Module Name: src
Committed By: mrg
Date: Thu Oct 15 02:19:24 UTC 2020
Modified Files:
src/libexec/httpd: CHANGES auth-bozo.c bozohttpd.8 bozohttpd.c
bozohttpd.h dir-index-bozo.c main.c ssl-bozo.c
Log Message:
set -D_GNU_SOURCE in Makefile.boot. from [email protected].
also match %2F as well as %2f. from [email protected].
introduce defines for "80" and "443". copyright maint.
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/libexec/httpd/CHANGES
cvs rdiff -u -r1.25 -r1.26 src/libexec/httpd/auth-bozo.c
cvs rdiff -u -r1.84 -r1.85 src/libexec/httpd/bozohttpd.8
cvs rdiff -u -r1.121 -r1.122 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.63 -r1.64 src/libexec/httpd/bozohttpd.h
cvs rdiff -u -r1.33 -r1.34 src/libexec/httpd/dir-index-bozo.c
cvs rdiff -u -r1.23 -r1.24 src/libexec/httpd/main.c
cvs rdiff -u -r1.27 -r1.28 src/libexec/httpd/ssl-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/libexec/httpd/CHANGES
diff -u src/libexec/httpd/CHANGES:1.42 src/libexec/httpd/CHANGES:1.43
--- src/libexec/httpd/CHANGES:1.42 Sat Sep 12 12:39:28 2020
+++ src/libexec/httpd/CHANGES Thu Oct 15 02:19:23 2020
@@ -1,4 +1,11 @@
-$NetBSD: CHANGES,v 1.42 2020/09/12 12:39:28 rhialto Exp $
+$NetBSD: CHANGES,v 1.43 2020/10/15 02:19:23 mrg Exp $
+
+changes in bozohttpd 20201014:
+ o also set -D_GNU_SOURCE in Makefile.boot. from
+ [email protected].
+ o fix array size botch (assertion, not exploitable.) from
+ [email protected].
+ o also match %2F as well as %2f. from [email protected].
changes in bozohttpd 20200912:
o add .m4a and .m4v file extensions.
Index: src/libexec/httpd/auth-bozo.c
diff -u src/libexec/httpd/auth-bozo.c:1.25 src/libexec/httpd/auth-bozo.c:1.26
--- src/libexec/httpd/auth-bozo.c:1.25 Sat Jul 11 08:10:52 2020
+++ src/libexec/httpd/auth-bozo.c Thu Oct 15 02:19:23 2020
@@ -1,9 +1,9 @@
-/* $NetBSD: auth-bozo.c,v 1.25 2020/07/11 08:10:52 jruoho Exp $ */
+/* $NetBSD: auth-bozo.c,v 1.26 2020/10/15 02:19:23 mrg Exp $ */
/* $eterna: auth-bozo.c,v 1.17 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/bozohttpd.8
diff -u src/libexec/httpd/bozohttpd.8:1.84 src/libexec/httpd/bozohttpd.8:1.85
--- src/libexec/httpd/bozohttpd.8:1.84 Thu Aug 20 07:55:10 2020
+++ src/libexec/httpd/bozohttpd.8 Thu Oct 15 02:19:23 2020
@@ -1,8 +1,8 @@
-.\" $NetBSD: bozohttpd.8,v 1.84 2020/08/20 07:55:10 mrg Exp $
+.\" $NetBSD: bozohttpd.8,v 1.85 2020/10/15 02:19:23 mrg Exp $
.\"
.\" $eterna: bozohttpd.8,v 1.101 2011/11/18 01:25:11 mrg Exp $
.\"
-.\" Copyright (c) 1997-2019 Matthew R. Green
+.\" Copyright (c) 1997-2020 Matthew R. Green
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd July 11, 2020
+.Dd October 14, 2020
.Dt BOZOHTTPD 8
.Os
.Sh NAME
@@ -642,7 +642,7 @@ The focus has always been simplicity and
and regular code audits.
This manual documents
.Nm
-version 20190116.
+version 20201014.
.Sh AUTHORS
.An -nosplit
.Nm
Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.121 src/libexec/httpd/bozohttpd.c:1.122
--- src/libexec/httpd/bozohttpd.c:1.121 Sat Sep 5 13:38:24 2020
+++ src/libexec/httpd/bozohttpd.c Thu Oct 15 02:19:23 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.121 2020/09/05 13:38:24 mrg Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.122 2020/10/15 02:19:23 mrg Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -109,7 +109,7 @@
#define INDEX_HTML "index.html"
#endif
#ifndef SERVER_SOFTWARE
-#define SERVER_SOFTWARE "bozohttpd/20200820"
+#define SERVER_SOFTWARE "bozohttpd/20201014"
#endif
#ifndef PUBLIC_HTML
#define PUBLIC_HTML "public_html"
@@ -651,7 +651,7 @@ bozo_read_request(bozohttpd_t *httpd)
* if passed through a proxy that doesn't rewrite the port.
*/
if (httpd->bindport) {
- if (strcmp(httpd->bindport, "80") != 0)
+ if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0)
port = httpd->bindport;
else
port = NULL;
@@ -1099,7 +1099,7 @@ handle_redirect(bozo_httpreq_t *request,
hostname = "";
portbuf[0] = '\0';
} else {
- const char *defport = httpd->sslinfo ? "443" : "80";
+ const char *defport = httpd->sslinfo ? BOZO_HTTPS_PORT : BOZO_HTTP_PORT;
if (request->hr_serverport &&
strcmp(request->hr_serverport, defport) != 0)
@@ -1335,7 +1335,8 @@ check_virtual(bozo_httpreq_t *request)
* canonicalise hr_host - that is, remove any :80.
