Commit Graph

3034 Commits

Author SHA1 Message Date
mrg
9d18868a64 avoid an impossible case the compiler can't quite tell. 2016-06-30 13:17:48 +00:00
martin
115160e654 Fix a few bounds and instruction sequences generated in the PLT; exercised
by ASLR and verified to work with the aslr fixed random debug sysctls.
2016-06-20 08:12:25 +00:00
christos
4910b5ce72 Move relro after we've computed out relocbase and re-enable it.
(Matthias Weckbecker)
2016-06-16 11:34:13 +00:00
christos
3ee1ef9906 Turn off GNU_RELRO for now. 2016-06-15 12:08:47 +00:00
christos
0e6265fc35 Add support for GNU RELRO headers from Matthias Weckbecker. 2016-06-14 13:06:41 +00:00
agc
205633288c As proposed in:
http://mail-index.netbsd.org/tech-userlevel/2016/05/18/msg009999.html

and

	https://www.netbsd.org/~agc/bozo-20160517.diff

add a patch to httpd to return the version string of httpd itself, and use the
-G option on the command line to enable this. This gives httpd the ability to
show, from the command line, what version is running.

	% /usr/build/obj/x86_64/usr/src/libexec/httpd/bozohttpd -G
	bozohttpd version bozohttpd/20160415
	%
2016-05-24 21:18:29 +00:00
christos
564475388a Put the name of the dynamic linker in allocated memory, so that it becomes
part of the core file link-map, so that gdb can find it.
2016-05-24 20:32:33 +00:00
joerg
6e49b77769 obj->phdr must be the absolute address, not the virtual offset from the
main binary. Historically, this has been the same. For PIE though,
relocbase can be pretty much anywhere. Fixes PR toolchain/51159.
2016-05-22 19:28:39 +00:00
christos
f7945701d6 CID 1358679: Fix memory leak.
XXX: pullup 7
2016-04-24 18:24:47 +00:00
mrg
0a7cdc80ba use %zu instead of %lu for size_t. 2016-04-15 20:00:13 +00:00
mrg
27da98ff14 updates and bozohttpd 20160415:
o  add search-word support for CGI
o  fix a security issue in CGI suffix handler support which would
   allow remote code execution, from shm@netbsd.org
o  -C option supports now CGI scripts only
2016-04-15 17:57:21 +00:00
skrll
42fe483061 Remove duplicated __RCSIDs I added years ago - I blame CVS.
Spotted by Miod Vallat
2016-04-14 20:17:07 +00:00
christos
80c3d4eb2a - Print a warning for text relocations
- Don't remap the text segment executable while relocating
2016-04-12 19:10:48 +00:00
mrg
7bc3291858 move the compiler hack closer to the source of the fail 2016-03-18 10:10:21 +00:00
christos
43c3c3f74a Add volatile for gcc 5 2016-03-17 00:21:04 +00:00
christos
f2192299b9 volatile for gcc 5 2016-03-17 00:17:58 +00:00
mrg
2dc66b067e make the GCC 4.8 specific hack for ci.clean being set GCC >= 4.8. 2016-03-16 18:58:34 +00:00
dholland
d9047ae69b Use functions instead of preprocessor abuse. 2016-03-13 00:32:09 +00:00
christos
80fa2ce1a5 where is already void * 2016-02-20 15:20:23 +00:00
macallan
3709f36323 make debug code compile again
from christos
2016-02-19 22:09:09 +00:00
riastradh
9628679b27 Need <stdbool.h> for true/false. 2016-02-19 03:53:46 +00:00
skrll
19b4c45621 Actually, descsz should not contain the padding. The note still needs to
be padded out.
2016-02-09 10:20:03 +00:00
skrll
a5b645efc7 Fix .note.netbsd.march by ensuring correct padding 2016-02-08 11:59:39 +00:00
christos
a21e664447 we don't need <sys/mbuf.h> 2016-01-24 01:56:04 +00:00
christos
ffeb8dbf4e Define _KERNTYPES for things that need it. 2016-01-23 21:22:45 +00:00
christos
8d60259f07 PR/50665: David Binderman: move "dir" to the outer scope so it stays alive
when the pointer is used later.
2016-01-17 14:46:07 +00:00
elric
591b978b80 Fix bug in cleanup of reply headers. 2016-01-02 20:35:59 +00:00
elric
afe55bf842 Add the concept of ``reply headers'', that is a SIMPLEQ of headers that
will be included in the HTTP reply.  We define this as we are about to
add an authentication method that may need to have a conversation with
the client.
2016-01-02 18:40:13 +00:00
mrg
0841a79ea3 bump the version; we have real fixes now. 2015-12-31 04:58:43 +00:00
mrg
614a8b6713 redo the fix for rev 1.26 - instead of getting a new string wrong,
just delay the free until the parent has finished using them.
also, free query as well.

