? .gdbinit ? bozohttpd ? bozohttpd.html8 ? testsuite/tmp.t1.out ? testsuite/tmp.t10.out ? testsuite/tmp.t2.out ? testsuite/tmp.t3.out ? testsuite/tmp.t4.out ? testsuite/tmp.t5.out ? testsuite/tmp.t6.out ? testsuite/tmp.t7.out ? testsuite/tmp.t8.out ? testsuite/tmp.t9.out Index: CHANGES =================================================================== RCS file: /home/cvs/bozohttpd/CHANGES,v retrieving revision 1.78 diff -p -r1.78 CHANGES *** CHANGES 18 Nov 2011 01:25:11 -0000 1.78 --- CHANGES 18 Jul 2012 08:23:43 -0000 *************** *** 1,5 **** --- 1,8 ---- $eterna: CHANGES,v 1.78 2011/11/18 01:25:11 mrg Exp $ + changes since bozohttpd 20111118: + o properly escape generated URIs + changes since bozohttpd 20100920: o add -P option, from jmmv@netbsd.org o avoid crashes with http basic auth, from pooka@netbsd.org Index: bozohttpd.c =================================================================== RCS file: /home/cvs/bozohttpd/bozohttpd.c,v retrieving revision 1.178 diff -p -r1.178 bozohttpd.c *** bozohttpd.c 18 Nov 2011 09:21:15 -0000 1.178 --- bozohttpd.c 18 Jul 2012 08:23:43 -0000 *************** parse_http_date(const char *val, time_t *** 842,847 **** --- 842,905 ---- } /* + * given an url, encode it ala rfc 3986. ie, escape ? and friends. + * note that this function returns a static buffer, and thus needs + * to be updated for any sort of parallel processing. + */ + char * + escape_rfc3986(bozohttpd_t *httpd, const char *url) + { + static char *buf; + static size_t buflen = 0; + size_t len; + const char *s; + char *d; + + len = strlen(url); + if (buflen < len * 3 + 1) { + buflen = len * 3 + 1; + buf = bozorealloc(httpd, buf, buflen); + } + + if (url == NULL) { + buf[0] = 0; + return buf; + } + + for (s = url, d = buf; *s;) { + switch (*s) { + case ':': + case '/': + case '?': + case '#': + case '[': + case ']': + case '@': + case '!': + case '$': + case '&': + case '\'': + case '(': + case ')': + case '*': + case '+': + case ',': + case ';': + case '=': + /* encode it */ + snprintf(d, 4, "%%%02X", *s++); + d += 3; + len += 3; + default: + *d++ = *s++; + len++; + } + } + + return buf; + } + + /* * checks to see if this request has a valid .bzdirect file. returns * 0 on failure and 1 on success. */ *************** handle_redirect(bozo_httpreq_t *request, *** 893,902 **** url = urlbuf; } else urlbuf = NULL; ! if (request->hr_query && strlen(request->hr_query)) { query = 1; - } if (request->hr_serverport && strcmp(request->hr_serverport, "80") != 0) snprintf(portbuf, sizeof(portbuf), ":%s", --- 951,960 ---- url = urlbuf; } else urlbuf = NULL; + url = escape_rfc3986(request->hr_httpd, url); ! if (request->hr_query && strlen(request->hr_query)) query = 1; if (request->hr_serverport && strcmp(request->hr_serverport, "80") != 0) snprintf(portbuf, sizeof(portbuf), ":%s", *************** handle_redirect(bozo_httpreq_t *request, *** 913,921 **** if (absolute == 0) bozo_printf(httpd, "%s%s", httpd->virthostname, portbuf); if (query) { ! bozo_printf(httpd, "%s?%s\r\n", url, request->hr_query); } else { ! bozo_printf(httpd, "%s\r\n", url); } } bozo_printf(httpd, "\r\n"); --- 971,979 ---- if (absolute == 0) bozo_printf(httpd, "%s%s", httpd->virthostname, portbuf); if (query) { ! bozo_printf(httpd, "%s?%s\r\n", url, request->hr_query); } else { ! bozo_printf(httpd, "%s\r\n", url); } } bozo_printf(httpd, "\r\n"); *************** handle_redirect(bozo_httpreq_t *request, *** 925,940 **** bozo_printf(httpd, "

