Index: CHANGES =================================================================== RCS file: /cvsroot/src/libexec/httpd/CHANGES,v retrieving revision 1.11.2.2 diff -p -u -u -r1.11.2.2 CHANGES --- CHANGES 15 Apr 2016 19:36:08 -0000 1.11.2.2 +++ CHANGES 11 Feb 2017 10:24:28 -0000 @@ -1,4 +1,12 @@ -$eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $ +$NetBSD: CHANGES,v 1.25 2017/01/31 14:33:54 mrg Exp $ + +changes in bozohttpd 20170201: + o fix an infinite loop in cgi processing + o fixes and clean up for the testsuite + o no longer sends encoding header for compressed formats + +changes in bozohttpd 20160517: + o add a bozo_get_version() function which returns the version number changes in bozohttpd 20160415: o add search-word support for CGI Index: bozohttpd.8 =================================================================== RCS file: /cvsroot/src/libexec/httpd/bozohttpd.8,v retrieving revision 1.32.2.2 diff -p -u -u -r1.32.2.2 bozohttpd.8 --- bozohttpd.8 15 Apr 2016 19:36:08 -0000 1.32.2.2 +++ bozohttpd.8 11 Feb 2017 10:24:28 -0000 @@ -2,7 +2,7 @@ .\" .\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $ .\" -.\" Copyright (c) 1997-2015 Matthew R. Green +.\" Copyright (c) 1997-2017 Matthew R. Green .\" All rights reserved. .\" .\" Redistribution and use in source and binary forms, with or without @@ -26,7 +26,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd December 12, 2015 +.Dd February 1, 2017 .Dt BOZOHTTPD 8 .Os .Sh NAME @@ -34,7 +34,7 @@ .Nd hyper text transfer protocol version 1.1 daemon .Sh SYNOPSIS .Nm -.Op Fl EHVXefhnsu +.Op Fl EGHVXefhnsu .Op Fl C Ar suffix cgihandler .Op Fl I Ar port .Op Fl L Ar prefix script @@ -132,6 +132,10 @@ Stops the flag from .Nm detaching from the tty and going into the background. +.It Fl G +Get the +.Nm +version string, print it on standard output, and exit. .It Fl H Causes directory index mode to hide files and directories that start with a period, except for @@ -186,7 +190,7 @@ when a URL in the form is being accessed. The function is passed three tables as arguments, the server environment, the request headers, and the decoded query string -plus any data that was send as application/x-www-form-urlencoded. +plus any data that was sent as application/x-www-form-urlencoded. .It Fl M Ar suffix type encoding encoding11 Adds a new entry to the table that converts file suffixes to content type and encoding. @@ -272,8 +276,9 @@ translation. Note that enabling this support implies that users can run commands as web server user, this may have security implications. .It Fl V -Sets the default virtual host directory to -.Ar slashdir . +Sets the backup virtual host directory to the +.Ar slashdir +argument. If no directory exists in .Ar virtualroot for the request, then @@ -379,7 +384,7 @@ user transformations (NO_USER_SUPPORT), directory index support (NO_DIRINDEX_SUPPORT), daemon mode support (NO_DAEMON_MODE), dynamic MIME content (NO_DYNAMIC_CONTENT), -Lua suport (NO_LUA_SUPPORT), +Lua support (NO_LUA_SUPPORT), and SSL support (NO_SSL_SUPPORT) by defining the listed macros when building .Nm . @@ -441,7 +446,7 @@ with on the compiler command line. .Ss COMPRESSION .Nm -supports a very basic form compression. +supports a very basic form of compression. .Nm will serve the requested file postpended with .Dq Pa .gz @@ -526,7 +531,7 @@ The focus has always been