httpd

matthew green Mon, 28 Dec 2015 20:22:12 -0800

Module Name:    src
Committed By:   mrg
Date:           Tue Dec 29 04:21:46 UTC 2015


Modified Files:
        src/libexec/httpd: bozohttpd.c bozohttpd.h cgi-bozo.c dir-index-bozo.c

Log Message:
- convert most asprintf() calls to bozoasprintf().
- don't call getpwuid(0) if we don't need to, or fail it it fails,
  and remove the 'username' member of bozohttpd_t since it is not
  used outside of bozo_setup().


To generate a diff of this commit:
cvs rdiff -u -r1.74 -r1.75 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.74 src/libexec/httpd/bozohttpd.c:1.75
--- src/libexec/httpd/bozohttpd.c:1.74	Mon Dec 28 07:37:59 2015
+++ src/libexec/httpd/bozohttpd.c	Tue Dec 29 04:21:46 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.74 2015/12/28 07:37:59 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.75 2015/12/29 04:21:46 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -383,11 +383,7 @@ addmerge_header(bozo_httpreq_t *request,
 		/* yup, merge it in */
 		char *nval;
 
-		if (asprintf(&nval, "%s, %s", hdr->h_value, str) == -1) {
-			(void)bozo_http_error(httpd, 500, NULL,
-			     "memory allocation failure");
-			return NULL;
-		}
+		bozoasprintf(httpd, &nval, "%s, %s", hdr->h_value, str);
 		free(hdr->h_value);
 		hdr->h_value = nval;
 	} else {
@@ -955,9 +951,9 @@ handle_redirect(bozo_httpreq_t *request,
 		const char *s;
 
 		/*
-		 * absolute redirect may specify own protocol i.e. to redirect to
-		 * another schema like https:// or ftp://. Details: RFC 3986, section
-		 * 3.
+		 * absolute redirect may specify own protocol i.e. to redirect
+		 * to another schema like https:// or ftp://.
+		 * Details: RFC 3986, section 3.
 		 */
 
 		/* 1. check if url contains :// */
@@ -969,8 +965,8 @@ handle_redirect(bozo_httpreq_t *request,
 		 */
 		if (sep) {
 			for (s = url; s != sep;) {
-				if (!isalnum((int)*s) && *s != '+' && *s != '-' &&
-					*s != '.')
+				if (!isalnum((int)*s) &&
+				    *s != '+' && *s != '-' && *s != '.')
 					break;
 				if (++s == sep) {
 					absproto = 1;
@@ -2223,7 +2219,6 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
 
 	if (vhost == NULL) {
 		httpd->virthostname = bozomalloc(httpd, MAXHOSTNAMELEN+1);
-		/* XXX we do not check for FQDN here */
 		if (gethostname(httpd->virthostname, MAXHOSTNAMELEN+1) < 0)
 			bozoerr(httpd, 1, "gethostname");
 		httpd->virthostname[MAXHOSTNAMELEN] = '\0';
@@ -2298,20 +2293,16 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
 	bozo_ssl_init(httpd);
 	bozo_daemon_init(httpd);
 
-	if ((username = bozo_get_pref(prefs, "username")) == NULL) {
-		if ((pw = getpwuid(uid = 0)) == NULL)
-			bozoerr(httpd, 1, "getpwuid(0): %s", strerror(errno));
-		httpd->username = bozostrdup(httpd, NULL, pw->pw_name);
-	} else {
-		httpd->username = bozostrdup(httpd, NULL, username);
-		if ((pw = getpwnam(httpd->username)) == NULL)
-			bozoerr(httpd, 1, "getpwnam(%s): %s", httpd->username,
-					strerror(errno));
+	username = bozo_get_pref(prefs, "username");
+	if (username != NULL) {
+		if ((pw = getpwnam(username)) == NULL)
+			bozoerr(httpd, 1, "getpwnam(%s): %s", username,
+				strerror(errno));
 		if (initgroups(pw->pw_name, pw->pw_gid) == -1)
 			bozoerr(httpd, 1, "initgroups: %s", strerror(errno));
 		if (setgid(pw->pw_gid) == -1)
 			bozoerr(httpd, 1, "setgid(%u): %s", pw->pw_gid,
-					strerror(errno));
+				strerror(errno));
 		uid = pw->pw_uid;
 	}
 	/*
@@ -2327,10 +2318,8 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
 				strerror(errno));
 	}
 
-	if (username != NULL)
-		if (setuid(uid) == -1)
-			bozoerr(httpd, 1, "setuid(%d): %s", uid,
-					strerror(errno));
+	if (username != NULL && setuid(uid) == -1)
+		bozoerr(httpd, 1, "setuid(%d): %s", uid, strerror(errno));
 
 	/*
 	 * prevent info leakage between different compartments.

