Module Name: src
Committed By: mrg
Date: Tue Nov 20 01:06:47 UTC 2018
Modified Files:
src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c
bozohttpd.h cgi-bozo.c content-bozo.c daemon-bozo.c
dir-index-bozo.c main.c ssl-bozo.c tilde-luzah-bozo.c
src/libexec/httpd/testsuite: Makefile
Added Files:
src/libexec/httpd/testsuite: t15.in t15.out
Log Message:
from CHANGES:
o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling responses
old timeouts:
60 seconds for initial request like, 60 seconds per header line,
and no whole timeout (though the recent total header size changes
do introduce one that would be about 11 hours.)
new timeouts:
30 seconds for initial request like, 10 seconds per header line,
and a total request time of 600 seconds.
the new global timeout is implemented using CLOCK_MONOTONIC, with
a fallback to CLOCK_REALTIME if monotonic time is unavailable.
reject multiple Host: headers. besides being protocol standard,
this closes one additional memory leak found by JP. add a simple
test to check this.
clean up option and usage handling some.
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.19 -r1.20 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.72 -r1.73 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.89 -r1.90 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.50 -r1.51 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.40 -r1.41 src/libexec/httpd/cgi-bozo.c
cvs rdiff -u -r1.14 -r1.15 src/libexec/httpd/content-bozo.c \
src/libexec/httpd/tilde-luzah-bozo.c
cvs rdiff -u -r1.17 -r1.18 src/libexec/httpd/daemon-bozo.c
cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.16 -r1.17 src/libexec/httpd/main.c
cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/ssl-bozo.c
cvs rdiff -u -r1.9 -r1.10 src/libexec/httpd/testsuite/Makefile
cvs rdiff -u -r0 -r1.1 src/libexec/httpd/testsuite/t15.in \
src/libexec/httpd/testsuite/t15.out
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.26 src/libexec/httpd/CHANGES:1.27
--- src/libexec/httpd/CHANGES:1.26 Mon Nov 19 04:14:59 2018
+++ src/libexec/httpd/CHANGES Tue Nov 20 01:06:46 2018
@@ -1,10 +1,14 @@
-$NetBSD: CHANGES,v 1.26 2018/11/19 04:14:59 mrg Exp $
+$NetBSD: CHANGES,v 1.27 2018/11/20 01:06:46 mrg Exp $
changes in bozohttpd 20181118:
o add url remap support via .bzremap file, from mar...@netbsd.org
o handle redirections for any protocol, not just http:
o fix a denial of service attack against header contents, which
- is now bounded at 16KiB. reported by JP.
+ is now bounded at 16KiB. reported by JP
+ o reduce default timeouts, and add expand timeouts to handle the
+ initial line, each header, and the total time spent
+ o add -T option to expose new timeout settings
+ o minor RFC fixes related to timeout handling
changes in bozohttpd 20170201:
o fix an infinite loop in cgi processing
Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.19 src/libexec/httpd/auth-bozo.c:1.20
--- src/libexec/httpd/auth-bozo.c:1.19 Mon Nov 19 04:13:09 2018
+++ src/libexec/httpd/auth-bozo.c Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: auth-bozo.c,v 1.19 2018/11/19 04:13:09 mrg Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.20 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.72 src/libexec/httpd/bozohttpd.8:1.73
--- src/libexec/httpd/bozohttpd.8:1.72 Mon Nov 19 04:14:59 2018
+++ src/libexec/httpd/bozohttpd.8 Tue Nov 20 01:06:46 2018
@@ -1,8 +1,8 @@
-.\" $NetBSD: bozohttpd.8,v 1.72 2018/11/19 04:14:59 mrg Exp $
+.\" $NetBSD: bozohttpd.8,v 1.73 2018/11/20 01:06:46 mrg Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
-.\" Copyright (c) 1997-2017 Matthew R. Green
+.\" Copyright (c) 1997-2018 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd August 24, 2018
+.Dd November 19, 2018
.Dt BOZOHTTPD 8
.Os
.Sh NAME
@@ -41,6 +41,7 @@
.Op Fl M Ar suffix type encoding encoding11
.Op Fl P Ar pidfile
.Op Fl S Ar server_software
+.Op Fl T Ar type timeout
.Op Fl U Ar username
.Op Fl Z Ar cert privkey
.Op Fl c Ar cgibin
@@ -236,6 +237,19 @@ Sets the internal server version to
.Ar server_software .
