 @@ -1,42 +1,42 @@
-.\"	$NetBSD: bozohttpd.8,v 1.46.4.8.2.1 2018/11/24 17:23:20 martin Exp $
+.\"	$NetBSD: bozohttpd.8,v 1.46.4.8.2.2 2019/06/15 15:56:21 martin Exp $
 .\"
 .\"	$eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2018 Matthew R. Green
+.\" Copyright (c) 1997-2019 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 .\" BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 .\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
 .\" AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 .\" OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd November 19, 2018
+.Dd February 27, 2019
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
 .Nm bozohttpd
 .Nd hyper text transfer protocol version 1.1 daemon
 .Sh SYNOPSIS
 .Nm
 .Op Fl EGHVXefhnsu
 .Op Fl C Ar suffix cgihandler
 .Op Fl I Ar port
 .Op Fl L Ar prefix script
 .Op Fl M Ar suffix type encoding encoding11
 .Op Fl P Ar pidfile
 @@ -235,31 +235,33 @@ to
 .It Fl S Ar server_software
 Sets the internal server version to
 .Ar server_software .
 .It Fl s
 Forces logging to be set to stderr always.
 .It Fl T Ar type timeout
 Set the timeout for
 .Ar type
 to
 .Ar timeout .
 The valid values of
 .Ar type
 are
 .Dq ssl timeout ,
 .Dq initial timeout ,
 .Dq header timeout ,
 and
 .Dq request timeout .
-The default values are 30 seconds, 10 seconds and 600 seconds, respectively.
+The default values are 30 seconds, 30 seconds, 10 seconds and 600 seconds,
 respectively.
 .It Fl t Ar chrootdir
 Makes
 .Nm
 chroot to the specified directory
 before answering requests.
 Every other path should be specified relative
 to the new root, if this option is used.
 Note that the current environment
 is normally replaced with an empty environment with this option, unless the
 .Fl e
 option is also used.
 .It Fl U Ar username
 Causes
 @@ -467,29 +469,27 @@ will serve the requested file postpended
 if it exists, it is readable, the client requested gzip compression, and
 the client did not make a ranged request.
 .Sh FILES
 .Nm
 looks for a couple of special files in directories that allow certain features
 to be provided on a per-directory basis.
 In addition to the
 .Pa .htpasswd
 used by HTTP basic authorization,
 if a
 .Pa .bzdirect
 file is found (contents are irrelevant)
 .Nm
-will allow direct access even with the
+will allow direct access.
 .Fl r
 option.
 If a
 .Pa .bzredirect
 symbolic link is found,
 .Nm
 will perform a smart redirect to the target of this symlink.
 The target is assumed to live on the same server.
 If target starts with slash then absolute redirection is performed,
 otherwise it's handled as relative.
 If a
 .Pa .bzabsredirect
 symbolic link is found,
 .Nm
 will redirect to the absolute URL pointed to by this symlink.
 @@ -589,79 +589,79 @@ exit 1
 .Nm
 was first written in perl, based on another perl http server
 called
 .Dq tinyhttpd .
 It was then rewritten from scratch in perl, and then once again in C.
 From
 .Dq bozohttpd
 version 20060517, it has been integrated into
 .Nx .
 The focus has always been simplicity and security, with minimal features
 and regular code audits.
 This manual documents
 .Nm
-version 20181123.
+version 20190116.
 .Sh AUTHORS
 .An -nosplit
 .Nm
 was written by
 .An Matthew R. Green
 .Aq Mt mrg@eterna.com.au .
 .Pp
 The large list of contributors includes:
 .Bl -dash
 .It
 .An Marc Balmer
 .Aq Mt mbalmer@NetBSD.org
 added Lua support for dynamic content creation
 .It
 .An Christoph Badura
 .Aq Mt bad@bsd.de
 provided Range: header support
 .It
 .An Marc Balmer
 .Aq Mt mbalmer@NetBSD.org
 added Lua support for dynamic content creation
 .It
 .An Sean Boudreau
 .Aq Mt seanb@NetBSD.org
 provided a security fix for virtual hosting
 .It
 .An Julian Coleman
 .Aq Mt jdc@coris.org.uk
 provided an IPv6 bugfix
 .It
 .An Chuck Cranor
 .Aq Mt chuck@research.att.com
 provided cgi-bin support fixes, and more
 .It
 .An Alistair G. Crooks
 .Aq Mt agc@NetBSD.org
 cleaned up many internal interfaces, made
 .Nm
-linkable as a library and provided the Lua binding.
+linkable as a library and provided the Lua binding
 .It
 .An DEGROOTE Arnaud
 .Aq Mt degroote@NetBSD.org
 provided a fix for daemon mode
 .It
 .An Andrew Doran
 .Aq Mt ad@NetBSD.org
 provided directory indexing support
 .It
 .An Per Ekman
 .Aq Mt pek@pdc.kth.se
 provided a fix for a minor (non-security) buffer overflow condition
 .It
 .An Roland Dowdeswell
 .Aq Mt elric@NetBSD.org
 added support for serving gzipped files and better SSL handling
 .It
 .An Per Ekman
 .Aq Mt pek@pdc.kth.se
 provided a fix for a minor (non-security) buffer overflow condition
 .It
 .An Jun-ichiro itojun Hagino, KAME
 .Aq Mt itojun@iijlab.net
 provided initial IPv6 support
 .It
 .An Martin Husemann
 .Aq Mt martin@NetBSD.org
 provided .bzabsredirect and .bzredir support, and fixed various
 redirection issues
 .It
 .An Arto Huusko
 .Aq Mt arto.huusko@pp2.inet.fi
 provided fixes cgi-bin
 .It
 @@ -680,96 +680,97 @@ provided fixes for HTTP basic authorizat
 .An Antti Kantee
 .Aq Mt pooka@NetBSD.org
 provided fixes for HTTP basic authorization support
 .It
 .An Thomas Klausner
 .Aq Mt wiz@NetBSD.org
 provided many fixes and enhancements for the man page
 .It
 .An Mateusz Kocielski
 .Aq Mt shm@NetBSD.org
 fixed memory leaks, various issues with userdir support,
 information disclosure issues, added support for using CGI handlers
 with directory indexing, found several security issues and provided
-various other fixes.
+various other fixes
 .It
 .An Arnaud Lacombe
 .Aq Mt alc@NetBSD.org
 provided some clean up for memory leaks
 .It
 .An Johnny Lam
 .Aq Mt jlam@NetBSD.org
 provided man page fixes
 .It
 .An Dennis Lindroos
 .Aq Mt denafcm@gmail.com
 provided a cgi-bin fix
 .It
 .An Julio Merino
 .Aq Mt jmmv@NetBSD.org
 Added the
 .Fl P
-option (pidfile support) and provided some man page fixes.
+option (pidfile support) and provided some man page fixes
 .It
 .An Luke Mewburn
 .Aq Mt lukem@NetBSD.org
 provided many various fixes, including cgi-bin fixes and enhancements,
 HTTP basic authorization support and much code clean up
 .It
 .An Rajeev V. Pillai
 .Aq Mt rajeev_v_pillai@yahoo.com
-provided several fixes for virtual hosting
+provided several fixes for virtual hosting and directory indexing and
 fixes for CGI
 .It
 .An Jeremy C. Reed
 .Aq Mt reed@NetBSD.org
 provided several clean up fixes, and man page updates
 .It
 .An Scott Reynolds
 .Aq Mt scottr@NetBSD.org
 provided various fixes
 .It
 .An Tyler Retzlaff
 .Aq Mt rtr@eterna.com.au
 provided SSL support, cgi-bin fixes and much other random other stuff
 .It
 .An rudolf
 .Aq Mt netbsd@eq.cz
 provided minor compile fixes and a CGI content map fix
 .It
 .An Steve Rumble
 .Aq Mt rumble@ephemeral.org
 provided the
 .Fl V
-option.
+option
 .It
 .An Thor Lancelot Simon
 .Aq Mt tls@NetBSD.org
-enhanced cgi-bin support.
+enhanced cgi-bin support
 .It
 .An Joerg Sonnenberger
 .Aq Mt joerg@NetBSD.org
 implemented If-Modified-Since support
 .It
 .An ISIHARA Takanori
 .Aq Mt ishit@oak.dti.ne.jp
 provided a man page fix
 .It
 .An Holger Weiss
 .Aq Mt holger@CIS.FU-Berlin.DE
 provided http authorization fixes
 .It
 .Aq Mt xs@kittenz.org
 provided chroot and change-to-user support, and other various fixes
 .It
-Coyote Point provided various CGI fixes.
