log to stderr");
- bozowarn(httpd, " -T type timeout\tset `type' timeout");
+ bozowarn(httpd, " -T type timeout\t"
+ "set <ssl|initial|header|request> timeout");
bozowarn(httpd, " -t dir\t\tchroot to `dir'");
- bozowarn(httpd, " -U username\t\tchange user to `user'");
+ bozowarn(httpd, " -U user\t\tchange user to `user'");
}
if (have_user)
bozowarn(httpd, " -u\t\t\tenable ~user/public_html support");
- if (have_all) {
+ if (have_core) {
bozowarn(httpd, " -V\t\t\tUnknown virtual hosts go to "
"`slashdir'");
bozowarn(httpd, " -v virtualroot\tenable virtual host "
@@ -118,7 +123,7 @@ usage(bozohttpd_t *httpd, char *progname
if (have_dirindex)
bozowarn(httpd, " -X\t\t\tdirectory index support");
- if (have_all)
+ if (have_core)
bozowarn(httpd, " -x index\t\tdefault \"index.html\" "
"file name");
@@ -160,7 +165,7 @@ main(int argc, char **argv)
*/
while ((c = getopt(argc, argv,
- "C:EGHI:L:M:P:S:T:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
+ "C:EGHI:L:M:P:R:S:T:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
switch (c) {
case 'b':
@@ -178,15 +183,9 @@ main(int argc, char **argv)
bozo_set_pref(&httpd, &prefs, "background", val);
break;
- case 'c':
- if (!have_cgibin)
- bozoerr(&httpd, 1, "CGI not enabled");
-
- bozo_cgi_setbin(&httpd, optarg);
- break;
-
case 'C':
- if (!have_dynamic_content && !have_cgibin)
+ if (!have_dynamic_content ||
+ !have_cgibin)
bozoerr(&httpd, 1,
"dynamic CGI handler support not enabled");
@@ -197,6 +196,13 @@ main(int argc, char **argv)
argv[optind++]);
break;
+ case 'c':
+ if (!have_cgibin)
+ bozoerr(&httpd, 1, "CGI not enabled");
+
+ bozo_cgi_setbin(&httpd, optarg);
+ break;
+
case 'd':
if (!have_debug)
bozowarn(&httpd, "Debugging not enabled");
@@ -204,8 +210,8 @@ main(int argc, char **argv)
break;
case 'E':
- if (have_user &&
- have_cgibin)
+ if (!have_user ||
+ !have_cgibin)
bozoerr(&httpd, 1, "CGI not enabled");
bozo_set_pref(&httpd, &prefs, "enable user cgibin",
@@ -213,9 +219,6 @@ main(int argc, char **argv)
break;
case 'e':
- if (!have_daemon_mode)
- goto no_daemon_mode;
-
bozo_set_pref(&httpd, &prefs, "dirty environment",
"true");
break;
@@ -299,6 +302,11 @@ main(int argc, char **argv)
bozo_set_pref(&httpd, &prefs, "public_html", optarg);
break;
+ case 'R':
+ bozo_set_pref(&httpd, &prefs, "directory index readme",
+ optarg);
+ break;
+
case 'S':
bozo_set_pref(&httpd, &prefs, "server software",
optarg);
@@ -400,5 +408,7 @@ main(int argc, char **argv)
}
} while (httpd.background);
+ bozo_cleanup(&httpd, &prefs);
+
return (0);
}
Index: src/libexec/httpd/printenv.lua
diff -u src/libexec/httpd/printenv.lua:1.3 src/libexec/httpd/printenv.lua:1.3.8.1
--- src/libexec/httpd/printenv.lua:1.3 Mon Dec 7 03:11:48 2015
+++ src/libexec/httpd/printenv.lua Sat Mar 27 13:38:51 2021
@@ -1,10 +1,10 @@
--- $NetBSD: printenv.lua,v 1.3 2015/12/07 03:11:48 kamil Exp $
+-- $NetBSD: printenv.lua,v 1.3.8.1 2021/03/27 13:38:51 martin Exp $
-- this small Lua script demonstrates the use of Lua in (bozo)httpd
-- it will simply output the "environment"
-- Keep in mind that bozohttpd forks for each request when started in
--- daemon mode, you can set global veriables here, but they will have
+-- daemon mode, you can set global variables here, but they will have
-- the same value on each invocation. You can not keep state between
-- two calls.
