httpd

matthew green Mon, 21 Jan 2019 21:33:29 -0800

Module Name:    src
Committed By:   mrg
Date:           Tue Jan 22 05:32:57 UTC 2019


Modified Files:
        src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.c bozohttpd.h
            dir-index-bozo.c

Log Message:
o  don't display special files in the directory index.  they aren't
   served, but links to them are generated.


To generate a diff of this commit:
cvs rdiff -u -r1.36 -r1.37 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.22 -r1.23 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.110 -r1.111 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.57 -r1.58 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.30 -r1.31 src/libexec/httpd/dir-index-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.36 src/libexec/httpd/CHANGES:1.37
--- src/libexec/httpd/CHANGES:1.36	Thu Jan 17 07:46:16 2019
+++ src/libexec/httpd/CHANGES	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,8 @@
-$NetBSD: CHANGES,v 1.36 2019/01/17 07:46:16 mrg Exp $
+$NetBSD: CHANGES,v 1.37 2019/01/22 05:32:57 mrg Exp $
+
+changes in bozohttpd 20190121:
+	o  don't display special files in the directory index.  they aren't
+	   served, but links to them are generated.
 
 changes in bozohttpd 20190116:
 	o  fix CGI '+' parameter handling, some error checking, and a double

Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.22 src/libexec/httpd/auth-bozo.c:1.23
--- src/libexec/httpd/auth-bozo.c:1.22	Thu Nov 22 08:54:08 2018
+++ src/libexec/httpd/auth-bozo.c	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-bozo.c,v 1.22 2018/11/22 08:54:08 mrg Exp $	*/
+/*	$NetBSD: auth-bozo.c,v 1.23 2019/01/22 05:32:57 mrg Exp $	*/
 
 /*	$eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -64,7 +64,7 @@ bozo_auth_check(bozo_httpreq_t *request,
 		strcpy(dir, ".");
 	else {
 		*basename++ = '\0';
-		if (bozo_check_special_files(request, basename))
+		if (bozo_check_special_files(request, basename, true))
 			return 1;
 	}
 	request->hr_authrealm = bozostrdup(httpd, request, dir);

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.110 src/libexec/httpd/bozohttpd.c:1.111
--- src/libexec/httpd/bozohttpd.c:1.110	Fri Jan 18 06:04:10 2019
+++ src/libexec/httpd/bozohttpd.c	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.110 2019/01/18 06:04:10 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.111 2019/01/22 05:32:57 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -109,7 +109,7 @@
 #define INDEX_HTML		"index.html"
 #endif
 #ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE		"bozohttpd/20190116"
+#define SERVER_SOFTWARE		"bozohttpd/20190121"
 #endif
 #ifndef PUBLIC_HTML
 #define PUBLIC_HTML		"public_html"
@@ -140,7 +140,6 @@
 #include <signal.h>
 #include <stdarg.h>
 #include <stdlib.h>
-#include <stdbool.h>
 #include <strings.h>
 #include <string.h>
 #include <syslog.h>
@@ -1461,7 +1460,7 @@ check_bzredirect(bozo_httpreq_t *request
 		*basename++ = '\0';
 		strcpy(path, dir);
 	}
-	if (bozo_check_special_files(request, basename))
+	if (bozo_check_special_files(request, basename, true))
 		return -1;
 
 	debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path));
@@ -1913,17 +1912,24 @@ bozo_process_request(bozo_httpreq_t *req
 
 /* make sure we're not trying to access special files */
 int
-bozo_check_special_files(bozo_httpreq_t *request, const char *name)
+bozo_check_special_files(bozo_httpreq_t *request, const char *name, bool doerror)
 {
 	bozohttpd_t *httpd = request->hr_httpd;
 	size_t i;
+	int error = 0;
 
-	for (i = 0; specials[i].file; i++)
-		if (strcmp(name, specials[i].file) == 0)
-			return bozo_http_error(httpd, 403, request,
+	for (i = 0; specials[i].file; i++) {
+		if (strcmp(name, specials[i].file) == 0) {
+			if (doerror) {
+				error = bozo_http_error(httpd, 403, request,
 					       specials[i].name);
+			} else {
+				error = -1;
+			}
+		}
+	}
 
-	return 0;
+	return error;
 }
 
 /* generic header printing routine */

Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.57 src/libexec/httpd/bozohttpd.h:1.58
--- src/libexec/httpd/bozohttpd.h:1.57	Sat Nov 24 13:02:46 2018
+++ src/libexec/httpd/bozohttpd.h	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.h,v 1.57 2018/11/24 13:02:46 christos Exp $	*/
+/*	$NetBSD: bozohttpd.h,v 1.58 2019/01/22 05:32:57 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -34,6 +34,8 @@
 
 #include "netbsd_queue.h"
 
+#include <stdbool.h>
+
 #include <sys/stat.h>
 
 #ifndef NO_LUA_SUPPORT
@@ -259,7 +261,7 @@ void	debug__(bozohttpd_t *, int, const c
 /* be sure to always return this error up */
 int	bozo_http_error(bozohttpd_t *, int, bozo_httpreq_t *, const char *);
 
-int	bozo_check_special_files(bozo_httpreq_t *, const char *) BOZO_CHECKRET;
+int	bozo_check_special_files(bozo_httpreq_t *, const char *, bool) BOZO_CHECKRET;
 char	*bozo_http_date(char *, size_t);
 void	bozo_print_header(bozo_httpreq_t *, struct stat *, const char *,
 			  const char *);

Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.30 src/libexec/httpd/dir-index-bozo.c:1.31
--- src/libexec/httpd/dir-index-bozo.c:1.30	Thu Jan 17 07:46:16 2019
+++ src/libexec/httpd/dir-index-bozo.c	Tue Jan 22 05:32:57 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: dir-index-bozo.c,v 1.30 2019/01/17 07:46:16 mrg Exp $	*/
+/*	$NetBSD: dir-index-bozo.c,v 1.31 2019/01/22 05:32:57 mrg Exp $	*/
 
 /*	$eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -148,6 +148,9 @@ bozo_dir_index(bozo_httpreq_t *request, 
 		     httpd->hide_dots && name[0] == '.'))
 			continue;
 
+		if (bozo_check_special_files(request, name, false))
+			continue;
+
 		snprintf(buf, sizeof buf, "%s/%s", dirpath, name);
 		if (stat(buf, &sb))
 			nostat = 1;

CVS commit: src/libexec/httpd

Reply via email to