[src/trunk]: src/libexec/httpd don't assume host BUFSIZ is sufficent. small ...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/libexec/httpd don't assume host BUFSIZ is sufficent. small ...
From: mrg <mrg%NetBSD.org@localhost>
Date: Sun, 30 Jul 2023 20:49:44 +0000
details:   https://anonhg.NetBSD.org/src/rev/99b4b8c64d64
branches:  trunk
changeset: 379030:99b4b8c64d64
user:      mrg <mrg%NetBSD.org@localhost>
date:      Wed May 05 07:41:48 2021 +0000

description:
don't assume host BUFSIZ is sufficent.  small BUFSIZ leads to
always happens errors in the testsuite.  switch all these buffers
to be 4KiB sized.  reported by embr <git%liclac.eu@localhost>

diffstat:

 libexec/httpd/CHANGES           |   7 ++++++-
 libexec/httpd/auth-bozo.c       |   8 ++++----
 libexec/httpd/bozohttpd.c       |  12 ++++++------
 libexec/httpd/bozohttpd.h       |   4 +++-
 libexec/httpd/testsuite/t10.out |   6 +++---
 5 files changed, 22 insertions(+), 15 deletions(-)

diffs (131 lines):

diff -r ea9d46df8068 -r 99b4b8c64d64 libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES     Wed May 05 07:09:19 2021 +0000
+++ b/libexec/httpd/CHANGES     Wed May 05 07:41:48 2021 +0000
@@ -1,4 +1,9 @@
-$NetBSD: CHANGES,v 1.48 2021/04/04 18:14:26 mrg Exp $
+$NetBSD: CHANGES,v 1.49 2021/05/05 07:41:48 mrg Exp $
+
+changes in bozohttpd 20210504:
+       o  don't assume host BUFSIZ is sufficent.  small BUFSIZ leads to
+          always happens errors in the testsuite.  switch all these buffers
+          to be 4KiB sized.  reported by embr <git%liclac.eu@localhost>
 
 changes in bozohttpd 20210403:
        o  fix a denial of service attack against initial request contents,
diff -r ea9d46df8068 -r 99b4b8c64d64 libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Wed May 05 07:09:19 2021 +0000
+++ b/libexec/httpd/auth-bozo.c Wed May 05 07:41:48 2021 +0000
@@ -1,9 +1,9 @@
-/*     $NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $       */
+/*     $NetBSD: auth-bozo.c,v 1.27 2021/05/05 07:41:48 mrg Exp $       */
 
 /*     $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $       */
 
 /*
- * Copyright (c) 1997-2020 Matthew R. Green
+ * Copyright (c) 1997-2021 Matthew R. Green
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -54,7 +54,7 @@ bozo_auth_check(bozo_httpreq_t *request,
        bozohttpd_t *httpd = request->hr_httpd;
        struct stat sb;
        char dir[MAXPATHLEN], authfile[MAXPATHLEN], *basename;
-       char user[BUFSIZ], *pass;
+       char user[BOZO_MINBUFSIZE], *pass;
        FILE *fp;
        int len;
 
@@ -144,7 +144,7 @@ bozo_auth_check_headers(bozo_httpreq_t *
 
        if (strcasecmp(val, "authorization") == 0 &&
            strncasecmp(str, "Basic ", 6) == 0) {
-               char    authbuf[BUFSIZ];
+               char    authbuf[BOZO_MINBUFSIZE];
                char    *pass = NULL;
                ssize_t alen;
 
diff -r ea9d46df8068 -r 99b4b8c64d64 libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Wed May 05 07:09:19 2021 +0000
+++ b/libexec/httpd/bozohttpd.c Wed May 05 07:41:48 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.c,v 1.131 2021/05/05 07:09:19 mrg Exp $      */
+/*     $NetBSD: bozohttpd.c,v 1.132 2021/05/05 07:41:48 mrg Exp $      */
 
