mrg
bfef5cee0b
use netbsd rcsid
2016-08-20 00:36:41 +00:00
shm
febbddea26
Fix error checks in open(2) calls.
2016-07-21 12:29:37 +00:00
shm
ef0b7ea3b6
CID 976523: add FALLTHROUGH
2016-07-20 20:18:21 +00:00
shm
31d615acc3
CID 603440: ensure that closing socket exists
2016-07-19 21:25:38 +00:00
shm
d3c94bcc3a
Fix race condition in deliver(), fix resource leak.
2016-07-19 13:11:38 +00:00
shm
1202090c01
Do not send encoding header for compressed formats.
2016-07-19 09:27:40 +00:00
mrg
9d18868a64
avoid an impossible case the compiler can't quite tell.
2016-06-30 13:17:48 +00:00
martin
115160e654
Fix a few bounds and instruction sequences generated in the PLT; exercised
...
by ASLR and verified to work with the aslr fixed random debug sysctls.
2016-06-20 08:12:25 +00:00
christos
4910b5ce72
Move relro after we've computed out relocbase and re-enable it.
...
(Matthias Weckbecker)
2016-06-16 11:34:13 +00:00
christos
3ee1ef9906
Turn off GNU_RELRO for now.
2016-06-15 12:08:47 +00:00
christos
0e6265fc35
Add support for GNU RELRO headers from Matthias Weckbecker.
2016-06-14 13:06:41 +00:00
agc
205633288c
As proposed in:
...
http://mail-index.netbsd.org/tech-userlevel/2016/05/18/msg009999.html
and
https://www.netbsd.org/~agc/bozo-20160517.diff
add a patch to httpd to return the version string of httpd itself, and use the
-G option on the command line to enable this. This gives httpd the ability to
show, from the command line, what version is running.
% /usr/build/obj/x86_64/usr/src/libexec/httpd/bozohttpd -G
bozohttpd version bozohttpd/20160415
%
2016-05-24 21:18:29 +00:00
christos
564475388a
Put the name of the dynamic linker in allocated memory, so that it becomes
...
part of the core file link-map, so that gdb can find it.
2016-05-24 20:32:33 +00:00
joerg
6e49b77769
obj->phdr must be the absolute address, not the virtual offset from the
...
main binary. Historically, this has been the same. For PIE though,
relocbase can be pretty much anywhere. Fixes PR toolchain/51159.
2016-05-22 19:28:39 +00:00
christos
f7945701d6
CID 1358679: Fix memory leak.
...
XXX: pullup 7
2016-04-24 18:24:47 +00:00
mrg
0a7cdc80ba
use %zu instead of %lu for size_t.
2016-04-15 20:00:13 +00:00
mrg
27da98ff14
updates and bozohttpd 20160415:
...
o add search-word support for CGI
o fix a security issue in CGI suffix handler support which would
allow remote code execution, from shm@netbsd.org
o -C option supports now CGI scripts only
2016-04-15 17:57:21 +00:00
skrll
42fe483061
Remove duplicated __RCSIDs I added years ago - I blame CVS.
...
Spotted by Miod Vallat
2016-04-14 20:17:07 +00:00
christos
80c3d4eb2a
- Print a warning for text relocations
...
- Don't remap the text segment executable while relocating
2016-04-12 19:10:48 +00:00
mrg
7bc3291858
move the compiler hack closer to the source of the fail
2016-03-18 10:10:21 +00:00
christos
43c3c3f74a
Add volatile for gcc 5
2016-03-17 00:21:04 +00:00
christos
f2192299b9
volatile for gcc 5
2016-03-17 00:17:58 +00:00
mrg
2dc66b067e
make the GCC 4.8 specific hack for ci.clean being set GCC >= 4.8.
2016-03-16 18:58:34 +00:00
dholland
d9047ae69b
Use functions instead of preprocessor abuse.
2016-03-13 00:32:09 +00:00
christos
80fa2ce1a5
where is already void *
2016-02-20 15:20:23 +00:00
macallan
3709f36323
make debug code compile again
...
from christos
2016-02-19 22:09:09 +00:00
riastradh
9628679b27
Need <stdbool.h> for true/false.
2016-02-19 03:53:46 +00:00
skrll
19b4c45621
Actually, descsz should not contain the padding. The note still needs to
...
be padded out.
