vger: add LOG_INFO into syslog

Reviewed-on: #10

Makefile

@@ -13,16 +13,21 @@ all: vger
 
 clean:
 	find . \( -name vger -o \
+		  -name unit_test -o \
 		  -name "*.o" -o \
 		  -name "*.core" \) \
 		  -delete
 
-vger: main.o mimes.o utils.o opts.h
-	${CC} ${CFLAGS} -o $@ main.o mimes.o utils.o
+vger: main.c vger.c mimes.o utils.o opts.h
+	${CC} ${CFLAGS} -o $@ main.c mimes.o utils.o
 
 install: vger
 	install -o root -g wheel vger ${PREFIX}/bin/
 	install -o root -g wheel vger.8 ${PREFIX}/man/man8/
 
-test: vger
+unit_test: tests.c vger.o
+	${CC} ${CFLAGS} -o $@ vger.o tests.c mimes.o utils.o
+
+test: vger unit_test
+	./unit_test
 	cd tests && sh test.sh

README.md

@@ -22,6 +22,12 @@ For all supported OS, it's possible to run **Vger** in a chroot and drop privile
 
 # Install
 
+`vger` is available as a package for the following systems:
+
+[![Packaging status](https://repology.org/badge/vertical-allrepos/vger.svg)](https://repology.org/project/vger/versions)
+
+# Building from sources
+
 ```
 git clone https://tildegit.org/solene/vger.git
 cd vger
@@ -32,6 +38,8 @@ doas make install
 
 On GNU/Linux, make sure you installed `libbsd`, it has been reported that using clang was required too.
 
+For NixOS/Nix users, there is a `shell.nix` listing the dependencies.
+
 # Running tests
 
 **Vger** comes with a test suite you can use with `make test`.

main.c

@@ -1,352 +1,47 @@
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <sys/wait.h>
-
-#include <ctype.h>
-#include <dirent.h>
-#include <err.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <pwd.h>
-#include <stdarg.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <syslog.h>
-#include <unistd.h>
-
-#include "mimes.h"
-#include "opts.h"
-#include "utils.h"
-
-/* lenght of "gemini://" */
-#define GEMINI_PART	 9
-
-/*
- * number of bytes to read with fgets() : 2014 + 1.
- * fgets() reads at most size-1 (1024 here).
- * See https://gemini.circumlunar.space/docs/specification.html.
- */
-#define GEMINI_REQUEST_MAX 1025
-
-void 		autoindex(const char *);
-void 		cgi      (const char *cgicmd);
-void 		display_file(const char *);
-void 		drop_privileges(const char *, const char *);
-void 		echdir   (const char *);
-void 		status   (const int, const char *);
-void 		status_redirect(const int, const char *);
-void 		status_error(const int, const char *);
-int 		uridecode (char *);
-
-
-void
-echdir(const char *path)
-{
-	if (chdir(path) == -1) {
-		switch (errno) {
-		case ENOTDIR:	/* FALLTHROUGH */
-		case ENOENT:
-			status_error(51, "file not found");
-			break;
-		case EACCES:
-			status_error(50, "Forbidden path");
-			break;
-		default:
-			status_error(50, "Internal server error");
-			break;
-		}
-		errlog("failed to chdir(%s)", path);
-	}
-}
-
-int
-uridecode(char *uri)
-{
-	int 		n = 0;
-	char 		c = '\0';
-	long 		l = 0;
-	char           *pos = NULL;
-
-	if ((pos = strchr(uri, '%')) == NULL)
-	    return n;
-
-	while ((pos = strchr(pos, '%')) != NULL) {
-		if (strlen(pos) < 3)
-		    return n;
-
-		char 		hex[3] = {'\0'};
-		for (size_t i = 0; i < 2; i++)
-		    hex[i] = tolower(pos[i + 1]);
-
-		errno = 0;
-		l = strtol(hex, 0, 16);
-		if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN))
-		    continue;	/* conversion failed */
-
-		c = (char)l;
-		pos[0] = c;
-		/* rewind of two char to remove %hex */
-		memmove(pos + 1, pos + 3, strlen(pos + 3) + 1);	/* +1 for \0 */
