Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-7-0]: src/libexec/httpd Sync to HEAD (requested by mrg in ticket ...



details:   https://anonhg.NetBSD.org/src/rev/95884977708d
branches:  netbsd-7-0
changeset: 446142:95884977708d
user:      martin <martin%NetBSD.org@localhost>
date:      Sat Nov 24 17:23:47 2018 +0000

description:
Sync to HEAD (requested by mrg in ticket #1655):

        libexec/httpd/testsuite/data/.bzremap           up to 1.1
        libexec/httpd/testsuite/t12.out                 up to 1.1
        libexec/httpd/testsuite/t12.in                  up to 1.1
        libexec/httpd/testsuite/t13.out                 up to 1.1
        libexec/httpd/testsuite/t13.in                  up to 1.1
        libexec/httpd/testsuite/t14.out                 up to 1.1
        libexec/httpd/testsuite/t14.in                  up to 1.1
        libexec/httpd/testsuite/t15.out                 up to 1.1
        libexec/httpd/testsuite/t15.in                  up to 1.1
        libexec/httpd/CHANGES                           up to 1.28
        libexec/httpd/Makefile                          up to 1.27
        libexec/httpd/auth-bozo.c                       up to 1.22
        libexec/httpd/bozohttpd.8                       up to 1.74
        libexec/httpd/bozohttpd.c                       up to 1.96
        libexec/httpd/bozohttpd.h                       up to 1.56
        libexec/httpd/cgi-bozo.c                        up to 1.44
        libexec/httpd/content-bozo.c                    up to 1.16
        libexec/httpd/daemon-bozo.c                     up to 1.19
        libexec/httpd/dir-index-bozo.c                  up to 1.28
        libexec/httpd/lua-bozo.c                        up to 1.15
        libexec/httpd/main.c                            up to 1.21
        libexec/httpd/ssl-bozo.c                        up to 1.25
        libexec/httpd/tilde-luzah-bozo.c                up to 1.16
        libexec/httpd/libbozohttpd/Makefile             up to 1.3
        libexec/httpd/lua/bozo.lua                      up to 1.3
        libexec/httpd/lua/glue.c                        up to 1.5
        libexec/httpd/lua/optparse.lua                  up to 1.2
        libexec/httpd/testsuite/Makefile                up to 1.11
        libexec/httpd/testsuite/html_cmp                up to 1.6
        libexec/httpd/testsuite/t3.out                  up to 1.4
        libexec/httpd/testsuite/t5.out                  up to 1.4
        libexec/httpd/testsuite/t6.out                  up to 1.4
        libexec/httpd/testsuite/test-bigfile            up to 1.5
        libexec/httpd/testsuite/test-simple             up to 1.5

Cosmetic changes to Lua binding in bozohttpd.

- Don't use negative indicies to read arguments of Lua functions.
- On error, return nil, "error string".
- Use ssize_t for return values from bozo_read() and bozo_write().
- Prefer lstring especially when if saves you from appending NUL and
  doing len + 1 which can potentially wraparound.
- Don't mix C allocations with Lua functions marked with "m" in the Lua
  manual. Those functions may throw (longjump) and leak data allocated
  by C function. In one case, I use luaL_Buffer, in the other case,
  I rearranged calls a bit.


fix ordering of a couple of words.  from Edgar Pettijohn in PR#52375.
thanks!


s/u_int/unsigned/.

from Jan Danielsson.  increases/fixes portability.


PR bin/52194: bozohttpd fails to exec scripts via the -C mechanism
sometimes with EFAULT due to not NULL terminated environment.


Document script handler issues with httpd(8).
>From martin@, addressing PR 52194.

While here, use American spelling consistently and upper-case some
abbreviations.

Bump date.


fix output since protocol agnostic change went in.