+Coyote Point provided various CGI fixes
 .El
 .Pp
 There are probably others I have forgotten (let me know if you care)
 .Pp
 Please send all updates to
 .Nm
 to
 .Aq Mt mrg@eterna.com.au
 for inclusion in future releases.
 .Sh BUGS
 .Nm
 does not handle HTTP/1.1 chunked input from the client yet.

 @@ -1,19 +1,19 @@
-/*	$NetBSD: bozohttpd.c,v 1.56.2.8.2.2 2018/11/28 19:56:09 martin Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.56.2.8.2.3 2019/06/15 15:56:21 martin Exp $	*/
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer and
  *    dedication in the documentation and/or other materials provided
  *    with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 @@ -99,27 +99,27 @@
+ *
  *	- 14.15: content-md5 would be nice.
+ *
  *	- 14.24/14.26/14.27: if-match, if-none-match, if-range.  be
  *	  nice to support this.
+ *
  *	- 14.44: Vary: seems unneeded.  ignore it for now.
  */
 #ifndef INDEX_HTML
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20181125"
+#define SERVER_SOFTWARE		"bozohttpd/20190228"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
 #endif
 #ifndef USE_ARG
 #define USE_ARG(x)	/*LINTED*/(void)&(x)
 #endif
 /*
  * And so it begins ..
  */
 @@ -127,37 +127,39 @@
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <sys/mman.h>
 #include <arpa/inet.h>
 #include <ctype.h>
 #include <dirent.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <grp.h>
 #include <signal.h>
 #include <stdarg.h>
 #include <stdlib.h>
-#include <stdbool.h>
+#include <strings.h>
 #include <string.h>
 #include <syslog.h>
 #include <time.h>
 #include <unistd.h>
 #include "bozohttpd.h"
 #ifndef SSL_TIMEOUT
 #define	SSL_TIMEOUT		"30"	/* wait for 30 seconds for ssl handshake  */
 #endif
 #ifndef INITIAL_TIMEOUT
 #define	INITIAL_TIMEOUT		"30"	/* wait for 30 seconds initially */
 #endif
 #ifndef HEADER_WAIT_TIME
 #define	HEADER_WAIT_TIME	"10"	/* need more headers every 10 seconds */
 #endif
 #ifndef TOTAL_MAX_REQ_TIME
 #define	TOTAL_MAX_REQ_TIME	"600"	/* must have total request in 600 */
 #endif					/* seconds */
 /* if monotonic time is not available try real time. */
 #ifndef CLOCK_MONOTONIC
 #define CLOCK_MONOTONIC CLOCK_REALTIME
 @@ -173,91 +175,76 @@
  */
 struct {
 	const char *file;
 	const char *name;
 } specials[] = {
 	{ DIRECT_ACCESS_FILE, "rejected direct access request" },
 	{ REDIRECT_FILE,      "rejected redirect request" },
 	{ ABSREDIRECT_FILE,   "rejected absredirect request" },
 	{ REMAP_FILE,         "rejected remap request" },
 	{ AUTH_FILE,          "rejected authfile request" },
 	{ NULL,               NULL },
 };
-volatile sig_atomic_t	timeout_hit;
+volatile sig_atomic_t	bozo_timeout_hit;
 /*
  * check there's enough space in the prefs and names arrays.
  */
 static int
-size_arrays(bozoprefs_t *bozoprefs, size_t needed)
+size_arrays(bozohttpd_t *httpd, bozoprefs_t *bozoprefs, size_t needed)
+{
-	char	**temp;
+	size_t	len = sizeof(char *) * needed;
 	if (bozoprefs->size == 0) {
 		/* only get here first time around */
-		bozoprefs->name = calloc(sizeof(char *), needed);
+		bozoprefs->name = bozomalloc(httpd, len);
-		if (bozoprefs->name == NULL)
+		bozoprefs->value = bozomalloc(httpd, len);
 			return 0;
 		bozoprefs->value = calloc(sizeof(char *), needed);
 		if (bozoprefs->value == NULL) {
 			free(bozoprefs->name);
 			return 0;
 		bozoprefs->size = needed;
 	} else if (bozoprefs->count == bozoprefs->size) {
 		/* only uses 'needed' when filled array */
-		temp = realloc(bozoprefs->name, sizeof(char *) * needed);
+		bozoprefs->name = bozorealloc(httpd, bozoprefs->name, len);
-		if (temp == NULL)
+		bozoprefs->value = bozorealloc(httpd, bozoprefs->value, len);
 			return 0;
 		bozoprefs->name = temp;
 		temp = realloc(bozoprefs->value, sizeof(char *) * needed);
 		if (temp == NULL)
 			return 0;
 		bozoprefs->value = temp;
 		bozoprefs->size += needed;
+	}
 	bozoprefs->size = needed;
 	return 1;
+}
 static ssize_t
 findvar(bozoprefs_t *bozoprefs, const char *name)
+{
 	size_t	i;
 	for (i = 0; i < bozoprefs->count; i++)
 		if (strcmp(bozoprefs->name[i], name) == 0)
 			return (ssize_t)i;
 	return -1;
+}
 int
 bozo_set_pref(bozohttpd_t *httpd, bozoprefs_t *bozoprefs,
 	      const char *name, const char *value)
+{
 	ssize_t	i;
 	if ((i = findvar(bozoprefs, name)) < 0) {
 		/* add the element to the array */
-		if (!size_arrays(bozoprefs, bozoprefs->size + 15))
+		if (!size_arrays(httpd, bozoprefs, bozoprefs->size + 15))
 			return 0;
 		i = bozoprefs->count++;
 		bozoprefs->name[i] = bozostrdup(httpd, NULL, name);
 	} else {
 		/* replace the element in the array */
-		if (bozoprefs->value[i]) {
+		free(bozoprefs->value[i]);
 			free(bozoprefs->value[i]);
 			bozoprefs->value[i] = NULL;
+	}
 	bozoprefs->value[i] = bozostrdup(httpd, NULL, value);
 	return 1;
+}
 /*
  * get a variable's value, or NULL
  */
 char *
 bozo_get_pref(bozoprefs_t *bozoprefs, const char *name)
+{
 	ssize_t	i;
 @@ -286,27 +273,27 @@ bozo_http_date(char *date, size_t datele
 static void
 parse_request(bozohttpd_t *httpd, char *in, char **method, char **file,
 		char **query, char **proto)
+{
 	ssize_t	len;
 	char	*val;
 	USE_ARG(httpd);
 	debug((httpd, DEBUG_EXPLODING, "parse in: %s", in));
 	*method = *file = *query = *proto = NULL;
 	len = (ssize_t)strlen(in);
 	val = bozostrnsep(&in, " \t\n\r", &len);
-	if (len < 1 || val == NULL)
+	if (len < 1 || val == NULL || in == NULL)
 		return;
 	*method = val;
 	while (*in == ' ' || *in == '\t')
 		in++;
 	val = bozostrnsep(&in, " \t\n\r", &len);
 	if (len < 1) {
 		if (len == 0)
 			*file = val;
 		else
 			*file = in;
 	} else {
 		*file = val;
 @@ -376,50 +363,51 @@ bozo_clean_request(bozo_httpreq_t *reque
+	}
 	free(ohdr);
 	free(request);
+}
 /*
  * send a HTTP/1.1 408 response if we timeout.
  */
 /* ARGSUSED */
 static void
 alarmer(int sig)
+{
-	timeout_hit = 1;
+	bozo_timeout_hit = 1;
+}
 /*
- * set a timeout for "initial", "header", or "request".
+ * set a timeout for "ssl", "initial", "header", or "request".
  */
 int
 bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs,
 		 const char *target, const char *val)
+{
-	const char *cur, *timeouts[] = {
+	const char **cur, *timeouts[] = {
 		"ssl timeout",
 		"initial timeout",
 		"header timeout",
 		"request timeout",
 		NULL,
 	};
 	/* adjust minlen if more timeouts appear with conflicting names */
 	const size_t minlen = 1;
 	size_t len = strlen(target);
-	for (cur = timeouts[0]; len >= minlen && *cur; cur++) {
+	for (cur = timeouts; len >= minlen && *cur; cur++) {
-		if (strncmp(target, cur, len) == 0) {
+		if (strncmp(target, *cur, len) == 0) {
-			bozo_set_pref(httpd, prefs, cur, val);
+			bozo_set_pref(httpd, prefs, *cur, val);
 			return 0;
+		}
+	}
 	return 1;
+}
 /*
  * a list of header quirks: currently, a list of headers that
  * can't be folded into a single line.
