Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7]: src/libexec/httpd Pull up following revision(s) (requested by...
details: https://anonhg.NetBSD.org/src/rev/6761c4309029
branches: netbsd-7
changeset: 798823:6761c4309029
user: martin <martin%NetBSD.org@localhost>
date: Mon Jan 12 10:02:29 2015 +0000
description:
Pull up following revision(s) (requested by mrg in ticket #408):
libexec/httpd/content-bozo.c: revision 1.11
libexec/httpd/dir-index-bozo.c: revision 1.20
libexec/httpd/bozohttpd.h: revision 1.34
libexec/httpd/bozohttpd.c: revision 1.57
libexec/httpd/bozohttpd.8: revision 1.47
libexec/httpd/bozohttpd.c: revision 1.58
libexec/httpd/bozohttpd.8: revision 1.48
libexec/httpd/bozohttpd.c: revision 1.59
libexec/httpd/lua-bozo.c: revision 1.11
libexec/httpd/bozohttpd.c: revision 1.60
libexec/httpd/auth-bozo.c: revision 1.14
libexec/httpd/auth-bozo.c: revision 1.15
libexec/httpd/auth-bozo.c: revision 1.16
Update bozohttpd to 20141225:
- NUL terminate a string.
- don't truncate file sizes to 32 bits for directory indexes.
- Fixed off-by-one in virtualhost processing. Previous code was
checking if Host header is a prefix of any existing vhost.
This behaviour might be used to uncover existing vitual hosts
from the remote.
- Fixed memory leak in case of multiple authentication headers sent
by the client.
- Avoid array access out of bounds.
diffstat:
libexec/httpd/auth-bozo.c | 19 +++++++++++++++++--
libexec/httpd/bozohttpd.8 | 6 +++---
libexec/httpd/bozohttpd.c | 9 +++++----
libexec/httpd/bozohttpd.h | 4 +++-
libexec/httpd/content-bozo.c | 4 +++-
libexec/httpd/dir-index-bozo.c | 6 +++---
libexec/httpd/lua-bozo.c | 3 ++-
7 files changed, 36 insertions(+), 15 deletions(-)
diffs (198 lines):
diff -r 94d6154afb5c -r 6761c4309029 libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Sun Jan 11 14:15:42 2015 +0000
+++ b/libexec/httpd/auth-bozo.c Mon Jan 12 10:02:29 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: auth-bozo.c,v 1.13 2014/07/08 14:01:21 mrg Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.13.2.1 2015/01/12 10:02:29 martin Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
@@ -118,6 +118,13 @@
}
void
+bozo_auth_init(bozo_httpreq_t *request)
+{
+ request->hr_authuser = NULL;
+ request->hr_authpass = NULL;
+}
+
+void
bozo_auth_cleanup(bozo_httpreq_t *request)
{
@@ -150,6 +157,8 @@
return bozo_http_error(httpd, 400, request,
"bad authorization field");
*pass++ = '\0';
+ free(request->hr_authuser);
+ free(request->hr_authpass);
request->hr_authuser = bozostrdup(httpd, authbuf);
request->hr_authpass = bozostrdup(httpd, pass);
debug((httpd, DEBUG_FAT,
@@ -229,6 +238,12 @@
unsigned char *cp;
size_t i;
+ if (ilen == 0) {
+ if (olen)
+ *out = '\0';
+ return 0;
+ }
+
cp = out;
for (i = 0; i < ilen; i += 4) {
if (cp + 3 > out + olen)
@@ -250,7 +265,7 @@
| decodetable[in[i + 3]];
#undef IN_CHECK
}
- while (in[i - 1] == '=')
+ while (i > 0 && in[i - 1] == '=')
cp--,i--;
return (cp - out);
}
diff -r 94d6154afb5c -r 6761c4309029 libexec/httpd/bozohttpd.8
--- a/libexec/httpd/bozohttpd.8 Sun Jan 11 14:15:42 2015 +0000
+++ b/libexec/httpd/bozohttpd.8 Mon Jan 12 10:02:29 2015 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: bozohttpd.8,v 1.46 2014/02/09 12:32:32 mrg Exp $
+.\" $NetBSD: bozohttpd.8,v 1.46.4.1 2015/01/12 10:02:29 martin Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd February 9, 2014
+.Dd December 25, 2014
.Dt HTTPD 8
.Os
.Sh NAME
@@ -513,7 +513,7 @@
and regular code audits.
This manual documents
.Nm
-version 20140201.
+version 20141225.
