Module Name: src
Committed By: shm
Date: Tue Jul 1 13:41:21 UTC 2014
Modified Files:
src/libexec/httpd: bozohttpd.c
Log Message:
* bozo_clean_request free(3) clean up (removed needless checks)
* HEAD method no longer returns response body on error
* fixed bug with multiple bozo_http_error calls caused by fix_url_percent
OK @mrg
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/bozohttpd.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.50 src/libexec/httpd/bozohttpd.c:1.51
--- src/libexec/httpd/bozohttpd.c:1.50 Sat May 17 05:50:46 2014
+++ src/libexec/httpd/bozohttpd.c Tue Jul 1 13:41:21 2014
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.50 2014/05/17 05:50:46 mrg Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.51 2014/07/01 13:41:21 shm Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -333,16 +333,14 @@ bozo_clean_request(bozo_httpreq_t *reque
bozo_ssl_destroy(request->hr_httpd);
/* clean up request */
-#define MF(x) if (request->x) free(request->x)
- MF(hr_remotehost);
- MF(hr_remoteaddr);
- MF(hr_serverport);
- MF(hr_virthostname);
- MF(hr_file);
- MF(hr_oldfile);
- MF(hr_query);
- MF(hr_host);
-#undef MF
+ free(request->hr_remotehost);
+ free(request->hr_remoteaddr);
+ free(request->hr_serverport);
+ free(request->hr_virthostname);
+ free(request->hr_file);
+ free(request->hr_oldfile);
+ free(request->hr_query);
+ free(request->hr_host);
bozo_auth_cleanup(request);
for (hdr = SIMPLEQ_FIRST(&request->hr_headers); hdr;
hdr = SIMPLEQ_NEXT(hdr, h_next)) {
@@ -1199,7 +1197,7 @@ check_bzredirect(bozo_httpreq_t *request
}
/* this fixes the %HH hack that RFC2396 requires. */
-static void
+static int
fix_url_percent(bozo_httpreq_t *request)
{
bozohttpd_t *httpd = request->hr_httpd;
@@ -1212,7 +1210,7 @@ fix_url_percent(bozo_httpreq_t *request)
/* fast forward to the first % */
if ((s = strchr(url, '%')) == NULL)
- return;
+ return 0;
t = s;
do {
@@ -1229,17 +1227,17 @@ fix_url_percent(bozo_httpreq_t *request)
if (s[1] == '\0' || s[2] == '\0') {
(void)bozo_http_error(httpd, 400, request,
"percent hack missing two chars afterwards");
- goto copy_rest;
+ return 1;
}
if (s[1] == '0' && s[2] == '0') {
(void)bozo_http_error(httpd, 404, request,
"percent hack was %00");
- goto copy_rest;
+ return 1;
}
if (s[1] == '2' && s[2] == 'f') {
(void)bozo_http_error(httpd, 404, request,
"percent hack was %2f (/)");
- goto copy_rest;
+ return 1;
}
buf[0] = *++s;
@@ -1252,7 +1250,7 @@ fix_url_percent(bozo_httpreq_t *request)
if (*t++ == '\0') {
(void)bozo_http_error(httpd, 400, request,
"percent hack got a 0 back");
- goto copy_rest;
+ return 1;
}
while (*s && *s != '%') {
@@ -1261,15 +1259,12 @@ fix_url_percent(bozo_httpreq_t *request)
*t++ = *s++;
}
} while (*s);
-copy_rest:
- while (*s) {
- if (s >= end)
- break;
- *t++ = *s++;
- }
*t = '\0';
+
debug((httpd, DEBUG_FAT, "fix_url_percent returns %s in url",
request->hr_file));
+
+ return 0;
}
/*
@@ -1299,7 +1294,9 @@ transform_request(bozo_httpreq_t *reques
file = NULL;
*isindex = 0;
debug((httpd, DEBUG_FAT, "tf_req: file %s", request->hr_file));
- fix_url_percent(request);
+ if (fix_url_percent(request)) {
+ goto bad_done;
+ }
if (check_virtual(request)) {
goto bad_done;
}
@@ -1918,7 +1915,9 @@ bozo_http_error(bozohttpd_t *httpd, int
if (request && request->hr_allow)
bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
bozo_printf(httpd, "\r\n");
- if (size)
+ /* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a
+ * message-body in the response */
+ if (size && request && request->hr_method != HTTP_HEAD)
bozo_printf(httpd, "%s", httpd->errorbuf);
bozo_flush(httpd, stdout);