simplicity and and regular code audits. This manual documents .Nm -version 20150501. +version 20170201. .Sh AUTHORS .An -nosplit .Nm @@ -626,6 +631,10 @@ provided some clean up for memory leaks .Aq Mt jlam@NetBSD.org provided man page fixes .It +.An Dennis Lindroos +.Aq Mt denafcm@gmail.com +provided a cgi-bin fix +.It .An Julio Merino .Aq Mt jmmv@NetBSD.org Added the Index: bozohttpd.c =================================================================== RCS file: /cvsroot/src/libexec/httpd/bozohttpd.c,v retrieving revision 1.30.2.3 diff -p -u -u -r1.30.2.3 bozohttpd.c --- bozohttpd.c 15 Apr 2016 19:36:08 -0000 1.30.2.3 +++ bozohttpd.c 11 Feb 2017 10:24:29 -0000 @@ -3,7 +3,7 @@ /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2015 Matthew R. Green + * Copyright (c) 1997-2017 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -109,7 +109,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20160415" +#define SERVER_SOFTWARE "bozohttpd/20170201" #endif #ifndef DIRECT_ACCESS_FILE #define DIRECT_ACCESS_FILE ".bzdirect" @@ -2244,6 +2244,7 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs extern char **environ; static char *cleanenv[1] = { NULL }; uid_t uid = 0; + int uidset = 0; char *chrootdir; char *username; char *portnum; @@ -2339,6 +2340,7 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs bozoerr(httpd, 1, "setgid(%u): %s", pw->pw_gid, strerror(errno)); uid = pw->pw_uid; + uidset = 1; } /* * handle chroot. @@ -2353,7 +2355,7 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs strerror(errno)); } - if (username != NULL && setuid(uid) == -1) + if (uidset && setuid(uid) == -1) bozoerr(httpd, 1, "setuid(%d): %s", uid, strerror(errno)); /* @@ -2375,3 +2377,9 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs return 1; } + +int +bozo_get_version(char *buf, size_t size) +{ + return snprintf(buf, size, "%s", SERVER_SOFTWARE); +} Index: bozohttpd.h =================================================================== RCS file: /cvsroot/src/libexec/httpd/bozohttpd.h,v retrieving revision 1.20.2.2 diff -p -u -u -r1.20.2.2 bozohttpd.h --- bozohttpd.h 15 Apr 2016 19:36:08 -0000 1.20.2.2 +++ bozohttpd.h 11 Feb 2017 10:24:29 -0000 @@ -3,7 +3,7 @@ /* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2015 Matthew R. Green + * Copyright (c) 1997-2017 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -367,4 +367,6 @@ bozoheaders_t *addmerge_replheader(bozo_ int bozo_set_pref(bozohttpd_t *, bozoprefs_t *, const char *, const char *); char *bozo_get_pref(bozoprefs_t *, const char *); +int bozo_get_version(char */*buf*/, size_t /*size*/); + #endif /* BOZOHTTOPD_H_ */ Index: cgi-bozo.c =================================================================== RCS file: /cvsroot/src/libexec/httpd/cgi-bozo.c,v retrieving revision 1.20.2.3 diff -p -u -u -r1.20.2.3 cgi-bozo.c --- cgi-bozo.c 15 Apr 2016 20:19:25 -0000 1.20.2.3 +++ cgi-bozo.c 11 Feb 2017 10:24:29 -0000 @@ -3,7 +3,7 @@ /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ /* - * Copyright (c) 1997-2015 Matthew R. Green + * Copyright (c) 1997-2017 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -235,7 +235,8 @@ parse_search_string(bozo_httpreq_t *requ */ *args_len = 1; /* count '+' in str */ - for (s = str; (s = strchr(s, '+')); (*args_len)++); + for (s = str; (s = strchr(s, '+')); (*args_len)++) + s++; args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1)); @@ -333,12 +334,12 @@ parse_search_string(bozo_httpreq_t *requ parse_err: - free (*args); free (str); - *args = NULL; + free (*args); + free(args); *args_len = 0; - return 0; + return NULL; } Index: content-bozo.c =================================================================== RCS file: /cvsroot/src/libexec/httpd/content-bozo.c,v retrieving revision 1.7.2.2 diff -p -u -u -r1.7.2.2 content-bozo.c --- content-bozo.c 15 Apr 2016 19:36:08 -0000 1.7.2.2 +++ content-bozo.c 11 Feb 2017 10:24:29 -0000 @@ -62,16 +62,16 @@ static bozo_content_map_t static_content { ".pac", "application/x-ns-proxy-autoconfig", "", "", NULL }, { ".pa", "application/x-ns-proxy-autoconfig", "", "", NULL }, { ".tar", "multipart/x-tar", "", "", NULL }, - { ".gtar", "multipart/x-gtar", "", "", NULL }, - { ".tar.Z", "multipart/x-tar", "x-compress", "compress", NULL }, - { ".tar.gz", "multipart/x-tar", "x-gzip", "gzip", NULL }, - { ".taz", "multipart/x-tar", "x-gzip", "gzip", NULL }, - { ".tgz", "multipart/x-tar", "x-gzip", "gzip", NULL }, - { ".tar.z", "multipart/x-tar", "x-pack", "x-pack", NULL }, - { ".Z", "application/x-compress", "x-compress", "compress", NULL }, - { ".gz", "application/x-gzip", "x-gzip", "gzip", NULL }, - { ".z", "unknown", "x-pack", "x-pack", NULL }, - { ".bz2", "application/x-bzip2", "x-bzip2", "x-bzip2", NULL }, + { ".gtar", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.Z", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.gz", "application/x-gtar-compressed", "", "", NULL }, + { ".taz", "application/x-gtar-compressed", "", "", NULL }, + { ".tgz", "application/x-gtar-compressed", "", "", NULL }, + { ".tar.z", "application/x-gtar-compressed", "", "", NULL }, + { ".Z", "application/x-compress", "", "", NULL }, + { ".gz", "application/x-gzip", "", "", NULL }, + { ".z", "unknown", "", "", NULL }, + { ".bz2", "application/x-bzip2", "", "", NULL }, { ".ogg", "application/x-ogg", "", "", NULL }, { ".mkv", "video/x-matroska", "", "", NULL }, { ".xbel", "text/xml", "", "", NULL }, Index: main.c =================================================================== RCS file: /cvsroot/src/libexec/httpd/main.c,v retrieving revision 1.5.2.2 diff -p -u -u -r1.5.2.2 main.c --- main.c 15 Apr 2016 19:36:08 -0000 1.5.2.2 +++ main.c 11 Feb 2017 10:24:29 -0000 @@ -4,7 +4,7 @@ /* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */ /* - * Copyright (c) 1997-2014 Matthew R. Green + * Copyright (c) 1997-2016 Matthew R. Green * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -101,6 +101,7 @@ usage(bozohttpd_t *httpd, char *progname bozowarn(httpd, " -v virtualroot\tenable virtual host support " "in this directory"); + bozowarn(httpd, " -V\t\tUnknown virtual hosts go to `slashdir'"); #ifndef NO_DIRINDEX_SUPPORT bozowarn(httpd, " -X\t\t\tenable automatic directory index support"); @@ -118,6 +119,7 @@ usage(bozohttpd_t *httpd, char *progname " and private key file\n" "\t\t\tin pem format and enable bozohttpd in SSL mode"); #endif /* NO_SSL_SUPPORT */ + bozowarn(httpd, " -G print version number and exit"); bozoerr(httpd, 1, "%s failed to start", progname); } @@ -148,7 +150,7 @@ main(int argc, char **argv) */ while ((c = getopt(argc, argv, - "C:EHI:L:M:P:S:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) { + "C:EGHI:L:M:P:S:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) { switch (c) { case 'L': @@ -351,6 +353,15 @@ main(int argc, char **argv) #endif /* NO_DIRINDEX_SUPPORT */ + case 'G': + { + char version[128]; + + bozo_get_version(version, sizeof(version)); + printf("bozohttpd version %s\n", version); + } + return 0; + default: usage(&httpd, progname); /* NOTREACHED */ Index: small/Makefile =================================================================== RCS file: /cvsroot/src/libexec/httpd/small/Makefile,v retrieving revision 1.1.1.1.8.1 diff -p -u -u -r1.1.1.1.8.1 Makefile --- small/Makefile 9 Jul 2014 09:42:39 -0000 1.1.1.1.8.1 +++ small/Makefile 11 Feb 2017 10:24:29 -0000 @@ -3,7 +3,7 @@ # build a 100% lean bozohttpd-small.c PROG= bozohttpd-small NOMAN= # defined -SRCS= bozohttpd-small.c content-bozo-small.c +SRCS= bozohttpd-small.c content-bozo-small.c ssl-bozo.c main.c: LEAN_IFDEF_FLAGS= -UDEBUG -DNO_USER_SUPPORT \ -DNO_CGIBIN_SUPPORT -DNO_DIRINDEX_SUPPORT \ Index: testsuite/Makefile =================================================================== RCS file: /cvsroot/src/libexec/httpd/testsuite/Makefile,v retrieving revision 1.4.8.1 diff -p -u -u -r1.4.8.1 Makefile --- testsuite/Makefile 15 Apr 2016 19:36:09 -0000 1.4.8.1 +++ testsuite/Makefile 11 Feb 2017 10:24:29 -0000 @@ -1,32 +1,43 @@ # $eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $ SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 +CGITESTS= t11 BIGFILETESTS= partial4000 partial8000 BOZOHTTPD?= ../bozohttpd BOZOHTTPD?= ../debug/bozohttpd-debug WGET?= wget DATA?= $(.CURDIR)/data +VERBOSE?= yes + +.if ${VERBOSE} != "yes" +SILENT= @ +.else +SILENT= +.endif + all: clean: - for a in $(SIMPLETESTS); do \ - rm -f tmp.$$a.out; \ + for a in $(SIMPLETESTS) $(BIGFILETESTS); do \ + rm -f tmp.$$a.out tmp.$$a.err; \ done -check: check-simple check-bigfile +check: check-simple check-cgi check-bigfile check-simple: .for a in $(SIMPLETESTS) - echo "Running test $a" - $(BOZOHTTPD) "$(DATA)" < $(.CURDIR)/$a.in > tmp.$a.out || true - $(.CURDIR)/html_cmp $(.CURDIR)/$a.out tmp.$a.out + ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" +.endfor + +check-cgi: +.for a in $(CGITESTS) + ${SILENT}$(.CURDIR)/test-simple "$a" "${BOZOHTTPD}" "${DATA}" "${.CURDIR}" "${VERBOSE}" -c "${.CURDIR}/cgi-bin" .endfor check-bigfile: .for a in $(BIGFILETESTS) - echo "Running test $a" - $(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "$(DATA)" + ${SILENT}$(.CURDIR)/test-bigfile "$a" "${BOZOHTTPD}" "${WGET}" "${DATA}" "${VERBOSE}" .endfor .include Index: testsuite/html_cmp =================================================================== RCS file: /cvsroot/src/libexec/httpd/testsuite/html_cmp,v retrieving revision 1.4 diff -p -u -u -r1.4 html_cmp --- testsuite/html_cmp 18 Nov 2011 09:51:31 -0000 1.4 +++ testsuite/html_cmp 11 Feb 2017 10:24:29 -0000 @@ -2,12 +2,20 @@ # # $eterna: html_cmp,v 1.9 2011/11/17 22:18:02 mrg Exp $ # -# like cmp(1) but compares to files after making their `Date: ' headers -# the same, to allow `now' and `then' to work properly. it also tries -# to find servername's that might be the local host and converts those -# as well.. +# like cmp(1)/diff(1) but compares to files after making their +# `Date: ' headers the same, to allow `now' and `then' to work properly. +# it also tries to find servername's that might be the local host and +# converts those as well.. # -# it must be called like `cmp file1 file1' *only*. +# it must be called like `html_cmp cmp|diff file1 file1' *only*. + +if [ "cmp" = "$1" ]; then + cmd="cmp -s" +elif [ "diff" = "$1" ]; then + cmd="diff -u" +else + exit 77 +fi h=`hostname || uname -n` @@ -17,10 +25,10 @@ sedcmd="s/^Date: .