XXX: i thought someone hooked this into atf already, please do :)


Add support for remapping requested paths via a .bzredirect file.
Fixes PR 52772. Ok: mrg@


Bump date


Remove trailing whitespace.


use __func__ in debug().


fix a denial of service attack against header contents, which
is now bounded at 16KiB.  reported by JP.


avoid memory leak in sending multiple auth headers.
mostly mitigated by previous patch to limit total header size,
but still a real problem here.


note the changes present in bozohttpd 20181118:

o  add url remap support via .bzremap file, from martin%netbsd.org@localhost
o  handle redirections for any protocol, not just http:
o  fix a denial of service attack against header contents, which
   is now bounded at 16KiB.  reported by JP.


from CHANGES:

o  reduce default timeouts, and add expand timeouts to handle the
   initial line, each header, and the total time spent
o  add -T option to expose new timeout settings
o  minor RFC fixes related to timeout handling responses

old timeouts:
60 seconds for initial request like, 60 seconds per header line,
and no whole timeout (though the recent total header size changes
do introduce one that would be about 11 hours.)
new timeouts:
30 seconds for initial request like, 10 seconds per header line,
and a total request time of 600 seconds.

the new global timeout is implemented using CLOCK_MONOTONIC, with
a fallback to CLOCK_REALTIME if monotonic time is unavailable.

reject multiple Host: headers.  besides being protocol standard,
this closes one additional memory leak found by JP.  add a simple
test to check this.

clean up option and usage handling some.


move some #if support into bozohttpd.h.


fix previous: have_debug was reversed.


also fix have_dynamic_content from the previous previous.  re-order
the debug and dynamic content to match the same pattern as everything
else so similar problems are less likely in the future.


- move special files defines into bozohttpd.h, so we can ...
- consolidate all the special file checks into
  bozo_check_special_files() so that all builds check the same
  list of special files, regardless of build options.
- convert "(void)bozo_http_error(...); return -1;" into plain
  "return bozo_http_error(...);"
- fix the call to bozo_check_special_files() to be used on all
  input types.  part of the fixes for failure to reject access
  to /.htpasswd as reported by JP on tech-security.
- use warn_unused_result attribute on bozo_check_special_files(),
  and fix the failures to return failure.  second part of the
  htpasswd access fix.
- update testsuite to use a fixed fake hostname.

call this bozohttpd 20181121.


two fixes reported by mouse:
- don't check contents of 'st' if stat(2) failed.
- round up instead of truncate.  now 10000 byte files say 10kB not 9kB.


use MAP_SHARED for the bzremap file.  avoids netbsd kernel complaining:

WARNING: defaulted mmap() share type to MAP_PRIVATE (pid 15478 command bozohttpd)


many clean ups:
- keep a list of special files and their human names
- remove (void) casts on bozo_http_error()
- fix a few more misuses of bozo_http_error()
- rename check_mapping() to check_remap() and perform some CSE
- switch away from ``%s'' to '%s'
- remove a bunch of #ifdef using new have_feature defines


alpha sort the option switch.


add an assert() check on array bounds.


minor style fixes.  simplify bozo_match_content_map().

diffstat:

 libexec/httpd/CHANGES                 |   13 +-
 libexec/httpd/Makefile                |   12 +-
 libexec/httpd/auth-bozo.c             |   28 +-
 libexec/httpd/bozohttpd.8             |  109 ++++++-
 libexec/httpd/bozohttpd.c             |  494 +++++++++++++++++++++++++--------
 libexec/httpd/bozohttpd.h             |  125 ++++++--
 libexec/httpd/cgi-bozo.c              |   56 +-
 libexec/httpd/content-bozo.c          |   21 +-
 libexec/httpd/daemon-bozo.c           |    9 +-
 libexec/httpd/dir-index-bozo.c        |   24 +-
 libexec/httpd/libbozohttpd/Makefile   |   10 -
 libexec/httpd/lua-bozo.c              |  109 +++---
 libexec/httpd/lua/bozo.lua            |   42 +-
 libexec/httpd/lua/glue.c              |   52 +--
 libexec/httpd/lua/optparse.lua        |    2 +-
 libexec/httpd/main.c                  |  460 ++++++++++++++++---------------
 libexec/httpd/ssl-bozo.c              |   11 +-
 libexec/httpd/testsuite/Makefile      |    9 +-
 libexec/httpd/testsuite/data/.bzremap |    2 +
 libexec/httpd/testsuite/html_cmp      |    1 +
 libexec/httpd/testsuite/t12.in        |    2 +
 libexec/httpd/testsuite/t12.out       |   11 +
 libexec/httpd/testsuite/t13.in        |    2 +
 libexec/httpd/testsuite/t13.out       |   11 +
 libexec/httpd/testsuite/t14.in        |  194 +++++++++++++
 libexec/httpd/testsuite/t14.out       |   11 +
 libexec/httpd/testsuite/t15.in        |    4 +
 libexec/httpd/testsuite/t15.out       |   11 +
 libexec/httpd/testsuite/t3.out        |    2 +-
 libexec/httpd/testsuite/t5.out        |    2 +-
 libexec/httpd/testsuite/t6.out        |    2 +-
 libexec/httpd/testsuite/test-bigfile  |   15 +-
 libexec/httpd/testsuite/test-simple   |    5 +-
 libexec/httpd/tilde-luzah-bozo.c      |   15 +-
 34 files changed, 1250 insertions(+), 626 deletions(-)

diffs (truncated from 3390 to 300 lines):

diff -r b78be5560995 -r 95884977708d libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES     Wed Nov 21 14:13:47 2018 +0000
+++ b/libexec/httpd/CHANGES     Sat Nov 24 17:23:47 2018 +0000
@@ -1,4 +1,15 @@
-$NetBSD: CHANGES,v 1.19.2.1.2.3 2017/02/12 21:59:44 snj Exp $
+$NetBSD: CHANGES,v 1.19.2.1.2.4 2018/11/24 17:23:47 martin Exp $
+
+changes in bozohttpd 20181121:
+       o  add url remap support via .bzremap file, from martin%netbsd.org@localhost
+       o  handle redirections for any protocol, not just http:
+       o  fix a denial of service attack against header contents, which
+          is now bounded at 16KiB.  reported by JP
+       o  reduce default timeouts, and add expand timeouts to handle the
+          initial line, each header, and the total time spent
+       o  add -T option to expose new timeout settings
+       o  minor RFC fixes related to timeout handling
+       o  fix special file (.htpasswd, .bz*) bypass.  reported by JP.
 
 changes in bozohttpd 20170201:
        o  fix an infinite loop in cgi processing
diff -r b78be5560995 -r 95884977708d libexec/httpd/Makefile
--- a/libexec/httpd/Makefile    Wed Nov 21 14:13:47 2018 +0000
+++ b/libexec/httpd/Makefile    Sat Nov 24 17:23:47 2018 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.22.2.1.2.1 2016/04/15 18:55:49 snj Exp $
+#      $NetBSD: Makefile,v 1.22.2.1.2.2 2018/11/24 17:23:47 martin Exp $
 #
 #      $eterna: Makefile,v 1.30 2010/07/11 00:34:27 mrg Exp $
 #
@@ -48,19 +48,9 @@
 LDADD+=                -lnbutil
 .endif
 
-.include <bsd.own.mk>
-
-.if ${MKCRYPTO} != "no"
-
 LDADD+=        -lssl -lcrypto
 DPADD+=        ${LIBSSL} ${LIBCRYPTO}
 
-.else
-
-COPTS+=        -DNO_SSL_SUPPORT
-
-.endif
-
 #
 # Build release things.
 #
diff -r b78be5560995 -r 95884977708d libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Wed Nov 21 14:13:47 2018 +0000
+++ b/libexec/httpd/auth-bozo.c Sat Nov 24 17:23:47 2018 +0000
@@ -1,9 +1,9 @@
-/*     $NetBSD: auth-bozo.c,v 1.13.2.1.2.1 2016/04/15 18:55:49 snj Exp $       */
+/*     $NetBSD: auth-bozo.c,v 1.13.2.1.2.2 2018/11/24 17:23:47 martin Exp $    */
 