  */
 const char *header_quirks[] = { "WWW-Authenticate", NULL };
 /*
 @@ -575,64 +563,62 @@ process_method(bozo_httpreq_t *request,
 		if (strcasecmp(method, mmp->name) == 0) {
 			request->hr_method = mmp->type;
 			request->hr_methodstr = mmp->name;
 			return 0;
+		}
 	return bozo_http_error(httpd, 404, request, "unknown method");
+}
 /* check header byte count */
 static int
 bozo_got_header_length(bozo_httpreq_t *request, size_t len)
+{
 	if (len > BOZO_HEADERS_MAX_SIZE - request->hr_header_bytes)
 		return bozo_http_error(request->hr_httpd, 413, request,
 			"too many headers");
 	request->hr_header_bytes += len;
 	if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE)
 		return 0;
-	return bozo_http_error(request->hr_httpd, 413, request,
+	return 0;
 		"too many headers");
+}
 /*
  * This function reads a http request from stdin, returning a pointer to a
  * bozo_httpreq_t structure, describing the request.
  */
 bozo_httpreq_t *
 bozo_read_request(bozohttpd_t *httpd)
+{
 	struct	sigaction	sa;
 	char	*str, *val, *method, *file, *proto, *query;
 	char	*host, *addr, *port;
 	char	bufport[10];
 	char	hbuf[NI_MAXHOST], abuf[NI_MAXHOST];
 	struct	sockaddr_storage ss;
 	ssize_t	len;
 	int	line = 0;
 	socklen_t slen;
 	bozo_httpreq_t *request;
 	struct timespec ots, ts;
 	/*
 	 * if we're in daemon mode, bozo_daemon_fork() will return here twice
 	 * for each call.  once in the child, returning 0, and once in the
-	 * parent, returning 1.  for each child, then we can setup SSL, and
+	 * parent, returning 1 for each child.
 	 * the parent can signal the caller there was no request to process
 	 * and it will wait for another.
 	 */
 	if (bozo_daemon_fork(httpd))
 		return NULL;
 	if (bozo_ssl_accept(httpd))
 		return NULL;
 	request = bozomalloc(httpd, sizeof(*request));
 	memset(request, 0, sizeof(*request));
 	request->hr_httpd = httpd;
 	request->hr_allow = request->hr_host = NULL;
 	request->hr_content_type = request->hr_content_length = NULL;
 	request->hr_range = NULL;
 	request->hr_last_byte_pos = -1;
 	request->hr_if_modified_since = NULL;
 	request->hr_virthostname = NULL;
 	request->hr_file = NULL;
 	request->hr_oldfile = NULL;
 	SIMPLEQ_INIT(&request->hr_replheaders);
 @@ -688,51 +674,59 @@ bozo_read_request(bozohttpd_t *httpd)
 	 * setup a timer to make sure the request is not hung
 	 */
 	sa.sa_handler = alarmer;
 	sigemptyset(&sa.sa_mask);
 	sigaddset(&sa.sa_mask, SIGALRM);
 	sa.sa_flags = 0;
 	sigaction(SIGALRM, &sa, NULL);
 	if (clock_gettime(CLOCK_MONOTONIC, &ots) != 0) {
 		bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
 		goto cleanup;
+	}
 	/*
 	 * now to try to setup SSL, and upon failure parent can signal the
 	 * caller there was no request to process and it will wait for
 	 * another.
 	 */
 	if (bozo_ssl_accept(httpd))
 		return NULL;
 	alarm(httpd->initial_timeout);
 	while ((str = bozodgetln(httpd, STDIN_FILENO, &len, bozo_read)) != NULL) {
 		alarm(0);
 		if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) {
 			bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
 			goto cleanup;
+		}
 		/*
 		 * don't timeout if old tv_sec is not more than current
 		 * tv_sec, or if current tv_sec is less than the request
 		 * timeout (these shouldn't happen, but the first could
 		 * if monotonic time is not available.)
+		 *
 		 * the other timeout and header size checks should ensure
 		 * that even if time it set backwards or forwards a very
 		 * long way, timeout will eventually happen, even if this
 		 * one fails.
 		 */
 		if (ts.tv_sec > ots.tv_sec &&
 		    ts.tv_sec > httpd->request_timeout &&
 		    ts.tv_sec - httpd->request_timeout > ots.tv_sec)
-			timeout_hit = 1;
+			bozo_timeout_hit = 1;
-		if (timeout_hit) {
+		if (bozo_timeout_hit) {
 			bozo_http_error(httpd, 408, NULL, "request timed out");
 			goto cleanup;
+		}
 		line++;
 		if (line == 1) {
 			if (len < 1) {
 				bozo_http_error(httpd, 404, NULL, "null method");
 				goto cleanup;
+			}
 			bozowarn(httpd,
 				  "got request ``%s'' from host %s to port %s",
 				  str,
 @@ -983,27 +977,27 @@ bozo_escape_rfc3986(bozohttpd_t *httpd,
+{
 	static char *buf;
 	static size_t buflen = 0;
 	size_t len;
 	const char *s;
 	char *d;
 	len = strlen(url);
 	if (buflen < len * 3 + 1) {
 		buflen = len * 3 + 1;
 		buf = bozorealloc(httpd, buf, buflen);
+	}
-	for (len = 0, s = url, d = buf; *s;) {
+	for (s = url, d = buf; *s;) {
 		if (*s & 0x80)
 			goto encode_it;
 		switch (*s) {
 		case ':':
 		case '?':
 		case '#':
 		case '[':
 		case ']':
 		case '@':
 		case '!':
 		case '$':
 		case '&':
 		case '\'':
 @@ -1013,38 +1007,36 @@ bozo_escape_rfc3986(bozohttpd_t *httpd,
 		case '+':
 		case ',':
 		case ';':
 		case '=':
 		case '%':
 		case '"':
 			if (absolute)
 				goto leave_it;
 			/*FALLTHROUGH*/
 		case '\n':
 		case '\r':
 		case ' ':
 		encode_it:
-			snprintf(d, 4, "%%%02X", *s++);
+			snprintf(d, 4, "%%%02X", (unsigned char)*s++);
 			d += 3;
 			len += 3;
 			break;
 		default:
 		leave_it:
 			*d++ = *s++;
 			len++;
 			break;
+		}
+	}
-	buf[len] = 0;
+	*d = 0;
 	return buf;
+}
 /*
  * do automatic redirection -- if there are query parameters or userdir for
  * the URL we will tack these on to the new (redirected) URL.
  */
 static void
 handle_redirect(bozo_httpreq_t *request, const char *url, int absolute)
+{
 	bozohttpd_t *httpd = request->hr_httpd;
 	char *finalurl, *urlbuf;
 @@ -1182,27 +1174,27 @@ esccmp(const char *s_plain, const char *
 /*
  * Check if the request refers to a uri that is mapped via a .bzremap.
  * We have  /requested/path:/re/mapped/to/this.html lines in there,
  * and the : separator may be use in the left hand side escaped with
  * \ to encode a path containig a : character.
  */
 static void
 check_remap(bozo_httpreq_t *request)
+{
 	bozohttpd_t *httpd = request->hr_httpd;
 	char *file = request->hr_file, *newfile;
 	void *fmap;
-	const char *replace, *map_to, *p;
+	const char *replace = NULL, *map_to = NULL, *p;
 	struct stat st;
 	int mapfile;
 	size_t avail, len, rlen, reqlen, num_esc = 0;
 	bool escaped = false;
 	mapfile = open(REMAP_FILE, O_RDONLY, 0);
 	if (mapfile == -1)
 		return;
 	debug((httpd, DEBUG_FAT, "remap file found"));
 	if (fstat(mapfile, &st) == -1) {
 		bozowarn(httpd, "could not stat " REMAP_FILE ", errno: %d",
 		    errno);
 		goto out;
 @@ -1311,60 +1303,66 @@ out:
 static int
 check_virtual(bozo_httpreq_t *request)
+{
 	bozohttpd_t *httpd = request->hr_httpd;
 	char *file = request->hr_file, *s;
 	size_t len;
 	/*
 	 * convert http://virtual.host/ to request->hr_host
 	 */
 	debug((httpd, DEBUG_OBESE,
 	       "checking for http:// virtual host in '%s'", file));
 	if (strncasecmp(file, "http://", 7) == 0) {
 		/* bozostrdup() might access it. */
 		char *old_file = request->hr_file;
 		/* we would do virtual hosting here? */
 		file += 7;
 		/* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */
 		free(request->hr_host);
 		request->hr_host = bozostrdup(httpd, request, file);
 		if ((s = strchr(request->hr_host, '/')) != NULL)
 			*s = '\0';
 		s = strchr(file, '/');
 		free(request->hr_file);
 		request->hr_file = bozostrdup(httpd, request, s ? s : "/");
 		free(old_file);
 		debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'",
 		    request->hr_host, request->hr_file));
 	} else if (!request->hr_host)
 		goto use_slashdir;
 	/*
 	 * canonicalise hr_host - that is, remove any :80.