Document Moved

\n"); bozo_printf(httpd, "This document had moved hr_query); ! else ! bozo_printf(httpd, "%s%s%s?%s", httpd->virthostname, portbuf, url, ! request->hr_query); ! } else { ! if (absolute) ! bozo_printf(httpd, "%s", url); ! else ! bozo_printf(httpd, "%s%s%s", httpd->virthostname, portbuf, url); } bozo_printf(httpd, "\">here\n"); bozo_printf(httpd, "\n"); --- 983,999 ---- bozo_printf(httpd, "

Document Moved

\n"); bozo_printf(httpd, "This document had moved hr_query); ! else ! bozo_printf(httpd, "%s%s%s?%s", httpd->virthostname, ! portbuf, url, request->hr_query); ! } else { ! if (absolute) ! bozo_printf(httpd, "%s", url); ! else ! bozo_printf(httpd, "%s%s%s", httpd->virthostname, ! portbuf, url); } bozo_printf(httpd, "\">here\n"); bozo_printf(httpd, "\n"); Index: bozohttpd.h =================================================================== RCS file: /home/cvs/bozohttpd/bozohttpd.h,v retrieving revision 1.39 diff -p -r1.39 bozohttpd.h *** bozohttpd.h 18 Nov 2011 09:21:15 -0000 1.39 --- bozohttpd.h 18 Jul 2012 08:23:43 -0000 *************** int bozo_http_error(bozohttpd_t *, int, *** 184,189 **** --- 184,190 ---- int bozo_check_special_files(bozo_httpreq_t *, const char *); char *bozo_http_date(char *, size_t); void bozo_print_header(bozo_httpreq_t *, struct stat *, const char *, const char *); + char *escape_rfc3986(bozohttpd_t *httpd, const char *url); char *bozodgetln(bozohttpd_t *, int, ssize_t *, ssize_t (*)(bozohttpd_t *, int, void *, size_t)); char *bozostrnsep(char **, const char *, ssize_t *); Index: dir-index-bozo.c =================================================================== RCS file: /home/cvs/bozohttpd/dir-index-bozo.c,v retrieving revision 1.20 diff -p -r1.20 dir-index-bozo.c *** dir-index-bozo.c 18 Nov 2011 09:21:15 -0000 1.20 --- dir-index-bozo.c 18 Jul 2012 08:23:43 -0000 *************** bozo_dir_index(bozo_httpreq_t *request, *** 125,130 **** --- 125,131 ---- j--; de++) { int nostat = 0; char *name = (*de)->d_name; + char *urlname; if (strcmp(name, ".") == 0 || (strcmp(name, "..") != 0 && *************** bozo_dir_index(bozo_httpreq_t *request, *** 137,154 **** l = 0; if (strcmp(name, "..") == 0) { bozo_printf(httpd, ""); l += bozo_printf(httpd, "Parent Directory"); } else if (S_ISDIR(sb.st_mode)) { ! bozo_printf(httpd, "", name); l += bozo_printf(httpd, "%s/", name); } else if (strchr(name, ':') != NULL) { /* RFC 3986 4.2 */ ! bozo_printf(httpd, "", name); l += bozo_printf(httpd, "%s", name); } else { ! bozo_printf(httpd, "", name); l += bozo_printf(httpd, "%s", name); } bozo_printf(httpd, ""); --- 138,156 ---- l = 0; + urlname = escape_rfc3986(httpd, name); if (strcmp(name, "..") == 0) { bozo_printf(httpd, ""); l += bozo_printf(httpd, "Parent Directory"); } else if (S_ISDIR(sb.st_mode)) { ! bozo_printf(httpd, "", urlname); l += bozo_printf(httpd, "%s/", name); } else if (strchr(name, ':') != NULL) { /* RFC 3986 4.2 */ ! bozo_printf(httpd, "", urlname); l += bozo_printf(httpd, "%s", name); } else { ! bozo_printf(httpd, "", urlname); l += bozo_printf(httpd, "%s", name); } bozo_printf(httpd, "");