Commit Graph

3339 Commits

Author SHA1 Message Date
kim a041bb8735 bozohttpd: remove obsolete .bzdirect handling
OK mrg@
2022-01-04 06:08:14 +00:00
andvar cbf5c65aff s/occured/occurred/ in comments, log messages and man pages. 2021-12-10 20:36:02 +00:00
andvar b444e42254 s/desireable/desirable/ in comments. 2021-12-08 20:21:09 +00:00
msaitoh 2b50e65cd3 s/numberic/numeric/ in comment. 2021-12-05 05:03:05 +00:00
skrll 45f12ca261 Restore the fptr_t type of {init,fini}{,_array} that was removed when initial
support for indirect functions was added.  This fixes {init,fini}_array support
on hppa where each member of the array is (already) a plabel.

Discussed with joerg.

 4 files changed, 29 insertions(+), 39 deletions(-)
: ----------------------------------------------------------------------
2021-12-04 14:39:08 +00:00
skrll dab59e4bc1 Provide a stub _rtld_call_ifunc when a platform doesn't use one of the
common ones or doesn't provide its own.
2021-12-04 08:53:34 +00:00
skrll 741d1b8708 Add a newline 2021-12-04 08:50:41 +00:00
skrll 95123c27a8 Error if there are undefined symbols, e.g. _rtld_call_ifunc 2021-12-04 08:45:56 +00:00
jmcneill caba86e5d2 getty: Remove 2 second sleep before opening tty
This (apparently very old!) workaround to ensure that DTR stays down long
enough to be detected is now handled by serial drivers themselves. For
console devices (framebuffer, serial console, etc) this was an unnecessary
2 second penalty that we have all been paying since the beginning of time.
2021-10-12 23:40:38 +00:00
andvar 72e44f84cb fix typos in word "successfully", mainly s/succesfully/successfully/. 2021-09-16 21:29:41 +00:00
andvar f9faf20aef fix typos in comments, mainly s/extention/extension/ and s/sufficent/sufficient/ 2021-09-03 21:54:58 +00:00
mrg 876508f642 extend the list of available ciphers to include most of the
openssl "HIGH" with some additional disables.  retain the current
list of bad options.  should deal with PR#51278.
2021-08-24 09:53:26 +00:00
mrg 19f4060684 implement tls minimum version setting.
mostly from sunil@nimmagadda.net in PR#55830, though i moved the
member into the main http structure, so that it doesn't trigger
sslinfo being allocated via command line without the rest of the
ssl being setup (which then leads to crashes.)
2021-08-24 09:47:36 +00:00
mrg 6bfcf4a0ef rework the bindport setting, inspired by part of the patch
from PR#56367 (thanks JP.)
2021-08-24 05:39:39 +00:00
mrg 080a4ce9e4 remove unused parameters, and clean up incompatible options.
from <henrik@gulbra.net>
2021-08-24 05:29:27 +00:00
andvar 8324be4c9b fix some more typos in comments/log messages, improve wording as well. 2021-08-21 11:55:24 +00:00
andvar 20fff34fc5 s/fist/first/ 2021-08-09 21:38:04 +00:00
andvar 74bcda346c s/threshhold/threshold 2021-07-31 15:02:54 +00:00
christos 208ba1ff3b Treat failed chdir/chroot for guest and chroot accounts as fatal.
Also treat failed set{e,}(u,g}id calls as fatal.
Addresses CVE-2020-7468, via FreeBSD.
2021-07-03 14:59:49 +00:00
riastradh 07fb20a384 ld.elf_so(1): Omit needless membar_enter.
The use of membar_enter is to separate atomic r/m/w on a lock from
the body of the critical section so two different critical sections
happen in order:

		body of previous critical section;

	exit critical section:
		membar_exit();
		atomic_r/m/w(lock stuff);

	enter critical section:
		atomic_r/m/w(lock stuff);
		membar_enter();

		body of next critical section;