 /*     $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $       */
 
 /*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -42,10 +42,6 @@
 
 #include "bozohttpd.h"
 
-#ifndef AUTH_FILE
-#define AUTH_FILE              ".htpasswd"
-#endif
-
 static ssize_t base64_decode(const unsigned char *, size_t,
                            unsigned char *, size_t);
 
@@ -68,7 +64,6 @@
                strcpy(dir, ".");
        else {
                *basename++ = '\0';
-                       /* ensure basename(file) != AUTH_FILE */
                if (bozo_check_special_files(request, basename))
                        return 1;
        }
@@ -122,6 +117,7 @@
 {
        request->hr_authuser = NULL;
        request->hr_authpass = NULL;
+       request->hr_authrealm = NULL;
 }
 
 void
@@ -147,6 +143,10 @@
                char    *pass = NULL;
                ssize_t alen;
 
+               /* free prior entries. */
+               free(request->hr_authuser);
+               free(request->hr_authpass);
+
                alen = base64_decode((unsigned char *)str + 6,
                                        (size_t)(len - 6),
                                        (unsigned char *)authbuf,
@@ -158,8 +158,6 @@
                        return bozo_http_error(httpd, 400, request,
                            "bad authorization field");
                *pass++ = '\0';
-               free(request->hr_authuser);
-               free(request->hr_authpass);
                request->hr_authuser = bozostrdup(httpd, request, authbuf);
                request->hr_authpass = bozostrdup(httpd, request, pass);
                debug((httpd, DEBUG_FAT,
@@ -171,18 +169,6 @@
        return 0;
 }
 