 	 */
 	len = strlen(request->hr_host);
 	if (len > 3 && strcmp(request->hr_host + len - 3, ":80") == 0) {
 		request->hr_host[len - 3] = '\0';
 		len = strlen(request->hr_host);
+	}
 	if (!httpd->virtbase) {
 		/*
 		 * if we don't use vhost support, then set virthostname if
 		 * user supplied Host header. It will be used for possible
 		 * redirections
 		 */
 		if (request->hr_host) {
 			s = strrchr(request->hr_host, ':');
 			if (s != NULL)
-				/* truncate Host: as we want to copy it without port part */
+				/*
 				 * truncate Host: as we want to copy it
 				 * without port part
 				 */
 				*s = '\0';
 			request->hr_virthostname = bozostrdup(httpd, request,
 			  request->hr_host);
 			if (s != NULL)
 				/* fix Host: again, if we truncated it */
 				*s = ':';
+		}
 		goto use_slashdir;
+	}
 	/*
 	 * ok, we have a virtual host, use opendir(3) to find a case
 	 * insensitive match for the virtual host we are asked for.
 @@ -1431,55 +1429,55 @@ use_slashdir:
+}
 /*
  * checks to see if this request has a valid .bzredirect file.  returns
  * 0 when no redirection happend, or 1 when handle_redirect() has been
  * called, -1 on error.
  */
 static int
 check_bzredirect(bozo_httpreq_t *request)
+{
 	bozohttpd_t *httpd = request->hr_httpd;
 	struct stat sb;
 	char dir[MAXPATHLEN], redir[MAXPATHLEN], redirpath[MAXPATHLEN + 1],
-	    path[MAXPATHLEN];
+	    path[MAXPATHLEN + 1];
 	char *basename, *finalredir;
 	int rv, absolute;
 	/*
 	 * if this pathname is really a directory, but doesn't end in /,
 	 * use it as the directory to look for the redir file.
 	 */
 	if ((size_t)snprintf(dir, sizeof(dir), "%s", request->hr_file + 1) >=
 	    sizeof(dir)) {
 		bozo_http_error(httpd, 404, request, "file path too long");
 		return -1;
+	}
 	debug((httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
 	basename = strrchr(dir, '/');
 	if ((!basename || basename[1] != '\0') &&
 	    lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode)) {
 		strcpy(path, dir);
 		basename = dir;
 	} else if (basename == NULL) {
 		strcpy(path, ".");
 		strcpy(dir, "");
-		basename = dir;
+		basename = request->hr_file + 1;
 	} else {
 		*basename++ = '\0';
 		strcpy(path, dir);
+	}
-	if (bozo_check_special_files(request, basename))
+	if (bozo_check_special_files(request, basename, true))
 		return -1;
 	debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path));
 	if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
 			     REDIRECT_FILE) >= sizeof(redir)) {
 		return bozo_http_error(httpd, 404, request,
 		    "redirectfile path too long");
+	}
 	if (lstat(redir, &sb) == 0) {
 		if (!S_ISLNK(sb.st_mode))
 			return 0;
 		absolute = 0;
 @@ -1911,37 +1909,44 @@ bozo_process_request(bozo_httpreq_t *req
 			szleft -= sz;
+		}
+	}
  cleanup:
 	close(fd);
  cleanup_nofd:
 	close(STDIN_FILENO);
 	close(STDOUT_FILENO);
 	/*close(STDERR_FILENO);*/
+}
 /* make sure we're not trying to access special files */
 int
-bozo_check_special_files(bozo_httpreq_t *request, const char *name)
+bozo_check_special_files(bozo_httpreq_t *request, const char *name, bool doerror)
+{
 	bozohttpd_t *httpd = request->hr_httpd;
 	size_t i;
 	int error = 0;
-	for (i = 0; specials[i].file; i++)
+	for (i = 0; specials[i].file; i++) {
-		if (strcmp(name, specials[i].file) == 0)
+		if (strcmp(name, specials[i].file) == 0) {
-			return bozo_http_error(httpd, 403, request,
+			if (doerror) {
 				error = bozo_http_error(httpd, 403, request,
 					       specials[i].name);
 			} else {
 				error = -1;
+			}
+		}
+	}
-	return 0;
+	return error;
+}
 /* generic header printing routine */
 void
 bozo_print_header(bozo_httpreq_t *request,
 		struct stat *sbp, const char *type, const char *encoding)
+{
 	bozohttpd_t *httpd = request->hr_httpd;
 	off_t len;
 	char	date[40];
 	bozoheaders_t *hdr;
 	SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) {
 @@ -2066,26 +2071,29 @@ bozo_escape_html(bozohttpd_t *httpd, con
 	int	i, j;
 	char	*tmp;
 	size_t	len;
 	for (i = 0, j = 0; url[i]; i++) {
 		switch (url[i]) {
 		case '<':
 		case '>':
 			j += 4;
 			break;
 		case '&':
 			j += 5;
 			break;
 		case '"':
 			j += 6;
 			break;
+		}
+	}
 	if (j == 0)
 		return NULL;
 	/*
 	 * we need to handle being called from different
 	 * pathnames.
 	 */
 	len = strlen(url) + j;
 	if (httpd)
 		tmp = bozomalloc(httpd, len);
 @@ -2096,26 +2104,30 @@ bozo_escape_html(bozohttpd_t *httpd, con
 		switch (url[i]) {
 		case '<':
 			memcpy(tmp + j, "&lt;", 4);
 			j += 4;
 			break;
 		case '>':
 			memcpy(tmp + j, "&gt;", 4);
 			j += 4;
 			break;
 		case '&':
 			memcpy(tmp + j, "&amp;", 5);
 			j += 5;
 			break;
 		case '"':
 			memcpy(tmp + j, "&quot;", 6);
 			j += 6;
 			break;
 		default:
 			tmp[j++] = url[i];
+		}
+	}
 	tmp[j] = 0;
 	return tmp;
+}
 /* short map between error code, and short/long messages */
 static struct errors_map {
 	int	code;			/* HTTP return code */
 	const char *shortmsg;		/* short version of message */
 @@ -2240,27 +2252,28 @@ bozo_http_error(bozohttpd_t *httpd, int
 		bozo_auth_check_401(request, code);
 		SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) {
 			bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
 					hdr->h_value);
+		}
+	}
 	bozo_printf(httpd, "Content-Type: text/html\r\n");
 	bozo_printf(httpd, "Content-Length: %d\r\n", size);
 	bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
 	if (request && request->hr_allow)
 		bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
 	/* RFC 7231 (HTTP/1.1) 6.5.7 */
-	if (code == 408 && request->hr_proto == httpd->consts.http_11)
+	if (code == 408 && request &&
 	    request->hr_proto == httpd->consts.http_11)
 		bozo_printf(httpd, "Connection: close\r\n");
 	bozo_printf(httpd, "\r\n");
 	/* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a
 	 * message-body in the response */
 	if (size && request && request->hr_method != HTTP_HEAD)
 		bozo_printf(httpd, "%s", httpd->errorbuf);
 	bozo_flush(httpd, stdout);
 	return code;
+}
 /* Below are various modified libc functions */
 @@ -2448,26 +2461,28 @@ bozo_init_prefs(bozohttpd_t *httpd, bozo
+{
 	int rv = 0;