-		n++;
-		pos++;		/* avoid infinite loop */
-	}
-	return n;
-}
-
-void
-drop_privileges(const char *user, const char *path)
-{
-	struct passwd  *pw;
-
-	/*
-	 * use chroot() if an user is specified requires root user to be
-	 * running the program to run chroot() and then drop privileges
-	 */
-	if (strlen(user) > 0) {
-
-		/* is root? */
-		if (getuid() != 0)
-		    errlog("chroot requires program to be run as root");
-
-		/* search user uid from name */
-		if ((pw = getpwnam(user)) == NULL)
-		    errlog("the user %s can't be found on the system", user);
-
-		/* chroot worked? */
-		if (chroot(path) != 0)
-		    errlog("the chroot_dir %s can't be used for chroot", path);
-
-		chrooted = 1;
-		echdir("/");
-		/* drop privileges */
-		if (setgroups(1, &pw->pw_gid) ||
-		    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
-		    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
-			errlog("dropping privileges to user %s (uid=%i) failed",
-			       user, pw->pw_uid);
-		}
-	}
-#ifdef __OpenBSD__
-	/*
-	 * prevent access to files other than the one in path
-	 */
-	if (chrooted)
-	    eunveil("/", "r");
-	else
-	    eunveil(path, "r");
-
-	/* permission to execute what's inside cgidir */
-	if (strlen(cgidir) > 0)
-	    eunveil(cgidir, "rx");
-
-	eunveil(NULL, NULL);	/* no more call to unveil() */
-
-	/* promise permissions */
-	if (strlen(cgidir) > 0)
-	    epledge("stdio rpath exec", NULL);
-	else
-	    epledge("stdio rpath", NULL);
-#endif
-	if (!chrooted)
-	    echdir(path);	/* move to the gemini data directory */
-}
-
-void
-status(const int code, const char *file_mime)
-{
-	if (strcmp(file_mime, "text/gemini") == 0)
-	    printf("%i %s; %s\r\n", code, file_mime, lang);
-	else
-	    printf("%i %s\r\n", code, file_mime);
-}
-
-void
-status_redirect(const int code, const char *url)
-{
-	printf("%i %s\r\n",
-	       code, url);
-}
-
-void
-status_error(const int code, const char *reason)
-{
-	printf("%i %s\r\n",
-	       code, reason);
-}
-
-void
-display_file(const char *fname)
-{
-	FILE           *fd = NULL;
-	struct stat 	sb = {0};
-	ssize_t 	nread = 0;
-	const char     *file_mime;
-	char           *buffer[BUFSIZ];
-	char 		target[FILENAME_MAX] = {'\0'};
-	char 		tmp[PATH_MAX] = {'\0'};	/* used to build
-						 * temporary path */
-
-	/*
-	 * special case : fname empty. The user requested just the directory
-	 * name
-	 */
-	if (strlen(fname) == 0) {
-		if (stat("index.gmi", &sb) == 0) {
-			/* there is index.gmi in the current directory */
-			display_file("index.gmi");
-			return;
-		} else if (doautoidx) {
-			/* no index.gmi, so display autoindex if enabled */
-			autoindex(".");
-			return;
-		} else {
-			goto err;
-		}
-	}
-	/* this is to check if path exists and obtain metadata later */
-	if (stat(fname, &sb) == -1) {
-		/*
-		 * check if fname is a symbolic link if so, redirect using
-		 * its target
-		 */
-		if (lstat(fname, &sb) != -1 && S_ISLNK(sb.st_mode) == 1)
-		    goto redirect;
-		else
-		    goto err;
-	}
-	/* check if directory */
-	if (S_ISDIR(sb.st_mode) != 0) {
-		/* no ending "/", redirect to "fname/" */
-		estrlcpy(tmp, fname, sizeof(tmp));
-		estrlcat(tmp, "/", sizeof(tmp));
-		status_redirect(31, tmp);
-		return;
-	}
-	/* open the file requested */
-	if ((fd = fopen(fname, "r")) == NULL)
-	    goto err;
-
-	file_mime = get_file_mime(fname, default_mime);
-
-	status(20, file_mime);
-
