Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-7]: src/libexec/httpd Pull up following revision(s) (requested by...
details: https://anonhg.NetBSD.org/src/rev/9f2e4115a303
branches: netbsd-7
changeset: 799883:9f2e4115a303
user: snj <snj%NetBSD.org@localhost>
date: Fri Apr 15 19:01:05 2016 +0000
description:
Pull up following revision(s) (requested by mrg in ticket #1141):
libexec/httpd/CHANGES: up to 1.22
libexec/httpd/bozohttpd.8: up to 1.59
libexec/httpd/bozohttpd.c: up to 1.80
libexec/httpd/bozohttpd.h: up to 1.45
libexec/httpd/cgi-bozo.c: up to 1.33
libexec/httpd/lua/bozo.lua: up to 1.2
libexec/httpd/lua/glue.c: up to 1.2
Import bozohttpd 20151028:
o add CGI support for ~user translation (-E switch)
o add redirects to ~user translation
o fix bugs around ~user translation
o add schema detection for absolute redirects
o fixed few memory leaks
o bunch of minor tweaks
o removed -r support
o smarter redirects
--
Changes in 20150320:
o fix redirection handling
o support transport stream (.ts) and video object (.vob) files
o directory listings show correct file sizes for large files
--
updates and bozohttpd 20160415:
o add search-word support for CGI
o fix a security issue in CGI suffix handler support which would
allow remote code execution, from shm%netbsd.org@localhost
o -C option supports now CGI scripts only
diffstat:
libexec/httpd/CHANGES | 6 +
libexec/httpd/bozohttpd.8 | 7 +-
libexec/httpd/bozohttpd.c | 91 +++++++++++++++++----
libexec/httpd/bozohttpd.h | 13 ++-
libexec/httpd/cgi-bozo.c | 183 ++++++++++++++++++++++++++++++++++++++++++--
libexec/httpd/lua/bozo.lua | 5 +-
libexec/httpd/lua/glue.c | 4 +-
7 files changed, 270 insertions(+), 39 deletions(-)
diffs (truncated from 596 to 300 lines):
diff -r d7ac40ffbcf9 -r 9f2e4115a303 libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES Fri Apr 15 09:04:28 2016 +0000
+++ b/libexec/httpd/CHANGES Fri Apr 15 19:01:05 2016 +0000
@@ -1,5 +1,11 @@
$eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
+changes in bozohttpd 20160415:
+ o add search-word support for CGI
+ o fix a security issue in CGI suffix handler support which would
+ allow remote code execution, from shm%netbsd.org@localhost
+ o -C option supports now CGI scripts only
+
changes in bozohttpd 20151028:
o add CGI support for ~user translation (-E switch)
o add redirects to ~user translation
diff -r d7ac40ffbcf9 -r 9f2e4115a303 libexec/httpd/bozohttpd.8
--- a/libexec/httpd/bozohttpd.8 Fri Apr 15 09:04:28 2016 +0000
+++ b/libexec/httpd/bozohttpd.8 Fri Apr 15 19:01:05 2016 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: bozohttpd.8,v 1.46.4.5 2016/04/10 10:33:11 martin Exp $
+.\" $NetBSD: bozohttpd.8,v 1.46.4.6 2016/04/15 19:01:05 snj Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
@@ -507,7 +507,7 @@
option to specify a CGI handler for a particular file type.
Typically this will be like:
.Bd -literal
-httpd -C .php /usr/pkg/bin/php /var/www
+httpd -C .php /usr/pkg/bin/php-cgi /var/www
.Ed
.Sh SEE ALSO
.Xr inetd.conf 5 ,
@@ -615,7 +615,8 @@
.Aq Mt shm%NetBSD.org@localhost
fixed memory leaks, various issues with userdir support,
information disclosure issues, added support for using CGI handlers
-with directory indexing and provided various other fixes.
+with directory indexing, found several security issues and provided
+various other fixes.