 	/* make sure everything is clean */
 	(void) memset(prefs, 0x0, sizeof(*prefs));
 	/* set up default values */
 	if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE))
 		rv = 1;
 	if (!bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML))
 		rv = 1;
 	if (!bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML))
 		rv = 1;
 	if (!bozo_set_pref(httpd, prefs, "ssl timeout", SSL_TIMEOUT))
 		rv = 1;
 	if (!bozo_set_pref(httpd, prefs, "initial timeout", INITIAL_TIMEOUT))
 		rv = 1;
 	if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME))
 		rv = 1;
 	if (!bozo_set_pref(httpd, prefs, "request timeout", TOTAL_MAX_REQ_TIME))
 		rv = 1;
 	return rv;
+}
 /* set default values */
 int
 bozo_set_defaults(bozohttpd_t *httpd, bozoprefs_t *prefs)
 @@ -2548,26 +2563,29 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
 		dirtyenv = 1;
+	}
 	if ((cp = bozo_get_pref(prefs, "hide dots")) != NULL &&
 	    strcmp(cp, "true") == 0) {
 		httpd->hide_dots = 1;
+	}
 	if ((cp = bozo_get_pref(prefs, "directory indexing")) != NULL &&
 	    strcmp(cp, "true") == 0) {
 		httpd->dir_indexing = 1;
+	}
 	if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
 		httpd->public_html = bozostrdup(httpd, NULL, cp);
+	}
 	if ((cp = bozo_get_pref(prefs, "ssl timeout")) != NULL) {
 		httpd->ssl_timeout = atoi(cp);
+	}
 	if ((cp = bozo_get_pref(prefs, "initial timeout")) != NULL) {
 		httpd->initial_timeout = atoi(cp);
+	}
 	if ((cp = bozo_get_pref(prefs, "header timeout")) != NULL) {
 		httpd->header_timeout = atoi(cp);
+	}
 	if ((cp = bozo_get_pref(prefs, "request timeout")) != NULL) {
 		httpd->request_timeout = atoi(cp);
+	}
 	httpd->server_software =
 	    bozostrdup(httpd, NULL, bozo_get_pref(prefs, "server software"));
 	httpd->index_html =
 	    bozostrdup(httpd, NULL, bozo_get_pref(prefs, "index.html"));

 @@ -1,19 +1,19 @@
-/*	$NetBSD: bozohttpd.h,v 1.33.2.6.2.2 2018/11/28 19:56:09 martin Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.33.2.6.2.3 2019/06/15 15:56:21 martin Exp $	*/
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer and
  *    dedication in the documentation and/or other materials provided
  *    with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 @@ -24,26 +24,29 @@
  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
+ *
  */
 #ifndef BOZOHTTOPD_H_
 #define BOZOHTTOPD_H_	1
 #include "netbsd_queue.h"
 #include <stdbool.h>
 #include <signal.h>
 #include <sys/stat.h>
 #ifndef NO_LUA_SUPPORT
 #include <lua.h>
 #endif
 #include <stdio.h>
 /* QNX provides a lot of NetBSD things in nbutil.h */
 #ifdef HAVE_NBUTIL_H
 #include <nbutil.h>
 #endif
 /* lots of "const" but gets free()'ed etc at times, sigh */
 @@ -107,26 +110,27 @@ typedef struct bozohttpd_t {
 	const char	*server_software;/* our brand :-) */
 	const char	*index_html;	/* our home page */
 	const char	*public_html;	/* ~user/public_html page */
 	int		 enable_users;	/* enable public_html */
 	int		 enable_cgi_users;	/* use the cgi handler */
 	int		*sock;		/* bound sockets */
 	int		 nsock;		/* number of above */
 	struct pollfd	*fds;		/* current poll fd set */
 	int		 request_times;	/* # times a request was processed */
 	int		 dir_indexing;	/* handle directories */
 	int		 hide_dots;	/* hide .* */
 	int		 process_cgi;	/* use the cgi handler */
 	char		*cgibin;	/* cgi-bin directory */
 	unsigned	ssl_timeout;	/* ssl timeout */
 	unsigned	initial_timeout;/* first line timeout */
 	unsigned	header_timeout;	/* header lines timeout */
 	unsigned	request_timeout;/* total session timeout */
 #ifndef NO_LUA_SUPPORT
 	int		 process_lua;	/* use the Lua handler */
 	SIMPLEQ_HEAD(, lua_state_map)	lua_states;
 #endif
 	void		*sslinfo;	/* pointer to ssl struct */
 	int		dynamic_content_map_size;/* size of dyn cont map */
 	bozo_content_map_t	*dynamic_content_map;/* dynamic content map */
 	size_t		 mmapsz;	/* size of region to mmap */
 	char		*getln_buffer;	/* space for getln buffer */
 	ssize_t		 getln_buflen;	/* length of allocated space */
 @@ -185,26 +189,36 @@ typedef struct bozo_httpreq_t {
 /* helper to access the "active" host name from a httpd/request pair */
 #define	BOZOHOST(HTTPD,REQUEST)	((REQUEST)->hr_virthostname ?		\
 					(REQUEST)->hr_virthostname :	\
 					(HTTPD)->virthostname)
 /* structure to hold string based (name, value) pairs with preferences */
 typedef struct bozoprefs_t {
 	size_t		  size;		/* size of the two arrays */
 	size_t		  count;	/* # of entries in arrays */
 	char		**name;		/* names of each entry */
 	char		**value;	/* values for the name entries */
 } bozoprefs_t;
 /* sun2 has a tiny VA range */
 #ifdef __mc68010__
 #ifndef BOZO_WRSZ
 #define BOZO_WRSZ	(16 * 1024)
 #endif
 #ifndef BOZO_MMAPSZ
 #define BOZO_MMAPSZ	(BOZO_WRSZ * 4)
 #endif
 #endif
 /* by default write in upto 64KiB chunks, and mmap in upto 64MiB chunks */
 #ifndef BOZO_WRSZ
 #define BOZO_WRSZ	(64 * 1024)
 #endif
 #ifndef BOZO_MMAPSZ
 #define BOZO_MMAPSZ	(BOZO_WRSZ * 1024)
 #endif
 /* only allow this many total headers bytes */
 #define BOZO_HEADERS_MAX_SIZE (16 * 1024)
 /* debug flags */
 #define DEBUG_NORMAL	1
 @@ -249,27 +263,27 @@ void	debug__(bozohttpd_t *, int, const c
 #ifndef ABSREDIRECT_FILE
 #define ABSREDIRECT_FILE	".bzabsredirect"
 #endif
 #ifndef REMAP_FILE
 #define REMAP_FILE		".bzremap"
 #endif
 #ifndef AUTH_FILE
 #define AUTH_FILE		".htpasswd"
 #endif
 /* be sure to always return this error up */
 int	bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
-int	bozo_check_special_files(bozo_httpreq_t *, const char *) BOZO_CHECKRET;
+int	bozo_check_special_files(bozo_httpreq_t *, const char *, bool) BOZO_CHECKRET;
 char	*bozo_http_date(char *, size_t);
 void	bozo_print_header(bozo_httpreq_t *, struct stat *, const char *,
 			  const char *);
 char	*bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url, int absolute);
 char	*bozo_escape_html(bozohttpd_t *httpd, const char *url);
 int	bozo_decode_url_percent(bozo_httpreq_t *, char *);
 /* these are similar to libc functions, no underscore here */
 void	bozowarn(bozohttpd_t *, const char *, ...)
 		BOZO_PRINTFLIKE(2, 3);
 void	bozoerr(bozohttpd_t *, int, const char *, ...)
