Bertrand Janin wrote :
> Philip Guenther wrote :
> > On Mon, Nov 24, 2014 at 11:24 AM, Florian Obser <flor...@openbsd.org> wrote:
> > ...
> > > Since we are probably not supposed to send a "Content-Type" header I
> > > think it makes sense to duplicate the httpmsg generating code in this
> > > case;
> >
> > If a GET of that resource would have a Content-Type, then the HEAD of
> > it should have one. Per RFC 2616, HEAD and GET should return the same
> > header fields and only differ by HEAD leaving out the body.
>
> Here is an updated patch which fix the leak identified by Florian, ensures the
> headers are identical with HEAD and non-HEAD methods and adds Content-Length.
Replaced strlen() with the output from asprintf(), any comments?
Index: usr.sbin/httpd/server_http.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.54
diff -u -p -r1.54 server_http.c
--- usr.sbin/httpd/server_http.c 25 Oct 2014 03:23:49 -0000 1.54
+++ usr.sbin/httpd/server_http.c 26 Nov 2014 03:05:48 -0000
@@ -665,10 +665,11 @@ server_abort_http(struct client *clt, u_
struct server *srv = clt->clt_srv;
struct server_config *srv_conf = &srv->srv_conf;
struct bufferevent *bev = clt->clt_bev;
- const char *httperr = NULL, *text = "";
- char *httpmsg, *extraheader = NULL;
+ struct http_descriptor *desc = clt->clt_descreq;
+ const char *httperr = NULL, *style;
+ char *httpmsg, *body = NULL, *extraheader = NULL;
char tmbuf[32], hbuf[128];
- const char *style;
+ int bodylen;
if ((httperr = server_httperror_byid(code)) == NULL)
httperr = "Unknown Error";
@@ -710,15 +711,9 @@ server_abort_http(struct client *clt, u_
style = "body { background-color: white; color: black; font-family: "
"'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; }\n"
"hr { border: 0; border-bottom: 1px dashed; }\n";
- /* Generate simple HTTP+HTML error document */
- if (asprintf(&httpmsg,
- "HTTP/1.0 %03d %s\r\n"
- "Date: %s\r\n"
- "Server: %s\r\n"
- "Connection: close\r\n"
- "Content-Type: text/html\r\n"
- "%s"
- "\r\n"
+
+ /* Generate simple HTML error document */
+ if ((bodylen = asprintf(&body,
"<!DOCTYPE HTML PUBLIC "
"\"-//W3C//DTD HTML 4.01 Transitional//EN\">\n"
"<html>\n"
@@ -728,14 +723,26 @@ server_abort_http(struct client *clt, u_
"</head>\n"
"<body>\n"
"<h1>%03d %s</h1>\n"
- "<div id='m'>%s</div>\n"
"<hr>\n<address>%s</address>\n"
"</body>\n"
"</html>\n",
- code, httperr, tmbuf, HTTPD_SERVERNAME,
+ code, httperr, style, code, httperr, HTTPD_SERVERNAME)) == -1)
+ goto done;
+
+ /* Add basic HTTP headers */
+ if (asprintf(&httpmsg,
+ "HTTP/1.0 %03d %s\r\n"
+ "Date: %s\r\n"
+ "Server: %s\r\n"
+ "Connection: close\r\n"
+ "Content-Type: text/html\r\n"
+ "Content-Length: %d\r\n"
+ "%s"
+ "\r\n"
+ "%s",
+ code, httperr, tmbuf, HTTPD_SERVERNAME, bodylen,
extraheader == NULL ? "" : extraheader,
- code, httperr, style, code, httperr, text,
- HTTPD_SERVERNAME) == -1)
+ desc->http_method == HTTP_METHOD_HEAD ? "" : body) == -1)
goto done;
/* Dump the message without checking for success */
@@ -743,6 +750,7 @@ server_abort_http(struct client *clt, u_
free(httpmsg);
done:
+ free(body);
free(extraheader);
if (asprintf(&httpmsg, "%s (%03d %s)", msg, code, httperr) == -1) {
server_close(clt, msg);