.It Fl s
Forces logging to be set to stderr always.
+.It Fl T Ar type timeout
+Set the timeout for
+.Ar type
+to
+.Ar timeout .
+The valid values of
+.Ar type
+are
+.Dq initial timeout ,
+.Dq header timeout ,
+and
+.Dq request timeout .
+The default values are 30 seconds, 10 seconds and 600 seconds, respectively.
.It Fl t Ar chrootdir
Makes
.Nm
@@ -585,7 +599,7 @@ The focus has always been simplicity and
and regular code audits.
This manual documents
.Nm
-version 20181118.
+version 20181119.
.Sh AUTHORS
.An -nosplit
.Nm
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.89 src/libexec/httpd/bozohttpd.c:1.90
--- src/libexec/httpd/bozohttpd.c:1.89 Mon Nov 19 04:12:22 2018
+++ src/libexec/httpd/bozohttpd.c Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: bozohttpd.c,v 1.89 2018/11/19 04:12:22 mrg Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.90 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2017 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -109,7 +109,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20181118"
+#define SERVER_SOFTWARE "bozohttpd/20181119"
#endif
#ifndef DIRECT_ACCESS_FILE
#define DIRECT_ACCESS_FILE ".bzdirect"
@@ -166,8 +166,19 @@
#include "bozohttpd.h"
-#ifndef MAX_WAIT_TIME
-#define MAX_WAIT_TIME 60 /* hang around for 60 seconds max */
+#ifndef INITIAL_TIMEOUT
+#define INITIAL_TIMEOUT "30" /* wait for 30 seconds initially */
+#endif
+#ifndef HEADER_WAIT_TIME
+#define HEADER_WAIT_TIME "10" /* need more headers every 10 seconds */
+#endif
+#ifndef TOTAL_MAX_REQ_TIME
+#define TOTAL_MAX_REQ_TIME "600" /* must have total request in 600 */
+#endif /* seconds */
+
+/* if monotonic time is not available try real time. */
+#ifndef CLOCK_MONOTONIC
+#define CLOCK_MONOTONIC CLOCK_REALTIME
#endif
/* variables and functions */
@@ -175,7 +186,7 @@
#define LOG_FTP LOG_DAEMON
#endif
-volatile sig_atomic_t alarmhit;
+volatile sig_atomic_t timeout_hit;
/*
* check there's enough space in the prefs and names arrays.
@@ -378,7 +389,34 @@ bozo_clean_request(bozo_httpreq_t *reque
static void
alarmer(int sig)
{
- alarmhit = 1;
+ timeout_hit = 1;
+}
+
+
+/*
+ * set a timeout for "initial", "header", or "request".
+ */
+int
+bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs,
+ const char *target, const char *time)
+{
+ const char *cur, *timeouts[] = {
+ "initial timeout",
+ "header timeout",
+ "request timeout",
+ NULL,
+ };
+ /* adjust minlen if more timeouts appear with conflicting names */
+ const size_t minlen = 1;
+ size_t len = strlen(target);
+
+ for (cur = timeouts[0]; len >= minlen && *cur; cur++) {
+ if (strncmp(target, cur, len) == 0) {
+ bozo_set_pref(httpd, prefs, cur, time);
+ return 0;
+ }
+ }
+ return 1;
}
/*
@@ -575,6 +613,7 @@ bozo_read_request(bozohttpd_t *httpd)
int line = 0;
socklen_t slen;
bozo_httpreq_t *request;
+ struct timespec ots, ts;
/*
* if we're in daemon mode, bozo_daemon_fork() will return here twice
@@ -657,10 +696,39 @@ bozo_read_request(bozohttpd_t *httpd)
sa.sa_flags = 0;
sigaction(SIGALRM, &sa, NULL);
- alarm(MAX_WAIT_TIME);
+
+ if (clock_gettime(CLOCK_MONOTONIC, &ots) != 0) {
+ (void)bozo_http_error(httpd, 500, NULL,
+ "clock_gettime failed");
+ goto cleanup;
+ }
+
+ alarm(httpd->initial_timeout);
while ((str = bozodgetln(httpd, STDIN_FILENO, &len, bozo_read)) != NULL) {
alarm(0);
- if (alarmhit) {
+
+ if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) {
+ (void)bozo_http_error(httpd, 500, NULL,
+ "clock_gettime failed");
+ goto cleanup;
+ }
+ /*
+ * don't timeout if old tv_sec is not more than current
+ * tv_sec, or if current tv_sec is less than the request
+ * timeout (these shouldn't happen, but the first could
+ * if monotonic time is not available.)
