Pull up following revision(s) (requested by mrg in ticket #1659): libexec/httpd/main.c: revision 1.22 libexec/httpd/CHANGES: revision 1.29 libexec/httpd/cgi-bozo.c: revision 1.45 libexec/httpd/bozohttpd.h: revision 1.57 libexec/httpd/CHANGES: revision 1.30 libexec/httpd/bozohttpd.c: revision 1.97 libexec/httpd/bozohttpd.c: revision 1.98 libexec/httpd/bozohttpd.c: revision 1.99 one semicolon is usually enough. - appease lint - add FALLTHROUGH comment - one return is usually enough. - avoid c99ism. - fix -X option parsing. noted by Rajeev V. Pillai. - add option fixes here. - normalise some messages.diff -r1.19.2.1.2.4 -r1.19.2.1.2.5 src/libexec/httpd/CHANGES
(martin)
--- src/libexec/httpd/CHANGES 2018/11/24 17:23:47 1.19.2.1.2.4
+++ src/libexec/httpd/CHANGES 2018/11/28 19:57:50 1.19.2.1.2.5
@@ -1,25 +1,28 @@ | @@ -1,25 +1,28 @@ | |||
1 | $NetBSD: CHANGES,v 1.19.2.1.2.4 2018/11/24 17:23:47 martin Exp $ | 1 | $NetBSD: CHANGES,v 1.19.2.1.2.5 2018/11/28 19:57:50 martin Exp $ | |
2 | ||||
3 | changes in bozohttpd 20181125: | |||
4 | o fixes for option parsing introduced in bozohttpd 20181123 | |||
2 | 5 | |||
3 | changes in bozohttpd 20181121: | 6 | changes in bozohttpd 20181121: | |
4 | o add url remap support via .bzremap file, from martin@netbsd.org | 7 | o add url remap support via .bzremap file, from martin@netbsd.org | |
5 | o handle redirections for any protocol, not just http: | 8 | o handle redirections for any protocol, not just http: | |
6 | o fix a denial of service attack against header contents, which | 9 | o fix a denial of service attack against header contents, which | |
7 | is now bounded at 16KiB. reported by JP | 10 | is now bounded at 16KiB. reported by JP | |
8 | o reduce default timeouts, and add expand timeouts to handle the | 11 | o reduce default timeouts, and add expand timeouts to handle the | |
9 | initial line, each header, and the total time spent | 12 | initial line, each header, and the total time spent | |
10 | o add -T option to expose new timeout settings | 13 | o add -T option to expose new timeout settings | |
11 | o minor RFC fixes related to timeout handling | 14 | o minor RFC fixes related to timeout handling | |
12 | o fix special file (.htpasswd, .bz*) bypass. reported by JP. | 15 | o fix special file (.htpasswd, .bz*) bypass. reported by JP | |
13 | 16 | |||
14 | changes in bozohttpd 20170201: | 17 | changes in bozohttpd 20170201: | |
15 | o fix an infinite loop in cgi processing | 18 | o fix an infinite loop in cgi processing | |
16 | o fixes and clean up for the testsuite | 19 | o fixes and clean up for the testsuite | |
17 | o no longer sends encoding header for compressed formats | 20 | o no longer sends encoding header for compressed formats | |
18 | 21 | |||
19 | changes in bozohttpd 20160517: | 22 | changes in bozohttpd 20160517: | |
20 | o add a bozo_get_version() function which returns the version number | 23 | o add a bozo_get_version() function which returns the version number | |
21 | 24 | |||
22 | changes in bozohttpd 20160415: | 25 | changes in bozohttpd 20160415: | |
23 | o add search-word support for CGI | 26 | o add search-word support for CGI | |
24 | o fix a security issue in CGI suffix handler support which would | 27 | o fix a security issue in CGI suffix handler support which would | |
25 | allow remote code execution, from shm@netbsd.org | 28 | allow remote code execution, from shm@netbsd.org | |
@@ -84,27 +87,27 @@ changes in bozohttpd 20100920: | @@ -84,27 +87,27 @@ changes in bozohttpd 20100920: | |||