-	/* read the file byte after byte in buffer and write it to stdout */
-	while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
-		fwrite(buffer, 1, nread, stdout);
-	goto closefd;		/* close file descriptor */
-	syslog(LOG_DAEMON, "path served %s", fname);
-
-	return;
-
-err:
-	/* return an error code and no content */
-	status_error(51, "file not found");
-	syslog(LOG_DAEMON, "path invalid %s", fname);
-	goto closefd;
-
-redirect:
-	/* read symbolic link target to redirect */
-	if (readlink(fname, target, FILENAME_MAX) == -1)
-	    goto err;
-
-	status_redirect(30, target);
-	syslog(LOG_DAEMON, "redirection from %s to %s", fname, target);
-
-closefd:
-	if (S_ISREG(sb.st_mode) != 0)
-	    fclose(fd);
-}
-
-void
-autoindex(const char *path)
-{
-	/* display liks to files in path + a link to parent (..) */
-
-	int 		n = 0;
-	struct dirent **namelist;	/* this must be freed at last */
-
-	syslog(LOG_DAEMON, "autoindex: %s", path);
-
-	/* use alphasort to always have the same order on every system */
-	if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) {
-		status_error(50, "Internal server error");
-		errlog("Can't scan %s", path);
-	} else {
-		status(20, "text/gemini");
-		printf("=> .. ../\n");	/* display link to parent */
-		for (int j = 0; j < n; j++) {
-			/* skip self and parent */
-			if ((strcmp(namelist[j]->d_name, ".") == 0) ||
-			    (strcmp(namelist[j]->d_name, "..") == 0)) {
-				continue;
-			}
-			/* add "/" at the end of a directory path */
-			if (namelist[j]->d_type == DT_DIR)
-			    printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name);
-			else
-			    printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name);
-			free(namelist[j]);
-		}
-		free(namelist);
-	}
-}
-
-void
-cgi(const char *cgicmd)
-{
-	/* run cgicmd replacing current process */
-	execl(cgicmd, cgicmd, NULL);
-	/* if execl is ok, this will never be reached */
-	status(42, "Couldn't execute CGI script");
-	errlog("error when trying to execl %s", cgicmd);
-	exit(1);
-}
+#include "vger.c"
 
 int
 main(int argc, char **argv)
 {
-	char 		request  [GEMINI_REQUEST_MAX] = {'\0'};
-	char 		user     [_SC_LOGIN_NAME_MAX] = "";
-	char 		hostname [GEMINI_REQUEST_MAX] = {'\0'};
-	char 		query    [PATH_MAX] = {'\0'};
-	char 		chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
-	char 		file     [FILENAME_MAX] = DEFAULT_INDEX;
-	char 		dir      [PATH_MAX] = {'\0'};
-	char           *pos = NULL;
-	int 		option = 0;
-	int 		virtualhost = 0;
-	int 		docgi = 0;
+	char 		request[GEMINI_REQUEST_MAX]    = {'\0'};
+	char 		user[_SC_LOGIN_NAME_MAX]       = {'\0'};
+	char 		hostname[GEMINI_REQUEST_MAX]   = {'\0'};
+	char 		path[GEMINI_REQUEST_MAX]       = {'\0'};
+	char 		query[GEMINI_REQUEST_MAX]      = {'\0'};
+	char		cgi_dir[PATH_MAX]              = {'\0'};
+	char		rel_cgi_dir[PATH_MAX]          = {'\0'};
+	char 		chroot_dir[PATH_MAX]           = DEFAULT_CHROOT;
+	char		tmp[PATH_MAX]                  = {'\0'};
+	int		option                         = 0;
+	int		virtualhost                    = 0;
 
 	/*
 	 * request : contain the whole request from client : gemini://...\r\n
 	 * user : username, used in drop_privileges()
 	 * hostname : extracted from hostname. used with virtualhosts and cgi SERVER_NAME
-	 * query : file requested in cgi : gemini://...?query
-	 * file : file basename to display. Emtpy is a directory has been requested
-	 * dir : directory requested. vger will chdir() in to find file