+ *
+ * the other timeout and header size checks should ensure
+ * that even if time it set backwards or forwards a very
+ * long way, timeout will eventually happen, even if this
+ * one fails.
+ */
+ if (ts.tv_sec > ots.tv_sec &&
+ ts.tv_sec > httpd->request_timeout &&
+ ts.tv_sec - httpd->request_timeout > ots.tv_sec)
+ timeout_hit = 1;
+
+ if (timeout_hit) {
(void)bozo_http_error(httpd, 408, NULL,
"request timed out");
goto cleanup;
@@ -668,7 +736,6 @@ bozo_read_request(bozohttpd_t *httpd)
line++;
if (line == 1) {
-
if (len < 1) {
(void)bozo_http_error(httpd, 404, NULL,
"null method");
@@ -744,9 +811,16 @@ bozo_read_request(bozohttpd_t *httpd)
request->hr_content_type = hdr->h_value;
else if (strcasecmp(hdr->h_header, "content-length") == 0)
request->hr_content_length = hdr->h_value;
- else if (strcasecmp(hdr->h_header, "host") == 0)
+ else if (strcasecmp(hdr->h_header, "host") == 0) {
+ if (request->hr_host) {
+ /* RFC 7230 (HTTP/1.1): 5.4 */
+ (void)bozo_http_error(httpd, 400, request,
+ "Only allow one Host: header");
+ goto cleanup;
+ }
request->hr_host = bozostrdup(httpd, request,
hdr->h_value);
+ }
/* RFC 2616 (HTTP/1.1): 14.20 */
else if (strcasecmp(hdr->h_header, "expect") == 0) {
(void)bozo_http_error(httpd, 417, request,
@@ -769,7 +843,7 @@ bozo_read_request(bozohttpd_t *httpd)
hdr->h_header, hdr->h_value));
}
next_header:
- alarm(MAX_WAIT_TIME);
+ alarm(httpd->header_timeout);
}
/* now, clear it all out */
@@ -2146,7 +2220,7 @@ bozo_http_error(bozohttpd_t *httpd, int
portbuf[0] = '\0';
if (request && request->hr_file) {
- char *file = NULL, *user = NULL, *user_escaped = NULL;
+ char *file = NULL, *user = NULL;
int file_alloc = 0;
const char *hostname = BOZOHOST(httpd, request);
@@ -2159,6 +2233,8 @@ bozo_http_error(bozohttpd_t *httpd, int
#ifndef NO_USER_SUPPORT
if (request->hr_user != NULL) {
+ char *user_escaped;
+
user_escaped = bozo_escape_html(NULL, request->hr_user);
if (user_escaped == NULL)
user_escaped = request->hr_user;
@@ -2205,6 +2281,9 @@ bozo_http_error(bozohttpd_t *httpd, int
bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
if (request && request->hr_allow)
bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
+ /* RFC 7231 (HTTP/1.1) 6.5.7 */
+ if (code == 408 && request->hr_proto == httpd->consts.http_11)
+ bozo_printf(httpd, "Connection: close\r\n");
bozo_printf(httpd, "\r\n");
/* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a
* message-body in the response */
@@ -2399,16 +2478,26 @@ bozo_init_httpd(bozohttpd_t *httpd)
int
bozo_init_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
{
+ int rv = 0;
+
/* make sure everything is clean */
(void) memset(prefs, 0x0, sizeof(*prefs));
/* set up default values */
- if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE) ||
- !bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML) ||
- !bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML))
- return 0;
+ if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "initial timeout", INITIAL_TIMEOUT))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME))
+ rv = 1;
+ if (!bozo_set_pref(httpd, prefs, "request timeout", TOTAL_MAX_REQ_TIME))
+ rv = 1;
- return 1;
+ return rv;
}
/* set default values */
@@ -2501,6 +2590,15 @@ bozo_setup(bozohttpd_t *httpd, bozoprefs
if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
httpd->public_html = bozostrdup(httpd, NULL, cp);
}
+ if ((cp = bozo_get_pref(prefs, "initial timeout")) != NULL) {
+ httpd->initial_timeout = atoi(cp);
+ }
+ if ((cp = bozo_get_pref(prefs, "header timeout")) != NULL) {
+ httpd->header_timeout = atoi(cp);
+ }
+ if ((cp = bozo_get_pref(prefs, "request timeout")) != NULL) {