84 | o fix dynamic CGI content maps, from rudolf | 87 | o fix dynamic CGI content maps, from rudolf | |
85 | 88 | |||
86 | changes in bozohttpd 20100617: | 89 | changes in bozohttpd 20100617: | |
87 | o fix some compile issues | 90 | o fix some compile issues | |
88 | o fix SSL mode. from rtr | 91 | o fix SSL mode. from rtr | |
89 | o fix some cgi-bin issues, as seen with cvsweb | 92 | o fix some cgi-bin issues, as seen with cvsweb | |
90 | o disable multi-file daemon mode for now, it breaks | 93 | o disable multi-file daemon mode for now, it breaks | |
91 | o return 404's instead of 403's when chdir of ~user dirs fail | 94 | o return 404's instead of 403's when chdir of ~user dirs fail | |
92 | o remove "noreturn" attribute from bozo_http_error() that was | 95 | o remove "noreturn" attribute from bozo_http_error() that was | |
93 | causing incorrect runtime behaviour | 96 | causing incorrect runtime behaviour | |
94 | 97 | |||
95 | changes in bozohttpd 20100509: | 98 | changes in bozohttpd 20100509: | |
96 | o major rework and clean up of internal interfaces. move the main | 99 | o major rework and clean up of internal interfaces. move the main | |
97 | program into main.c, the remaining parts are useable as library. | 100 | program into main.c, the remaining parts are useable as library | |
98 | add bindings for lua. by Alistair G. Crooks <agc@netbsd.org> | 101 | add bindings for lua. by Alistair G. Crooks <agc@netbsd.org> | |
99 | o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 | 102 | o fix http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566325 | |
100 | 103 | |||
101 | changes in bozohttpd 20090522: | 104 | changes in bozohttpd 20090522: | |
102 | o avoid dying in daemon mode for some uncommon, but recoverable, errors | 105 | o avoid dying in daemon mode for some uncommon, but recoverable, errors | |
103 | o close leaking file descriptors for CGI and daemon mode | 106 | o close leaking file descriptors for CGI and daemon mode | |
104 | o handle poll errors properly | 107 | o handle poll errors properly | |
105 | o don't try to handle more than one request per process yet | 108 | o don't try to handle more than one request per process yet | |
106 | o add subdirs for build "debug" and "small" versions | 109 | o add subdirs for build "debug" and "small" versions | |
107 | o clean up a bad merge / duplicate code | 110 | o clean up a bad merge / duplicate code | |
108 | o make mmap() usage portable, fixes linux & ranges: support | 111 | o make mmap() usage portable, fixes linux & ranges: support | |
109 | o document the -f option | 112 | o document the -f option | |
110 | o daemon mode now serves 6 files per child | 113 | o daemon mode now serves 6 files per child |
--- src/libexec/httpd/bozohttpd.c 2018/11/24 17:23:47 1.56.2.4.2.4
+++ src/libexec/httpd/bozohttpd.c 2018/11/28 19:57:50 1.56.2.4.2.5
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: bozohttpd.c,v 1.56.2.4.2.4 2018/11/24 17:23:47 martin Exp $ */ | 1 | /* $NetBSD: bozohttpd.c,v 1.56.2.4.2.5 2018/11/28 19:57:50 martin Exp $ */ | |
2 | 2 | |||
3 | /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ | 3 | /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * Copyright (c) 1997-2018 Matthew R. Green | 6 | * Copyright (c) 1997-2018 Matthew R. Green | |
7 | * All rights reserved. | 7 | * All rights reserved. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -99,27 +99,27 @@ | @@ -99,27 +99,27 @@ | |||