@@ -14,6 +14,10 @@
local httpd = require 'httpd'
+function escape_html(s)
+ return s:gsub('&', '&'):gsub('<', '<'):gsub('>', '>'):gsub('"', '"')
+end
+
function printenv(env, headers, query)
-- we get the "environment" in the env table, the values are more
@@ -40,18 +44,18 @@ function printenv(env, headers, query)
httpd.print('<h2>Server Environment</h2>')
-- print the list of "environment" variables
for k, v in pairs(env) do
- httpd.print(k .. '=' .. v .. '<br/>')
+ httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '<br/>')
end
httpd.print('<h2>Request Headers</h2>')
for k, v in pairs(headers) do
- httpd.print(k .. '=' .. v .. '<br/>')
+ httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '<br/>')
end
if query ~= nil then
httpd.print('<h2>Query Variables</h2>')
for k, v in pairs(query) do
- httpd.print(k .. '=' .. v .. '<br/>')
+ httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '<br/>')
end
end
@@ -83,7 +87,7 @@ function form(env, header, query)
end
for k, v in pairs(query) do
- httpd.print(k .. '=' .. v .. '<br/>')
+ httpd.print(escape_html(k) .. '=' .. escape_html(v) .. '<br/>')
end
else
httpd.print('No values')
Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.22.8.2 src/libexec/httpd/ssl-bozo.c:1.22.8.3
--- src/libexec/httpd/ssl-bozo.c:1.22.8.2 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/ssl-bozo.c Sat Mar 27 13:38:51 2021
@@ -1,9 +1,9 @@
-/* $NetBSD: ssl-bozo.c,v 1.22.8.2 2019/06/12 10:32:00 martin Exp $ */
+/* $NetBSD: ssl-bozo.c,v 1.22.8.3 2021/03/27 13:38:51 martin Exp $ */
/* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -40,15 +40,15 @@
#include "bozohttpd.h"
+#ifndef USE_ARG
+#define USE_ARG(x) /*LINTED*/(void)&(x)
+#endif
+
#ifndef NO_SSL_SUPPORT
#include <openssl/ssl.h>
#include <openssl/err.h>
-#ifndef USE_ARG
-#define USE_ARG(x) /*LINTED*/(void)&(x)
-#endif
-
#ifndef BOZO_SSL_CIPHERS
#define BOZO_SSL_CIPHERS \
"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:" \
@@ -287,6 +287,15 @@ bozo_ssl_accept(bozohttpd_t *httpd)
}
void
+bozo_ssl_shutdown(bozohttpd_t *httpd)
+{
+ const sslinfo_t *sslinfo = httpd->sslinfo;
+
+ if (sslinfo && sslinfo->bozossl)
+ SSL_shutdown(sslinfo->bozossl);
+}
+
+void
bozo_ssl_destroy(bozohttpd_t *httpd)
{
const sslinfo_t *sslinfo = httpd->sslinfo;
@@ -319,7 +328,7 @@ bozo_ssl_set_opts(bozohttpd_t *httpd, co
sslinfo->certificate_file,
sslinfo->privatekey_file));
if (!httpd->bindport)
- httpd->bindport = bozostrdup(httpd, NULL, "https");
+ httpd->bindport = bozostrdup(httpd, NULL, BOZO_HTTPS_PORT);
}
void
@@ -343,6 +352,8 @@ bozo_printf(bozohttpd_t *httpd, const ch
