Commit Graph

3216 Commits

Author SHA1 Message Date
mrg
f0885992ce - bump buffer sizes to avoid potential truncation issues 2019-02-04 04:36:41 +00:00
mrg
fbffadb9f8 - add or adjust /* FALLTHROUGH */ where appropriate
- add __unreachable() after functions that can return but won't in
  this case, and thus can't be marked __dead easily
2019-02-03 03:19:25 +00:00
lukem
fc9234654d clarify the fd used for blacklisting.
Use STDIN_FILENO instead of 0 as the fd to blacklist_r(),
since we use the former in ftpd.c
2019-01-29 23:19:30 +00:00
lukem
086f834b20 NetBSD-ftpd 20180428
Update version to "NetBSD-ftpd 20180428" for changes:
- Fix violations of the sequence point rule.
- Check that stat and fstat succeed.
- Support blacklistd(8) hooks.
- Clear utmpx struct before writing it to wtmpx files.
- Fix directory stream leaks.
- Use explicit_memset(3) instead of memset(3) to clear password.
- Fix scope of variable. PR misc/50665.
- Ensure that closing socket exists. CID 603440.
- Add -f option to ftpd to stay in foreground with -D. PR bin/53221.
2019-01-29 11:51:05 +00:00
dholland
ad8aa774f5 fix duplicated chunk from merge 2019-01-27 04:33:29 +00:00
pgoyette
d91f98a871 Merge the [pgoyette-compat] branch 2019-01-27 02:08:33 +00:00
mrg
00e064adab o don't display special files in the directory index. they aren't
served, but links to them are generated.
2019-01-22 05:32:57 +00:00
skrll
69e8dca2e5 Adapt https://svnweb.freebsd.org/base?view=revision&revision=342113 to
NetBSD.

This brings us resolving for dynamically loaded libraries and makes
tests/libexec/ld.elf_so/t_thread_local_dtor pass.

With suggestions from joerg@
2019-01-18 11:59:03 +00:00
mrg
8f49d6e252 rework size_arrays():
- avoid calloc, use bozomalloc
- minor CSE
- fix bozoprefs->size setting when increasing the size (new total was
  being added to the prior total.)  found by clang static analyzer
  from rajeev_v_pillai.

pass httpd to size_arrays() now.
free(NULL) is legal.
2019-01-18 06:04:10 +00:00
mrg
5335936687 fix a few problems pointed out by clang static analyzer, from rajeev_v_pillai:
- bozostrnsep() may return with "in = NULL", so check for it.
- nul terminating in bozo_escape_rfc3986() can be simpler
- don't use uniinit variables in check_remap()
- don't use re-used freed data in check_virtual().  this one is tricky as
  the original code was:
	free(request->hr_file);
	request->hr_file = bozostrdup(httpd, request, s ? s : "/");
  however, bozostrdup() may reference request->hr_file.
2019-01-18 05:48:31 +00:00
mrg
9b91523ebd - call this 20190116
- adjust the directory indexing again:
  - don't include "index.html" in html headers
  - additional escaping of names
  - re-add top/bottom borders
  - adds an aquamarine table header
  - Zebra-stripes table rows using CSS instead of code
  all from "Rajeev V. Pillai" <rajeev_v_pillai@yahoo.com>
2019-01-17 07:46:16 +00:00
mrg
d1eeb82409 add 'check' target to toplevel makefile.
fix the t11.out output now that CGI parsing works better.
2019-01-17 07:39:00 +00:00
mrg
9c0805993a - fix CGI '+' param and error handling.
- remove unused parameter to daemon_poll_err().