-	 * pos : used to parse request and split into interesting parts
+	 * query : after a ? in cgi : gemini://...?query
 	 */
 
 	while ((option = getopt(argc, argv, ":d:l:m:u:c:vi")) != -1) {
 		switch (option) {
 		case 'd':
-			estrlcpy(chroot_dir, optarg, sizeof(chroot_dir));
+			esnprintf(chroot_dir, sizeof(chroot_dir), "%s", optarg);
 			break;
 		case 'l':
-			estrlcpy(lang, "lang=", sizeof(lang));
-			estrlcat(lang, optarg, sizeof(lang));
+			esnprintf(lang, sizeof(lang), "lang=%s", optarg);
 			break;
 		case 'm':
-			estrlcpy(default_mime, optarg, sizeof(default_mime));
+			esnprintf(default_mime, sizeof(default_mime), "%s", optarg);
 			break;
 		case 'u':
-			estrlcpy(user, optarg, sizeof(user));
+			esnprintf(user, sizeof(user), "%s", optarg);
 			break;
 		case 'c':
-			estrlcpy(cgidir, optarg, sizeof(cgidir));
-			docgi = 1;
+			esnprintf(rel_cgi_dir, sizeof(rel_cgi_dir), "%s", optarg);
+			/* remove leading / */
+			while (*rel_cgi_dir == '/')
+				memmove(rel_cgi_dir, rel_cgi_dir+1,
+					strlen(rel_cgi_dir)); // strlen +1-1
 			break;
 		case 'v':
 			virtualhost = 1;
@@ -357,154 +52,46 @@ main(int argc, char **argv)
 		}
 	}
 
-	/*
-	 * do chroot if an user is supplied
-	 */
-	drop_privileges(user, chroot_dir);
+	read_request(request);
+	split_request(request, hostname, path, query);
 
-	/*
-	 * read 1024 chars from stdin
-	 * to get the request
-	 * (actually 1024 + \0)
-	 */
-	if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
-		/* EOF reached before reading anything */
-		if (feof(stdin)) {
-			status(59, "request is too short and probably empty");
-			errlog("request is too short and probably empty");
-
-			/* error before reading anything */
-		} else if (ferror(stdin)) {
-			status(59, "Error while reading request");
-			errlog("Error while reading request: %s", request);
-		}
-	}
-	/* check if string ends with '\n', or to long */
-	if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') {
-		status(59, "request is too long (1024 max)");
-		errlog("request is too long (1024 max): %s", request);
-	}
-	/* remove \r\n at the end of string */
-	pos = strchr(request, '\r');
-	if (pos != NULL)
-		*pos = '\0';
-
-	/*
-	 * check if the beginning of the request starts with
-	 * gemini://
-	 */
-	if (strncmp(request, "gemini://", GEMINI_PART) != 0) {
-		/* error code url malformed */
-		errlog("request «%s» doesn't match gemini://",
-		       request);
-	}
-	syslog(LOG_DAEMON, "request %s", request);
-
-	/* remove the gemini:// part */
-	memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART);
-
-	/* remove all "/.." for safety reasons */
-	while ((pos = strstr(request, "/..")) != NULL)
-	    memmove(request, pos + 3, strlen(pos) + 1 - 3);	/* "/.." = 3 */
-
-	/* look for hostname in request : first thing before first / if any */
-	pos = strchr(request, '/');
-	if (pos != NULL) {
-		/* copy what's after hostname in dir */
-		estrlcpy(dir, pos, strlen(pos) + 1);
-		/* just keep hostname in request : stop the string with \0 */
-		pos[0] = '\0';
-	}
-	/* check if client added :port at end of hostname and remove it */
-	pos = strchr(request, ':');
-	if (pos != NULL) {
-		/* end string at : */
-		pos[0] = '\0';
-	}
-	/* copy hostname from request */
-	estrlcpy(hostname, request, sizeof(hostname));
-
-	/* remove leading '/' in dir */
-	while (dir[0] == '/')
-	    memmove(dir, dir + 1, strlen(dir + 1) + 1);