va_list args;
int cc;
+ USE_ARG(httpd);
+
va_start(args, fmt);
#ifndef NO_SSL_SUPPORT
if (httpd->sslinfo)
@@ -361,6 +372,7 @@ bozo_read(bozohttpd_t *httpd, int fd, vo
if (httpd->sslinfo)
return bozo_ssl_read(httpd, fd, buf, len);
#endif
+ USE_ARG(httpd);
return read(fd, buf, len);
}
@@ -371,6 +383,7 @@ bozo_write(bozohttpd_t *httpd, int fd, c
if (httpd->sslinfo)
return bozo_ssl_write(httpd, fd, buf, len);
#endif
+ USE_ARG(httpd);
return write(fd, buf, len);
}
@@ -381,5 +394,6 @@ bozo_flush(bozohttpd_t *httpd, FILE *fp)
if (httpd->sslinfo)
return 0;
#endif
+ USE_ARG(httpd);
return fflush(fp);
}
Index: src/libexec/httpd/libbozohttpd/Makefile
diff -u src/libexec/httpd/libbozohttpd/Makefile:1.3 src/libexec/httpd/libbozohttpd/Makefile:1.3.2.1
--- src/libexec/httpd/libbozohttpd/Makefile:1.3 Sun May 21 15:28:41 2017
+++ src/libexec/httpd/libbozohttpd/Makefile Sat Mar 27 13:38:52 2021
@@ -6,8 +6,8 @@
LIB= bozohttpd
COPTS+= -I$(.CURDIR)/..
-COPTS+= -DDO_HTPASSWD
-CPPFLAGS+= -DDO_HTPASSWD
+COPTS+= -DDO_HTPASSWD
+CPPFLAGS+= -DDO_HTPASSWD -DNO_BLOCKLIST_SUPPORT
SRCS= bozohttpd.c ssl-bozo.c auth-bozo.c cgi-bozo.c daemon-bozo.c
SRCS+= tilde-luzah-bozo.c dir-index-bozo.c content-bozo.c
SRCS+= lua-bozo.c
Index: src/libexec/httpd/libbozohttpd/libbozohttpd.3
diff -u src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4 src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4.4.1
--- src/libexec/httpd/libbozohttpd/libbozohttpd.3:1.4 Sat Feb 4 01:32:54 2017
+++ src/libexec/httpd/libbozohttpd/libbozohttpd.3 Sat Mar 27 13:38:52 2021
@@ -1,8 +1,8 @@
-.\" $NetBSD: libbozohttpd.3,v 1.4 2017/02/04 01:32:54 mrg Exp $
+.\" $NetBSD: libbozohttpd.3,v 1.4.4.1 2021/03/27 13:38:52 martin Exp $
.\"
.\" $eterna: libbozohttpd.3,v 1.2 2010/05/10 02:48:23 mrg Exp $
.\"
-.\" Copyright (c) 2009 The NetBSD Foundation, Inc.
+.\" Copyright (c) 2009, 2021 The NetBSD Foundation, Inc.
.\" All rights reserved.
.\"
.\" This manual page is derived from software contributed to The
@@ -29,7 +29,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd February 2, 2017
+.Dd February 11, 2021
.Dt LIBBOZOHTTPD 3
.Os
.Sh NAME
@@ -67,6 +67,10 @@
.Fo bozo_clean_request
.Fa "bozo_httpreq_t *"
.Fc
+.Ft void
+.Fo bozo_cleanup
+.Fa "bozohttpd_t *httpd" "bozoprefs_t *prefs"
+.Fc
.Sh DESCRIPTION
.Nm
is a library interface to the
@@ -124,6 +128,9 @@ and queried using the two
function.
This is the main interface for selecting options, and for
setting preferences.
+The memory allocated by
+.Fn bozo_setup
+for both the httpd structure and the preferences will be freed.