.It
.An Arnaud Lacombe
.Aq Mt alc%NetBSD.org@localhost
diff -r d7ac40ffbcf9 -r 9f2e4115a303 libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Fri Apr 15 09:04:28 2016 +0000
+++ b/libexec/httpd/bozohttpd.c Fri Apr 15 19:01:05 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.56.2.5 2016/04/10 10:33:11 martin Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.56.2.6 2016/04/15 19:01:05 snj Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -109,7 +109,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20151231"
+#define SERVER_SOFTWARE "bozohttpd/20160415"
#endif
#ifndef DIRECT_ACCESS_FILE
#define DIRECT_ACCESS_FILE ".bzdirect"
@@ -348,6 +348,15 @@
ohdr = hdr;
}
free(ohdr);
+ ohdr = NULL;
+ for (hdr = SIMPLEQ_FIRST(&request->hr_replheaders); hdr;
+ hdr = SIMPLEQ_NEXT(hdr, h_next)) {
+ free(hdr->h_value);
+ free(hdr->h_header);
+ free(ohdr);
+ ohdr = hdr;
+ }
+ free(ohdr);
free(request);
}
@@ -363,20 +372,33 @@
}
/*
+ * a list of header quirks: currently, a list of headers that
+ * can't be folded into a single line.
+ */
+const char *header_quirks[] = { "WWW-Authenticate", NULL };
+
+/*
* add or merge this header (val: str) into the requests list
*/
static bozoheaders_t *
-addmerge_header(bozo_httpreq_t *request, char *val,
- char *str, ssize_t len)
+addmerge_header(bozo_httpreq_t *request, struct qheaders *headers,
+ const char *val, const char *str, ssize_t len)
{
struct bozohttpd_t *httpd = request->hr_httpd;
- struct bozoheaders *hdr;
+ struct bozoheaders *hdr = NULL;
+ const char **quirk;
USE_ARG(len);
- /* do we exist already? */
- SIMPLEQ_FOREACH(hdr, &request->hr_headers, h_next) {
- if (strcasecmp(val, hdr->h_header) == 0)
+ for (quirk = header_quirks; *quirk; quirk++)
+ if (strcasecmp(*quirk, val) == 0)
break;
+
+ if (*quirk == NULL) {
+ /* do we exist already? */
+ SIMPLEQ_FOREACH(hdr, headers, h_next) {
+ if (strcasecmp(val, hdr->h_header) == 0)
+ break;
+ }
}
if (hdr) {
@@ -396,13 +418,30 @@
else
hdr->h_value = bozostrdup(httpd, request, " ");
- SIMPLEQ_INSERT_TAIL(&request->hr_headers, hdr, h_next);
+ SIMPLEQ_INSERT_TAIL(headers, hdr, h_next);
request->hr_nheaders++;
}
return hdr;
}
+bozoheaders_t *
+addmerge_reqheader(bozo_httpreq_t *request, const char *val, const char *str,
+ ssize_t len)
+{
+
+ return addmerge_header(request, &request->hr_headers, val, str, len);
+}
+
+bozoheaders_t *
+addmerge_replheader(bozo_httpreq_t *request, const char *val, const char *str,
+ ssize_t len)
+{
+
+ return addmerge_header(request, &request->hr_replheaders,
+ val, str, len);
+}
+
/*
* as the prototype string is not constant (eg, "HTTP/1.1" is equivalent
* to "HTTP/001.01"), we MUST parse this.
@@ -538,6 +577,7 @@
request->hr_virthostname = NULL;
request->hr_file = NULL;
request->hr_oldfile = NULL;
+ SIMPLEQ_INIT(&request->hr_replheaders);
bozo_auth_init(request);
slen = sizeof(ss);
@@ -673,7 +713,7 @@
if (bozo_auth_check_headers(request, val, str, len))
goto next_header;
- hdr = addmerge_header(request, val, str, len);
+ hdr = addmerge_reqheader(request, val, str, len);
if (strcasecmp(hdr->h_header, "content-type") == 0)
request->hr_content_type = hdr->h_value;
@@ -1248,19 +1288,17 @@
}
/* this fixes the %HH hack that RFC2396 requires. */
-static int
-fix_url_percent(bozo_httpreq_t *request)
+int
+bozo_decode_url_percent(bozo_httpreq_t *request, char *str)
{
bozohttpd_t *httpd = request->hr_httpd;
- char *s, *t, buf[3], *url;
+ char *s, *t, buf[3];
char *end; /* if end is not-zero, we don't translate beyond that */
- url = request->hr_file;
-
- end = url + strlen(url);
+ end = str + strlen(str);
/* fast forward to the first % */
- if ((s = strchr(url, '%')) == NULL)
+ if ((s = strchr(str, '%')) == NULL)
return 0;
t = s;
@@ -1312,7 +1350,7 @@
} while (*s);
*t = '\0';
- debug((httpd, DEBUG_FAT, "fix_url_percent returns %s in url",
+ debug((httpd, DEBUG_FAT, "bozo_decode_url_percent returns `%s'",
request->hr_file));
return 0;
@@ -1343,7 +1381,7 @@
file = NULL;
*isindex = 0;
debug((httpd, DEBUG_FAT, "tf_req: file %s", request->hr_file));
- if (fix_url_percent(request)) {
+ if (bozo_decode_url_percent(request, request->hr_file)) {
goto bad_done;
}
if (check_virtual(request)) {
@@ -1680,6 +1718,12 @@
bozohttpd_t *httpd = request->hr_httpd;
off_t len;
char date[40];
+ bozoheaders_t *hdr;
+
+ SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) {
+ bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
+ hdr->h_value);
+ }
bozo_printf(httpd, "Date: %s\r\n", bozo_http_date(date, sizeof(date)));
bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
@@ -1901,6 +1945,7 @@
const char *proto = (request && request->hr_proto) ?