fixes PR#50374.
2015-12-31 04:39:16 +00:00
mrg
84411b5891 rewrite the redirection url generation code to use bozoasprintf(). 2015-12-29 04:30:33 +00:00
mrg
c2e98309d5 - convert most asprintf() calls to bozoasprintf().
- don't call getpwuid(0) if we don't need to, or fail it it fails,
  and remove the 'username' member of bozohttpd_t since it is not
  used outside of bozo_setup().
2015-12-29 04:21:46 +00:00
mrg
881b8188de rename bozo_err/bozo_warn/bozo_asprintf to bozoerr/etc.
new rule is that function that mirror libc-style functions get no underscore.
2015-12-28 07:37:59 +00:00
mrg
cff2d95613 several clean ups:
- bozostrdup() gains a request parameter, and uses it to determine
  what sort of error handling is required
- bozo_strdup() dies
- size_arrays() reduced slightly, pushing error handling into the caller
- convert to size_t for some array indices
- bozo_set_pref() and bozo_init_prefs() gain httpd parameters
- apply a bunch of manual CSE to vastly reduce the number of times the
  string "request->hr_httpd" appears.
- CGI parse_header() takes a request not httpd now

XXX: lua glue updated to call bozo_init_prefs() with htttpd parameter,
     but i'm only guessing here.
2015-12-27 10:21:35 +00:00
mrg
71e7babf6d fix running the testsuite from the build tree 2015-12-27 07:43:39 +00:00
christos
f47ab3a37e Introduce bozo_strdup and bozo_asprintf to add error checking and reduce
code duplication.

Note that bozo_strdup is different that bozostrdup; the _ routines exit
loging error to syslog or stderr, whereas the non _ routines send error
responses to the http client.
2015-12-12 18:06:58 +00:00
christos
14ba256990 - restrict the default list of ciphers to something more secure
- restrict ssl options
From Travis Paul
2015-12-12 16:57:53 +00:00
kamil
d3f055bfc7 Improve the httpd(8) printenv.lua Lua example
Stop using Lua builtin print function and replace them with http.* ones.
httpd.print and http.write wraps SSL support when needed.

Print http headers, without them browser may interpret page as raw text.

No need to hardcode prefix path in the form.

Add comments for a user with tips how to use this script.

Patch by Travis Paul

Closes PR misc/50502
2015-12-07 03:11:48 +00:00
kamil
a2fa5fef62 Bump date for previous 2015-11-29 15:58:07 +00:00
kamil
1e3b6beb3f Synchronize SYNOPSIS with reality 2015-11-29 15:29:55 +00:00
kamil
55cd314790 Remove nonexistent option z: in the getopt(3) call 2015-11-29 15:26:10 +00:00
christos
59f3853f3e handle asprintf errors consistently. 2015-10-31 00:55:17 +00:00
christos
e3e5f7f09b fix wrong variable 2015-10-30 23:45:31 +00:00
christos
1932f6942a simplify 2015-10-30 23:27:47 +00:00
christos
b44c2ed92e - don't use alloca and then check if alloca returns null and then try to
free it. Allocating from the stack does not return null, and freeing it
  will have unpredictable results. use malloc instead.
- now we are using malloc remove -Wno-stack-protector kludge
2015-10-30 23:21:05 +00:00
tron
63d7176dc2 Fix build with "USE_SSP" set to "yes". 2015-10-30 18:53:26 +00:00
shm
c4fe1fac22 * add CGI support for ~user translation (-E switch)
* add redirects to ~user translation
* fix bugs around ~user translation
* add schema detection for absolute redirects
* fixed few memory leaks
* bunch of minor tweaks
* removed -r support
* smarter redirects

OK mrg@
2015-10-28 09:20:15 +00:00
mrg
ce12165d33 s/USE_NBUTIL/HAVE_NBUTIL_H/, to match the Makefile.
fixes a merge problem in introduced when merging the QNX patches.

from Jan Danielsson.
2015-10-25 19:06:49 +00:00
dholland
fbd9d636b3 Enable lfs64 in the cleaner. 2015-10-15 06:25:04 +00:00
christos
029efed26d this is syslog-like 2015-10-14 15:53:50 +00:00