*/
len = strlen(request->hr_host);
- if (len > 3 && strcmp(request->hr_host + len - 3, ":80") == 0) {
+ if (len > 3 &&
+ strcmp(request->hr_host + len - 3, ":" BOZO_HTTP_PORT) == 0) {
request->hr_host[len - 3] = '\0';
len = strlen(request->hr_host);
}
@@ -1554,7 +1555,7 @@ bozo_decode_url_percent(bozo_httpreq_t *
if (s[1] == '0' && s[2] == '0')
return bozo_http_error(httpd, 404, request,
"percent hack was %00");
- if (s[1] == '2' && s[2] == 'f')
+ if (s[1] == '2' && (s[2] == 'f' || s[2] == 'F'))
return bozo_http_error(httpd, 404, request,
"percent hack was %2f (/)");
@@ -2213,7 +2214,7 @@ bozo_http_error(bozohttpd_t *httpd, int
}
if (request && request->hr_serverport &&
- strcmp(request->hr_serverport, "80") != 0)
+ strcmp(request->hr_serverport, BOZO_HTTP_PORT) != 0)
snprintf(portbuf, sizeof(portbuf), ":%s",
request->hr_serverport);
else
Index: src/libexec/httpd/bozohttpd.h
diff -u src/libexec/httpd/bozohttpd.h:1.63 src/libexec/httpd/bozohttpd.h:1.64
--- src/libexec/httpd/bozohttpd.h:1.63 Thu Aug 20 05:46:31 2020
+++ src/libexec/httpd/bozohttpd.h Thu Oct 15 02:19:23 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.h,v 1.63 2020/08/20 05:46:31 spz Exp $ */
+/* $NetBSD: bozohttpd.h,v 1.64 2020/10/15 02:19:23 mrg Exp $ */
/* $eterna: bozohttpd.h,v 1.39 2011/11/18 09:21:15 mrg Exp $ */
@@ -253,6 +253,9 @@ void debug__(bozohttpd_t *, int, const c
#define have_debug (1)
#endif /* NO_DEBUG */
+#define BOZO_HTTP_PORT "80"
+#define BOZO_HTTPS_PORT "443"
+
/*
* bozohttpd special files. avoid serving these out.
*
Index: src/libexec/httpd/dir-index-bozo.c
diff -u src/libexec/httpd/dir-index-bozo.c:1.33 src/libexec/httpd/dir-index-bozo.c:1.34
--- src/libexec/httpd/dir-index-bozo.c:1.33 Mon Jul 6 23:31:36 2020
+++ src/libexec/httpd/dir-index-bozo.c Thu Oct 15 02:19:23 2020
@@ -1,9 +1,9 @@
-/* $NetBSD: dir-index-bozo.c,v 1.33 2020/07/06 23:31:36 jmcneill Exp $ */
+/* $NetBSD: dir-index-bozo.c,v 1.34 2020/10/15 02:19:23 mrg Exp $ */
/* $eterna: dir-index-bozo.c,v 1.20 2011/11/18 09:21:15 mrg Exp $ */
/*
- * Copyright (c) 1997-2019 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/main.c
diff -u src/libexec/httpd/main.c:1.23 src/libexec/httpd/main.c:1.24
--- src/libexec/httpd/main.c:1.23 Mon Jul 6 23:31:36 2020
+++ src/libexec/httpd/main.c Thu Oct 15 02:19:23 2020
@@ -1,10 +1,10 @@
-/* $NetBSD: main.c,v 1.23 2020/07/06 23:31:36 jmcneill Exp $ */
+/* $NetBSD: main.c,v 1.24 2020/10/15 02:19:23 mrg Exp $ */
/* $eterna: main.c,v 1.6 2011/11/18 09:21:15 mrg Exp $ */
/* from: eterna: bozohttpd.c,v 1.159 2009/05/23 02:14:30 mrg Exp */
/*
- * Copyright (c) 1997-2018 Matthew R. Green
+ * Copyright (c) 1997-2020 Matthew R. Green
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Index: src/libexec/httpd/ssl-bozo.c
diff -u src/libexec/httpd/ssl-bozo.c:1.27 src/libexec/httpd/ssl-bozo.c:1.28
--- src/libexec/httpd/ssl-bozo.c:1.27 Thu Aug 20 05:46:31 2020
+++ src/libexec/httpd/ssl-bozo.c Thu Oct 15 02:19:23 2020
@@ -1,4 +1,4 @@
-/* $NetBSD: ssl-bozo.c,v 1.27 2020/08/20 05:46:31 spz Exp $ */
+/* $NetBSD: ssl-bozo.c,v 1.28 2020/10/15 02:19:23 mrg Exp $ */
/* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */
@@ -328,7 +328,7 @@ bozo_ssl_set_opts(bozohttpd_t *httpd, co
sslinfo->certificate_file,
sslinfo->privatekey_file));
if (!httpd->bindport)
- httpd->bindport = bozostrdup(httpd, NULL, "https");
+ httpd->bindport = bozostrdup(httpd, NULL, BOZO_HTTPS_PORT);
}
void