2016-02-09 10:20:03 +00:00
skrll
a5b645efc7
Fix .note.netbsd.march by ensuring correct padding
2016-02-08 11:59:39 +00:00
christos
a21e664447
we don't need <sys/mbuf.h>
2016-01-24 01:56:04 +00:00
christos
ffeb8dbf4e
Define _KERNTYPES for things that need it.
2016-01-23 21:22:45 +00:00
christos
8d60259f07
PR/50665: David Binderman: move "dir" to the outer scope so it stays alive
...
when the pointer is used later.
2016-01-17 14:46:07 +00:00
elric
591b978b80
Fix bug in cleanup of reply headers.
2016-01-02 20:35:59 +00:00
elric
afe55bf842
Add the concept of ``reply headers'', that is a SIMPLEQ of headers that
...
will be included in the HTTP reply. We define this as we are about to
add an authentication method that may need to have a conversation with
the client.
2016-01-02 18:40:13 +00:00
mrg
0841a79ea3
bump the version; we have real fixes now.
2015-12-31 04:58:43 +00:00
mrg
614a8b6713
redo the fix for rev 1.26 - instead of getting a new string wrong,
...
just delay the free until the parent has finished using them.
also, free query as well.
fixes PR#50374.
2015-12-31 04:39:16 +00:00
mrg
84411b5891
rewrite the redirection url generation code to use bozoasprintf().
2015-12-29 04:30:33 +00:00
mrg
c2e98309d5
- convert most asprintf() calls to bozoasprintf().
...
- don't call getpwuid(0) if we don't need to, or fail it it fails,
and remove the 'username' member of bozohttpd_t since it is not
used outside of bozo_setup().
2015-12-29 04:21:46 +00:00
mrg
881b8188de
rename bozo_err/bozo_warn/bozo_asprintf to bozoerr/etc.
...
new rule is that function that mirror libc-style functions get no underscore.
2015-12-28 07:37:59 +00:00
mrg
cff2d95613
several clean ups:
...
- bozostrdup() gains a request parameter, and uses it to determine
what sort of error handling is required
- bozo_strdup() dies
- size_arrays() reduced slightly, pushing error handling into the caller
- convert to size_t for some array indices
- bozo_set_pref() and bozo_init_prefs() gain httpd parameters
- apply a bunch of manual CSE to vastly reduce the number of times the
string "request->hr_httpd" appears.
- CGI parse_header() takes a request not httpd now
XXX: lua glue updated to call bozo_init_prefs() with htttpd parameter,
but i'm only guessing here.
2015-12-27 10:21:35 +00:00
mrg
71e7babf6d
fix running the testsuite from the build tree
2015-12-27 07:43:39 +00:00
christos
f47ab3a37e
Introduce bozo_strdup and bozo_asprintf to add error checking and reduce
...
code duplication.
Note that bozo_strdup is different that bozostrdup; the _ routines exit
loging error to syslog or stderr, whereas the non _ routines send error
responses to the http client.
2015-12-12 18:06:58 +00:00
christos
14ba256990
- restrict the default list of ciphers to something more secure
...
- restrict ssl options
From Travis Paul
2015-12-12 16:57:53 +00:00
kamil
d3f055bfc7
Improve the httpd(8) printenv.lua Lua example
...
Stop using Lua builtin print function and replace them with http.* ones.
httpd.print and http.write wraps SSL support when needed.
Print http headers, without them browser may interpret page as raw text.
No need to hardcode prefix path in the form.
Add comments for a user with tips how to use this script.
Patch by Travis Paul
Closes PR misc/50502
2015-12-07 03:11:48 +00:00
kamil
a2fa5fef62
Bump date for previous
2015-11-29 15:58:07 +00:00
kamil
1e3b6beb3f
Synchronize SYNOPSIS with reality
2015-11-29 15:29:55 +00:00
kamil
55cd314790
Remove nonexistent option z: in the getopt(3) call
2015-11-29 15:26:10 +00:00
christos
59f3853f3e
handle asprintf errors consistently.
2015-10-31 00:55:17 +00:00
christos
e3e5f7f09b
fix wrong variable
2015-10-30 23:45:31 +00:00
christos
1932f6942a
simplify
2015-10-30 23:27:47 +00:00