Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/libexec/httpd - move special files defines into bozohttpd.h, ...



details:   https://anonhg.NetBSD.org/src/rev/1a9cc453dabd
branches:  trunk
changeset: 446036:1a9cc453dabd
user:      mrg <mrg%NetBSD.org@localhost>
date:      Wed Nov 21 09:37:02 2018 +0000

description:
- move special files defines into bozohttpd.h, so we can ...
- consolidate all the special file checks into
  bozo_check_special_files() so that all builds check the same
  list of special files, regardless of build options.
- convert "(void)bozo_http_error(...); return -1;" into plain
  "return bozo_http_error(...);"
- fix the call to bozo_check_special_files() to be used on all
  input types.  part of the fixes for failure to reject access
  to /.htpasswd as reported by JP on tech-security.
- use warn_unused_result attribute on bozo_check_special_files(),
  and fix the failures to return failure.  second part of the
  htpasswd access fix.
- update testsuite to use a fixed fake hostname.

call this bozohttpd 20181121.

diffstat:

 libexec/httpd/CHANGES                |   5 +-
 libexec/httpd/auth-bozo.c            |  19 +-------
 libexec/httpd/bozohttpd.c            |  83 +++++++++++++----------------------
 libexec/httpd/bozohttpd.h            |  32 ++++++++++++-
 libexec/httpd/testsuite/Makefile     |   7 +-
 libexec/httpd/testsuite/html_cmp     |   1 +
 libexec/httpd/testsuite/test-bigfile |  15 +++---
 libexec/httpd/testsuite/test-simple  |   5 +-
 8 files changed, 79 insertions(+), 88 deletions(-)

diffs (truncated from 415 to 300 lines):

diff -r baaeddd16b0a -r 1a9cc453dabd libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES     Wed Nov 21 08:55:05 2018 +0000
+++ b/libexec/httpd/CHANGES     Wed Nov 21 09:37:02 2018 +0000
@@ -1,6 +1,6 @@
-$NetBSD: CHANGES,v 1.27 2018/11/20 01:06:46 mrg Exp $
+$NetBSD: CHANGES,v 1.28 2018/11/21 09:37:02 mrg Exp $
 
-changes in bozohttpd 20181118:
+changes in bozohttpd 20181121:
        o  add url remap support via .bzremap file, from martin%netbsd.org@localhost
        o  handle redirections for any protocol, not just http:
        o  fix a denial of service attack against header contents, which
@@ -9,6 +9,7 @@
           initial line, each header, and the total time spent
        o  add -T option to expose new timeout settings
        o  minor RFC fixes related to timeout handling
+       o  fix special file (.htpasswd, .bz*) bypass.  reported by JP.
 
 changes in bozohttpd 20170201:
        o  fix an infinite loop in cgi processing
diff -r baaeddd16b0a -r 1a9cc453dabd libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Wed Nov 21 08:55:05 2018 +0000
+++ b/libexec/httpd/auth-bozo.c Wed Nov 21 09:37:02 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth-bozo.c,v 1.20 2018/11/20 01:06:46 mrg Exp $       */
+/*     $NetBSD: auth-bozo.c,v 1.21 2018/11/21 09:37:02 mrg Exp $       */
 
 /*     $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $       */
 
@@ -42,10 +42,6 @@
 
 #include "bozohttpd.h"
 
-#ifndef AUTH_FILE
-#define AUTH_FILE              ".htpasswd"
-#endif
-
 static ssize_t base64_decode(const unsigned char *, size_t,
                            unsigned char *, size_t);
 
@@ -68,7 +64,6 @@
                strcpy(dir, ".");
        else {
                *basename++ = '\0';
-                       /* ensure basename(file) != AUTH_FILE */
                if (bozo_check_special_files(request, basename))
                        return 1;
        }
@@ -173,18 +168,6 @@
        return 0;
 }
 
-int
-bozo_auth_check_special_files(bozo_httpreq_t *request,
-                               const char *name)
-{
-       bozohttpd_t *httpd = request->hr_httpd;
-
-       if (strcmp(name, AUTH_FILE) == 0)
-               return bozo_http_error(httpd, 403, request,
-                               "no permission to open authfile");
-       return 0;
-}
-
 void
 bozo_auth_check_401(bozo_httpreq_t *request, int code)
 {
diff -r baaeddd16b0a -r 1a9cc453dabd libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Wed Nov 21 08:55:05 2018 +0000
+++ b/libexec/httpd/bozohttpd.c Wed Nov 21 09:37:02 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.c,v 1.90 2018/11/20 01:06:46 mrg Exp $       */
+/*     $NetBSD: bozohttpd.c,v 1.91 2018/11/21 09:37:02 mrg Exp $       */
 
