diff options
author | lukem <lukem@pkgsrc.org> | 2002-06-26 10:53:32 +0000 |
---|---|---|
committer | lukem <lukem@pkgsrc.org> | 2002-06-26 10:53:32 +0000 |
commit | 2d17edd062f8de542b709022a703b582502ff08b (patch) | |
tree | cfadf59d1d02a70cab33d42c07927bf3b81770a6 /www | |
parent | 0010ebbab30ec3532f137a396cbacf7536f5d526 (diff) | |
download | pkgsrc-2d17edd062f8de542b709022a703b582502ff08b.tar.gz |
+ ensure that ${SCRIPT_NAME} contains full path of script (previously
the leading "cgi-bin/" was stripped)
+ convert '-' to '_' in ${HTTP_xxx} environment variable names, and
ensure that the names are NUL terminated
+ lookup addr, host (unless -n) and port for every request, not just
cgi requests, and log the host & port in "got request ..." message
+ fix -n to work as documented; set it to *prevent* addr->name lookups
+ document -n is useful even without -c
+ don't deref NULL pointers in printf %s
+ be consistent about stripping leading `/' from command
+ clean up how "cgi-bin/" prefix is hardcoded in
+ fix -Wall compile issues
+ bump package revision
Diffstat (limited to 'www')
-rw-r--r-- | www/bozohttpd/Makefile | 3 | ||||
-rw-r--r-- | www/bozohttpd/distinfo | 6 | ||||
-rw-r--r-- | www/bozohttpd/patches/patch-ab | 18 | ||||
-rw-r--r-- | www/bozohttpd/patches/patch-ae | 341 |
4 files changed, 357 insertions, 11 deletions
diff --git a/www/bozohttpd/Makefile b/www/bozohttpd/Makefile index ea731d189d7..8957046db75 100644 --- a/www/bozohttpd/Makefile +++ b/www/bozohttpd/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.15 2002/04/23 11:25:12 zuntum Exp $ +# $NetBSD: Makefile,v 1.16 2002/06/26 10:53:32 lukem Exp $ # DISTNAME= bozohttpd-5.09 +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_LOCAL} EXTRACT_SUFX= .tar.bz2 diff --git a/www/bozohttpd/distinfo b/www/bozohttpd/distinfo index b7723916230..5fbc97800b5 100644 --- a/www/bozohttpd/distinfo +++ b/www/bozohttpd/distinfo @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.9 2002/04/23 11:23:59 zuntum Exp $ +$NetBSD: distinfo,v 1.10 2002/06/26 10:53:33 lukem Exp $ SHA1 (bozohttpd-5.09.tar.bz2) = 38670bf3216cf97fa2e7af1415afe0831bdd8ddc Size (bozohttpd-5.09.tar.bz2) = 18439 bytes SHA1 (patch-aa) = 3831938ead3fd2792d61878c10aa7ada431e8cd7 -SHA1 (patch-ab) = 3dbf43680c52c60251221243e855fc2d2f26c1ff -SHA1 (patch-ae) = 65a715f22af38be3bf2c47dd0b9dceedad23e412 +SHA1 (patch-ab) = ed3d3cc3caeb47a096d01d605ea26320d837aa79 +SHA1 (patch-ae) = 13762fade36426525dbd4f93f57e521f3f8c271d diff --git a/www/bozohttpd/patches/patch-ab b/www/bozohttpd/patches/patch-ab index a944326c50e..4cef3d7ce91 100644 --- a/www/bozohttpd/patches/patch-ab +++ b/www/bozohttpd/patches/patch-ab @@ -1,8 +1,20 @@ -$NetBSD: patch-ab,v 1.8 2001/12/14 16:26:03 mrg Exp $ +$NetBSD: patch-ab,v 1.9 2002/06/26 10:53:33 lukem Exp $ --- bozohttpd.8.in.orig Sat Sep 22 20:10:00 2001 -+++ bozohttpd.8.in Sat Dec 15 03:15:41 2001 -@@ -172,8 +172,8 @@ ++++ bozohttpd.8.in +@@ -99,10 +99,7 @@ + .Nm + from doing IP address to name resolution of hosts for setting the + .Ev REMOTE_HOST +-variable before running a CGI program. This option has no effect +-without the +-.Fl c +-option. ++variable before running a CGI program. + .It Fl r + This option causes + .Nm +@@ -172,8 +169,8 @@ .Xr inetd.conf 5 entry would be: .Bd -literal diff --git a/www/bozohttpd/patches/patch-ae b/www/bozohttpd/patches/patch-ae index 325b62195b3..c4e5d01a481 100644 --- a/www/bozohttpd/patches/patch-ae +++ b/www/bozohttpd/patches/patch-ae @@ -1,8 +1,29 @@ -$NetBSD: patch-ae,v 1.1 2002/04/23 11:24:00 zuntum Exp $ +$NetBSD: patch-ae,v 1.2 2002/06/26 10:53:34 lukem Exp $ ---- bozohttpd.c.orig Sat Sep 22 12:10:00 2001 +--- bozohttpd.c.orig Sat Sep 22 20:10:00 2001 +++ bozohttpd.c -@@ -359,6 +359,7 @@ +@@ -189,6 +189,9 @@ + char *content_length; + char *allow; + char *host; /* HTTP/1.1 Host: */ ++ char *remotehost; ++ char *remoteaddr; ++ char *serverport; + SIMPLEQ_HEAD(, _headers) headers; + int nheaders; + } http_req; +@@ -205,6 +208,10 @@ + static char *cgibin; /* cgi-bin directory */ + + static void process_cgi __P((http_req *)); ++ ++#define CGIBIN_PREFIX "cgi-bin/" ++#define CGIBIN_PREFIX_LEN (sizeof(CGIBIN_PREFIX)-1) ++ + #endif /* NO_CGIBIN_SUPPORT */ + + +@@ -359,6 +366,7 @@ case 'c': #ifndef NO_CGIBIN_SUPPORT cgibin = optarg; @@ -10,7 +31,319 @@ $NetBSD: patch-ae,v 1.1 2002/04/23 11:24:00 zuntum Exp $ break; #else error(1, "CGI is not enabled"); -@@ -1734,7 +1735,7 @@ +@@ -460,7 +468,7 @@ + */ + if (bflag) { + struct addrinfo h, *r; +- int s, e; ++ int e; + + daemon(1, 0); + +@@ -490,7 +498,7 @@ + * read and process the HTTP request. + */ + do { +- if (http_request = read_request()) { ++ if ((http_request = read_request()) != NULL) { + process_request(http_request); + return (0); + } +@@ -558,14 +566,20 @@ + { + struct sigaction sa; + char *str, *val, *method, *url, *proto; ++ char *host, *addr, *port; ++ char hbuf[NI_MAXHOST], abuf[NI_MAXSERV], bufport[10]; + ssize_t len; ++#ifndef SOCKOLD ++ struct sockaddr_storage ss; ++#else ++ struct sockaddr ss; ++#endif + int line = 0; ++ socklen_t slen; + http_req *request; + + #ifndef NO_DAEMON_MODE + if (bflag) { +- struct sockaddr_storage ss; +- socklen_t slen; + int fd; + + /* +@@ -603,12 +617,67 @@ + + #endif /* NO_DAEMON_MODE */ + +- request = malloc(sizeof *request); ++ request = calloc(1, sizeof *request); + if (request == NULL) + error(1, "malloc of request descriptor"); + request->allow = request->host = request->content_type = + request->content_length = NULL; + ++ slen = sizeof(ss); ++ if (getpeername(0, (struct sockaddr *)&ss, &slen) < 0) ++ host = addr = NULL; ++ else { ++#ifndef SOCKOLD ++ addr = host = NULL; ++ if (getnameinfo((struct sockaddr *)&ss, slen, ++ abuf, sizeof abuf, NULL, 0, NI_NUMERICHOST) == 0) ++ addr = abuf; ++ if (nflag == 0 && getnameinfo((struct sockaddr *)&ss, slen, ++ hbuf, sizeof hbuf, NULL, 0, 0) == 0) ++ host = hbuf; ++#else ++ struct hostent *hp; ++ struct sockaddr_in *sin; ++ ++ switch (((struct sockaddr *)&ss)->sa_family) { ++ case AF_INET: ++ sin = (struct sockaddr_in *)&ss; ++ addr = inet_ntoa(sin->sin_addr); ++ if (nflag != 0 || ++ (hp = gethostbyaddr((char *)&sin->sin_addr, ++ sizeof(sin->sin_addr), AF_INET)) == NULL) ++ host = NULL; ++ else ++ host = hp->h_name; ++ break; ++ default: ++ host = addr = NULL; ++ break; ++ } ++#endif ++ } ++ if (host != NULL && (request->remotehost = strdup(host)) == NULL) ++ http_error(500, request, "malloc failed"); ++ if (addr != NULL && (request->remoteaddr = strdup(addr)) == NULL) ++ http_error(500, request, "malloc failed"); ++ slen = sizeof(ss); ++ if (getsockname(0, (struct sockaddr *)&ss, &slen) < 0) ++ port = NULL; ++ else { ++#ifndef SOCKOLD ++ if (getnameinfo((struct sockaddr *)&ss, slen, NULL, 0, ++ bufport, sizeof bufport, NI_NUMERICSERV) == 0) ++ port = bufport; ++ else ++ port = NULL; ++#else ++ (void)snprintf(port = bufport, sizeof bufport, "%d", ++ ntohs(((struct sockaddr_in *)&ss)->sin_port)); ++#endif ++ } ++ if (port != NULL && (request->serverport = strdup(port)) == NULL) ++ http_error(500, request, "malloc failed"); ++ + /* + * setup a timer to make sure the request is not hung + */ +@@ -628,7 +697,10 @@ + if (line == 1) { + if (len < 1) + http_error(404, NULL, "null method"); +- warning("got request ``%s''", str); ++ warning("got request ``%s'' from host %s to port %s", ++ str, ++ host ? host : addr ? addr : "<unknown>", ++ port ? port : "<unknown>"); + debug((DEBUG_FAT, "read_req, getting request: ``%s''", + str)); + +@@ -980,7 +1052,7 @@ + * - ``expand'' %20 crapola + * - punt if it doesn't start with / + * - look for "http://myname/" and deal with it. +- * - check if /cgi-bin/ and call process_cgi() if so ++ * - check if "/" + CGIBIN_PREFIX and call process_cgi() if so + * - check for ~user and call transform_user() if so + * - if the length > 1, check for trailing slash. if so, + * add the index.html file +@@ -1006,7 +1078,7 @@ + if (url[0] != '/') { + http_error(404, request, "unknown URL"); + #ifndef NO_CGIBIN_SUPPORT +- } else if (strncmp(url + 1, "cgi-bin/", 8) == 0) { ++ } else if (strncmp(url + 1, CGIBIN_PREFIX, CGIBIN_PREFIX_LEN) == 0) { + debug((DEBUG_FAT, "calling process_cgi")); + process_cgi(request); + #endif /* NO_CGIBIN_SUPPORT */ +@@ -1234,17 +1306,16 @@ + http_req *request; + { + struct _headers *headp; +-#ifndef SOCKOLD +- struct sockaddr_storage ss; +-#else +- struct sockaddr ss; +-#endif +- char *host, *addr, *port, *info, *type, *clen, *query, *s, *t, +- *path, *env, *command = NULL, +- *url = strdup(request->url + strlen("/cgi-bin")); ++ char *info, *type, *clen, *query, *s, *t, ++ *path, *env, *command = NULL, *fullcommand, ++ *url = strdup(request->url + CGIBIN_PREFIX_LEN); + char **envp, *argv[3]; +- char bufport[10]; +- int envpsize, ix, slen = sizeof(ss); ++ int envpsize, ix; ++ ++ if (url == NULL) ++ http_error(500, request, "malloc failed"); ++ query = path = NULL; ++ envp = NULL; + + debug((DEBUG_FAT, "process_cgi: writing HTTP header ..")); + +@@ -1261,8 +1332,11 @@ + } else + info = ""; + +- if (command == NULL) ++ if (command == NULL) { + command = url; ++ if (*command == '/') ++ command++; ++ } + + if ((s = strchr(url, '?')) != NULL) { + *s++ = '\0'; +@@ -1270,71 +1344,20 @@ + } else + query = NULL; + +- debug((DEBUG_FAT, "process_cgi: query %s cmd %s info %s", query, +- command, info)); ++ debug((DEBUG_FAT, "process_cgi: cmd %s info %s query %s", ++ command, info, query ? query : "<null>")); + + type = request->content_type; + clen = request->content_length; + +- if (getpeername(0, (struct sockaddr *)&ss, &slen) < 0) +- host = addr = NULL; +- else { +-#ifndef SOCKOLD +- char hbuf[NI_MAXHOST], abuf[NI_MAXSERV]; +- +- addr = host = NULL; +- if (getnameinfo((struct sockaddr *)&ss, slen, +- abuf, sizeof abuf, NULL, 0, NI_NUMERICHOST) == 0) +- addr = abuf; +- if (nflag != 0 && getnameinfo((struct sockaddr *)&ss, slen, +- hbuf, sizeof