- avoid calloc, use bozomalloc
- minor CSE
- fix bozoprefs->size setting when increasing the size (new total was
being added to the prior total.) found by clang static analyzer
from rajeev_v_pillai.
pass httpd to size_arrays() now.
free(NULL) is legal.
- bozostrnsep() may return with "in = NULL", so check for it.
- nul terminating in bozo_escape_rfc3986() can be simpler
- don't use uniinit variables in check_remap()
- don't use re-used freed data in check_virtual(). this one is tricky as
the original code was:
free(request->hr_file);
request->hr_file = bozostrdup(httpd, request, s ? s : "/");
however, bozostrdup() may reference request->hr_file.
- adjust the directory indexing again:
- don't include "index.html" in html headers
- additional escaping of names
- re-add top/bottom borders
- adds an aquamarine table header
- Zebra-stripes table rows using CSS instead of code
all from "Rajeev V. Pillai" <rajeev_v_pillai@yahoo.com>
for some reason gcc does not warn about this:
case 'x':
stuff_here();
break;
other_stuff_here();
break;
and the other_stuff_here() was what was mis-placed.
should fix atf failures in networking.
- keep a list of special files and their human names
- remove (void) casts on bozo_http_error()
- fix a few more misuses of bozo_http_error()
- rename check_mapping() to check_remap() and perform some CSE
- switch away from ``%s'' to '%s'
- remove a bunch of #ifdef using new have_feature defines
- consolidate all the special file checks into
bozo_check_special_files() so that all builds check the same
list of special files, regardless of build options.
- convert "(void)bozo_http_error(...); return -1;" into plain
"return bozo_http_error(...);"
- fix the call to bozo_check_special_files() to be used on all
input types. part of the fixes for failure to reject access
to /.htpasswd as reported by JP on tech-security.
- use warn_unused_result attribute on bozo_check_special_files(),
and fix the failures to return failure. second part of the
htpasswd access fix.
- update testsuite to use a fixed fake hostname.
call this bozohttpd 20181121.
o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling responses
old timeouts:
60 seconds for initial request like, 60 seconds per header line,
and no whole timeout (though the recent total header size changes
do introduce one that would be about 11 hours.)
new timeouts:
30 seconds for initial request like, 10 seconds per header line,
and a total request time of 600 seconds.
the new global timeout is implemented using CLOCK_MONOTONIC, with
a fallback to CLOCK_REALTIME if monotonic time is unavailable.
reject multiple Host: headers. besides being protocol standard,
this closes one additional memory leak found by JP. add a simple
test to check this.
clean up option and usage handling some.
o add url remap support via .bzremap file, from martin@netbsd.org
o handle redirections for any protocol, not just http:
o fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP.
carriage return to read_request() in foreground mode.
In the C daemon, a NULL check is performed on bozo_read_request in main.c
before moving on to bozo_process_request & bozo_clean_request. Here,
process_request & clean_request just return instead.
- Don't use negative indicies to read arguments of Lua functions.
- On error, return nil, "error string".
- Use ssize_t for return values from bozo_read() and bozo_write().
- Prefer lstring especially when if saves you from appending NUL and
doing len + 1 which can potentially wraparound.
- Don't mix C allocations with Lua functions marked with "m" in the Lua
manual. Those functions may throw (longjump) and leak data allocated
by C function. In one case, I use luaL_Buffer, in the other case,
I rearranged calls a bit.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
o add search-word support for CGI
o fix a security issue in CGI suffix handler support which would
allow remote code execution, from shm@netbsd.org
o -C option supports now CGI scripts only
will be included in the HTTP reply. We define this as we are about to
add an authentication method that may need to have a conversation with
the client.
- don't call getpwuid(0) if we don't need to, or fail it it fails,
and remove the 'username' member of bozohttpd_t since it is not
used outside of bozo_setup().
- bozostrdup() gains a request parameter, and uses it to determine
what sort of error handling is required
- bozo_strdup() dies
- size_arrays() reduced slightly, pushing error handling into the caller
- convert to size_t for some array indices
- bozo_set_pref() and bozo_init_prefs() gain httpd parameters
- apply a bunch of manual CSE to vastly reduce the number of times the
string "request->hr_httpd" appears.
- CGI parse_header() takes a request not httpd now
XXX: lua glue updated to call bozo_init_prefs() with htttpd parameter,
but i'm only guessing here.
code duplication.
Note that bozo_strdup is different that bozostrdup; the _ routines exit
loging error to syslog or stderr, whereas the non _ routines send error
responses to the http client.
Stop using Lua builtin print function and replace them with http.* ones.
httpd.print and http.write wraps SSL support when needed.
Print http headers, without them browser may interpret page as raw text.
No need to hardcode prefix path in the form.
Add comments for a user with tips how to use this script.
Patch by Travis Paul
Closes PR misc/50502
dholland