+ httpd->request_timeout = atoi(cp);
+ }
httpd->server_software =
bozostrdup(httpd, NULL, bozo_get_pref(prefs, "server software"));
httpd->index_html =
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.50 src/libexec/httpd/bozohttpd.h:1.51
--- src/libexec/httpd/bozohttpd.h:1.50 Mon Nov 19 04:12:22 2018
+++ src/libexec/httpd/bozohttpd.h Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: bozohttpd.h,v 1.50 2018/11/19 04:12:22 mrg Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.51 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2017 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -117,6 +117,9 @@ typedef struct bozohttpd_t {
int hide_dots; /* hide .* */
int process_cgi; /* use the cgi handler */
char *cgibin; /* cgi-bin directory */
+ unsigned initial_timeout;/* first line timeout */
+ unsigned header_timeout; /* header lines timeout */
+ unsigned request_timeout;/* total session timeout */
#ifndef NO_LUA_SUPPORT
int process_lua; /* use the Lua handler */
SIMPLEQ_HEAD(, lua_state_map) lua_states;
@@ -326,10 +329,10 @@ void bozo_daemon_closefds(bozohttpd_t *)
/* tilde-luzah-bozo.c */
#ifdef NO_USER_SUPPORT
#define bozo_user_transform(x) 0
-#define bozo_user_free(x) 0
+#define bozo_user_free(x) /* nothing */
#else
int bozo_user_transform(bozo_httpreq_t *);
-#define bozo_user_free(x) free(x)
+#define bozo_user_free(x) free(x)
#endif /* NO_USER_SUPPORT */
@@ -365,6 +368,7 @@ int bozo_setup(bozohttpd_t *, bozoprefs_
bozo_httpreq_t *bozo_read_request(bozohttpd_t *);
void bozo_process_request(bozo_httpreq_t *);
void bozo_clean_request(bozo_httpreq_t *);
+int bozo_set_timeout(bozohttpd_t *, bozoprefs_t *, const char *, const char *);
bozoheaders_t *addmerge_reqheader(bozo_httpreq_t *, const char *,
const char *, ssize_t);
bozoheaders_t *addmerge_replheader(bozo_httpreq_t *, const char *,
Index: src/libexec/httpd/cgi-bozo.c
diff -u src/libexec/httpd/cgi-bozo.c:1.40 src/libexec/httpd/cgi-bozo.c:1.41
--- src/libexec/httpd/cgi-bozo.c:1.40 Sun Nov 18 11:22:11 2018
+++ src/libexec/httpd/cgi-bozo.c Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: cgi-bozo.c,v 1.40 2018/11/18 11:22:11 mrg Exp $ */
+/* $NetBSD: cgi-bozo.c,v 1.41 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2017 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/content-bozo.c
diff -u src/libexec/httpd/content-bozo.c:1.14 src/libexec/httpd/content-bozo.c:1.15
--- src/libexec/httpd/content-bozo.c:1.14 Tue Jul 19 09:27:40 2016
+++ src/libexec/httpd/content-bozo.c Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: content-bozo.c,v 1.14 2016/07/19 09:27:40 shm Exp $ */
+/* $NetBSD: content-bozo.c,v 1.15 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: content-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2015 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/tilde-luzah-bozo.c
diff -u src/libexec/httpd/tilde-luzah-bozo.c:1.14 src/libexec/httpd/tilde-luzah-bozo.c:1.15
--- src/libexec/httpd/tilde-luzah-bozo.c:1.14 Mon Dec 28 07:37:59 2015
+++ src/libexec/httpd/tilde-luzah-bozo.c Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: tilde-luzah-bozo.c,v 1.14 2015/12/28 07:37:59 mrg Exp $ */
+/* $NetBSD: tilde-luzah-bozo.c,v 1.15 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: tilde-luzah-bozo.c,v 1.16 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/daemon-bozo.c
diff -u src/libexec/httpd/daemon-bozo.c:1.17 src/libexec/httpd/daemon-bozo.c:1.18
--- src/libexec/httpd/daemon-bozo.c:1.17 Mon Dec 28 07:37:59 2015
+++ src/libexec/httpd/daemon-bozo.c Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: daemon-bozo.c,v 1.17 2015/12/28 07:37:59 mrg Exp $ */
