Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/httpd changes in bozohttpd 20210210:
details: https://anonhg.NetBSD.org/src/rev/b9f6bc57c49c
branches: trunk
changeset: 959375:b9f6bc57c49c
user: mrg <mrg%NetBSD.org@localhost>
date: Thu Feb 11 09:23:55 2021 +0000
description:
changes in bozohttpd 20210210:
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.
diffstat:
libexec/httpd/CHANGES | 6 +++++-
libexec/httpd/bozohttpd.c | 39 +++++++++++++++++++++++++--------------
libexec/httpd/bozohttpd.h | 5 +++--
libexec/httpd/cgi-bozo.c | 12 +++++++++---
libexec/httpd/testsuite/Makefile | 4 ++--
libexec/httpd/testsuite/t16.in | Bin
libexec/httpd/testsuite/t16.out | 11 +++++++++++
libexec/httpd/testsuite/t17.in | Bin
libexec/httpd/testsuite/t17.out | 2 ++
libexec/httpd/testsuite/t18.in | Bin
libexec/httpd/testsuite/t18.out | 10 ++++++++++
11 files changed, 67 insertions(+), 22 deletions(-)
diffs (234 lines):
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/CHANGES
--- a/libexec/httpd/CHANGES Thu Feb 11 08:35:11 2021 +0000
+++ b/libexec/httpd/CHANGES Thu Feb 11 09:23:55 2021 +0000
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.44 2020/10/15 04:21:53 mrg Exp $
+$NetBSD: CHANGES,v 1.45 2021/02/11 09:23:55 mrg Exp $
+
+changes in bozohttpd 20210210:
+ o fix various NULL derefs from malformed headers. mostly from
+ <emily@ingalls.rocks>.
changes in bozohttpd 20201014:
o also set -D_GNU_SOURCE in Makefile.boot. from
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Thu Feb 11 08:35:11 2021 +0000
+++ b/libexec/httpd/bozohttpd.c Thu Feb 11 09:23:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.124 2020/11/19 10:45:36 hannken Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.125 2021/02/11 09:23:55 mrg Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -108,7 +108,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20201014"
+#define SERVER_SOFTWARE "bozohttpd/20210210"
#endif
#ifndef PUBLIC_HTML
#define PUBLIC_HTML "public_html"
@@ -338,8 +338,9 @@
free(request->hr_remoteaddr);
free(request->hr_serverport);
free(request->hr_virthostname);
- free(request->hr_file);
- free(request->hr_oldfile);
+ free(request->hr_file_free);
+ if (request->hr_file_free != request->hr_oldfile)
+ free(request->hr_oldfile);
free(request->hr_query);
free(request->hr_host);
bozo_user_free(request->hr_user);
@@ -619,6 +620,7 @@
request->hr_last_byte_pos = -1;
request->hr_if_modified_since = NULL;
request->hr_virthostname = NULL;
+ request->hr_file_free = NULL;
request->hr_file = NULL;
request->hr_oldfile = NULL;
SIMPLEQ_INIT(&request->hr_replheaders);
@@ -735,7 +737,7 @@
/* we allocate return space in file and query only */
parse_request(httpd, str, &method, &file, &query, &proto);
- request->hr_file = file;
+ request->hr_file_free = request->hr_file = file;
request->hr_query = query;
if (method == NULL) {
bozo_http_error(httpd, 404, NULL, "null method");
@@ -771,11 +773,17 @@
val = bozostrnsep(&str, ":", &len);
debug((httpd, DEBUG_EXPLODING, "read_req2: after "
- "bozostrnsep: str `%s' val `%s'", str, val ? val : ""));
+ "bozostrnsep: str `%s' val `%s'",
+ str ? str : "<null>", val ? val : "<null>"));
if (val == NULL || len == -1) {
bozo_http_error(httpd, 404, request, "no header");
goto cleanup;
}
+ if (str == NULL) {
+ bozo_http_error(httpd, 404, request,
+ "malformed header");
+ goto cleanup;
+ }
while (*str == ' ' || *str == '\t')
len--, str++;
while (*val == ' ' || *val == '\t')
@@ -1284,8 +1292,8 @@
strcpy(newfile+rlen, file + len);
debug((httpd, DEBUG_NORMAL, "remapping found '%s'",
newfile));
- free(request->hr_file);
- request->hr_file = newfile;
+ free(request->hr_file_free);
+ request->hr_file_free = request->hr_file = newfile;
}
munmap(fmap, st.st_size);
@@ -1313,9 +1321,6 @@
debug((httpd, DEBUG_OBESE,
"checking for http:// virtual host in '%s'", file));
if (strncasecmp(file, "http://";, 7) == 0) {
- /* bozostrdup() might access it. */
- char *old_file = request->hr_file;
-
/* we would do virtual hosting here? */
file += 7;
/* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */
@@ -1324,8 +1329,9 @@
if ((s = strchr(request->hr_host, '/')) != NULL)
*s = '\0';
s = strchr(file, '/');
- request->hr_file = bozostrdup(httpd, request, s ? s : "/");
- free(old_file);
+ free(request->hr_file_free);
+ request->hr_file_free = request->hr_file =
+ bozostrdup(httpd, request, s ? s : "/");
debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'",
request->hr_host, request->hr_file));
} else if (!request->hr_host)
@@ -1710,7 +1716,7 @@
goto bad_done;
if (strlen(newfile)) {
- request->hr_oldfile = request->hr_file;
+ request->hr_oldfile = request->hr_file_free;
request->hr_file = newfile;
}
@@ -2420,6 +2426,11 @@
return httpd->getln_buffer;
}
+/*
+ * allocation frontends with error handling.