request->hr_proto : httpd->consts.http_11;
int size;
+ bozoheaders_t *hdr;
debug((httpd, DEBUG_FAT, "bozo_http_error %d: %s", code, msg));
if (header == NULL || reason == NULL) {
@@ -1963,8 +2008,14 @@
size = 0;
bozo_printf(httpd, "%s %s\r\n", proto, header);
- if (request)
+
+ if (request) {
bozo_auth_check_401(request, code);
+ SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) {
+ bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
+ hdr->h_value);
+ }
+ }
bozo_printf(httpd, "Content-Type: text/html\r\n");
bozo_printf(httpd, "Content-Length: %d\r\n", size);
diff -r d7ac40ffbcf9 -r 9f2e4115a303 libexec/httpd/bozohttpd.h
--- a/libexec/httpd/bozohttpd.h Fri Apr 15 09:04:28 2016 +0000
+++ b/libexec/httpd/bozohttpd.h Fri Apr 15 19:01:05 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.33.2.3 2016/04/10 10:33:11 martin Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.33.2.4 2016/04/15 19:01:05 snj Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
@@ -54,6 +54,7 @@
/*const*/ char *h_value; /* this gets free()'ed etc at times */
SIMPLEQ_ENTRY(bozoheaders) h_next;
} bozoheaders_t;
+SIMPLEQ_HEAD(qheaders, bozoheaders);
#ifndef NO_LUA_SUPPORT
typedef struct lua_handler {
@@ -172,8 +173,9 @@
/*const*/ char *hr_authuser;
/*const*/ char *hr_authpass;
#endif
- SIMPLEQ_HEAD(, bozoheaders) hr_headers;
- int hr_nheaders;
+ struct qheaders hr_headers;
+ struct qheaders hr_replheaders;
+ int hr_nheaders;
} bozo_httpreq_t;
/* helper to access the "active" host name from a httpd/request pair */
@@ -225,6 +227,7 @@
const char *);
char *bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url, int absolute);
char *bozo_escape_html(bozohttpd_t *httpd, const char *url);
+int bozo_decode_url_percent(bozo_httpreq_t *, char *);
/* these are similar to libc functions, no underscore here */
void bozowarn(bozohttpd_t *, const char *, ...)
@@ -355,6 +358,10 @@
bozo_httpreq_t *bozo_read_request(bozohttpd_t *);
void bozo_process_request(bozo_httpreq_t *);
void bozo_clean_request(bozo_httpreq_t *);
+bozoheaders_t *addmerge_reqheader(bozo_httpreq_t *, const char *,
+ const char *, ssize_t);
+bozoheaders_t *addmerge_replheader(bozo_httpreq_t *, const char *,
+ const char *, ssize_t);
/* variables */
int bozo_set_pref(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
diff -r d7ac40ffbcf9 -r 9f2e4115a303 libexec/httpd/cgi-bozo.c
--- a/libexec/httpd/cgi-bozo.c Fri Apr 15 09:04:28 2016 +0000
+++ b/libexec/httpd/cgi-bozo.c Fri Apr 15 19:01:05 2016 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cgi-bozo.c,v 1.25.2.3 2016/04/10 10:33:11 martin Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.25.2.4 2016/04/15 19:01:05 snj Exp $ */
Home |
Main Index |
Thread Index |
Old Index