99 | * | 99 | * | |
100 | * - 14.15: content-md5 would be nice. | 100 | * - 14.15: content-md5 would be nice. | |
101 | * | 101 | * | |
102 | * - 14.24/14.26/14.27: if-match, if-none-match, if-range. be | 102 | * - 14.24/14.26/14.27: if-match, if-none-match, if-range. be | |
103 | * nice to support this. | 103 | * nice to support this. | |
104 | * | 104 | * | |
105 | * - 14.44: Vary: seems unneeded. ignore it for now. | 105 | * - 14.44: Vary: seems unneeded. ignore it for now. | |
106 | */ | 106 | */ | |
107 | 107 | |||
108 | #ifndef INDEX_HTML | 108 | #ifndef INDEX_HTML | |
109 | #define INDEX_HTML "index.html" | 109 | #define INDEX_HTML "index.html" | |
110 | #endif | 110 | #endif | |
111 | #ifndef SERVER_SOFTWARE | 111 | #ifndef SERVER_SOFTWARE | |
112 | #define SERVER_SOFTWARE "bozohttpd/20181124" | 112 | #define SERVER_SOFTWARE "bozohttpd/20181125" | |
113 | #endif | 113 | #endif | |
114 | #ifndef PUBLIC_HTML | 114 | #ifndef PUBLIC_HTML | |
115 | #define PUBLIC_HTML "public_html" | 115 | #define PUBLIC_HTML "public_html" | |
116 | #endif | 116 | #endif | |
117 | 117 | |||
118 | #ifndef USE_ARG | 118 | #ifndef USE_ARG | |
119 | #define USE_ARG(x) /*LINTED*/(void)&(x) | 119 | #define USE_ARG(x) /*LINTED*/(void)&(x) | |
120 | #endif | 120 | #endif | |
121 | 121 | |||
122 | /* | 122 | /* | |
123 | * And so it begins .. | 123 | * And so it begins .. | |
124 | */ | 124 | */ | |
125 | 125 | |||
@@ -1008,36 +1008,37 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, | @@ -1008,36 +1008,37 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, | |||
1008 | case '&': | 1008 | case '&': | |
1009 | case '\'': | 1009 | case '\'': | |
1010 | case '(': | 1010 | case '(': | |
1011 | case ')': | 1011 | case ')': | |
1012 | case '*': | 1012 | case '*': | |
1013 | case '+': | 1013 | case '+': | |
1014 | case ',': | 1014 | case ',': | |
1015 | case ';': | 1015 | case ';': | |
1016 | case '=': | 1016 | case '=': | |
1017 | case '%': | 1017 | case '%': | |
1018 | case '"': | 1018 | case '"': | |
1019 | if (absolute) | 1019 | if (absolute) | |
1020 | goto leave_it; | 1020 | goto leave_it; | |
1021 | /*FALLTHROUGH*/ | |||
1021 | case '\n': | 1022 | case '\n': | |
1022 | case '\r': | 1023 | case '\r': | |
1023 | case ' ': | 1024 | case ' ': | |
1024 | encode_it: | 1025 | encode_it: | |
1025 | snprintf(d, 4, "%%%02X", *s++); | 1026 | snprintf(d, 4, "%%%02X", *s++); | |
1026 | d += 3; | 1027 | d += 3; | |
1027 | len += 3; | 1028 | len += 3; | |
1028 | break; | 1029 | break; | |
1029 | leave_it: | |||
1030 | default: | 1030 | default: | |
1031 | leave_it: | |||
1031 | *d++ = *s++; | 1032 | *d++ = *s++; | |
1032 | len++; | 1033 | len++; | |
1033 | break; | 1034 | break; | |
1034 | } | 1035 | } | |
1035 | } | 1036 | } | |
1036 | buf[len] = 0; | 1037 | buf[len] = 0; | |
1037 | 1038 | |||
1038 | return buf; | 1039 | return buf; | |
1039 | } | 1040 | } | |
1040 | 1041 | |||
1041 | /* | 1042 | /* | |
1042 | * do automatic redirection -- if there are query parameters or userdir for | 1043 | * do automatic redirection -- if there are query parameters or userdir for | |
1043 | * the URL we will tack these on to the new (redirected) URL. | 1044 | * the URL we will tack these on to the new (redirected) URL. | |
@@ -1467,27 +1468,26 @@ check_bzredirect(bozo_httpreq_t *request | @@ -1467,27 +1468,26 @@ check_bzredirect(bozo_httpreq_t *request | |||
1467 | } else { | 1468 | } else { | |
1468 | *basename++ = '\0'; | 1469 | *basename++ = '\0'; | |