_rtld_shared_enter does this, but it _also_ issued an extraneous
membar_enter before the atomic_r/m/w part, which doesn't impose any
semantically important order but may cost some performance.
2021-06-16 21:53:51 +00:00
joerg 130482d98d Don't use the return address hack with clang. 2021-05-30 02:26:08 +00:00
mrg 3a698d51e8 don't assume host BUFSIZ is sufficent. small BUFSIZ leads to
always happens errors in the testsuite.  switch all these buffers
to be 4KiB sized.  reported by embr <git@liclac.eu>
2021-05-05 07:41:48 +00:00
mrg ddeab5ea7f include <stdint.h>. bozo_unconst() uses uintptr_t defined here.
from embr <git@liclac.eu>.
2021-05-05 07:09:19 +00:00
rillig dc0342a256 bozohttpd: fix argument type for functions from <ctype.h>
Found by the recently added check to lint (message 342).

ok mrg@
2021-04-08 07:02:11 +00:00
rillig fb7c930d4d bozohttpd-small: fix typo in SRCS, fix targets dependall and lint
The additional ':' after 'main.c' had no effect on the compilation since
the suffix is removed when computing the list of object files.  The ':'
excluded main.c from the dependency computation and from lint.

By defining CPPFLAGS instead of CFLAGS, the default "-O2" steps in
again, and the proper flags are passed to lint, which did not work
before at all because it could not find an included file.
2021-04-08 06:52:42 +00:00
rillig b78154bf29 bozohttpd-small: fix error handling for unifdef
The second of the '$$?' was spelled only '$?'.  At the time where this
shell expression was evaluated, it had already been overwritten by the
preceding command '['.
2021-04-08 06:44:55 +00:00
mrg 53df50227a avoid DoS in initial request size, which is now bounded at 16KiB.
reported by Justin Parrott in PR#56085.
2021-04-04 18:14:26 +00:00
christos 0f1e1628dd Don't or the got object in, just assign it. Fixes cc -mabi=64 hello.c -lcrypto
Now all 64 bit binaries work, and I tested that we did not break the 32 bit
ones
XXX: That 0x80000000 seems wrong for 64 bit stuff.
2021-03-06 20:11:08 +00:00
christos d42a77727b pretend we know about %# and %j... 2021-03-06 20:09:39 +00:00
rillig 95f34171ac libexec/httpd: fix cross-site scripting in Lua example
curl \
  --header 'NAME<x>: <y>' \
  'http://127.0.0.1:8080/test/printenv?<b>=<i>'
2021-02-28 16:10:00 +00:00
mrg 1bf054d17a update version, dates, add emily to list of contributors. sort list. 2021-02-28 05:19:52 +00:00
mrg 7ddfa6145a avoid warnings from the previous when using objdirs. 2021-02-28 04:18:46 +00:00
mrg 3803a1bf8c give BOZOVER a default so exporting a distfile is easy. 2021-02-28 02:39:15 +00:00
mrg 9ad7ebadaf changes in bozohttpd 20210227:
o  new support for content types: .tar.bz2, .tar.xz, .tar.lz,
	   .tar.zst, .tbz2, .txz, .tlz, .zipx, .xz, .zst, .sz, .lz, .lzma,
	   .lzo, .7z, .lzo, .cab, .dmg, .jar, and .rar.  should fix
	   netbsd PR#56026:
	   MIME type of .tar.xz file on ny{cdn,ftp}.NetBSD.org is invalid
2021-02-27 12:55:25 +00:00
mrg 9402120ed8 belated call version 20210211 after previous memory leak fix. 2021-02-27 12:36:46 +00:00
mrg b0f74aaafd clean up issues detected by address sanitizer (just some memory
leaks that only apply to the library version.)

XXX: the handling of hr_file and its variants is more crappy
again - the prior clean up is slightly less clean now, but at
least it does not leak memory.

XXX2: cgi-bin test hangs with address sanitizer.  don't know
why yet..
2021-02-11 09:57:52 +00:00
mrg 12d8621dac changes in bozohttpd 20210210:
o  fix various NULL derefs from malformed headers.  mostly from
	   <emily@ingalls.rocks>.
2021-02-11 09:23:55 +00:00
mrg 3b6cf52f57 also set -D_DEFAULT_SOURCE to open up more headers.
allow passing $(EXTRALIBS).
2021-01-17 00:15:14 +00:00
hannken cf205aa356 Bozohttpd clobbers files greater than 4GB on 32bit archs.
Make sure the alignment mask derived from pagesize is an off_t.
2020-11-19 10:45:36 +00:00
wiz 8f3596c5ac New sentence, new line. Fix xref. 2020-10-15 09:54:22 +00:00
mrg 4864410bbc various updates from <henrik@gulbra.net> / freebsd. the list from Henrik:
bozohttpd.8:
    o Added -d flag to the man page
    o Moved -E flag in man page to keep alphabetic order
    o Grammar fix for description of -E flag in man page
    o Moved a word in the man description for the -f flag
    o Made -f imply -b as a backwards-compatible shortcut
    o Updated man description of -n to mention Lua scripts
    o Moved -z below -Z to keep the uppercase options first

