Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/libexec/httpd when generating URIs escape various characters...



details:   https://anonhg.NetBSD.org/src/rev/1b58c447208b
branches:  trunk
changeset: 780290:1b58c447208b
user:      mrg <mrg%NetBSD.org@localhost>
date:      Thu Jul 19 09:53:06 2012 +0000

description:
when generating URIs escape various characters as specified in RFC 3986.
this makes, among other things, files/dirs with "?" work with dir indexing.

diffstat:

 libexec/httpd/CHANGES          |   3 +
 libexec/httpd/bozohttpd.c      |  92 +++++++++++++++++++++++++++++++++++------
 libexec/httpd/bozohttpd.h      |   3 +-
 libexec/httpd/dir-index-bozo.c |  10 ++-
 4 files changed, 88 insertions(+), 20 deletions(-)

diffs (199 lines):

diff -r 23a3a4a2a6a0 -r 1b58c447208b libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES     Thu Jul 19 09:20:41 2012 +0000
+++ b/libexec/httpd/CHANGES     Thu Jul 19 09:53:06 2012 +0000
@@ -1,5 +1,8 @@
 $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $
 
+changes since bozohttpd 20111118:
+       o  properly escape generated URIs
+
 changes since bozohttpd 20100920:
        o  add -P <pidfile> option, from jmmv%netbsd.org@localhost
        o  avoid crashes with http basic auth, from pooka%netbsd.org@localhost
diff -r 23a3a4a2a6a0 -r 1b58c447208b libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Thu Jul 19 09:20:41 2012 +0000
+++ b/libexec/httpd/bozohttpd.c Thu Jul 19 09:53:06 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.c,v 1.31 2012/02/20 09:26:56 elric Exp $     */
+/*     $NetBSD: bozohttpd.c,v 1.32 2012/07/19 09:53:06 mrg Exp $       */
 
 /*     $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $      */
 
@@ -847,6 +847,67 @@
 }
 
 /*
+ * given an url, encode it ala rfc 3986.  ie, escape ? and friends.
+ * note that this function returns a static buffer, and thus needs
+ * to be updated for any sort of parallel processing.
+ */
+char *
+escape_rfc3986(bozohttpd_t *httpd, const char *url)
+{
+       static char *buf;
+       static size_t buflen = 0;
+       size_t len;
+       const char *s;
+       char *d;
+
+       len = strlen(url);
+       if (buflen < len * 3 + 1) {
+               buflen = len * 3 + 1;
+               buf = bozorealloc(httpd, buf, buflen);
+       }
+       
+       if (url == NULL) {
+               buf[0] = 0;
+               return buf;
+       }
+
+       for (s = url, d = buf; *s;) {
+               if (*s & 0x80)
+                       goto encode_it;
+               switch (*s) {
+               case ':':
+               case '/':
+               case '?':
+               case '#':
+               case '[':
+               case ']':
+               case '@':
+               case '!':
+               case '$':
+               case '&':
+               case '\'':
+               case '(':
+               case ')':
+               case '*':
+               case '+':
+               case ',':
+               case ';':
+               case '=':
+               encode_it:
+                       snprintf(d, 4, "%%%2X", *s++);
+                       d += 3;
+                       len += 3;
+               default:
+                       *d++ = *s++;
+                       len++;
+               }
+       }
+       buf[len] = 0;
+
+       return buf;
+}
+
+/*
  * checks to see if this request has a valid .bzdirect file.  returns
  * 0 on failure and 1 on success.
  */
@@ -898,10 +959,10 @@
                url = urlbuf;
        } else
                urlbuf = NULL;
+       url = escape_rfc3986(request->hr_httpd, url);
 
-       if (request->hr_query && strlen(request->hr_query)) {
+       if (request->hr_query && strlen(request->hr_query))
                query = 1;
-       }
 
