httpd

matthew green Thu, 11 Jul 2013 00:45:18 -0700

Module Name:    src
Committed By:   mrg
Date:           Thu Jul 11 07:44:19 UTC 2013


Modified Files:
        src/libexec/httpd: CHANGES bozohttpd.8 bozohttpd.c bozohttpd.h
            content-bozo.c dir-index-bozo.c

Log Message:
- update CHANGES with recent changes
- export esacpe_html() and use it in directory indexing
- update manual to include recent contributors


To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.39 -r1.40 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.7 -r1.8 src/libexec/httpd/content-bozo.c
cvs rdiff -u -r1.15 -r1.16 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.12 src/libexec/httpd/CHANGES:1.13
--- src/libexec/httpd/CHANGES:1.12	Thu Jul 19 09:53:06 2012
+++ src/libexec/httpd/CHANGES	Thu Jul 11 07:44:19 2013
@@ -1,6 +1,10 @@
 $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
 
 changes since bozohttpd 20111118:
+	o  properly escape generated HTML
+	o  add authentication for redirections, from mar...@netbsd.org
+	o  handle chained ssl certifications, from el...@netbsd.org
+	o  add basic support for gzipped files, from el...@netbsd.org
 	o  properly escape generated URIs
 
 changes since bozohttpd 20100920:

Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.36 src/libexec/httpd/bozohttpd.8:1.37
--- src/libexec/httpd/bozohttpd.8:1.36	Sat Mar  2 16:45:31 2013
+++ src/libexec/httpd/bozohttpd.8	Thu Jul 11 07:44:19 2013
@@ -1,8 +1,8 @@
-.\"	$NetBSD: bozohttpd.8,v 1.36 2013/03/02 16:45:31 ryoon Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.37 2013/07/11 07:44:19 mrg Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2010 Matthew R. Green
+.\" Copyright (c) 1997-2013 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd February 20, 2012
+.Dd June 11, 2013
 .Dt HTTPD 8
 .Os
 .Sh NAME
@@ -485,7 +485,7 @@ The focus has always been simplicity and
 and regular code audits.
 This manual documents
 .Nm
-version 20100920.
+version 20130711.
 .Sh AUTHORS
 .Nm
 was written by Matthew R. Green
@@ -531,13 +531,17 @@ Alistair G. Crooks
 cleaned up many internal interfaces, made bozohttpd linkable as a
 library and provided the lua binding.
 .It
+Roland Dowdeswell
+.Aq el...@netbsd.org
+added support for serving gzipped files and better SSL handling
+.It
 Jun-ichiro itojun Hagino, KAME
 .Aq ito...@iijlab.net
 provided initial IPv6 support
 .It
 Martin Husemann
 .Aq mar...@netbsd.org
-provided .bzabsredirect support
+provided .bzabsredirect support, and fixed various redirection issues
 .It
 Arto Huusko
 .Aq arto.huu...@pp2.inet.fi
@@ -555,6 +559,10 @@ Nicolas Jombart
 .Aq e...@ipv42.net
 provided fixes for HTTP basic authorisation support
 .It
+Antti Kantee
+.Aq po...@netbsd.org
+provided fixes for HTTP basic authorisation support
+.It
 Thomas Klausner
 .Aq w...@danbala.ifoer.tuwien.ac.at
 provided many fixes and enhancements for the man page
@@ -563,6 +571,12 @@ Johnny Lam
 .Aq j...@netbsd.org
 provided man page fixes
 .It
+Julio Merino
+.Aq j...@netbsd.org
+Added the
+.Fl P
+option.
+.It
 Luke Mewburn
 .Aq lu...@netbsd.org
 provided many various fixes, including cgi-bin fixes and enhancements,
@@ -590,6 +604,10 @@ provided the
 .Fl V
 option.
 .It
+Thor Lancelot Simon
+.Aq t...@netbsd.org
+enhanced cgi-bin support.
+.It
 Joerg Sonnenberger
 .Aq jo...@netbsd.org
 implemented If-Modified-Since support

