Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/libexec/httpd o don't display special files in the director...



details:   https://anonhg.NetBSD.org/src/rev/11269919df05
branches:  trunk
changeset: 838546:11269919df05
user:      mrg <mrg%NetBSD.org@localhost>
date:      Tue Jan 22 05:32:57 2019 +0000

description:
o  don't display special files in the directory index.  they aren't
   served, but links to them are generated.

diffstat:

 libexec/httpd/CHANGES          |   6 +++++-
 libexec/httpd/auth-bozo.c      |   4 ++--
 libexec/httpd/bozohttpd.c      |  24 +++++++++++++++---------
 libexec/httpd/bozohttpd.h      |   6 ++++--
 libexec/httpd/dir-index-bozo.c |   5 ++++-
 5 files changed, 30 insertions(+), 15 deletions(-)

diffs (142 lines):

diff -r f5830725a18f -r 11269919df05 libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES     Tue Jan 22 03:47:45 2019 +0000
+++ b/libexec/httpd/CHANGES     Tue Jan 22 05:32:57 2019 +0000
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.36 2019/01/17 07:46:16 mrg Exp $
+$NetBSD: CHANGES,v 1.37 2019/01/22 05:32:57 mrg Exp $
+
+changes in bozohttpd 20190121:
+       o  don't display special files in the directory index.  they aren't
+          served, but links to them are generated.
 
 changes in bozohttpd 20190116:
        o  fix CGI '+' parameter handling, some error checking, and a double
diff -r f5830725a18f -r 11269919df05 libexec/httpd/auth-bozo.c
--- a/libexec/httpd/auth-bozo.c Tue Jan 22 03:47:45 2019 +0000
+++ b/libexec/httpd/auth-bozo.c Tue Jan 22 05:32:57 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: auth-bozo.c,v 1.22 2018/11/22 08:54:08 mrg Exp $       */
+/*     $NetBSD: auth-bozo.c,v 1.23 2019/01/22 05:32:57 mrg Exp $       */
 
 /*     $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $       */
 
@@ -64,7 +64,7 @@
                strcpy(dir, ".");
        else {
                *basename++ = '\0';
-               if (bozo_check_special_files(request, basename))
+               if (bozo_check_special_files(request, basename, true))
                        return 1;
        }
        request->hr_authrealm = bozostrdup(httpd, request, dir);
diff -r f5830725a18f -r 11269919df05 libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Tue Jan 22 03:47:45 2019 +0000
+++ b/libexec/httpd/bozohttpd.c Tue Jan 22 05:32:57 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.c,v 1.110 2019/01/18 06:04:10 mrg Exp $      */
+/*     $NetBSD: bozohttpd.c,v 1.111 2019/01/22 05:32:57 mrg Exp $      */
 
 /*     $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $      */
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML             "index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE                "bozohttpd/20190116"
+#define SERVER_SOFTWARE                "bozohttpd/20190121"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML            "public_html"
@@ -140,7 +140,6 @@
 #include <signal.h>
 #include <stdarg.h>
 #include <stdlib.h>
-#include <stdbool.h>
 #include <strings.h>
 #include <string.h>
 #include <syslog.h>
@@ -1461,7 +1460,7 @@
                *basename++ = '\0';
                strcpy(path, dir);
        }
-       if (bozo_check_special_files(request, basename))
+       if (bozo_check_special_files(request, basename, true))
                return -1;
 
        debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path));
@@ -1913,17 +1912,24 @@
 
 /* make sure we're not trying to access special files */
 int
-bozo_check_special_files(bozo_httpreq_t *request, const char *name)
+bozo_check_special_files(bozo_httpreq_t *request, const char *name, bool doerror)
 {
        bozohttpd_t *httpd = request->hr_httpd;
        size_t i;
+       int error = 0;
 
-       for (i = 0; specials[i].file; i++)
-               if (strcmp(name, specials[i].file) == 0)
-                       return bozo_http_error(httpd, 403, request,
+       for (i = 0; specials[i].file; i++) {
+               if (strcmp(name, specials[i].file) == 0) {
+                       if (doerror) {
+                               error = bozo_http_error(httpd, 403, request,
                                               specials[i].name);
+                       } else {
+                               error = -1;
+                       }
+               }
+       }
 
-       return 0;
+       return error;
 }
 
 /* generic header printing routine */
diff -r f5830725a18f -r 11269919df05 libexec/httpd/bozohttpd.h
--- a/libexec/httpd/bozohttpd.h Tue Jan 22 03:47:45 2019 +0000
+++ b/libexec/httpd/bozohttpd.h Tue Jan 22 05:32:57 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.h,v 1.57 2018/11/24 13:02:46 christos Exp $  */
+/*     $NetBSD: bozohttpd.h,v 1.58 2019/01/22 05:32:57 mrg Exp $       */
 
 /*     $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $       */
 
@@ -34,6 +34,8 @@
 
 #include "netbsd_queue.h"
 
+#include <stdbool.h>
+
 #include <sys/stat.h>
 
 #ifndef NO_LUA_SUPPORT
@@ -259,7 +261,7 @@
 /* be sure to always return this error up */
 int    bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
 
-int    bozo_check_special_files(bozo_httpreq_t *, const char *) BOZO_CHECKRET;
+int    bozo_check_special_files(bozo_httpreq_t *, const char *, bool) BOZO_CHECKRET;
 char   *bozo_http_date(char *, size_t);
 void   bozo_print_header(bozo_httpreq_t *, struct stat *, const char *,
                          const char *);
diff -r f5830725a18f -r 11269919df05 libexec/httpd/dir-index-bozo.c
--- a/libexec/httpd/dir-index-bozo.c    Tue Jan 22 03:47:45 2019 +0000
+++ b/libexec/httpd/dir-index-bozo.c    Tue Jan 22 05:32:57 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: dir-index-bozo.c,v 1.30 2019/01/17 07:46:16 mrg Exp $  */
+/*     $NetBSD: dir-index-bozo.c,v 1.31 2019/01/22 05:32:57 mrg Exp $  */
 
 /*     $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $  */
 
@@ -148,6 +148,9 @@
                     httpd->hide_dots && name[0] == '.'))
                        continue;
 
+               if (bozo_check_special_files(request, name, false))
+                       continue;
+
                snprintf(buf, sizeof buf, "%s/%s", dirpath, name);
                if (stat(buf, &sb))
                        nostat = 1;



Home | Main Index | Thread Index | Old Index