        if (request->hr_serverport && strcmp(request->hr_serverport, "80") != 0)
                snprintf(portbuf, sizeof(portbuf), ":%s",
@@ -918,9 +979,9 @@
                if (absolute == 0)
                        bozo_printf(httpd, "%s%s", httpd->virthostname, portbuf);
                if (query) {
-                 bozo_printf(httpd, "%s?%s\r\n", url, request->hr_query);
+                       bozo_printf(httpd, "%s?%s\r\n", url, request->hr_query);
                } else {
-                 bozo_printf(httpd, "%s\r\n", url);
+                       bozo_printf(httpd, "%s\r\n", url);
                }
        }
        bozo_printf(httpd, "\r\n");
@@ -930,16 +991,17 @@
        bozo_printf(httpd, "<body><h1>Document Moved</h1>\n");
        bozo_printf(httpd, "This document had moved <a href=\"http://";);
        if (query) {
-         if (absolute)
-           bozo_printf(httpd, "%s?%s", url, request->hr_query);
-         else
-           bozo_printf(httpd, "%s%s%s?%s", httpd->virthostname, portbuf, url,
-                       request->hr_query);
-        } else {
-         if (absolute)
-           bozo_printf(httpd, "%s", url);
-         else
-           bozo_printf(httpd, "%s%s%s", httpd->virthostname, portbuf, url);
+               if (absolute)
+                       bozo_printf(httpd, "%s?%s", url, request->hr_query);
+               else
+                       bozo_printf(httpd, "%s%s%s?%s", httpd->virthostname,
+                                   portbuf, url, request->hr_query);
+       } else {
+               if (absolute)
+                       bozo_printf(httpd, "%s", url);
+               else
+                       bozo_printf(httpd, "%s%s%s", httpd->virthostname,
+                                   portbuf, url);
        }
        bozo_printf(httpd, "\">here</a>\n");
        bozo_printf(httpd, "</body></html>\n");
diff -r 23a3a4a2a6a0 -r 1b58c447208b libexec/httpd/bozohttpd.h
--- a/libexec/httpd/bozohttpd.h Thu Jul 19 09:20:41 2012 +0000
+++ b/libexec/httpd/bozohttpd.h Thu Jul 19 09:53:06 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.h,v 1.22 2012/03/14 23:47:19 joerg Exp $     */
+/*     $NetBSD: bozohttpd.h,v 1.23 2012/07/19 09:53:06 mrg Exp $       */
 
 /*     $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $       */
 
@@ -186,6 +186,7 @@
 int    bozo_check_special_files(bozo_httpreq_t *, const char *);
 char   *bozo_http_date(char *, size_t);
 void   bozo_print_header(bozo_httpreq_t *, struct stat *, const char *, const char *);
+char   *escape_rfc3986(bozohttpd_t *httpd, const char *url);
 
 char   *bozodgetln(bozohttpd_t *, int, ssize_t *, ssize_t (*)(bozohttpd_t *, int, void *, size_t));
 char   *bozostrnsep(char **, const char *, ssize_t *);
diff -r 23a3a4a2a6a0 -r 1b58c447208b libexec/httpd/dir-index-bozo.c
--- a/libexec/httpd/dir-index-bozo.c    Thu Jul 19 09:20:41 2012 +0000
+++ b/libexec/httpd/dir-index-bozo.c    Thu Jul 19 09:53:06 2012 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dir-index-bozo.c,v 1.14 2012/02/29 23:38:46 joerg Exp $        */
+/*     $NetBSD: dir-index-bozo.c,v 1.15 2012/07/19 09:53:06 mrg Exp $  */
 
 /*     $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $  */
 
@@ -127,6 +127,7 @@
            j--; de++) {
                int nostat = 0;
                char *name = (*de)->d_name;
+               char *urlname;
 
                if (strcmp(name, ".") == 0 ||
                    (strcmp(name, "..") != 0 &&
@@ -139,18 +140,19 @@
 
                l = 0;
 
+               urlname = escape_rfc3986(httpd, name);
                if (strcmp(name, "..") == 0) {
                        bozo_printf(httpd, "<a href=\"../\">");
                        l += bozo_printf(httpd, "Parent Directory");
                } else if (S_ISDIR(sb.st_mode)) {
-                       bozo_printf(httpd, "<a href=\"%s/\">", name);
+                       bozo_printf(httpd, "<a href=\"%s/\">", urlname);
                        l += bozo_printf(httpd, "%s/", name);
                } else if (strchr(name, ':') != NULL) {
                        /* RFC 3986 4.2 */
-                       bozo_printf(httpd, "<a href=\"./%s\">", name);
+                       bozo_printf(httpd, "<a href=\"./%s\">", urlname);
                        l += bozo_printf(httpd, "%s", name);
                } else {
-                       bozo_printf(httpd, "<a href=\"%s\">", name);
+                       bozo_printf(httpd, "<a href=\"%s\">", urlname);
                        l += bozo_printf(httpd, "%s", name);
                }
                bozo_printf(httpd, "</a>");



Home | Main Index | Thread Index | Old Index