+	/* do chroot if an user is supplied */
+	if (*user)
+		drop_privileges(user);
 
+	/* set actual chroot_dir */
 	if (virtualhost) {
-		/* add hostname at the beginning of the dir path */
-		char 		tmp      [PATH_MAX] = {'\0'};
-		estrlcpy(tmp, hostname, sizeof(tmp));
-		estrlcat(tmp, "/", sizeof(tmp));
-		estrlcat(tmp, dir, sizeof(tmp));
-		estrlcpy(dir, tmp, sizeof(dir));
+		esnprintf(tmp, sizeof(tmp), "%s/%s", chroot_dir, hostname);
+		esnprintf(chroot_dir, sizeof(chroot_dir), "%s", tmp);
 	}
-	/* percent decode */
-	uridecode(dir);
 
-	/*
-	 * split dir and filename. file is last part after last '/'. if none
-	 * found, then requested file is actually a directory
-	 */
-	if (strlen(dir) > 0) {
-		pos = strrchr(dir, '/');
-		if (pos != NULL) {
-			estrlcpy(file, pos + 1, sizeof(file));	/* +1 : no leading '/' */
-			pos[0] = '\0';
+	/* cgi_dir is in chroot_dir */
+	if (*rel_cgi_dir)
+		esnprintf(cgi_dir, sizeof(cgi_dir),
+			"%s/%s", chroot_dir, rel_cgi_dir);
 
-			/* change directory to requested directory */
-			if (strlen(dir) > 0)
-			    echdir(dir);
-		} else {
-			estrlcpy(file, dir, sizeof(file));
-		}
+	set_rootdir(chroot_dir, cgi_dir, user);
+
+	if (strlen(path) == 0) { /* this is root dir */
+		esnprintf(path, sizeof(path), "./");
+	} else {
+		uridecode(path);
+		remove_double_dot(path);
 	}
-	if (docgi) {
-		/* check if directory is cgidir */
-		char 		cgifp    [PATH_MAX] = {'\0'};
-		estrlcpy(cgifp, chroot_dir, sizeof(cgifp));
-		if (cgifp[strlen(cgifp) - 1] != '/')
-		    estrlcat(cgifp, "/", sizeof(cgifp));
 
-		estrlcat(cgifp, dir, sizeof(cgifp));
+	uridecode(query);
 
-		/* not cgipath, display file content */
-		if (strcmp(cgifp, cgidir) != 0)
-			goto file_to_stdout;
+	/* is it cgi ? */
+	if (*cgi_dir)
+		if (do_cgi(rel_cgi_dir, path, hostname, query) == 0)
+			stop(EXIT_SUCCESS, NULL);
+	/* *** from here, cgi didn't run *** */
 
-		/* set env variables for CGI */
-		/*
-		 * see
-		 * https://lists.orbitalfox.eu/archives/gemini/2020/000315.htm
-		 * l
-		 */
-		esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
-		esetenv("SERVER_PROTOCOL", "GEMINI", 1);
-		esetenv("SERVER_SOFTWARE", "vger/1", 1);
+	/* check if path available */
+	check_path(path, sizeof(path));
 
-		/* look for "?" if any to set query for cgi, remove it */
-		pos = strchr(file, '?');
-		if (pos != NULL) {
-			estrlcpy(query, pos + 1, sizeof(query));
-			esetenv("QUERY_STRING", query, 1);
-			pos[0] = '\0';
-		}
-		/* look for an extension to find PATH_INFO */
-		pos = strrchr(file, '.');
-		if (pos != NULL) {
-			/* found a dot */
-			pos = strchr(pos, '/');
-			if (pos != NULL) {
-				setenv("PATH_INFO", pos, 1);
-				pos[0] = '\0';	/* keep only script name */
-			}
-		}
-		esetenv("SCRIPT_NAME", file, 1);
-		esetenv("SERVER_NAME", hostname, 1);
+	/* regular file to stdout */
+	display_file(path);
 
-		cgi(file);
-		return 0;
-	}
-file_to_stdout:
-	/* regular file  to stdout */
-	display_file(file);
-
-	return (0);
+	stop(EXIT_SUCCESS, NULL);
 }

mimes.c

@@ -126,16 +126,14 @@ get_file_mime(const char *path, const char *default_mime)
 	char	*extension;
 
 	/* search for extension after last '.' in path */
-	if ((extension = strrchr(path, '.')) == NULL)
-		goto out;
-
-	/* look for the MIME in the database */
-	for (i = 0; i < nitems(database); i++) {
-		if (strcmp(database[i].extension, extension + 1) == 0)
-			return (database[i].type);