both from "Rajeev V. Pillai" <rajeev_v_pillai@yahoo.com>
2019-01-17 07:34:06 +00:00
christos
d17b8a0ea7 print the program name when we don't find a library.
XXX: really most _rtld_error() should do that, and most do.
2019-01-12 18:58:10 +00:00
uwe
62a27ee607 Spell "occurrence" correctly. 2019-01-09 17:19:08 +00:00
mrg
4aff0e8a96 remove reference to deleted -r option. fixes PR#53840 from J. Lewis Muir. 2019-01-08 06:04:29 +00:00
joerg
06c9aa1116 When loading a non-PIE main binary, the virtual address must match.
Use MAP_TRYFIXED and verify that the result matches the expectation.
2019-01-06 19:44:54 +00:00
joerg
08e505b543 MAP_ALIGNED has existed for years, just assume it exists. 2019-01-04 19:54:56 +00:00
martin
e4d02a93c7 Add support for DT_RUNPATH - it is just the same as we always have treated
DT_RPATH.  Approved by core.
2018-12-30 11:55:15 +00:00
christos
d30b19ef3d - fix wrong reloc name in assert
- fix uninitialized
2018-12-30 03:23:46 +00:00
christos
61268f23da binutils 2.31.1 can put copy relocations in the relro segment. Delay
protecting the relro segment for the main object until copy relocations
are done.
2018-12-30 01:48:37 +00:00
christos
2c62c57fa6 initfini array support for everyone. 2018-12-27 18:58:14 +00:00
christos
ba044c6310 explain why we skip objmain. 2018-12-27 18:57:43 +00:00
mrg
48003606bd minor rewording. fix alphabeta ordering of contributors. 2018-12-19 12:40:32 +00:00
mrg
ff386e5b59 fix an old spell-o and a new format-o. 2018-12-18 23:11:40 +00:00
maya
79d3071f0c Remove mention of SPX. 2018-12-15 23:23:51 +00:00
leot
6816df1bc3 Document last changes and bump version to 20181215
Suggested by <mrg>, thanks! (Possible mistakes are mine though!)
2018-12-15 12:52:36 +00:00
leot
9644d25eb4 Fix handling of bozo_set_timeout() timeouts (and `-T' option parsing) 2018-12-15 12:43:24 +00:00
leot
6c2202365c Avoid .htpasswd exposure to authenticated users when .htpasswd is
in the slashdir too.

Problem reported by JP via tech-security@ and discussed with <mrg>, thanks!
2018-12-15 12:39:22 +00:00
leot
1f52a22c8c Avoid possible NULL dereference when sending a big request that timeout.
Problem reported by <maya> and reviewed by <maya> and <mrg>, thanks!
2018-12-15 09:28:27 +00:00
maya
d6e51063d8 strings.h for strcasecmp (on linux) 2018-12-15 02:03:24 +00:00
maya
69e8cec185 Check against BOZO_HEADERS_MAX_SIZE in a way that isn't prone to overflow.
Note that this isn't reachable in practice as big requests time out.
2018-12-15 01:02:34 +00:00
maya
6807b854c1 Don't pass ${HOST} to test scripts.
htnl_cmp compares against the output of `hostname`.

This makes the tests pass on my machine.
2018-12-14 23:57:22 +00:00
sborrill
35d580002c IPFilter 5 requires you to specify IPv4 or IPv6 2018-12-13 13:11:28 +00:00
maya
cd6150e9ad Remove unused macros. 2018-12-13 04:29:18 +00:00
mrg
34ece249a9 use html tables for directory index.
from "Rajeev V. Pillai" <rajeev_v_pillai@yahoo.com>

call this bozohttpd 20181204.
2018-12-04 02:52:42 +00:00
mrg
3d201ca797 avoid sign extension in % handling (and printing 0xFFFFFF before
wanted values.)  from Rajeev V. Pillai.
2018-12-04 00:26:15 +00:00
skrll
66b7511afb Fix typos 2018-12-01 13:01:57 +00:00
joerg
335f313f07 Now that lib/csu no longer uses the object handle, drop the magic and
version field from the internal object. It is kept in the legacy version
of the main object.
2018-11-26 17:40:26 +00:00
mrg
a0c45e363d normalise some messages. 2018-11-25 23:48:14 +00:00
mrg
cd79b847e8 add option fixes here. 2018-11-25 23:37:09 +00:00
mrg
c53bc78857 fix -X option parsing. noted by Rajeev V. Pillai. 2018-11-25 07:37:20 +00:00
mrg
ac81556715 avoid c99ism. 2018-11-24 18:38:59 +00:00
christos
201b0ce72c - add FALLTHROUGH comment
- one return is usually enough.
2018-11-24 13:08:10 +00:00
christos
47273da74b appease lint 2018-11-24 13:03:15 +00:00
christos
9034ab8ec4 one semicolon is usually enough. 2018-11-24 13:02:46 +00:00
mrg
de8fdd6045 call this bozohttpd 20181124. 2018-11-24 02:35:13 +00:00
mrg
0e9761c130 fix a bug in the rework for -i option: move the real code in place.
for some reason gcc does not warn about this:

   case 'x':
     stuff_here();
     break;

     other_stuff_here();
     break;

and the other_stuff_here() was what was mis-placed.


should fix atf failures in networking.
2018-11-24 02:30:56 +00:00
mrg
a49dff0c2c s/time/val/ to avoid shadowing a global indentifier. 2018-11-24 00:47:51 +00:00
skrll
c7af211bee Fix RTLD_DEBUG_RELOC build 2018-11-23 11:26:05 +00:00