1469 | strcpy(path, dir); | 1470 | strcpy(path, dir); | |
1470 | } | 1471 | } | |
1471 | if (bozo_check_special_files(request, basename)) | 1472 | if (bozo_check_special_files(request, basename)) | |
1472 | return -1; | 1473 | return -1; | |
1473 | 1474 | |||
1474 | debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path)); | 1475 | debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path)); | |
1475 | 1476 | |||
1476 | if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, | 1477 | if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, | |
1477 | REDIRECT_FILE) >= sizeof(redir)) { | 1478 | REDIRECT_FILE) >= sizeof(redir)) { | |
1478 | return bozo_http_error(httpd, 404, request, | 1479 | return bozo_http_error(httpd, 404, request, | |
1479 | "redirectfile path too long"); | 1480 | "redirectfile path too long"); | |
1480 | return -1; | |||
1481 | } | 1481 | } | |
1482 | if (lstat(redir, &sb) == 0) { | 1482 | if (lstat(redir, &sb) == 0) { | |
1483 | if (!S_ISLNK(sb.st_mode)) | 1483 | if (!S_ISLNK(sb.st_mode)) | |
1484 | return 0; | 1484 | return 0; | |
1485 | absolute = 0; | 1485 | absolute = 0; | |
1486 | } else { | 1486 | } else { | |
1487 | if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, | 1487 | if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, | |
1488 | ABSREDIRECT_FILE) >= sizeof(redir)) { | 1488 | ABSREDIRECT_FILE) >= sizeof(redir)) { | |
1489 | bozo_http_error(httpd, 404, request, | 1489 | bozo_http_error(httpd, 404, request, | |
1490 | "redirectfile path too long"); | 1490 | "redirectfile path too long"); | |
1491 | return -1; | 1491 | return -1; | |
1492 | } | 1492 | } | |
1493 | if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode)) | 1493 | if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode)) | |
@@ -1914,28 +1914,29 @@ bozo_process_request(bozo_httpreq_t *req | @@ -1914,28 +1914,29 @@ bozo_process_request(bozo_httpreq_t *req | |||
1914 | cleanup: | 1914 | cleanup: | |
1915 | close(fd); | 1915 | close(fd); | |
1916 | cleanup_nofd: | 1916 | cleanup_nofd: | |
1917 | close(STDIN_FILENO); | 1917 | close(STDIN_FILENO); | |
1918 | close(STDOUT_FILENO); | 1918 | close(STDOUT_FILENO); | |
1919 | /*close(STDERR_FILENO);*/ | 1919 | /*close(STDERR_FILENO);*/ | |
1920 | } | 1920 | } | |
1921 | 1921 | |||
1922 | /* make sure we're not trying to access special files */ | 1922 | /* make sure we're not trying to access special files */ | |
1923 | int | 1923 | int | |
1924 | bozo_check_special_files(bozo_httpreq_t *request, const char *name) | 1924 | bozo_check_special_files(bozo_httpreq_t *request, const char *name) | |
1925 | { | 1925 | { | |
1926 | bozohttpd_t *httpd = request->hr_httpd; | 1926 | bozohttpd_t *httpd = request->hr_httpd; | |
1927 | size_t i; | |||
1927 | 1928 | |||
1928 | for (size_t i = 0; specials[i].file; i++) | 1929 | for (i = 0; specials[i].file; i++) | |
1929 | if (strcmp(name, specials[i].file) == 0) | 1930 | if (strcmp(name, specials[i].file) == 0) | |
1930 | return bozo_http_error(httpd, 403, request, | 1931 | return bozo_http_error(httpd, 403, request, | |
1931 | specials[i].name); | 1932 | specials[i].name); | |
1932 | 1933 | |||
1933 | return 0; | 1934 | return 0; | |
1934 | } | 1935 | } | |
1935 | 1936 | |||
1936 | /* generic header printing routine */ | 1937 | /* generic header printing routine */ | |
1937 | void | 1938 | void | |
1938 | bozo_print_header(bozo_httpreq_t *request, | 1939 | bozo_print_header(bozo_httpreq_t *request, | |