.Sh AUTHORS
.An -nosplit
.Nm
diff -r 94d6154afb5c -r 6761c4309029 libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Sun Jan 11 14:15:42 2015 +0000
+++ b/libexec/httpd/bozohttpd.c Mon Jan 12 10:02:29 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.56 2014/07/17 10:21:51 mrg Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.56.2.1 2015/01/12 10:02:29 martin Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -109,7 +109,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20140717"
+#define SERVER_SOFTWARE "bozohttpd/20141225"
#endif
#ifndef DIRECT_ACCESS_FILE
#define DIRECT_ACCESS_FILE ".bzdirect"
@@ -541,6 +541,7 @@
request->hr_virthostname = NULL;
request->hr_file = NULL;
request->hr_oldfile = NULL;
+ bozo_auth_init(request);
slen = sizeof(ss);
if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
@@ -1093,8 +1094,8 @@
}
debug((httpd, DEBUG_OBESE, "looking at dir``%s''",
d->d_name));
- if (strncasecmp(d->d_name, request->hr_host,
- len) == 0) {
+ if (d->d_namlen == len && strcmp(d->d_name,
+ request->hr_host) == 0) {
/* found it, punch it */
debug((httpd, DEBUG_OBESE, "found it punch it"));
request->hr_virthostname =
diff -r 94d6154afb5c -r 6761c4309029 libexec/httpd/bozohttpd.h
--- a/libexec/httpd/bozohttpd.h Sun Jan 11 14:15:42 2015 +0000
+++ b/libexec/httpd/bozohttpd.h Mon Jan 12 10:02:29 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.33 2014/07/17 06:27:52 mrg Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.33.2.1 2015/01/12 10:02:29 martin Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
@@ -247,6 +247,7 @@
/* auth-bozo.c */
#ifdef DO_HTPASSWD
+void bozo_auth_init(bozo_httpreq_t *);
int bozo_auth_check(bozo_httpreq_t *, const char *);
void bozo_auth_cleanup(bozo_httpreq_t *);
int bozo_auth_check_headers(bozo_httpreq_t *, char *, char *, ssize_t);
@@ -255,6 +256,7 @@
void bozo_auth_cgi_setenv(bozo_httpreq_t *, char ***);
int bozo_auth_cgi_count(bozo_httpreq_t *);
#else
+#define bozo_auth_init(x) do { /* nothing */ } while (0)
#define bozo_auth_check(x, y) 0
#define bozo_auth_cleanup(x) do { /* nothing */ } while (0)
#define bozo_auth_check_headers(y, z, a, b) 0
diff -r 94d6154afb5c -r 6761c4309029 libexec/httpd/content-bozo.c
--- a/libexec/httpd/content-bozo.c Sun Jan 11 14:15:42 2015 +0000
+++ b/libexec/httpd/content-bozo.c Mon Jan 12 10:02:29 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: content-bozo.c,v 1.10 2014/05/17 05:50:01 mrg Exp $ */
+/* $NetBSD: content-bozo.c,v 1.10.2.1 2015/01/12 10:02:29 martin Exp $ */
/* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
@@ -164,6 +164,8 @@
{ ".mpeg", 5, "video/mpeg", "", "", NULL },
{ ".mpg", 4, "video/mpeg", "", "", NULL },
{ ".mpe", 4, "video/mpeg", "", "", NULL },
+ { ".ts", 4, "video/mpeg", "", "", NULL },
+ { ".vob", 4, "video/mpeg", "", "", NULL },
{ ".mp4", 4, "video/mp4", "", "", NULL },
{ ".qt", 3, "video/quicktime", "", "", NULL },
{ ".mov", 4, "video/quicktime", "", "", NULL },
diff -r 94d6154afb5c -r 6761c4309029 libexec/httpd/dir-index-bozo.c
--- a/libexec/httpd/dir-index-bozo.c Sun Jan 11 14:15:42 2015 +0000
+++ b/libexec/httpd/dir-index-bozo.c Mon Jan 12 10:02:29 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: dir-index-bozo.c,v 1.19 2014/01/02 08:21:38 mrg Exp $ */
+/* $NetBSD: dir-index-bozo.c,v 1.19.4.1 2015/01/12 10:02:29 martin Exp $ */
/* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */
@@ -189,8 +189,8 @@
spacebuf[i] = '\0';
bozo_printf(httpd, "%s", spacebuf);
- bozo_printf(httpd, "%7ukB",
- ((unsigned)((unsigned)(sb.st_size) >> 10)));
+ bozo_printf(httpd, "%12llukB",
+ (unsigned long long)sb.st_size >> 10);
}
bozo_printf(httpd, "\r\n");
}
diff -r 94d6154afb5c -r 6761c4309029 libexec/httpd/lua-bozo.c
--- a/libexec/httpd/lua-bozo.c Sun Jan 11 14:15:42 2015 +0000
+++ b/libexec/httpd/lua-bozo.c Mon Jan 12 10:02:29 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: lua-bozo.c,v 1.10 2014/07/19 18:38:34 lneto Exp $ */
+/* $NetBSD: lua-bozo.c,v 1.10.2.1 2015/01/12 10:02:29 martin Exp $ */
/*
* Copyright (c) 2013 Marc Balmer <marc%msys.ch@localhost>
@@ -276,6 +276,7 @@
*q++ = *p;
}
}
+ *q = '\0';
lua_pushstring(L, val);
lua_setfield(L, -2, s);
free(val);
Home |
Main Index |
Thread Index |
Old Index