+ *
+ * note that these may access members of the httpd and/or request.
+ */
void *
bozorealloc(bozohttpd_t *httpd, void *ptr, size_t size)
{
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/bozohttpd.h
--- a/libexec/httpd/bozohttpd.h Thu Feb 11 08:35:11 2021 +0000
+++ b/libexec/httpd/bozohttpd.h Thu Feb 11 09:23:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.65 2020/10/15 04:21:53 mrg Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.66 2021/02/11 09:23:55 mrg Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
@@ -159,7 +159,8 @@
const char *hr_methodstr;
char *hr_virthostname; /* server name (if not identical
to hr_httpd->virthostname) */
- char *hr_file;
+ char *hr_file_free; /* pointer to file buffer to free() */
+ char *hr_file; /* pointer into file buffer */
char *hr_oldfile; /* if we added an index_html */
char *hr_query;
char *hr_host; /* HTTP/1.1 Host: or virtual hostname,
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/cgi-bozo.c
--- a/libexec/httpd/cgi-bozo.c Thu Feb 11 08:35:11 2021 +0000
+++ b/libexec/httpd/cgi-bozo.c Thu Feb 11 09:23:55 2021 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: cgi-bozo.c,v 1.51 2020/10/15 04:21:53 mrg Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.52 2021/02/11 09:23:55 mrg Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
@@ -610,10 +610,16 @@
bozo_daemon_closefds(httpd);
if (-1 == execve(path, argv, envp)) {
+ int saveerrno = errno;
bozo_http_error(httpd, 404, request,
"Cannot execute CGI");
- bozoerr(httpd, 1, "child exec failed: %s: %s",
- path, strerror(errno));
+ /* don't log easy to trigger events */
+ if (saveerrno != ENOENT &&
+ saveerrno != EISDIR &&
+ saveerrno != EACCES)
+ bozoerr(httpd, 1, "child exec failed: %s: %s",
+ path, strerror(saveerrno));
+ _exit(1);
}
/* NOT REACHED */
bozoerr(httpd, 1, "child execve returned?!");
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/testsuite/Makefile
--- a/libexec/httpd/testsuite/Makefile Thu Feb 11 08:35:11 2021 +0000
+++ b/libexec/httpd/testsuite/Makefile Thu Feb 11 09:23:55 2021 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.13 2019/03/27 04:50:30 mrg Exp $
+# $NetBSD: Makefile,v 1.14 2021/02/11 09:23:55 mrg Exp $
# $eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $
-SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15
+SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15 t16 t17 t18
CGITESTS= t11
BIGFILETESTS= partial4000 partial8000
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/testsuite/t16.in
Binary file libexec/httpd/testsuite/t16.in has changed
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/testsuite/t16.out
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/libexec/httpd/testsuite/t16.out Thu Feb 11 09:23:55 2021 +0000
@@ -0,0 +1,11 @@
+HTTP/1.1 404 Not Found
+Content-Type: text/html
+Content-Length: 251
+Server: bozohttpd/20201014
+Allow: GET, HEAD, POST
+
+<html><head><title>404 Not Found</title></head>
+<body><h1>404 Not Found</h1>
+/: <pre>This item has not been found</pre>
+<hr><address><a href="//yesterday-when-i-was-mad.eterna23.net/">yesterday-when-i-was-mad.eterna23.net</a></address>
+</body></html>
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/testsuite/t17.in
Binary file libexec/httpd/testsuite/t17.in has changed
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/testsuite/t17.out
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/libexec/httpd/testsuite/t17.out Thu Feb 11 09:23:55 2021 +0000
@@ -0,0 +1,2 @@
+HTTP/0.9 200 OK
+this is the bozohttpd testsuite ./data/index.html file
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/testsuite/t18.in
Binary file libexec/httpd/testsuite/t18.in has changed
diff -r ebec5fd43a7a -r b9f6bc57c49c libexec/httpd/testsuite/t18.out
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/libexec/httpd/testsuite/t18.out Thu Feb 11 09:23:55 2021 +0000
@@ -0,0 +1,10 @@
+HTTP/0.9 403 Forbidden
+Content-Type: text/html
+Content-Length: 260
+Server: bozohttpd/20201014
+
+<html><head><title>403 Forbidden</title></head>
+<body><h1>403 Forbidden</h1>
+/..: <pre>Access to this item has been denied</pre>
+<hr><address><a href="//yesterday-when-i-was-mad.eterna23.net/">yesterday-when-i-was-mad.eterna23.net</a></address>
+</body></html>
Home |
Main Index |
Thread Index |
Old Index