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.39 src/libexec/httpd/bozohttpd.c:1.40
--- src/libexec/httpd/bozohttpd.c:1.39	Thu Jun 27 13:11:11 2013
+++ src/libexec/httpd/bozohttpd.c	Thu Jul 11 07:44:19 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.39 2013/06/27 13:11:11 martin Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.40 2013/07/11 07:44:19 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20111118"
+#define SERVER_SOFTWARE		"bozohttpd/20130711"
 #endif
 #ifndef DIRECT_ACCESS_FILE
 #define DIRECT_ACCESS_FILE	".bzdirect"
@@ -854,7 +854,7 @@ parse_http_date(const char *val, time_t 
  * to be updated for any sort of parallel processing.
  */
 char *
-escape_rfc3986(bozohttpd_t *httpd, const char *url)
+bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url)
 {
 	static char *buf;
 	static size_t buflen = 0;
@@ -965,7 +965,7 @@ handle_redirect(bozo_httpreq_t *request,
 		url = urlbuf;
 	} else
 		urlbuf = NULL;
-	url = escape_rfc3986(request->hr_httpd, url);
+	url = bozo_escape_rfc3986(request->hr_httpd, url);
 
 	if (request->hr_query && strlen(request->hr_query))
 		query = 1;
@@ -1083,7 +1083,7 @@ check_virtual(bozo_httpreq_t *request)
 					/* found it, punch it */
 					debug((httpd, DEBUG_OBESE, "found it punch it"));
 					request->hr_virthostname =
-					    bozostrdup(httpd,d->d_name);
+					    bozostrdup(httpd, d->d_name);
 					if (asprintf(&s, "%s/%s", httpd->virtbase,
 					    request->hr_virthostname) < 0)
 						bozo_err(httpd, 1, "asprintf");
@@ -1739,12 +1739,20 @@ bozo_err(bozohttpd_t *httpd, int code, c
 	exit(code);
 }
 
-/* this escape HTML tags */
-static void
-escape_html(bozo_httpreq_t *request)
+/*
+ * this escapes HTML tags.  returns allocated escaped
+ * string if needed, or NULL on allocation failure or
+ * lack of escape need.
+ * call with NULL httpd in error paths, to avoid recursive
+ * malloc failure.  call with valid httpd in normal paths
+ * to get automatic allocation failure handling.
+ */
+char *
+bozo_escape_html(bozohttpd_t *httpd, const char *url)
 {
 	int	i, j;
-	char	*url = request->hr_file, *tmp;
+	char	*tmp;
+	size_t	len;
 
 	for (i = 0, j = 0; url[i]; i++) {
 		switch (url[i]) {
@@ -1759,16 +1767,17 @@ escape_html(bozo_httpreq_t *request)
 	}
 
 	if (j == 0)
-		return;
+		return NULL;
 
-	if ((tmp = (char *) malloc(strlen(url) + j)) == 0)
-		/*
-		 * ouch, but we are only called from an error context, and
-		 * most paths here come from malloc(3) failures anyway...
-		 * we could completely punt and just exit, but isn't returning
-		 * an not-quite-correct error better than nothing at all?
-		 */
-		return;
+	/*
+	 * we need to handle being called from different
+	 * pathnames.
+	 */
+	len = strlen(url) + j;
+	if (httpd)
+		tmp = bozomalloc(httpd, len);
+	else if ((tmp = malloc(len)) == 0)
+			return NULL;
 
 	for (i = 0, j = 0; url[i]; i++) {
 		switch (url[i]) {
@@ -1790,8 +1799,7 @@ escape_html(bozo_httpreq_t *request)
 	}
 	tmp[j] = 0;
 
-	free(request->hr_file);
-	request->hr_file = tmp;
+	return tmp;
 }
 
 /* short map between error code, and short/long messages */
@@ -1865,14 +1873,19 @@ bozo_http_error(bozohttpd_t *httpd, int 
 		portbuf[0] = '\0';
 
 	if (request && request->hr_file) {
-		escape_html(request);
+		char *file = NULL;
+
+		/* bozo_escape_html() failure here is just too bad. */
+		file = bozo_escape_html(NULL, request->hr_file);
+		if (file == NULL)
+			file = request->hr_file;
 		size = snprintf(httpd->errorbuf, BUFSIZ,
 		    "<html><head><title>%s</title></head>\n"
 		    "<body><h1>%s</h1>\n"
 		    "%s: <pre>%s</pre>\n"
  		    "<hr><address><a href=\"http://%s%s/\";>%s%s</a></address>\n"
 		    "</body></html>\n",
-		    header, header, request->hr_file, reason,
+		    header, header, file, reason,
 		    hostname, portbuf, hostname, portbuf);
 		if (size >= (int)BUFSIZ) {
 			bozo_warn(httpd,