 		BOZO_PRINTFLIKE(3, 4)
 		BOZO_DEAD;
 @@ -422,14 +436,16 @@ void bozo_process_request(bozo_httpreq_t
 void bozo_clean_request(bozo_httpreq_t *);
 int bozo_set_timeout(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
 bozoheaders_t *addmerge_reqheader(bozo_httpreq_t *, const char *,
 				  const char *, ssize_t);
 bozoheaders_t *addmerge_replheader(bozo_httpreq_t *, const char *,
 				   const char *, ssize_t);
 /* variables */
 int bozo_set_pref(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
 char *bozo_get_pref(bozoprefs_t *, const char *);
 int bozo_get_version(char */*buf*/, size_t /*size*/);
 extern volatile sig_atomic_t	bozo_timeout_hit;
 #endif	/* BOZOHTTOPD_H_ */

 @@ -1,19 +1,19 @@
-/*	$NetBSD: cgi-bozo.c,v 1.25.2.7.2.3 2018/11/28 19:56:09 martin Exp $	*/
+/*	$NetBSD: cgi-bozo.c,v 1.25.2.7.2.4 2019/06/15 15:56:21 martin Exp $	*/
 /*	$eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $	*/
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer and
  *    dedication in the documentation and/or other materials provided
  *    with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 @@ -231,30 +231,30 @@ parse_search_string(bozo_httpreq_t *requ
 	/*
 	 * there's no more arguments than '+' chars in the query string as it's
 	 * the separator
 	 */
 	*args_len = 1;
 	/* count '+' in str */
 	for (s = str; (s = strchr(s, '+')) != NULL; (*args_len)++)
 		s++;
 	args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1));
 	args[0] = str;
 	args[*args_len] = NULL;
-	for (s = str, i = 0; (s = strchr(s, '+')) != NULL;) {
+	for (s = str, i = 1; (s = strchr(s, '+')) != NULL; i++) {
 		*s = '\0';
 		s++;
-		args[i++] = s;
+		args[i] = s;
+	}
 	/*
 	 * check if search-strings are valid:
+	 *
 	 * RFC3875, section 4.4:
+	 *
 	 * search-string = search-word *( "+" search-word )
 	 * search-word   = 1*schar
 	 * schar		 = unreserved | escaped | xreserved
 	 * xreserved	 = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "," |
 	 *		   "$"
+	 *
 @@ -323,28 +323,27 @@ parse_search_string(bozo_httpreq_t *requ
 		if (bozo_decode_url_percent(request, args[i]))
 			goto parse_err;
+	}
 	/* allocate each arg separately */
 	for (i = 0; i < *args_len; i++)
 		args[i] = bozostrdup(httpd, request, args[i]);
 	free(str);
 	return args;
 parse_err:
-	free (str);
+	free(str);
 	free (*args);
 	free(args);
 	*args_len = 0;
 	return NULL;
+}
 void
 bozo_cgi_setbin(bozohttpd_t *httpd, const char *path)
+{
 	httpd->cgibin = bozostrdup(httpd, NULL, path);
 	debug((httpd, DEBUG_OBESE, "cgibin (cgi-bin directory) is %s",
 	       httpd->cgibin));
 @@ -484,26 +483,27 @@ bozo_process_cgi(bozo_httpreq_t *request
 	argv[ix++] = NULL;
 	nph = strncmp(command, "nph-", 4) == 0;
 	type = request->hr_content_type;
 	clen = request->hr_content_length;
 	envpsize = 13 + request->hr_nheaders +
 	    (info && *info ? 1 : 0) +
 	    (query && *query ? 1 : 0) +
 	    (type && *type ? 1 : 0) +
 	    (clen && *clen ? 1 : 0) +
 	    (request->hr_remotehost && *request->hr_remotehost ? 1 : 0) +
 	    (request->hr_remoteaddr && *request->hr_remoteaddr ? 1 : 0) +
 	    (cgihandler ? 1 : 0) +
 	    bozo_auth_cgi_count(request) +
 	    (request->hr_serverport && *request->hr_serverport ? 1 : 0);
 	debug((httpd, DEBUG_FAT,
 		"%s: path `%s', cmd `%s', info `%s', "
 		"query `%s', nph `%d', envpsize `%d'", __func__,
 		path, command, strornull(info),
 		strornull(query), nph, envpsize));
 	envp = bozomalloc(httpd, sizeof(*envp) * envpsize);
 	for (ix = 0; ix < envpsize; ix++)
 		envp[ix] = NULL;
 	curenvp = envp;
 @@ -600,29 +600,32 @@ bozo_process_cgi(bozo_httpreq_t *request
 	switch (fork()) {
 	case -1: /* eep, failure */
 		bozoerr(httpd, 1, "child fork failed: %s", strerror(errno));
 		/*NOTREACHED*/
 	case 0:
 		close(sv[0]);
 		dup2(sv[1], STDIN_FILENO);
 		dup2(sv[1], STDOUT_FILENO);
 		close(2);
 		close(sv[1]);
 		closelog();
 		bozo_daemon_closefds(httpd);
-		if (-1 == execve(path, argv, envp))
+		if (-1 == execve(path, argv, envp)) {
 			bozo_http_error(httpd, 404, request,
 				"Cannot execute CGI");
 			bozoerr(httpd, 1, "child exec failed: %s: %s",
 			      path, strerror(errno));
+		}
 		/* NOT REACHED */
 		bozoerr(httpd, 1, "child execve returned?!");
+	}
 	free(query);
 	free(file);
 	free(url);
 	for (i = 0; i < search_string_argc; i++)
 		free(search_string_argv[i]);
 	free(search_string_argv);
 	close(sv[1]);

 @@ -1,19 +1,19 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.19.4.2.4.1 2018/11/24 17:23:20 martin Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.19.4.2.4.2 2019/06/15 15:56:21 martin Exp $	*/
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer and
  *    dedication in the documentation and/or other materials provided
  *    with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 @@ -35,49 +35,39 @@
 #ifndef NO_DIRINDEX_SUPPORT
 #include <sys/param.h>
 #include <dirent.h>
 #include <errno.h>
 #include <string.h>
 #include <stdlib.h>
 #include <time.h>
 #include <assert.h>
 #include "bozohttpd.h"
 static void
 directory_hr(bozohttpd_t *httpd)
 	bozo_printf(httpd,
 		"<hr noshade align=\"left\" width=\"80%%\">\r\n\r\n");
 /*
  * output a directory index.  return 1 if it actually did something..
  */
 int
 bozo_dir_index(bozo_httpreq_t *request, const char *dirpath, int isindex)
+{
 	bozohttpd_t *httpd = request->hr_httpd;
 	struct stat sb;
 	struct dirent **de, **deo;
 	struct tm *tm;
 	DIR *dp;
 	char buf[MAXPATHLEN];
-	char spacebuf[48];
+	char *file = NULL, *printname = NULL, *p;
-	char *file = NULL, *printname = NULL;
+	int k, j;
 	int l, k, j, i;
 	if (!isindex || !httpd->dir_indexing)
 		return 0;
 	if (strlen(dirpath) <= strlen(httpd->index_html))
 		dirpath = ".";
 	else {
 		file = bozostrdup(httpd, request, dirpath);
 		file[strlen(file) - strlen(httpd->index_html)] = '\0';
 		dirpath = file;
+	}
 	debug((httpd, DEBUG_FAT, "bozo_dir_index: dirpath '%s'", dirpath));
 @@ -106,120 +96,113 @@ bozo_dir_index(bozo_httpreq_t *request,
 		closedir(dp);
 		goto done;
+	}
 #ifndef NO_USER_SUPPORT
 	if (request->hr_user) {
 		bozoasprintf(httpd, &printname, "~%s/%s",
 			     request->hr_user, request->hr_file);
 	} else
 		printname = bozostrdup(httpd, request, request->hr_file);
 #else
 	printname = bozostrdup(httpd, request, request->hr_file);
 #endif /* !NO_USER_SUPPORT */
 	if ((p = strstr(printname, httpd->index_html)) != NULL) {
 		if (strcmp(printname, httpd->index_html) == 0)
 			strcpy(printname, "/");	/* is ``slashdir'' */
 		else
 			*p = '\0';		/* strip unwanted ``index_html'' */
+	}
 	if ((p = bozo_escape_html(httpd, printname)) != NULL) {
 		free(printname);
 		printname = p;
+	}
 	bozo_printf(httpd,
-		"<html><head><title>Index of %s</title></head>\r\n",
+		"<!DOCTYPE html>\r\n"
 		"<html><head><meta charset=\"utf-8\"/>\r\n"
 		"<style type=\"text/css\">\r\n"
 		"table {\r\n"
 		"\tborder-top: 1px solid black;\r\n"
 		"\tborder-bottom: 1px solid black;\r\n"
 		"}\r\n"
 		"th { background: aquamarine; }\r\n"
 		"tr:nth-child(even) { background: lavender; }\r\n"
 		"</style>\r\n");
 	bozo_printf(httpd, "<title>Index of %s</title></head>\r\n",
 		printname);
 	bozo_printf(httpd, "<body><h1>Index of %s</h1>\r\n",
 		printname);
-	bozo_printf(httpd, "<pre>\r\n");
+	bozo_printf(httpd,
-#define NAMELEN 40
+		"<table cols=3>\r\n<thead>\r\n"
-#define LMODLEN 19
+		"<tr><th>Name<th>Last modified<th align=right>Size\r\n"
-	bozo_printf(httpd, "Name                                     "
+		"<tbody>\r\n");
 	    "Last modified          "
 	    "Size\n");
 	bozo_printf(httpd, "</pre>");
 	directory_hr(httpd);
 	bozo_printf(httpd, "<pre>");
 	for (j = k = scandir(dirpath, &de, NULL, alphasort), deo = de;
 	    j--; de++) {
 		int nostat = 0;
 		char *name = (*de)->d_name;
 		char *urlname, *htmlname;
 		if (strcmp(name, ".") == 0 ||
 		    (strcmp(name, "..") != 0 &&
 		     httpd->hide_dots && name[0] == '.'))