.Sh SEE ALSO
.Xr gethostname 3 ,
.Xr ssl 3 ,
Index: src/libexec/httpd/small/Makefile
diff -u src/libexec/httpd/small/Makefile:1.3 src/libexec/httpd/small/Makefile:1.3.16.1
--- src/libexec/httpd/small/Makefile:1.3 Thu Jul 17 06:24:57 2014
+++ src/libexec/httpd/small/Makefile Sat Mar 27 13:38:52 2021
@@ -9,7 +9,7 @@ LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPP
-DNO_CGIBIN_SUPPORT -DNO_DIRINDEX_SUPPORT \
-DNO_DAEMON_MODE -DNO_DYNAMIC_CONTENT \
-DNO_SSL_SUPPORT -UDO_HTPASSWD \
- -DNO_LUA_SUPPORT
+ -DNO_LUA_SUPPORT -DNO_BLOCKLIST_SUPPORT
CFLAGS= -I$(.CURDIR)/.. ${LEAN_IFDEF_FLAGS}
Index: src/libexec/httpd/testsuite/Makefile
diff -u src/libexec/httpd/testsuite/Makefile:1.7.4.2 src/libexec/httpd/testsuite/Makefile:1.7.4.3
--- src/libexec/httpd/testsuite/Makefile:1.7.4.2 Wed Jun 12 10:32:00 2019
+++ src/libexec/httpd/testsuite/Makefile Sat Mar 27 13:38:52 2021
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.7.4.2 2019/06/12 10:32:00 martin Exp $
+# $NetBSD: Makefile,v 1.7.4.3 2021/03/27 13:38:52 martin Exp $
# $eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $
-SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15
+SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15 t16 t17 t18
CGITESTS= t11
BIGFILETESTS= partial4000 partial8000
Added files:
Index: src/libexec/httpd/testsuite/t16.in
Binary files are different
Index: src/libexec/httpd/testsuite/t17.in
Binary files are different
Index: src/libexec/httpd/testsuite/t18.in
Binary files are different
Index: src/libexec/httpd/testsuite/t16.out
diff -u /dev/null src/libexec/httpd/testsuite/t16.out:1.1.4.2
--- /dev/null Sat Mar 27 13:38:52 2021
+++ src/libexec/httpd/testsuite/t16.out Sat Mar 27 13:38:52 2021
@@ -0,0 +1,11 @@
+HTTP/1.1 404 Not Found
+Content-Type: text/html
+Content-Length: 251
+Server: bozohttpd/20201014
+Allow: GET, HEAD, POST
+
+<html><head><title>404 Not Found</title></head>
+<body><h1>404 Not Found</h1>
+/: <pre>This item has not been found</pre>
+<hr><address><a href="//yesterday-when-i-was-mad.eterna23.net/">yesterday-when-i-was-mad.eterna23.net</a></address>
+</body></html>
Index: src/libexec/httpd/testsuite/t17.out
diff -u /dev/null src/libexec/httpd/testsuite/t17.out:1.1.4.2
--- /dev/null Sat Mar 27 13:38:52 2021
+++ src/libexec/httpd/testsuite/t17.out Sat Mar 27 13:38:52 2021
@@ -0,0 +1,2 @@
+HTTP/0.9 200 OK
+this is the bozohttpd testsuite ./data/index.html file
Index: src/libexec/httpd/testsuite/t18.out
diff -u /dev/null src/libexec/httpd/testsuite/t18.out:1.1.4.2
--- /dev/null Sat Mar 27 13:38:52 2021
+++ src/libexec/httpd/testsuite/t18.out Sat Mar 27 13:38:52 2021
@@ -0,0 +1,10 @@
+HTTP/0.9 403 Forbidden
+Content-Type: text/html
+Content-Length: 260
+Server: bozohttpd/20201014
+
+<html><head><title>403 Forbidden</title></head>
+<body><h1>403 Forbidden</h1>
+/..: <pre>Access to this item has been denied</pre>
+<hr><address><a href="//yesterday-when-i-was-mad.eterna23.net/">yesterday-when-i-was-mad.eterna23.net</a></address>
+</body></html>