 /*     $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $      */
 
@@ -109,25 +109,8 @@
 #define INDEX_HTML             "index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE                "bozohttpd/20181119"
-#endif
-#ifndef DIRECT_ACCESS_FILE
-#define DIRECT_ACCESS_FILE     ".bzdirect"
-#endif
-#ifndef REDIRECT_FILE
-#define REDIRECT_FILE          ".bzredirect"
+#define SERVER_SOFTWARE                "bozohttpd/20181121"
 #endif
-#ifndef ABSREDIRECT_FILE
-#define ABSREDIRECT_FILE       ".bzabsredirect"
-#endif
-#ifndef REMAP_FILE
-#define REMAP_FILE             ".bzremap"
-#endif
-
-/*
- * When you add some .bz* file, make sure to also check it in
- * bozo_check_special_files()
- */
 
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML            "public_html"
@@ -696,7 +679,6 @@
        sa.sa_flags = 0;
        sigaction(SIGALRM, &sa, NULL);
 
-       
        if (clock_gettime(CLOCK_MONOTONIC, &ots) != 0) {
                (void)bozo_http_error(httpd, 500, NULL,
                        "clock_gettime failed");
@@ -1466,32 +1448,33 @@
         * if this pathname is really a directory, but doesn't end in /,
         * use it as the directory to look for the redir file.
         */
-       if((size_t)snprintf(dir, sizeof(dir), "%s", request->hr_file + 1) >=
-         sizeof(dir)) {
-               bozo_http_error(httpd, 404, request,
+       if ((size_t)snprintf(dir, sizeof(dir), "%s", request->hr_file + 1) >=
+         sizeof(dir))
+               return bozo_http_error(httpd, 404, request,
                  "file path too long");
-               return -1;
-       }
        debug((httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
        basename = strrchr(dir, '/');
 
        if ((!basename || basename[1] != '\0') &&
            lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode)) {
                strcpy(path, dir);
+               basename = dir;
        } else if (basename == NULL) {
                strcpy(path, ".");
                strcpy(dir, "");
+               basename = request->hr_file + 1;
        } else {
                *basename++ = '\0';
-               bozo_check_special_files(request, basename);
                strcpy(path, dir);
        }
+       if (bozo_check_special_files(request, basename))
+               return -1;
 
        debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path));
 
        if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
          REDIRECT_FILE) >= sizeof(redir)) {
-               bozo_http_error(httpd, 404, request,
+               return bozo_http_error(httpd, 404, request,
                    "redirectfile path too long");
                return -1;
        }
@@ -1502,9 +1485,8 @@
        } else {
                if((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
                  ABSREDIRECT_FILE) >= sizeof(redir)) {
-                       bozo_http_error(httpd, 404, request,
+                       return bozo_http_error(httpd, 404, request,
                          "redirectfile path too long");
-                       return -1;
                }
                if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode))
                        return 0;
@@ -1528,9 +1510,8 @@
        if (!absolute && redirpath[0] != '/') {
                if ((size_t)snprintf(finalredir = redir, sizeof(redir), "%s%s/%s",
                  (strlen(dir) > 0 ? "/" : ""), dir, redirpath) >= sizeof(redir)) {
-                       bozo_http_error(httpd, 404, request,
+                       return bozo_http_error(httpd, 404, request,
                          "redirect path too long");
-                       return -1;
                }
        } else
                finalredir = redirpath;
@@ -1566,21 +1547,15 @@
                debug((httpd, DEBUG_EXPLODING,
                        "fu_%%: got s == %%, s[1]s[2] == %c%c",
                        s[1], s[2]));
-               if (s[1] == '\0' || s[2] == '\0') {
-                       (void)bozo_http_error(httpd, 400, request,
+               if (s[1] == '\0' || s[2] == '\0')
+                       return bozo_http_error(httpd, 400, request,
                            "percent hack missing two chars afterwards");
-                       return 1;
-               }
-               if (s[1] == '0' && s[2] == '0') {
-                       (void)bozo_http_error(httpd, 404, request,
-                                       "percent hack was %00");
-                       return 1;
-               }
-               if (s[1] == '2' && s[2] == 'f') {
-                       (void)bozo_http_error(httpd, 404, request,
-                                       "percent hack was %2f (/)");
-                       return 1;
-               }
+               if (s[1] == '0' && s[2] == '0')
+                       return bozo_http_error(httpd, 404, request,
+                           "percent hack was %00");
+               if (s[1] == '2' && s[2] == 'f')
+                       return bozo_http_error(httpd, 404, request,
+                           "percent hack was %2f (/)");
 