 			continue;
 		if (bozo_check_special_files(request, name, false))
 			continue;
 		snprintf(buf, sizeof buf, "%s/%s", dirpath, name);
 		if (stat(buf, &sb))
 			nostat = 1;
 		l = 0;
 		urlname = bozo_escape_rfc3986(httpd, name, 0);
 		htmlname = bozo_escape_html(httpd, name);
 		if (htmlname == NULL)
 			htmlname = name;
 		bozo_printf(httpd, "<tr><td>");
 		if (strcmp(name, "..") == 0) {
 			bozo_printf(httpd, "<a href=\"../\">");
-			l += bozo_printf(httpd, "Parent Directory");
+			bozo_printf(httpd, "Parent Directory");
 		} else if (!nostat && S_ISDIR(sb.st_mode)) {
 			bozo_printf(httpd, "<a href=\"%s/\">", urlname);
-			l += bozo_printf(httpd, "%s/", htmlname);
+			bozo_printf(httpd, "%s/", htmlname);
 		} else if (strchr(name, ':') != NULL) {
 			/* RFC 3986 4.2 */
 			bozo_printf(httpd, "<a href=\"./%s\">", urlname);
-			l += bozo_printf(httpd, "%s", htmlname);
+			bozo_printf(httpd, "%s", htmlname);
 		} else {
 			bozo_printf(httpd, "<a href=\"%s\">", urlname);
-			l += bozo_printf(httpd, "%s", htmlname);
+			bozo_printf(httpd, "%s", htmlname);
+		}
 		if (htmlname != name)
 			free(htmlname);
 		bozo_printf(httpd, "</a>");
 		/* NAMELEN spaces */
 		/*LINTED*/
 		assert(/*CONSTCOND*/sizeof(spacebuf) > NAMELEN);
 		i = (l < NAMELEN) ? (NAMELEN - l) : 0;
 		i++;
 		memset(spacebuf, ' ', (size_t)i);
 		spacebuf[i] = '\0';
 		bozo_printf(httpd, "%s", spacebuf);
 		l += i;
 		if (nostat)
-			bozo_printf(httpd, "?                         ?");
+			bozo_printf(httpd, "<td>?<td>?\r\n");
 		else {
 			unsigned long long len;
-			len = ((unsigned long long)sb.st_size + 1023) / 1024;
+			strftime(buf, sizeof buf, "%d-%b-%Y %R", gmtime(&sb.st_mtime));
 			bozo_printf(httpd, "<td>%s", buf);
 			tm = gmtime(&sb.st_mtime);
 			strftime(buf, sizeof buf, "%d-%b-%Y %R", tm);
 			l += bozo_printf(httpd, "%s", buf);
 			/* LMODLEN spaces */
 			/*LINTED*/
 			assert(/*CONSTCOND*/sizeof(spacebuf) > LMODLEN);
 			i = (l < (LMODLEN+NAMELEN+1)) ?
 				((LMODLEN+NAMELEN+1) - l) : 0;
 			i++;
 			memset(spacebuf, ' ', (size_t)i);
 			spacebuf[i] = '\0';
 			bozo_printf(httpd, "%s", spacebuf);
-			bozo_printf(httpd, "%12llukB", len);
+			len = ((unsigned long long)sb.st_size + 1023) / 1024;
 			bozo_printf(httpd, "<td align=right>%llukB", len);
+		}
 		bozo_printf(httpd, "\r\n");
+	}
 	closedir(dp);
 	while (k--)
         	free(deo[k]);
 	free(deo);
-	bozo_printf(httpd, "</pre>");
+	bozo_printf(httpd, "</table>\r\n");
 	directory_hr(httpd);
 	bozo_printf(httpd, "</body></html>\r\n\r\n");
 	bozo_flush(httpd, stdout);
 done:
 	free(file);
 	free(printname);
 	return 1;
+}
 #endif /* NO_DIRINDEX_SUPPORT */

 @@ -1,14 +1,34 @@
-$NetBSD: CHANGES,v 1.19.2.5.2.2 2018/11/28 19:56:09 martin Exp $
+$NetBSD: CHANGES,v 1.19.2.5.2.3 2019/06/15 15:56:21 martin Exp $
 changes in bozohttpd 20190228:
 	o  extend timeout facility to ssl and stop servers hanging forever
 	   if the client never sends anything.  reported by Steffen in netbsd
 	   PR#50655.
 	o  don't display special files in the directory index.  they aren't
 	   served, but links to them are generated.
 	o  fix CGI '+' parameter handling, some error checking, and a double
 	   free.  from rajeev_v_pillai@yahoo.com
 	o  more directory indexing clean up.  from rajeev_v_pillai@yahoo.com
 changes in bozohttpd 20181215:
 	o  fix .htpasswd bypass for authenticated users.  reported by JP,
 	   from leot@netbsd.org
 	o  avoid possible null dereference when receiving a big request that
 	   timeout.  reported by maya@netbsd.org, from leot@netbsd.org
 	o  fix handling of -T option, from leot@netbsd.org
 	o  cleanups and portability improvements, from maya@netbsd.org
 	o  change directory indexing to use html tables, from
 	   rajeev_v_pillai@yahoo.com
 changes in bozohttpd 20181125:
 	o  fixes for option parsing introduced in bozohttpd 20181123
 changes in bozohttpd 20181121:
 	o  add url remap support via .bzremap file, from martin@netbsd.org
 	o  handle redirections for any protocol, not just http:
 	o  fix a denial of service attack against header contents, which
 	   is now bounded at 16KiB.  reported by JP
 	o  reduce default timeouts, and add expand timeouts to handle the
 	   initial line, each header, and the total time spent
 	o  add -T option to expose new timeout settings
 	o  minor RFC fixes related to timeout handling
 @@ -283,27 +303,27 @@ changes in bozohttpd 5.09 (20010922):
 changes in bozohttpd 5.08 (20010812):
 	- add directory index generation support (-X) from ad@netbsd.org
 	- add .pa as an alias for .pac
 	- make server software version configurable (RFC)
 changes in bozohttpd 5.07 (20010610):
 	- add .png support
 	- new "-x index.html" flag to change default file
 	- new "-p public_html" flag to change default ~user directory
 	- fixes cgi-bin support and more from chuck@research.att.com
 	- add many new content-types, now support most common ones
 changes in bozohttpd 5.06 (20000825):
-	- add IPv6 suppor from itojun@iijlab.net
+	- add IPv6 support from itojun@iijlab.net
 	- man page fixes from jlam@netbsd.org
 changes in bozohttpd 5.05 (20000815):
 	- fix a virtual host bug, from kleink@netbsd.org
 changes in bozohttpd 5.04 (20000427):
 	- fix virtual host support; URI takes precedence over Host:
 changes in bozohttpd 5.03 (20000427):
 	- fix a bug with chdir()
 changes in bozohttpd 5.02 (20000426):
 	- .pac spport from simonb