 /*     $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $      */
 
@@ -108,7 +108,7 @@
 #define INDEX_HTML             "index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE                "bozohttpd/20210403"
+#define SERVER_SOFTWARE                "bozohttpd/20210504"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML            "public_html"
@@ -2275,7 +2275,7 @@ bozo_http_error(bozohttpd_t *httpd, int 
                }
 #endif /* !NO_USER_SUPPORT */
 
-               size = snprintf(httpd->errorbuf, BUFSIZ,
+               size = snprintf(httpd->errorbuf, BOZO_MINBUFSIZE,
                    "<html><head><title>%s</title></head>\n"
                    "<body><h1>%s</h1>\n"
                    "%s%s: <pre>%s</pre>\n"
@@ -2285,10 +2285,10 @@ bozo_http_error(bozohttpd_t *httpd, int 
                    user ? user : "", file,
                    reason, hostname, portbuf, hostname, portbuf);
                free(user);
-               if (size >= (int)BUFSIZ) {
+               if (size >= (int)BOZO_MINBUFSIZE) {
                        bozowarn(httpd,
                                "bozo_http_error buffer too small, truncated");
-                       size = (int)BUFSIZ;
+                       size = (int)BOZO_MINBUFSIZE;
                }
 
                if (file_alloc)
@@ -2515,7 +2515,7 @@ bozo_init_httpd(bozohttpd_t *httpd)
        httpd->mmapsz = BOZO_MMAPSZ;
 
        /* error buffer for bozo_http_error() */
-       if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) {
+       if ((httpd->errorbuf = malloc(BOZO_MINBUFSIZE)) == NULL) {
                fprintf(stderr,
                        "bozohttpd: memory_allocation failure\n");
                return 0;
diff -r ea9d46df8068 -r 99b4b8c64d64 libexec/httpd/bozohttpd.h
--- a/libexec/httpd/bozohttpd.h Wed May 05 07:09:19 2021 +0000
+++ b/libexec/httpd/bozohttpd.h Wed May 05 07:41:48 2021 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.h,v 1.68 2021/02/27 12:36:46 mrg Exp $       */
+/*     $NetBSD: bozohttpd.h,v 1.69 2021/05/05 07:41:48 mrg Exp $       */
 
 /*     $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $       */
 
@@ -227,6 +227,8 @@ typedef struct bozoprefs_t {
 /* only allow this many total headers bytes */
 #define BOZO_HEADERS_MAX_SIZE (16 * 1024)
 
+#define BOZO_MINBUFSIZE (4 * 1024)
+
 /* debug flags */
 #define DEBUG_NORMAL   1
 #define DEBUG_FAT      2
diff -r ea9d46df8068 -r 99b4b8c64d64 libexec/httpd/testsuite/t10.out
--- a/libexec/httpd/testsuite/t10.out   Wed May 05 07:09:19 2021 +0000
+++ b/libexec/httpd/testsuite/t10.out   Wed May 05 07:41:48 2021 +0000
@@ -1,8 +1,8 @@
 HTTP/1.0 404 Not Found
 Content-Type: text/html
-Content-Length: 1024
-Server: bozohttpd/20140708
+Content-Length: 4096
+Server: bozohttpd/20210403
 
 <html><head><title>404 Not Found</title></head>
 <body><h1>404 Not Found</h1>
-/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
\ No newline at end of file
+/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
\ No newline at end of file
Prev by Date: [src/trunk]: src/libexec/httpd include <stdint.h>. bozo_unconst() uses uintp...
Next by Date: [src/trunk]: src/doc evbarm: Add support for Allwinner V3s SoCs.
Previous by Thread: [src/trunk]: src/libexec/httpd include <stdint.h>. bozo_unconst() uses uintp...
Next by Thread: [src/trunk]: src/doc evbarm: Add support for Allwinner V3s SoCs.
Indexes:
Home | Main Index | Thread Index | Old Index