                buf[0] = *++s;
                buf[1] = *++s;
@@ -1589,11 +1564,9 @@
                *t = (char)strtol(buf, NULL, 16);
                debug((httpd, DEBUG_EXPLODING,
                                "fu_%%: strtol put '%02x' into *t", *t));
-               if (*t++ == '\0') {
-                       (void)bozo_http_error(httpd, 400, request,
-                                       "percent hack got a 0 back");
-                       return 1;
-               }
+               if (*t++ == '\0')
+                       return bozo_http_error(httpd, 400, request,
+                           "percent hack got a 0 back");
 
                while (*s && *s != '%') {
                        if (end && s >= end)
@@ -1685,7 +1658,9 @@
        switch (check_bzredirect(request)) {
        case -1:
                goto bad_done;
-       case 1:
+       case 0:
+               break;
+       default:
                return 0;
        }
 
@@ -1963,7 +1938,11 @@
        if (strcmp(name, REMAP_FILE) == 0)
                return bozo_http_error(httpd, 403, request,
                    "no permission to open redirect file");
-       return bozo_auth_check_special_files(request, name);
+       if (strcmp(name, AUTH_FILE) == 0)
+               return bozo_http_error(httpd, 403, request,
+                   "no permission to open authfile");
+
+       return 0;
 }
 
 /* generic header printing routine */
diff -r baaeddd16b0a -r 1a9cc453dabd libexec/httpd/bozohttpd.h
--- a/libexec/httpd/bozohttpd.h Wed Nov 21 08:55:05 2018 +0000
+++ b/libexec/httpd/bozohttpd.h Wed Nov 21 09:37:02 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.h,v 1.54 2018/11/20 01:23:06 mrg Exp $       */
+/*     $NetBSD: bozohttpd.h,v 1.55 2018/11/21 09:37:02 mrg Exp $       */
 
 /*     $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $       */
 
@@ -217,9 +217,11 @@
 #if (defined(__GNUC__) && __GNUC__ >= 3) || defined(__lint__)
 #define BOZO_PRINTFLIKE(x,y) __attribute__((__format__(__printf__, x,y)))
 #define BOZO_DEAD __attribute__((__noreturn__))
+#define BOZO_CHECKRET __attribute__((__warn_unused_result__))
 #else
 #define BOZO_PRINTFLIKE(x,y)
 #define BOZO_DEAD
+#define BOZO_CHECKRET
 #endif
 
 #ifdef NO_DEBUG
@@ -231,9 +233,33 @@
 #define have_debug     (1)
 #endif /* NO_DEBUG */
 
+/*
+ * bozohttpd special files.  avoid serving these out.
+ *
+ * When you add some .bz* file, make sure to also check it in
+ * bozo_check_special_files()
+ */
+
+#ifndef DIRECT_ACCESS_FILE
+#define DIRECT_ACCESS_FILE     ".bzdirect"
+#endif
+#ifndef REDIRECT_FILE
+#define REDIRECT_FILE          ".bzredirect"
+#endif
+#ifndef ABSREDIRECT_FILE
+#define ABSREDIRECT_FILE       ".bzabsredirect"
+#endif
+#ifndef REMAP_FILE
+#define REMAP_FILE             ".bzremap"
+#endif
+#ifndef AUTH_FILE
+#define AUTH_FILE              ".htpasswd"
+#endif
+
+/* be sure to always return this error up */
 int    bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
 
-int    bozo_check_special_files(bozo_httpreq_t *, const char *);
+int    bozo_check_special_files(bozo_httpreq_t *, const char *) BOZO_CHECKRET;
 char   *bozo_http_date(char *, size_t);
 void   bozo_print_header(bozo_httpreq_t *, struct stat *, const char *,
                          const char *);
@@ -284,7 +310,6 @@



Home | Main Index | Thread Index | Old Index