phoebos/vger
1
0
Fork 0
forked from solene/vger
Code Issues Pull Requests Projects Releases Wiki Activity
106 Commits 3 Branches 0 Tags 137 KiB
query_string_slashes
Commit Graph

60 Commits

Author SHA1 Message Date
aabacchus
394b86bca8
remove any query_string before chdir 
a query string could contain a '/' character, which would make vger try
to chdir to an incorrect directory. remove the query_string before this,
and before percent-decoding (in case there is an encoded '?'). This
should happen even if we are not doing cgi, because some clients might
send a query_string anyway, which should be ignored.
 2022-03-19 14:49:44 +00:00
prx
15d09d2c01 fix user chroot issue + style 2021-10-21 11:41:22 +02:00
prx
f8aff7fe05 fix cgi error (file not found) and useless 'unveil' pledge promise 2021-04-30 09:38:12 +02:00
prx
4972df5999 Fix virtualhost support changing the way request is parsed 2021-03-22 21:44:23 +01:00
prx
de52acecfc Merge branch 'master' of tildegit.org:solene/vger 2021-03-09 20:37:46 +01:00
Omar Polo
ee8569c6e6 simplify cgi function 
Don't fork+execlp the script.  There's no need to do so since on exec
the new process will inherit our file descriptor table (and hence our
stdout), so copying from its stdout to ours is just a waste of time.
This allows to drop the ``proc'' pledge(2) promise and to (slightly)
improve performance.
 2021-03-09 19:14:42 +01:00
Omar Polo
16a5ed7b30 drop unnecessary unveil(NULL, NULL) 
the next line is a call to pledge, that alone is will block further
calls to unveil(2) since ``unveil'' isn't in the set of pledges.
 2021-03-09 19:14:42 +01:00
Omar Polo
cbcf4ec9b6 fix redirect when vhost support is enabled 2021-03-09 19:14:42 +01:00
Omar Polo
7431d3eeec Use the correct error codes and meaningful explanations 
Introduce status_error: it's like status or status_redirect but for
errors, thus it doesn't add ``;lang=$lang'' at the end.
 2021-03-09 19:14:42 +01:00
prx
e9be1b73a7 percent-decode uri 2021-03-02 10:06:09 +01:00
prx
e87b36c991 check request length for empty and too long 2021-03-02 10:04:04 +01:00
Solene Rapenne
e3b5fb2ab3 Revert "deal with too small/long requests" 
This reverts commit efa1f639fc.
 2021-03-01 19:35:41 +01:00
Solene Rapenne
9525d66afb Revert "follow spec, fread() get nmemb-1" 
This reverts commit fbacb35170.
 2021-03-01 19:35:37 +01:00
Solene Rapenne
d086262d1a Revert "empty request should works all the time, not only when in virtualhost" 
This broke vger from inetd but it passed the tests.