hbuf, NULL, 0, 0) == 0) +- host = hbuf; +-#else +- struct hostent *hp; +- struct sockaddr_in *sin; +- +- switch (((struct sockaddr *)&ss)->sa_family) { +- case AF_INET: +- sin = (struct sockaddr_in *)&ss; +- addr = inet_ntoa(sin->sin_addr); +- if (nflag == 0 || +- (hp = gethostbyaddr((char *)&sin->sin_addr, +- sizeof(sin->sin_addr), AF_INET)) == NULL) +- host = NULL; +- else +- host = hp->h_name; +- break; +- default: +- host = addr = NULL; +- break; +- } +-#endif +- } +- +- slen = sizeof(ss); +- if (getsockname(0, (struct sockaddr *)&ss, &slen) < 0) +- port = NULL; +- else { +-#ifndef SOCKOLD +- if (getnameinfo((struct sockaddr *)&ss, slen, NULL, 0, +- bufport, sizeof bufport, NI_NUMERICSERV) == 0) +- port = bufport; +- else +- port = NULL; +-#else +- (void)snprintf(port = bufport, sizeof bufport, "%d", +- ntohs(((struct sockaddr_in *)&ss)->sin_port)); +-#endif +- } +- + envpsize = 10 + request->nheaders + + (info && *info ? 1 : 0) + + (query && query ? 1 : 0) + + (type && *type ? 1 : 0) + + (clen && *clen ? 1 : 0) + +- (host && *host ? 1 : 0) + +- (addr && *addr ? 1 : 0) + +- (port && *port ? 1 : 0); ++ (request->remotehost && *request->remotehost ? 1 : 0) + ++ (request->remoteaddr && *request->remoteaddr ? 1 : 0) + ++ (request->serverport && *request->serverport ? 1 : 0); + + envp = malloc(sizeof(*envp) * envpsize); + if (envp == NULL) +@@ -1368,8 +1391,11 @@ + for (s = headp->header; *s; t++, s++) + if (islower(*s)) + *t = toupper(*s); ++ else if (*s == '-') ++ *t = '_'; + else + *t = *s; ++ *t = '\0'; + debug((DEBUG_OBESE, "setting header %s as %s = %s", + headp->header, env, headp->value)); + spsetenv(env, headp->value); +@@ -1382,7 +1408,12 @@ + spsetenv("GATEWAY_INTERFACE", "CGI/1.1"); + spsetenv("SERVER_PROTOCOL", request->proto); + spsetenv("REQUEST_METHOD", request->methodstr); +- spsetenv("SCRIPT_NAME", command); ++ fullcommand = malloc(CGIBIN_PREFIX_LEN + strlen(command) + 1); ++ if (fullcommand == NULL) ++ http_error(500, request, "malloc failed"); ++ strcpy(fullcommand, CGIBIN_PREFIX); ++ strcat(fullcommand, command); ++ spsetenv("SCRIPT_NAME", fullcommand); + spsetenv("SERVER_SOFTWARE", server_software); + if (query && *query) + spsetenv("QUERY_STRING", query); +@@ -1392,12 +1423,12 @@ + spsetenv("CONTENT_TYPE", type); + if (clen && *clen) + spsetenv("CONTENT_LENGTH", clen); +- if (port && *port) +- spsetenv("SERVER_PORT", port); +- if (host && *host) +- spsetenv("REMOTE_HOST", host); +- if (addr && *addr) +- spsetenv("REMOTE_ADDR", addr); ++ if (request->serverport && *request->serverport) ++ spsetenv("SERVER_PORT", request->serverport); ++ if (request->remotehost && *request->remotehost) ++ spsetenv("REMOTE_HOST", request->remotehost); ++ if (request->remoteaddr && *request->remoteaddr) ++ spsetenv("REMOTE_ADDR", request->remoteaddr); + #undef spsetenv + + path = malloc(strlen(cgibin) + 1 + strlen(command) + 1); +@@ -1419,7 +1450,8 @@ + argv[0] = command; + argv[1] = query; + argv[2] = NULL; +- debug((DEBUG_FAT, "going exec %s %s %s", path, command, query)); ++ debug((DEBUG_FAT, "going exec %s %s %s", path, command, ++ query ? query : "<null>")); + if (execve(path, argv, envp) < 0) + error(1, "child exec failed"); + } +@@ -1734,7 +1766,7 @@ int savederrno; /* only log if the level is low enough */ |