+/* $NetBSD: daemon-bozo.c,v 1.18 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: daemon-bozo.c,v 1.24 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.25 src/libexec/httpd/dir-index-bozo.c:1.26
--- src/libexec/httpd/dir-index-bozo.c:1.25 Tue Dec 29 04:21:46 2015
+++ src/libexec/httpd/dir-index-bozo.c Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: dir-index-bozo.c,v 1.25 2015/12/29 04:21:46 mrg Exp $ */
+/* $NetBSD: dir-index-bozo.c,v 1.26 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.16 src/libexec/httpd/main.c:1.17
--- src/libexec/httpd/main.c:1.16 Tue Oct 4 18:33:00 2016
+++ src/libexec/httpd/main.c Tue Nov 20 01:06:46 2018
@@ -1,10 +1,10 @@
-/* $NetBSD: main.c,v 1.16 2016/10/04 18:33:00 mrg Exp $ */
+/* $NetBSD: main.c,v 1.17 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */
/* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */
/*
- * Copyright (c) 1997-2016 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -54,72 +54,132 @@
#define LOG_FTP LOG_DAEMON
#endif
-/* print a usage message, and then exit */
-BOZO_DEAD static void
-usage(bozohttpd_t *httpd, char *progname)
-{
- bozowarn(httpd, "usage: %s [options] slashdir [virtualhostname]",
- progname);
- bozowarn(httpd, "options:");
-#ifndef NO_DEBUG
- bozowarn(httpd, " -d\t\t\tenable debug support");
-#endif
- bozowarn(httpd, " -s\t\t\talways log to stderr");
-#ifndef NO_DYNAMIC_CONTENT
- bozowarn(httpd, " -M arg t c c11\tadd this mime extenstion");
+#ifdef NO_DAEMON_MODE
+#define have_daemon_mode (0)
+#else
+#define have_daemon_mode (1)
#endif
-#ifndef NO_USER_SUPPORT
- bozowarn(httpd, " -u\t\t\tenable ~user/public_html support");
- bozowarn(httpd, " -p dir\t\tchange `public_html' directory name");
-#ifndef NO_CGIBIN_SUPPORT
- bozowarn(httpd, " -E\t\t\tenable CGI support for user dirs");
+
+#ifdef NO_DEBUG
+#define have_debug (0)
+#else
+#define have_debug (1)
#endif
+
+#ifdef NO_USER_SUPPORT
+#define have_user (0)
+#else
+#define have_user (1)
#endif
-#ifndef NO_CGIBIN_SUPPORT
-#ifndef NO_DYNAMIC_CONTENT
- bozowarn(httpd, " -C arg prog\t\tadd this CGI handler");
+
+#ifdef NO_CGIBIN_SUPPORT
+#define have_cgibin (0)
+#else
+#define have_cgibin (1)
#endif
- bozowarn(httpd,
- " -c cgibin\t\tenable cgi-bin support in this directory");
+
+#ifdef NO_DYNAMIC_CONTENT
+#define have_dynamic_content (0)
+#else
+#define have_dynamic_content (1)
#endif
-#ifndef NO_LUA_SUPPORT
- bozowarn(httpd, " -L arg script\tadd this Lua script");
+
+#ifdef NO_LUA_SUPPORT
+#define have_lua (0)
+#else
+#define have_lua (1)
#endif
- bozowarn(httpd, " -I port\t\tbind or use on this port");
-#ifndef NO_DAEMON_MODE
- bozowarn(httpd, " -b\t\t\tbackground and go into daemon mode");
- bozowarn(httpd, " -f\t\t\tkeep daemon mode in the foreground");
- bozowarn(httpd,
- " -i address\t\tbind on this address (daemon mode only)");
- bozowarn(httpd, " -P pidfile\t\tpath to the pid file to create");
+
+#ifdef NO_DIRINDEX_SUPPORT
+#define have_dirindex (0)
+#else
+#define have_dirindex (1)
#endif
- bozowarn(httpd, " -S version\t\tset server version string");
- bozowarn(httpd, " -t dir\t\tchroot to `dir'");
- bozowarn(httpd, " -U username\t\tchange user to `user'");
- bozowarn(httpd,
- " -e\t\t\tdon't clean the environment (-t and -U only)");
- bozowarn(httpd,
- " -v virtualroot\tenable virtual host support "
- "in this directory");
- bozowarn(httpd, " -V\t\tUnknown virtual hosts go to `slashdir'");
-#ifndef NO_DIRINDEX_SUPPORT
- bozowarn(httpd,
- " -X\t\t\tenable automatic directory index support");
- bozowarn(httpd,
- " -H\t\t\thide files starting with a period (.)"