-int
-bozo_auth_check_special_files(bozo_httpreq_t *request,
-                               const char *name)
-{
-       bozohttpd_t *httpd = request->hr_httpd;
-
-       if (strcmp(name, AUTH_FILE) == 0)
-               return bozo_http_error(httpd, 403, request,
-                               "no permission to open authfile");
-       return 0;
-}
-
 void
 bozo_auth_check_401(bozo_httpreq_t *request, int code)
 {
diff -r b78be5560995 -r 95884977708d libexec/httpd/bozohttpd.8
--- a/libexec/httpd/bozohttpd.8 Wed Nov 21 14:13:47 2018 +0000
+++ b/libexec/httpd/bozohttpd.8 Sat Nov 24 17:23:47 2018 +0000
@@ -1,8 +1,8 @@
-.\"    $NetBSD: bozohttpd.8,v 1.46.4.4.2.3 2017/02/12 21:59:44 snj Exp $
+.\"    $NetBSD: bozohttpd.8,v 1.46.4.4.2.4 2018/11/24 17:23:47 martin Exp $
 .\"
 .\"    $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
 .\"
-.\" Copyright (c) 1997-2017 Matthew R. Green
+.\" Copyright (c) 1997-2018 Matthew R. Green
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd February 1, 2017
+.Dd November 19, 2018
 .Dt BOZOHTTPD 8
 .Os
 .Sh NAME
@@ -41,6 +41,7 @@
 .Op Fl M Ar suffix type encoding encoding11
 .Op Fl P Ar pidfile
 .Op Fl S Ar server_software
+.Op Fl T Ar type timeout
 .Op Fl U Ar username
 .Op Fl Z Ar cert privkey
 .Op Fl c Ar cgibin
@@ -105,7 +106,7 @@
 directory is expected to contain the CGI programs to be used.
 .Nm
 looks for URL's in the form of
-.Em /cgi-bin/\*[Lt]scriptname\*[Gt]
+.Em /cgi-bin/<scriptname>
 where
 .Aq scriptname
 is a valid CGI program in the
@@ -219,7 +220,7 @@
 .It Fl P Ar pidfile
 Causes
 .Nm
-to create a pid file in
+to create a PID file in
 .Ar pidfile
 when run in daemon mode with the
 .Fl b
@@ -236,6 +237,19 @@
 .Ar server_software .
 .It Fl s
 Forces logging to be set to stderr always.
+.It Fl T Ar type timeout
+Set the timeout for
+.Ar type
+to
+.Ar timeout .
+The valid values of
+.Ar type
+are
+.Dq initial timeout ,
+.Dq header timeout ,
+and
+.Dq request timeout .
+The default values are 30 seconds, 10 seconds and 600 seconds, respectively.
 .It Fl t Ar chrootdir
 Makes
 .Nm
@@ -284,7 +298,7 @@
 for the request, then
 .Ar slashdir
 will be used.
-The default behaviour is to return 404 (Not Found.)
+The default behavior is to return 404 (Not Found.)
 .It Fl v Ar virtualroot
 Enables virtual hosting support.
 Directories in
@@ -314,7 +328,7 @@
 .Xr SSL_CTX_set_cipher_list 3 ) .
 .It Fl Z Ar certificate_path privatekey_path
 Sets the path to the server certificate file and the private key file
-in pem format.
+in PEM format.
 It also causes
 .Nm
 to start SSL mode.
@@ -388,9 +402,9 @@
 and SSL support (NO_SSL_SUPPORT)
 by defining the listed macros when building
 .Nm .
-.Ss HTTP BASIC AUTHORISATION
+.Ss HTTP BASIC AUTHORIZATION
 .Nm
-has support for HTTP Basic Authorisation.
+has support for HTTP Basic Authorization.
 If a file named
 .Pa .htpasswd
 exists in the directory of the current request,
@@ -406,7 +420,7 @@
 The
 .Pa .htpasswd
 file contains lines delimited with a colon containing
-usernames and passwords hashed with
+user names and passwords hashed with
 .Xr crypt 3 ,
 for example:
 .Bd -literal
@@ -424,7 +438,7 @@
 .Nm
 distributed with
 .Nx
-has support for HTTP Basic Authorisation enabled by default,
+has support for HTTP Basic Authorization enabled by default,
 in the portable distribution it is excluded.
 Compile
 .Nm
@@ -458,7 +472,7 @@
 to be provided on a per-directory basis.
 In addition to the
 .Pa .htpasswd
-used by HTTP basic authorisation,
+used by HTTP basic authorization,
 if a
 .Pa .bzdirect
 file is found (contents are irrelevant)
@@ -478,7 +492,7 @@
 .Pa .bzabsredirect
 symbolic link is found,
 .Nm
-will redirect to the absolute url pointed to by this symlink.
+will redirect to the absolute URL pointed to by this symlink.
 This is useful to redirect to different servers.
 Two forms of redirection are supported - symbolic link without schema will use
 .Em http://
@@ -488,7 +502,38 @@
 .Em http://NetBSD.org/
 Otherwise provided schema will be used i.e. symbolic link to
 .Em ftp://NetBSD.org/
-will redirect to provided the URL.
+will redirect to the provided URL.
+If a
+.Pa .bzremap
+file is found at the root of a (virtual) server, it is expected to contain
+rewrite mappings for URLs.
+.Pp
+These remappings are performed internally in the server before authentication
+happens and can be used to hide implementation details, like the CGI handler
+specific suffix for non cgi scripts in authorized directories.
+.Pp
+The map file consists of lines two paths separated by a colon, where the left
+side needs to exactly match a (sub) path of the request and will be replaced
+by the right side.
+.Pp
+The first match always wins.
+.Pp
+A
+.Pa .bzremap
+file could look like this:
+.Bd -literal
+/nic/update:/auth-dir/updipv4.pl
+.Ed
+.Pp
+The remap file should be short, access to it is slow and needs to happen
+on each request.
+If a request path needs to include a colon
+.Pq Li \&:
+character, it can be escaped
+with a backslash
+.Pq Li \e



Home | Main Index | Thread Index | Old Index