1939 | struct stat *sbp, const char *type, const char *encoding) | 1940 | struct stat *sbp, const char *type, const char *encoding) | |
1940 | { | 1941 | { | |
1941 | bozohttpd_t *httpd = request->hr_httpd; | 1942 | bozohttpd_t *httpd = request->hr_httpd; |
--- src/libexec/httpd/bozohttpd.h 2018/11/24 17:23:47 1.33.2.2.2.4
+++ src/libexec/httpd/bozohttpd.h 2018/11/28 19:57:50 1.33.2.2.2.5
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: bozohttpd.h,v 1.33.2.2.2.4 2018/11/24 17:23:47 martin Exp $ */ | 1 | /* $NetBSD: bozohttpd.h,v 1.33.2.2.2.5 2018/11/28 19:57:50 martin Exp $ */ | |
2 | 2 | |||
3 | /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ | 3 | /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * Copyright (c) 1997-2018 Matthew R. Green | 6 | * Copyright (c) 1997-2018 Matthew R. Green | |
7 | * All rights reserved. | 7 | * All rights reserved. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -397,27 +397,27 @@ bozo_content_map_t *bozo_get_content_map | @@ -397,27 +397,27 @@ bozo_content_map_t *bozo_get_content_map | |||
397 | void bozo_add_content_map_mime(bozohttpd_t *, const char *, const char *, | 397 | void bozo_add_content_map_mime(bozohttpd_t *, const char *, const char *, | |
398 | const char *, const char *); | 398 | const char *, const char *); | |
399 | #define have_dynamic_content (1) | 399 | #define have_dynamic_content (1) | |
400 | #endif | 400 | #endif | |
401 | 401 | |||
402 | /* additional cgi-bozo.c */ | 402 | /* additional cgi-bozo.c */ | |
403 | #if have_cgibin && have_dynamic_content | 403 | #if have_cgibin && have_dynamic_content | |
404 | void bozo_add_content_map_cgi(bozohttpd_t *, const char *, const char *); | 404 | void bozo_add_content_map_cgi(bozohttpd_t *, const char *, const char *); | |
405 | #else | 405 | #else | |
406 | #define bozo_add_content_map_cgi(h,s,t) | 406 | #define bozo_add_content_map_cgi(h,s,t) | |
407 | #endif | 407 | #endif | |
408 | 408 | |||
409 | /* I/O */ | 409 | /* I/O */ | |
410 | int bozo_printf(bozohttpd_t *, const char *, ...) BOZO_PRINTFLIKE(2, 3);; | 410 | int bozo_printf(bozohttpd_t *, const char *, ...) BOZO_PRINTFLIKE(2, 3); | |
411 | ssize_t bozo_read(bozohttpd_t *, int, void *, size_t); | 411 | ssize_t bozo_read(bozohttpd_t *, int, void *, size_t); | |
412 | ssize_t bozo_write(bozohttpd_t *, int, const void *, size_t); | 412 | ssize_t bozo_write(bozohttpd_t *, int, const void *, size_t); | |
413 | int bozo_flush(bozohttpd_t *, FILE *); | 413 | int bozo_flush(bozohttpd_t *, FILE *); | |
414 | 414 | |||
415 | /* misc */ | 415 | /* misc */ | |
416 | int bozo_init_httpd(bozohttpd_t *); | 416 | int bozo_init_httpd(bozohttpd_t *); | |
417 | int bozo_init_prefs(bozohttpd_t *, bozoprefs_t *); | 417 | int bozo_init_prefs(bozohttpd_t *, bozoprefs_t *); | |
418 | int bozo_set_defaults(bozohttpd_t *, bozoprefs_t *); | 418 | int bozo_set_defaults(bozohttpd_t *, bozoprefs_t *); | |
419 | int bozo_setup(bozohttpd_t *, bozoprefs_t *, const char *, const char *); | 419 | int bozo_setup(bozohttpd_t *, bozoprefs_t *, const char *, const char *); | |
420 | bozo_httpreq_t *bozo_read_request(bozohttpd_t *); | 420 | bozo_httpreq_t *bozo_read_request(bozohttpd_t *); | |
421 | void bozo_process_request(bozo_httpreq_t *); | 421 | void bozo_process_request(bozo_httpreq_t *); | |
422 | void bozo_clean_request(bozo_httpreq_t *); | 422 | void bozo_clean_request(bozo_httpreq_t *); | |