 @@ -1,14 +1,14 @@
-#	$NetBSD: Makefile,v 1.22.2.2.4.1 2018/11/24 17:23:20 martin Exp $
+#	$NetBSD: Makefile,v 1.22.2.2.4.2 2019/06/15 15:56:21 martin Exp $
+#
 #	$eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
+#
 # berkeley (netbsd) makefile.  see Makefile.boot for other systems.
 # compile-time options are:
 #	NO_DEBUG		/* don't include debugging support */
 #	NO_USER_SUPPORT		/* don't support /~user requests */
 #	NO_CGIBIN_SUPPORT	/* don't support cgi-bin requests */
 #	NO_DIRINDEX_SUPPORT	/* don't support directory indexing */
 #	NO_DAEMON_MODE		/* don't support daemon mode */
 #	NO_DYNAMIC_CONTENT	/* don't support dynamic content updates */
 #	NO_SSL_SUPPORT		/* don't support ssl (https) */
 @@ -67,26 +67,29 @@ HTMLFROB=	sed \
 		    -e 's/""/\&ldquo;/' \
 		    -e 's/<a href="\.\.\/html[^>]*>\(.*\)<\/a>/\1/'
 TXTFROB=	col -b
 bozohttpd.8.html: bozohttpd.8
 	$(PREHTMLFROB) $> | $(NROFF) -mdoc2html | $(HTMLFROB) > $@
 bozohttpd.8.txt: bozohttpd.8
 	$(NROFF) -mdoc -Tascii $> | $(TXTFROB) > $@
 CLEANFILES+=	bozohttpd.8.html bozohttpd.8.txt
 check:
 	cd ${.CURDIR}/testsuite && ${MAKE} check
 # Create a distfile: uses /tmp
 BASE=bozohttpd-${BOZOVER}
 TAR=${BASE}.tar
 export-distfile:
 	dir=`mktemp -d /tmp/bozo-export-XXXXXX`; \
 	cd "$${dir}" || exit; \
 	mkdir ${BASE}; \
 	( cd ${BASE} || exit; \
 	  cp -r "${.CURDIR}/." "."; \
 	  find . -name .CVS | xargs rm -r; \
 	); \
 	pax -wf ${TAR} ${BASE}; \
 	gzip -nc9 ${TAR} > ${TAR}.gz; \

 @@ -1,19 +1,19 @@
-/*	$NetBSD: daemon-bozo.c,v 1.16.4.1.4.1 2018/11/24 17:23:20 martin Exp $	*/
+/*	$NetBSD: daemon-bozo.c,v 1.16.4.1.4.2 2019/06/15 15:56:21 martin Exp $	*/
 /*	$eterna: daemon-bozo.c,v 1.24 2011/11/18 09:21:15 mrg Exp $	*/
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer and
  *    dedication in the documentation and/or other materials provided
  *    with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 @@ -195,27 +195,27 @@ bozo_daemon_closefds(bozohttpd_t *httpd)
 static void
 daemon_runchild(bozohttpd_t *httpd, int fd)
+{
 	httpd->request_times++;
 	/* setup stdin/stdout/stderr */
 	dup2(fd, 0);
 	dup2(fd, 1);
 	/*dup2(fd, 2);*/
 	close(fd);
+}
 static int
-daemon_poll_err(bozohttpd_t *httpd, int fd, int idx)
+daemon_poll_err(bozohttpd_t *httpd, int idx)
+{
 	if ((httpd->fds[idx].revents & (POLLNVAL|POLLERR|POLLHUP)) == 0)
 		return 0;
 	bozowarn(httpd, "poll on fd %d pid %d revents %d: %s",
 	    httpd->fds[idx].fd, getpid(), httpd->fds[idx].revents,
 	    strerror(errno));
 	bozowarn(httpd, "nsock = %d", httpd->nsock);
 	close(httpd->sock[idx]);
 	httpd->nsock--;
 	bozowarn(httpd, "nsock now = %d", httpd->nsock);
 	/* no sockets left */
 	if (httpd->nsock == 0)
 @@ -274,27 +274,27 @@ again:
 			    errno == EINVAL)
 				bozoerr(httpd, 1, "poll: %s",
 					strerror(errno));
 			/* sleep on some temporary kernel failures */
 			if (errno == ENOMEM ||
 			    errno == EAGAIN)
 				sleep(1);
 			goto again;
+		}
 		for (i = 0; i < httpd->nsock; i++) {
-			if (daemon_poll_err(httpd, fd, i))
+			if (daemon_poll_err(httpd, i))
 				break;
 			if (httpd->fds[i].revents == 0)
 				continue;
 			slen = sizeof(ss);
 			fd = accept(httpd->fds[i].fd,
 					(struct sockaddr *)(void *)&ss, &slen);
 			if (fd == -1) {
 				if (errno == EFAULT ||
 				    errno == EINVAL)
 					bozoerr(httpd, 1, "accept: %s",
 						strerror(errno));

 @@ -1,19 +1,19 @@
-/*	$NetBSD: ssl-bozo.c,v 1.18.2.1.4.1 2018/11/24 17:23:20 martin Exp $	*/
+/*	$NetBSD: ssl-bozo.c,v 1.18.2.1.4.2 2019/06/15 15:56:21 martin Exp $	*/
 /*	$eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $	*/
 /*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2019 Matthew R. Green
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer and
  *    dedication in the documentation and/or other materials provided
  *    with the distribution.
+ *
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 @@ -253,36 +253,46 @@ bozo_ssl_init(bozohttpd_t *httpd)
+}
 /*
  * returns non-zero for failure
  */
 int
 bozo_ssl_accept(bozohttpd_t *httpd)
+{
 	sslinfo_t *sslinfo = httpd->sslinfo;
 	if (sslinfo == NULL || !sslinfo->ssl_context)
 		return 0;
 	alarm(httpd->ssl_timeout);
 	sslinfo->bozossl = SSL_new(sslinfo->ssl_context);
 	if (sslinfo->bozossl == NULL)
 		bozoerr(httpd, 1, "SSL_new failed");
 	SSL_set_rfd(sslinfo->bozossl, 0);
 	SSL_set_wfd(sslinfo->bozossl, 1);
 	const int ret = SSL_accept(sslinfo->bozossl);
 	bozo_check_error_queue(httpd, "accept", ret);
 	alarm(0);
 	if (bozo_timeout_hit) {
 		SSL_free(sslinfo->bozossl);
 		sslinfo->bozossl = NULL;
 		return 1;
+	}
 	return ret != 1;
+}
 void
 bozo_ssl_destroy(bozohttpd_t *httpd)
+{
 	const sslinfo_t *sslinfo = httpd->sslinfo;
 	if (sslinfo && sslinfo->bozossl)
 		SSL_free(sslinfo->bozossl);
+}
 static sslinfo_t *

 @@ -1,22 +1,21 @@
 #! /bin/sh
-# $NetBSD: test-bigfile,v 1.1.1.1.30.3.2.1 2018/11/24 17:23:21 martin Exp $
+# $NetBSD: test-bigfile,v 1.1.1.1.30.3.2.2 2019/06/15 15:56:22 martin Exp $
 test="$1"; shift	# partial4000 or partial8000
 bozohttpd="$1"; shift
 wget="$1"; shift
 datadir="$1"; shift
 verbose="$1"; shift
 host="$1"; shift
 tmperr="tmp.$test.err"
 if [ "yes" = "$verbose" ]; then
 	echo "Running test $test"
 else
 	exec 2>"$tmperr"
 fi
 bozotestport=11111
 # copy beginning file
 cp "${datadir}/bigfile.${test}" ./bigfile

 @@ -1,44 +1,44 @@
 #	$NetBSD: Makefile,v 1.4.24.3.2.2 2019/06/15 15:56:22 martin Exp $
 #	$eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $
 SIMPLETESTS=	t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15
 CGITESTS=	t11
 BIGFILETESTS=	partial4000 partial8000
 BOZOHTTPD?=	../bozohttpd
 BOZOHTTPD?=	../debug/bozohttpd-debug
 WGET?=		wget
 DATA?=		$(.CURDIR)/data
 VERBOSE?=	yes
 HOST?=		test.eterna
 .if ${VERBOSE} != "yes"
 SILENT=		@
 .else
 SILENT=
 .endif
 all:
 clean:
 	for a in $(SIMPLETESTS) $(BIGFILETESTS); do \
 		rm -f tmp.$$a.out tmp.$$a.err; \
 	done
 check: check-simple check-cgi check-bigfile
 check-simple:
 .for a in $(SIMPLETESTS)
-	${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" "${HOST}"
+	${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}"
 .endfor
 check-cgi:
 .for a in $(CGITESTS)
-	${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" "${HOST}" -c "${.CURDIR}/cgi-bin"
+	${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" -c "${.CURDIR}/cgi-bin"
 .endfor
 check-bigfile:
 .for a in $(BIGFILETESTS)
-	${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}" "${HOST}"
+	${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}"
 .endfor
 .include <bsd.obj.mk>

 @@ -1,34 +1,33 @@
 #! /bin/sh
-# $NetBSD: test-simple,v 1.2.4.3.2.1 2018/11/24 17:23:21 martin Exp $
+# $NetBSD: test-simple,v 1.2.4.3.2.2 2019/06/15 15:56:22 martin Exp $
 test="$1"; shift
 bozohttpd="$1"; shift
 datadir="$1"; shift
 curdir="$1"; shift
 verbose="$1"; shift
 host="$1"; shift
 in="$curdir/$test.in"
 out="$curdir/$test.out"
 tmpout="tmp.$test.out"
 tmperr="tmp.$test.err"
 if [ "yes" = "$verbose" ]; then
 	echo "Running test $test"
 else
 	exec 2>"$tmperr"
 fi
 bozotestport=11111
-${bozohttpd} "$@" "${datadir}" "${host}" < "$in" > "$tmpout"
+${bozohttpd} "$@" "${datadir}" < "$in" > "$tmpout"
 if "$curdir/html_cmp" cmp "$out" "$tmpout"; then
 	exit 0
 else
 	if [ "yes" = "$verbose" ]; then
 		echo "Failed test $test:"
 		cat "$tmperr"
 		$curdir/html_cmp diff "$out" "$tmpout"
 	fi
 	exit 1
 fi