This reverts commit 7b0686bdfa.
 2021-03-01 19:35:17 +01:00
Solene Rapenne
7b0686bdfa empty request should works all the time, not only when in virtualhost 2021-02-27 19:59:28 +01:00
prx
fbacb35170 follow spec, fread() get nmemb-1 2021-02-25 20:30:30 +01:00
prx
efa1f639fc deal with too small/long requests 2021-02-25 18:37:48 +01:00
Solene Rapenne
458592594e Repair chroot, the only feature that isn't covered by tests 2021-02-23 23:24:12 +01:00
prx
55042768e5 restore parent link in autoindex and add comments 2021-01-31 22:05:48 +01:00
prx
de7cd12f9f ignore after ? and make cgi+virtualhost work (sort of) 2021-01-31 21:21:15 +01:00
prx
3510035711 fix unacceptable ../ in autoidx and code formatting 2021-01-31 13:59:24 +01:00
prx
2cc63136f8 alphasort autoindex + add proper error code fir cgi 2021-01-14 14:30:11 +01:00
prx
470e47a018 Add simple cgi support +: 
* read file byte after byte
* format code (syslog + err)
* move functions in utils.c
 2021-01-14 13:31:51 +01:00
prx
f60ea88c8d add mimetype and autoindex option + minor changes 
* follow style(9) for prototypes
* move first most used extension for more effeciciency when looking for mime
* add opts.h to deal with options
* remove lang=en by default
* add option to set default mimetype
* add option to autoindex if no index.gmi found
* redirect if ending "/" is missing
* send appropriate status code if request too long
* edit manpage and README for new options
 2021-01-10 09:30:35 +01:00
prx
4a1b0c8ce2 fix issue if missing ending '/' and add appropriate test 2021-01-06 21:37:38 +01:00
Solene Rapenne
b2ccab7448 Error code = 51 (not found) and redirection is now 30 following specifications Appendix https://gemini.circumlunar.space/docs/specification.html 2021-01-03 17:50:45 +01:00
Solene Rapenne
f0f05b83aa Add support to redirection 2021-01-01 21:00:40 +01:00
Solene Rapenne
ef93e01091 Remove the port part of the hostname + according test suite 
patch from prx
 2021-01-01 16:09:43 +01:00
prx
d5cf84928e fix tests, initialize all, remove useless var 2020-12-13 11:11:38 +01:00
prx
f9dc956824 errcheck strlcat 2020-12-13 11:11:36 +01:00
prx
8aa3acd2d4 add errors checks on strlcpy, fgets, use faster memmove to don't need buffer 2020-12-13 11:11:25 +01:00
prx
e3448992bc use macro 2020-12-13 11:09:22 +01:00
prx
e3cb05af6d init all 2020-12-13 11:08:26 +01:00
prx
7381464bf7 initialize option 2020-12-13 11:08:23 +01:00
prx
44a767f577 initialize pos 2020-12-13 11:08:21 +01:00
prx
395eeeccea path is supposed to be const. format unveil in a fuction 2020-12-09 21:31:35 +01:00
prx
4e82f1e44c remove unused extension and fix warnings 2020-12-09 21:29:15 +01:00
Florian Obser
fa328268e2 No need to copy path to a local buffer, use it directly. 
Since path is a pointer to a constant string we can make it
point to a different constant string ("/").
 2020-12-06 13:18:58 +01:00
Florian Obser
5a238e8666 Use BUFSIZ for the amount of data to copy through stdio. 
According to the book of armaments(posix):
BUFSIZ
    Size of <stdio.h> buffers. This shall expand to a positive value.

There is also no need for the buflen variable since the size never
changes during runtime and the compiler can infer the size via
sizeof().
 2020-12-06 13:18:58 +01:00
Florian Obser
bfd1f66350 Return a constant string from the mimes database. 
We are not modifying it so there is no need to copy memory around.
This also prevents file_mime getting out of sync as had already
happend. It had a size of 50 while the mime types database type used
to have a size of 70.
 2020-12-05 18:05:17 +01:00
Solene Rapenne
16657e070c Fix file path after chroot() 2020-12-05 17:51:15 +01:00
Florian Obser
f28f906b6a stat(2) can fail, rearange error handling to handle this 2020-12-05 09:39:12 +01:00
Florian Obser
75cf996cec safely drop privs 2020-12-05 09:39:12 +01:00
Florian Obser
8d69d84784 errno is not set here 2020-12-05 09:39:12 +01:00
Florian Obser
27bc29da7a sys/ includes go at the front 2020-12-05 09:39:12 +01:00
Florian Obser
3d18122b7e main does not need a prototype 2020-12-05 09:39:12 +01:00
Florian Obser
5b3dc1dd02 Do not include c sources 2020-12-05 09:39:12 +01:00
Solene Rapenne
345215fa9b Code refactoring: get_file_mime got into mime.c and all security code moved into a procedure 2020-12-04 19:08:36 +01:00
Solene Rapenne
e9c3945ede Add syslog messages 2020-12-04 18:55:31 +01:00
Solene Rapenne
a05fdee016 Remove database iterator, no longer useful after the MIME database change. Proposed by oa. 2020-12-03 23:03:08 +01:00