423 | int bozo_set_timeout(bozohttpd_t *, bozoprefs_t *, const char *, const char *); | 423 | int bozo_set_timeout(bozohttpd_t *, bozoprefs_t *, const char *, const char *); |
--- src/libexec/httpd/cgi-bozo.c 2018/11/24 17:23:47 1.25.2.2.2.6
+++ src/libexec/httpd/cgi-bozo.c 2018/11/28 19:57:50 1.25.2.2.2.7
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: cgi-bozo.c,v 1.25.2.2.2.6 2018/11/24 17:23:47 martin Exp $ */ | 1 | /* $NetBSD: cgi-bozo.c,v 1.25.2.2.2.7 2018/11/28 19:57:50 martin Exp $ */ | |
2 | 2 | |||
3 | /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ | 3 | /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ | |
4 | 4 | |||
5 | /* | 5 | /* | |
6 | * Copyright (c) 1997-2018 Matthew R. Green | 6 | * Copyright (c) 1997-2018 Matthew R. Green | |
7 | * All rights reserved. | 7 | * All rights reserved. | |
8 | * | 8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | 9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | 10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | 11 | * are met: | |
12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. | |
14 | * 2. Redistributions in binary form must reproduce the above copyright | 14 | * 2. Redistributions in binary form must reproduce the above copyright | |
@@ -224,34 +224,34 @@ parse_search_string(bozo_httpreq_t *requ | @@ -224,34 +224,34 @@ parse_search_string(bozo_httpreq_t *requ | |||
224 | 224 | |||
225 | /* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */ | 225 | /* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */ | |
226 | if (strchr(query, '=')) | 226 | if (strchr(query, '=')) | |
227 | return NULL; | 227 | return NULL; | |
228 | 228 | |||
229 | str = bozostrdup(httpd, request, query); | 229 | str = bozostrdup(httpd, request, query); | |
230 | 230 | |||
231 | /* | 231 | /* | |
232 | * there's no more arguments than '+' chars in the query string as it's | 232 | * there's no more arguments than '+' chars in the query string as it's | |
233 | * the separator | 233 | * the separator | |
234 | */ | 234 | */ | |
235 | *args_len = 1; | 235 | *args_len = 1; | |
236 | /* count '+' in str */ | 236 | /* count '+' in str */ | |
237 | for (s = str; (s = strchr(s, '+')); (*args_len)++) | 237 | for (s = str; (s = strchr(s, '+')) != NULL; (*args_len)++) | |
238 | s++; | 238 | s++; | |
239 | 239 | |||
240 | args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1)); | 240 | args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1)); | |
241 | 241 | |||
242 | args[0] = str; | 242 | args[0] = str; | |
243 | args[*args_len] = NULL; | 243 | args[*args_len] = NULL; | |
244 | for (s = str, i = 0; (s = strchr(s, '+'));) { | 244 | for (s = str, i = 0; (s = strchr(s, '+')) != NULL;) { | |
245 | *s = '\0'; | 245 | *s = '\0'; | |
246 | s++; | 246 | s++; | |
247 | args[i++] = s; | 247 | args[i++] = s; | |
248 | } | 248 | } | |
249 | 249 | |||
250 | /* | 250 | /* | |
251 | * check if search-strings are valid: | 251 | * check if search-strings are valid: | |
252 | * | 252 | * | |
253 | * RFC3875, section 4.4: | 253 | * RFC3875, section 4.4: | |
254 | * | 254 | * | |
255 | * search-string = search-word *( "+" search-word ) | 255 | * search-string = search-word *( "+" search-word ) | |
256 | * search-word = 1*schar | 256 | * search-word = 1*schar | |
257 | * schar = unreserved | escaped | xreserved | 257 | * schar = unreserved | escaped | xreserved |
--- src/libexec/httpd/main.c 2018/11/24 17:23:47 1.8.4.3
+++ src/libexec/httpd/main.c 2018/11/28 19:57:50 1.8.4.4
@@ -1,14 +1,14 @@ | @@ -1,14 +1,14 @@ | |||
