NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/58880: bozohttpd(8): set custom header field in responses
The following reply was made to PR bin/58880; it has been noted by GNATS.
From: Sunil Nimmagadda <sunil%nimmagadda.net@localhost>
To: campbell+netbsd%mumble.net@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, gnats-bugs%netbsd.org@localhost
Subject: Re: bin/58880: bozohttpd(8): set custom header field in responses
Date: Fri, 13 Dec 2024 13:03:05 +0530
campbell+netbsd%mumble.net@localhost writes:
>>Number: 58880
>>Category: bin
>>Synopsis: bozohttpd(8): set custom header field in responses
>>Confidential: no
>>Severity: serious
>>Priority: medium
>>Responsible: bin-bug-people
>>State: open
>>Class: sw-bug
>>Submitter-Id: net
>>Arrival-Date: Fri Dec 06 03:50:00 +0000 2024
>>Originator: Taylor R Campbell
>>Release: 10
>>Organization:
> The-NetBSD-Foundation: max-age=31556956
>>Environment:
>>Description:
> How do I set a custom header field in bozohttpd responses, such as `Strict-Transport-Security: max-age=31556956'?
>
> With Apache I would do:
>
> Header set Strict-Transport-Security "max-age=31556956"
>
> This is for serving any response, not just scripts, so while I can easily add the header field manually in a script that's not enough here.
>>How-To-Repeat:
> try to implement RFC 6797 or anything else that requires setting a header field on content, like X-Frame-Options or things like that
>>Fix:
> Yes, please!
This diff allows custom headers to be specified in a .bzcustomheaders file at
the root of the server. The lines from it are included verbatim as
headers in all of the responses...
diff --git a/libexec/httpd/bozohttpd.8 b/libexec/httpd/bozohttpd.8
index 196fcb52acc7..b37cfb50de6c 100644
--- a/libexec/httpd/bozohttpd.8
+++ b/libexec/httpd/bozohttpd.8
@@ -640,6 +640,11 @@ with a backslash
.Pq Ql \e
The right hand side of the colon is always used verbatim, no escape sequences
are interpreted.
+.Ss CUSTOM RESPONSE HEADERS
+If a
+.Pa .bzcustomheaders
+file is found at the root of the server, it is expected to contain
+custom headers to be included verbatim in all of the responses.
.Sh EXAMPLES
To configure set of virtual hosts, one would use an
.Xr inetd.conf 5
diff --git a/libexec/httpd/bozohttpd.c b/libexec/httpd/bozohttpd.c
index 656bdf073af3..cbdc5a6b96b0 100644
--- a/libexec/httpd/bozohttpd.c
+++ b/libexec/httpd/bozohttpd.c
@@ -181,6 +181,7 @@ struct {
{ ABSREDIRECT_FILE, "rejected absredirect request" },
{ REMAP_FILE, "rejected remap request" },
{ AUTH_FILE, "rejected authfile request" },
+ { CUSTOMHEADERS_FILE, "rejected customheaders request" },
{ NULL, NULL },
};
@@ -1974,12 +1975,17 @@ bozo_print_header(bozo_httpreq_t *request,
off_t len;
char date[40];
bozoheaders_t *hdr;
+ bozocustomheaders_t *chdr;
SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) {
bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
hdr->h_value);
}
+ SIMPLEQ_FOREACH(chdr, &httpd->customheaders, h_next) {
+ bozo_printf(httpd, "%s\r\n", chdr->h_header);
+ }
+
bozo_printf(httpd, "Date: %s\r\n", bozo_http_date(date, sizeof(date)));
bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
bozo_printf(httpd, "Accept-Ranges: bytes\r\n");
@@ -2524,6 +2530,8 @@ bozo_init_httpd(bozohttpd_t *httpd)
#ifndef NO_LUA_SUPPORT
SIMPLEQ_INIT(&httpd->lua_states);
#endif
+
+ SIMPLEQ_INIT(&httpd->customheaders);
return 1;
}
@@ -2562,6 +2570,34 @@ bozo_set_defaults(bozohttpd_t *httpd, bozoprefs_t *prefs)
return bozo_init_httpd(httpd) && bozo_init_prefs(httpd, prefs);
}
+static void
+bozo_setup_customheaders(bozohttpd_t *httpd)
+{
+ struct bozocustomheaders *hdr;
+ FILE *fp;
+ char *fn, *line = NULL;
+ size_t linecap = 0;
+ ssize_t linelen;
+
+ bozoasprintf(httpd, &fn, "%s/%s", httpd->slashdir, CUSTOMHEADERS_FILE);
+ fp = fopen(fn, "r");
+ if (fp == NULL) {
+ free(fn);
+ return;
+ }
+
+ bozowarn(httpd, "reading %s", fn);
+ free(fn);
+ while ((linelen = getline(&line, &linecap, fp)) > 0) {
+ line[strcspn(line, "\n")] = '\0';
+ hdr = bozomalloc(httpd, sizeof *hdr);
+ hdr->h_header = bozostrdup(httpd, NULL, line);
+ SIMPLEQ_INSERT_TAIL(&httpd->customheaders, hdr, h_next);
+ }
+ free(line);
+ fclose(fp);
+}
+
/* set the virtual host name, port and root */
int
bozo_setup(bozohttpd_t *httpd, bozoprefs_t *prefs, const char *vhost,
@@ -2674,6 +2710,7 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs_t *prefs, const char *vhost,
*/
bozo_ssl_init(httpd);
bozo_daemon_init(httpd);
+ bozo_setup_customheaders(httpd);
username = bozo_get_pref(prefs, "username");
if (username != NULL) {
diff --git a/libexec/httpd/bozohttpd.h b/libexec/httpd/bozohttpd.h
index cdfec757793e..811b891215da 100644
--- a/libexec/httpd/bozohttpd.h
+++ b/libexec/httpd/bozohttpd.h
@@ -64,6 +64,12 @@ typedef struct bozoheaders {
} bozoheaders_t;
SIMPLEQ_HEAD(qheaders, bozoheaders);
+typedef struct bozocustomheaders {
+ const char *h_header;
+ SIMPLEQ_ENTRY(bozocustomheaders) h_next;
+} bozocustomheaders_t;
+SIMPLEQ_HEAD(cheaders, bozocustomheaders);
+
#ifndef NO_LUA_SUPPORT
typedef struct lua_handler {
const char *name;
@@ -144,6 +150,7 @@ typedef struct bozohttpd_t {
ssize_t getln_buflen; /* length of allocated space */
char *errorbuf; /* no dynamic allocation allowed */
bozo_consts_t consts; /* various constants */
+ struct cheaders customheaders; /* Headers read from .bzcustomheaders */
} bozohttpd_t;
/* bozo_httpreq_t */
@@ -280,6 +287,9 @@ void debug__(bozohttpd_t *, int, const char *, ...) BOZO_PRINTFLIKE(3, 4);
#ifndef AUTH_FILE
#define AUTH_FILE ".htpasswd"
#endif
+#ifndef CUSTOMHEADERS_FILE
+#define CUSTOMHEADERS_FILE ".bzcustomheaders"
+#endif
/* be sure to always return this error up */
int bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
Home |
Main Index |
Thread Index |
Old Index