- " in index mode");
+
+#ifdef NO_SSL_SUPPORT
+#define have_ssl (0)
+#else
+#define have_ssl (1)
#endif
- bozowarn(httpd,
- " -x index\t\tchange default `index.html' file name");
-#ifndef NO_SSL_SUPPORT
- bozowarn(httpd,
- " -z ciphers\t\tspecify SSL ciphers");
- bozowarn(httpd,
- " -Z cert privkey\tspecify path to server certificate"
- " and private key file\n"
- "\t\t\tin pem format and enable bozohttpd in SSL mode");
-#endif /* NO_SSL_SUPPORT */
- bozowarn(httpd, " -G print version number and exit");
+
+#define have_all (1)
+
+/* print a usage message, and then exit */
+BOZO_DEAD static void
+usage(bozohttpd_t *httpd, char *progname)
+{
+ bozowarn(httpd, "usage: %s [options] slashdir [virtualhostname]",
+ progname);
+ bozowarn(httpd, "options:");
+
+ if (have_daemon_mode)
+ bozowarn(httpd, " -b\t\t\tbackground and go into daemon mode");
+ if (have_cgibin &&
+ have_dynamic_content)
+ bozowarn(httpd, " -C arg prog\t\tadd this CGI handler");
+ if (have_cgibin)
+ bozowarn(httpd, " -c cgibin\t\tenable cgi-bin support in "
+ "this directory");
+ if (have_debug)
+ bozowarn(httpd, " -d\t\t\tenable debug support");
+ if (have_cgibin)
+ bozowarn(httpd, " -E\t\t\tenable CGI support for user dirs");
+ if (have_user &&
+ have_cgibin)
+ bozowarn(httpd, " -e\t\t\tdon't clean the environment "
+ "(-t and -U only)");
+ if (have_daemon_mode)
+ bozowarn(httpd, " -f\t\t\tforeground in daemon mode");
+ if (have_all)
+ bozowarn(httpd, " -G print version number and exit");
+ if (have_dirindex)
+ bozowarn(httpd, " -H\t\t\thide files starting with a period "
+ "(.) in index mode");
+ if (have_all)
+ bozowarn(httpd, " -I port\t\tbind or use on this port");
+ if (have_daemon_mode)
+ bozowarn(httpd, " -i address\t\tbind on this address "
+ "(daemon mode only)");
+ if (have_lua)
+ bozowarn(httpd, " -L arg script\tadd this Lua script");
+ if (have_dynamic_content)
+ bozowarn(httpd, " -M arg t c c11\tadd this mime extenstion");
+ if (have_daemon_mode)
+ bozowarn(httpd, " -P pidfile\t\tpid file path");
+ if (have_user)
+ bozowarn(httpd, " -p dir\t\t\"public_html\" directory name");
+
+ if (have_all) {
+ bozowarn(httpd, " -S version\t\tset server version string");
+ bozowarn(httpd, " -s\t\t\talways log to stderr");
+ bozowarn(httpd, " -T type timeout\tset `type' timeout");
+ bozowarn(httpd, " -t dir\t\tchroot to `dir'");
+ bozowarn(httpd, " -U username\t\tchange user to `user'");
+ }
+ if (have_user)
+ bozowarn(httpd, " -u\t\t\tenable ~user/public_html support");
+
+ if (have_all) {
+ bozowarn(httpd, " -V\t\t\tUnknown virtual hosts go to "
+ "`slashdir'");
+ bozowarn(httpd, " -v virtualroot\tenable virtual host "
+ "support in this directory");
+ }
+
+ if (have_dirindex)
+ bozowarn(httpd, " -X\t\t\tdirectory index support");
+ if (have_all)
+ bozowarn(httpd, " -x index\t\tdefault \"index.html\" "
+ "file name");
+
+ if (have_ssl) {
+ bozowarn(httpd, " -Z cert privkey\tspecify path to server "
+ "certificate and private key file\n"
+ "\t\t\tin pem format and enable bozohttpd in "
+ "SSL mode");
+ bozowarn(httpd, " -z ciphers\t\tspecify SSL ciphers");