1 | /* $NetBSD: main.c,v 1.8.4.3 2018/11/24 17:23:47 martin Exp $ */ | 1 | /* $NetBSD: main.c,v 1.8.4.4 2018/11/28 19:57:50 martin Exp $ */ | |
2 | 2 | |||
3 | /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ | 3 | /* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */ | |
4 | /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ | 4 | /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ | |
5 | 5 | |||
6 | /* | 6 | /* | |
7 | * Copyright (c) 1997-2018 Matthew R. Green | 7 | * Copyright (c) 1997-2018 Matthew R. Green | |
8 | * All rights reserved. | 8 | * All rights reserved. | |
9 | * | 9 | * | |
10 | * Redistribution and use in source and binary forms, with or without | 10 | * Redistribution and use in source and binary forms, with or without | |
11 | * modification, are permitted provided that the following conditions | 11 | * modification, are permitted provided that the following conditions | |
12 | * are met: | 12 | * are met: | |
13 | * 1. Redistributions of source code must retain the above copyright | 13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | 14 | * notice, this list of conditions and the following disclaimer. | |
@@ -326,42 +326,42 @@ main(int argc, char **argv) | @@ -326,42 +326,42 @@ main(int argc, char **argv) | |||
326 | break; | 326 | break; | |
327 | 327 | |||
328 | case 'U': | 328 | case 'U': | |
329 | bozo_set_pref(&httpd, &prefs, "username", optarg); | 329 | bozo_set_pref(&httpd, &prefs, "username", optarg); | |
330 | break; | 330 | break; | |
331 | 331 | |||
332 | case 'u': | 332 | case 'u': | |
333 | if (!have_user) | 333 | if (!have_user) | |
334 | goto no_user_support; | 334 | goto no_user_support; | |
335 | 335 | |||
336 | bozo_set_pref(&httpd, &prefs, "enable users", "true"); | 336 | bozo_set_pref(&httpd, &prefs, "enable users", "true"); | |
337 | break; | 337 | break; | |
338 | 338 | |||
339 | bozo_set_pref(&httpd, &prefs, "directory indexing", | |||
340 | "true"); | |||
341 | break; | |||
342 | ||||
343 | case 'V': | 339 | case 'V': | |
344 | bozo_set_pref(&httpd, &prefs, "unknown slash", "true"); | 340 | bozo_set_pref(&httpd, &prefs, "unknown slash", "true"); | |
345 | break; | 341 | break; | |
346 | 342 | |||
347 | case 'v': | 343 | case 'v': | |
348 | bozo_set_pref(&httpd, &prefs, "virtual base", optarg); | 344 | bozo_set_pref(&httpd, &prefs, "virtual base", optarg); | |
349 | break; | 345 | break; | |
350 | 346 | |||
351 | case 'X': | 347 | case 'X': | |
352 | if (!have_dirindex) | 348 | if (!have_dirindex) | |
353 | goto no_dirindex_support; | 349 | goto no_dirindex_support; | |
354 | 350 | |||
351 | bozo_set_pref(&httpd, &prefs, "directory indexing", | |||
352 | "true"); | |||
353 | break; | |||
354 | ||||
355 | case 'x': | 355 | case 'x': | |
356 | bozo_set_pref(&httpd, &prefs, "index.html", optarg); | 356 | bozo_set_pref(&httpd, &prefs, "index.html", optarg); | |
357 | break; | 357 | break; | |
358 | 358 | |||
359 | case 'Z': | 359 | case 'Z': | |
360 | if (!have_ssl) | 360 | if (!have_ssl) | |
361 | no_ssl: | 361 | no_ssl: | |
362 | bozoerr(&httpd, 1, "ssl support not enabled"); | 362 | bozoerr(&httpd, 1, "ssl support not enabled"); | |
363 | 363 | |||
364 | /* make sure there's two arguments */ | 364 | /* make sure there's two arguments */ | |
365 | if (argc - optind < 1) | 365 | if (argc - optind < 1) | |
366 | usage(&httpd, progname); | 366 | usage(&httpd, progname); | |
367 | bozo_ssl_set_opts(&httpd, optarg, argv[optind++]); | 367 | bozo_ssl_set_opts(&httpd, optarg, argv[optind++]); |