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.42 src/libexec/httpd/bozohttpd.h:1.43
--- src/libexec/httpd/bozohttpd.h:1.42	Mon Dec 28 07:37:59 2015
+++ src/libexec/httpd/bozohttpd.h	Tue Dec 29 04:21:46 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.42 2015/12/28 07:37:59 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.43 2015/12/29 04:21:46 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -90,7 +90,6 @@ typedef struct bozo_consts_t {
 /* this structure encapsulates all the bozo flags and control vars */
 typedef struct bozohttpd_t {
 	char		*rootdir;	/* root directory */
-	char		*username;	/* username to switch to */
 	int		 numeric;	/* avoid gethostby*() */
 	char		*virtbase;	/* virtual directory base */
 	int		 unknown_slash;	/* unknown vhosts go to normal slashdir */

Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.30 src/libexec/httpd/cgi-bozo.c:1.31
--- src/libexec/httpd/cgi-bozo.c:1.30	Mon Dec 28 07:37:59 2015
+++ src/libexec/httpd/cgi-bozo.c	Tue Dec 29 04:21:46 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: cgi-bozo.c,v 1.30 2015/12/28 07:37:59 mrg Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.31 2015/12/29 04:21:46 mrg Exp $	*/
 
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -274,7 +274,7 @@ bozo_process_cgi(bozo_httpreq_t *request
 	if (uri[0] == '/')
 		file = bozostrdup(httpd, request, uri);
 	else
-		asprintf(&file, "/%s", uri);
+		bozoasprintf(httpd, &file, "/%s", uri);
 	if (file == NULL)
 		return 0;
 
@@ -283,7 +283,10 @@ bozo_process_cgi(bozo_httpreq_t *request
 	else
 		query = NULL;
 
-	asprintf(&url, "%s%s%s", file, query ? "?" : "", query ? query : "");
+	bozoasprintf(httpd, &url, "%s%s%s",
+		     file,
+		     query ? "?" : "",
+		     query ? query : "");
 	if (url == NULL)
 		goto out;
 	debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: url `%s'", url));
@@ -420,8 +423,8 @@ bozo_process_cgi(bozo_httpreq_t *request
 		bozo_setenv(httpd, "REMOTE_ADDR", request->hr_remoteaddr,
 				curenvp++);
 	/*
-	 * XXX Apache does this when invoking content handlers, and PHP
-	 * XXX 5.3 requires it as a "security" measure.
+	 * Apache does this when invoking content handlers, and PHP
+	 * 5.3 requires it as a "security" measure.
 	 */
 	if (cgihandler)
 		bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++);

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.24 src/libexec/httpd/dir-index-bozo.c:1.25
--- src/libexec/httpd/dir-index-bozo.c:1.24	Mon Dec 28 07:37:59 2015
+++ src/libexec/httpd/dir-index-bozo.c	Tue Dec 29 04:21:46 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.24 2015/12/28 07:37:59 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.25 2015/12/29 04:21:46 mrg Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -110,9 +110,8 @@ bozo_dir_index(bozo_httpreq_t *request, 
 
 #ifndef NO_USER_SUPPORT
 	if (request->hr_user) {
-		if (asprintf(&printname, "~%s/%s", request->hr_user,
-		  request->hr_file) < 0)
-			bozoerr(httpd, 1, "asprintf");
+		bozoasprintf(httpd, &printname, "~%s/%s",
+			     request->hr_user, request->hr_file);
 	} else
 		printname = bozostrdup(httpd, request, request->hr_file);
 #else

CVS commit: src/libexec/httpd

Reply via email to