*/Date: nowish/; s/^Server: .*/^Server: bozotic HTTP server version 5.08/; s/^Content-Length: .*/Content-Length: 223/;" -sed -e "$sedcmd" < "$1" > "f1.tmp.$$" -sed -e "$sedcmd" < "$2" > "f2.tmp.$$" +sed -e "$sedcmd" < "$2" > "f1.tmp.$$" +sed -e "$sedcmd" < "$3" > "f2.tmp.$$" -cmp -s "f1.tmp.$$" "f2.tmp.$$" +${cmd} "f1.tmp.$$" "f2.tmp.$$" rv=$? rm -f "f1.tmp.$$" "f2.tmp.$$" Index: testsuite/t11.in =================================================================== RCS file: testsuite/t11.in diff -N testsuite/t11.in --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ testsuite/t11.in 11 Feb 2017 10:24:29 -0000 @@ -0,0 +1,3 @@ +GET /cgi-bin/echo.bat?&dir+c:\\ HTTP/1.1 +Host: + Index: testsuite/t11.out =================================================================== RCS file: testsuite/t11.out diff -N testsuite/t11.out --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ testsuite/t11.out 11 Feb 2017 10:24:29 -0000 @@ -0,0 +1 @@ +HTTP/1.1 200 OK Index: testsuite/test-bigfile =================================================================== RCS file: /cvsroot/src/libexec/httpd/testsuite/test-bigfile,v retrieving revision 1.1.1.1.8.1 diff -p -u -u -r1.1.1.1.8.1 test-bigfile --- testsuite/test-bigfile 15 Apr 2016 19:36:09 -0000 1.1.1.1.8.1 +++ testsuite/test-bigfile 11 Feb 2017 10:24:29 -0000 @@ -4,24 +4,37 @@ test="$1" # partial4000 or partial8000 bozohttpd="$2" wget="$3" datadir="$4" +verbose="$5" + +tmperr="tmp.$test.err" + +if [ "yes" = "$verbose" ]; then + echo "Running test $test" +else + exec 2>"$tmperr" +fi bozotestport=11111 # copy beginning file -cp ${datadir}/bigfile.${test} ./bigfile +cp "${datadir}/bigfile.${test}" ./bigfile # fire up bozohttpd -${bozohttpd} -b -b -I ${bozotestport} -n -s -f ${datadir} & +${bozohttpd} -b -b -I ${bozotestport} -n -s -f "${datadir}" & bozopid=$! -${wget} -c http://localhost:${bozotestport}/bigfile +"${wget}" -c http://localhost:${bozotestport}/bigfile kill -9 $bozopid -if cmp ./bigfile ${datadir}/bigfile; then +if cmp ./bigfile "${datadir}/bigfile"; then rm -f ./bigfile exit 0 else rm -f ./bigfile + if [ "yes" = "$verbose" ]; then + echo "Failed test $test:" + cat "$tmperr" + fi exit 1 fi Index: testsuite/test-simple =================================================================== RCS file: testsuite/test-simple diff -N testsuite/test-simple --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ testsuite/test-simple 11 Feb 2017 10:24:29 -0000 @@ -0,0 +1,33 @@ +#! /bin/sh +# $NetBSD: test-simple,v 1.4 2017/01/31 14:33:54 mrg Exp $ + +test="$1"; shift +bozohttpd="$1"; shift +datadir="$1"; shift +curdir="$1"; shift +verbose="$1"; shift + +in="$curdir/$test.in" +out="$curdir/$test.out" +tmpout="tmp.$test.out" +tmperr="tmp.$test.err" + +if [ "yes" = "$verbose" ]; then + echo "Running test $test" +else + exec 2>"$tmperr" +fi + +bozotestport=11111 + +${bozohttpd} "$@" "${datadir}" < "$in" > "$tmpout" +if "$curdir/html_cmp" cmp "$out" "$tmpout"; then + exit 0 +else + if [ "yes" = "$verbose" ]; then + echo "Failed test $test:" + cat "$tmperr" + $curdir/html_cmp diff "$out" "$tmpout" + fi + exit 1 +fi