+ }
+
bozoerr(httpd, 1, "%s failed to start", progname);
}
@@ -130,7 +190,9 @@ main(int argc, char **argv)
bozohttpd_t httpd;
bozoprefs_t prefs;
char *progname;
+#ifndef NO_DAEMON_MODE
const char *val;
+#endif
int c;
(void) memset(&httpd, 0x0, sizeof(httpd));
@@ -150,7 +212,7 @@ main(int argc, char **argv)
*/
while ((c = getopt(argc, argv,
- "C:EGHI:L:M:P:S:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
+ "C:EGHI:L:M:P:S:T:U:VXZ:bc:defhi:np:st:uv:x:z:")) != -1) {
switch (c) {
case 'L':
@@ -172,7 +234,7 @@ main(int argc, char **argv)
"dynamic mime content support is not enabled");
/* NOTREACHED */
#else
- /* make sure there's four arguments */
+ /* make sure there're four arguments */
if (argc - optind < 3)
usage(&httpd, progname);
bozo_add_content_map_mime(&httpd, optarg, argv[optind],
@@ -362,6 +424,19 @@ main(int argc, char **argv)
}
return 0;
+ case 'T':
+ /* make sure there're two arguments */
+ if (argc - optind < 1)
+ usage(&httpd, progname);
+ if (bozo_set_timeout(&httpd, &prefs,
+ optarg, argv[optind])) {
+ bozoerr(&httpd, 1,
+ "invalid type '%s'", optarg);
+ /* NOTREACHED */
+ }
+ optind++;
+ break;
+
default:
usage(&httpd, progname);
/* NOTREACHED */
Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.23 src/libexec/httpd/ssl-bozo.c:1.24
--- src/libexec/httpd/ssl-bozo.c:1.23 Tue Feb 6 15:48:46 2018
+++ src/libexec/httpd/ssl-bozo.c Tue Nov 20 01:06:46 2018
@@ -1,9 +1,9 @@
-/* $NetBSD: ssl-bozo.c,v 1.23 2018/02/06 15:48:46 christos Exp $ */
+/* $NetBSD: ssl-bozo.c,v 1.24 2018/11/20 01:06:46 mrg Exp $ */
/* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2014 Matthew R. Green
+ * Copyright (c) 1997-2018 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/testsuite/Makefile
diff -u src/libexec/httpd/testsuite/Makefile:1.9 src/libexec/httpd/testsuite/Makefile:1.10
--- src/libexec/httpd/testsuite/Makefile:1.9 Mon Nov 19 04:12:22 2018
+++ src/libexec/httpd/testsuite/Makefile Tue Nov 20 01:06:46 2018
@@ -1,6 +1,6 @@
# $eterna: Makefile,v 1.14 2009/05/22 21:51:39 mrg Exp $
-SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14
+SIMPLETESTS= t1 t2 t3 t4 t5 t6 t7 t8 t9 t10 t12 t13 t14 t15
CGITESTS= t11
BIGFILETESTS= partial4000 partial8000
Added files:
Index: src/libexec/httpd/testsuite/t15.in
diff -u /dev/null src/libexec/httpd/testsuite/t15.in:1.1
--- /dev/null Tue Nov 20 01:06:47 2018
+++ src/libexec/httpd/testsuite/t15.in Tue Nov 20 01:06:46 2018
@@ -0,0 +1,4 @@
+GET / HTTP/1.1
+Host:
+Host:
+
Index: src/libexec/httpd/testsuite/t15.out
diff -u /dev/null src/libexec/httpd/testsuite/t15.out:1.1
--- /dev/null Tue Nov 20 01:06:47 2018
+++ src/libexec/httpd/testsuite/t15.out Tue Nov 20 01:06:46 2018
@@ -0,0 +1,11 @@
+HTTP/1.1 400 Bad Request
+Content-Type: text/html
+Content-Length: 224
+Server: bozohttpd/20181118
+Allow: GET, HEAD, POST
+
+<html><head><title>400 Bad Request</title></head>
+<body><h1>400 Bad Request</h1>
+/: <pre>The request was not valid</pre>
+<hr><address><a href="//space-bird.eterna23.net/">space-bird.eterna23.net</a></address>
+</body></html>