bozohttpd.c:
    o Removed obsolete comment about ~user missing cgi-bin support
    o Removed "/* ARGSUSED */" lines; was that a macro or a reminder?
    o Added USE_ARG macro call for sig, which was otherwise not used
    o Added USE_ARG macro call for msg (only used if debug is enabled)

bozohttpd.h:
    o Fixed typo in the include guard (BOZOHTTOPD_H_ -> BOZOHTTPD_H_)
    o Renamed have_all to have_core; it didn't mean "all" options

content-bozo.c:
    o Added USE_ARG macro call for signo, which was otherwise not used
    o Made -f imply -b as a backwards-compatible shortcut

main.c:
    o Simplified -b text to be symmetric with that for the -f option
    o Updated -C text to make "suffix" explicit; it's better than "arg"
    o Changed to only show the -E description if have_user is true
    o Always show the -e option, which incorrectly used the -E logic
    o Renamed have_all to have_core; it didn't mean "all" options
    o Added three missing tabs for the description of the -G option
    o Updated -L text to make "prefix" explicit; it's better than "arg"
    o Updated -M text to make "suffix" explicit; it's slightly better
    o Added a previously missing description for the -n option
    o Documented the otherwise obscure valid types for the -T option
    o Shortened "username" to "user" to match the actual help text
    o Moved handling of -c below that for -C to standardize the order
    o Broke the enabling test for -C into two lines for consistency
    o Inverted the enabling test for -E; this is what was meant, right?
    o Removed the enabling test for -e, which should always be enabled

ssl-bozo.c:
    o Added USE_ARG for httpd, which is not used if SSL has been excluded
2020-10-15 04:21:53 +00:00
mrg bf53dc2363 set -D_GNU_SOURCE in Makefile.boot. from hadrien.lacour@posteo.net.
also match %2F as well as %2f.  from leah@vuxu.org.
introduce defines for "80" and "443".  copyright maint.
2020-10-15 02:19:23 +00:00
kamil f420d54c39 Correct r_ldbase valuse
It shall be the relocbase value, not linkmap.
2020-09-22 00:41:27 +00:00
kamil f3656ffa1a Upgrade the SVR4 RTLD r_debug protocol to version 1
Changes:
 - Add a new field r_ldbase in the r_debug struct.
 - Set r_version to 1.

This harmonizes the support with OpenBSD and Linux.
FreeBSD uses version 0 (or no version).
Solaris uses version 2 that is not implemented elsewhere and relies on
SVR4 specific design and interfaces.

Update the code comments as r_debug and link_map is used by other software
than GDB, namely: sanitizers, rump, LLDB.
2020-09-21 16:08:57 +00:00
rhialto 7f9df6b3cc bozohttpd: correct .m4a to audio/mp4. 2020-09-12 14:44:25 +00:00
rhialto d4ca506457 bozohttpd: add .m4a and .m4v file extensions. 2020-09-12 12:39:28 +00:00
mrg c2082ece61 remove GCC_NO_ADDR_OF_PACKED_MEMBER for several subdir builds
that are now handled by lfs_accessors.h internally.
2020-09-07 03:09:53 +00:00
mrg cb93b81028 add support for new GCC 9 warnings that may be too much to fix
right now.  new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.

apply to a bunch of the tree.  mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it.  (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.)  clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
2020-09-06 07:20:26 +00:00
mrg ea8f81f33c avoid passing NULL pointers to printf() like functions and %s. 2020-09-05 13:38:24 +00:00
leot 056172a33c Fix a typo in a comment 2020-08-25 20:02:33 +00:00