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.24 src/libexec/httpd/bozohttpd.h:1.25
--- src/libexec/httpd/bozohttpd.h:1.24	Thu Jun 27 10:01:31 2013
+++ src/libexec/httpd/bozohttpd.h	Thu Jul 11 07:44:19 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.24 2013/06/27 10:01:31 martin Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.25 2013/07/11 07:44:19 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -193,7 +193,8 @@ int	bozo_http_error(bozohttpd_t *, int, 
 int	bozo_check_special_files(bozo_httpreq_t *, const char *);
 char	*bozo_http_date(char *, size_t);
 void	bozo_print_header(bozo_httpreq_t *, struct stat *, const char *, const char *);
-char	*escape_rfc3986(bozohttpd_t *httpd, const char *url);
+char	*bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url);
+char	*bozo_escape_html(bozohttpd_t *httpd, const char *url);
 
 char	*bozodgetln(bozohttpd_t *, int, ssize_t *, ssize_t (*)(bozohttpd_t *, int, void *, size_t));
 char	*bozostrnsep(char **, const char *, ssize_t *);

Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.7 src/libexec/httpd/content-bozo.c:1.8
--- src/libexec/httpd/content-bozo.c:1.7	Fri Nov 18 09:51:31 2011
+++ src/libexec/httpd/content-bozo.c	Thu Jul 11 07:44:19 2013
@@ -1,9 +1,9 @@
-/*	$NetBSD: content-bozo.c,v 1.7 2011/11/18 09:51:31 mrg Exp $	*/
+/*	$NetBSD: content-bozo.c,v 1.8 2013/07/11 07:44:19 mrg Exp $	*/
 
 /*	$eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
 /*
- * Copyright (c) 1997-2011 Matthew R. Green
+ * Copyright (c) 1997-2013 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -73,6 +73,7 @@ static bozo_content_map_t static_content
 	{ ".z",		2, "unknown",			"x-pack",	"x-pack", NULL },
 	{ ".bz2",	4, "application/x-bzip2",	"x-bzip2",	"x-bzip2", NULL },
 	{ ".ogg",	4, "application/x-ogg",		"",		"", NULL },
+	{ ".mkv",	4, "video/x-matroska",		"",		"", NULL },
 	{ ".xbel",	5, "text/xml",			"",		"", NULL },
 	{ ".xml",	4, "text/xml",			"",		"", NULL },
 	{ ".xsl",	4, "text/xml",			"",		"", NULL },

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.15 src/libexec/httpd/dir-index-bozo.c:1.16
--- src/libexec/httpd/dir-index-bozo.c:1.15	Thu Jul 19 09:53:06 2012
+++ src/libexec/httpd/dir-index-bozo.c	Thu Jul 11 07:44:19 2013
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.15 2012/07/19 09:53:06 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.16 2013/07/11 07:44:19 mrg Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -127,7 +127,7 @@ bozo_dir_index(bozo_httpreq_t *request, 
 	    j--; de++) {
 		int nostat = 0;
 		char *name = (*de)->d_name;
-		char *urlname;
+		char *urlname, *htmlname;
 
 		if (strcmp(name, ".") == 0 ||
 		    (strcmp(name, "..") != 0 &&
@@ -140,21 +140,26 @@ bozo_dir_index(bozo_httpreq_t *request, 
 
 		l = 0;
 
-		urlname = escape_rfc3986(httpd, name);
+		urlname = bozo_escape_rfc3986(httpd, name);
+		htmlname = bozo_escape_html(httpd, name);
+		if (htmlname == NULL)
+			htmlname = name;
 		if (strcmp(name, "..") == 0) {
 			bozo_printf(httpd, "<a href=\"../\">");
 			l += bozo_printf(httpd, "Parent Directory");
 		} else if (S_ISDIR(sb.st_mode)) {
 			bozo_printf(httpd, "<a href=\"%s/\">", urlname);
-			l += bozo_printf(httpd, "%s/", name);
+			l += bozo_printf(httpd, "%s/", htmlname);
 		} else if (strchr(name, ':') != NULL) {
 			/* RFC 3986 4.2 */
 			bozo_printf(httpd, "<a href=\"./%s\">", urlname);
-			l += bozo_printf(httpd, "%s", name);
+			l += bozo_printf(httpd, "%s", htmlname);
 		} else {
 			bozo_printf(httpd, "<a href=\"%s\">", urlname);
-			l += bozo_printf(httpd, "%s", name);
+			l += bozo_printf(httpd, "%s", htmlname);
 		}
+		if (htmlname != name)
+			free(htmlname);
 		bozo_printf(httpd, "</a>");
 
 		/* NAMELEN spaces */

CVS commit: src/libexec/httpd

Reply via email to