+	if ((extension = strrchr(path, '.')) != NULL) {
+		/* look for the MIME in the database */
+		for (i = 0; i < nitems(database); i++) {
+			if (strcmp(database[i].extension, extension + 1) == 0)
+				return (database[i].type);
+		}
 	}
 
- out:
-	/* if no MIME have been found, set a default one */
-	return (default_mime);
+	/* no MIME found, set a default one */
+	return default_mime;
 }

opts.h

@@ -14,5 +14,3 @@
 static char            default_mime[64]     = DEFAULT_MIME;
 static char            lang[16]             = DEFAULT_LANG;
 static unsigned int    doautoidx            = DEFAULT_AUTOIDX;
-static char            cgidir[PATH_MAX]     = {'\0'};
-static int             chrooted             = 0;

tests.c

@@ -0,0 +1,50 @@
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include "vger.h"
+
+// to test
+void 		test_status(void);
+void 		test_status_error(void);
+void		test_uridecode(char*, const int);
+
+
+void
+test_uridecode(char *str, const int result)
+{
+    char reference[GEMINI_REQUEST_MAX] = {'\0'};
+    strlcpy(reference, str, sizeof(reference));
+    uridecode(str);
+    if (strncmp(reference, str, strlen(str)) != result)
+    {
+	printf("uridecode error\n");
+	printf("Strings should be %s\n", (result == 0) ? "identical" : "different");
+	printf("passed   %s\n", reference);
+	printf("got      %s\n", str);
+	exit(1);
+    }
+}
+
+void
+test_status(void)
+{
+	status(20, "text/gemini");
+}
+
+void
+test_status_error(void)
+{
+	status(51, "file not found");
+	status(50, "Forbidden path");
+	status(50, "Internal server error");
+}
+
+int
+main(void)
+{
+	test_status_error();
+	test_status();
+	//test_uridecode("host.name", 0);
+	//test_uridecode("host.name/percent%25-encode%3.gmi", 1);
+	return(0);
+}

tests/test.sh

@@ -29,11 +29,11 @@ if ! [ $OUT = "fcc5a293f316e01f7b3103f97eca26b1" ] ; then echo "error" ; exit 1
 
 # redirect to uri with trailing / if directory
 OUT=$(printf "gemini://host.name/subdir\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
-if ! [ $OUT = "b0e7e20db5ca7b80918025e7c15a8b02" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "84e5e7bb3eee0dfcc8db14865dc83e77" ] ; then echo "error" ; exit 1 ; fi
 
 # redirect to uri with trailing / if directory and vhost enabled
 OUT=$(printf "gemini://perso.pw/cgi-bin\r\n" | ../vger -vd var/gemini | tee /dev/stderr | MD5)
-if ! [ $OUT = "827eef65a3cd71e2ce805bc1e05eac44" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "e0eb3a8e31bdb30c89d92d1d2b0a1fa1" ] ; then echo "error" ; exit 1 ; fi
 
 # file from local directory with lang=fr and markdown MIME type
 OUT=$(printf "gemini://perso.pw/file.md\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5)
@@ -60,7 +60,7 @@ OUT=$(printf "gemini://perso.pw\r\n" | ../vger -v -d var/gemini/ | tee /dev/stde
 if ! [ $OUT = "5e5fca557e79f4521b21d4b81dc964c6" ] ; then echo "error" ; exit 1 ; fi
 
 # file from local directory using virtualhosts without specifying a file using lang = fr
-OUT=$(printf "gemini://perso.pw\r\n" | ../vger -v -d var/gemini/ -l fr | tee /dev/stderr | MD5)
+OUT=$(printf "gemini://perso.pw/\r\n" | ../vger -v -d var/gemini/ -l fr | tee /dev/stderr | MD5)
 if ! [ $OUT = "7db981ce93fee268f29324912800f00d" ] ; then echo "error" ; exit 1 ; fi
 
 # file from local directory using virtualhosts and IRI
@@ -73,26 +73,30 @@ if ! [ $OUT = "e354a1a29ea8273faaf0cdc29c1d8583" ] ; then echo "error" ; exit 1
 
 # auto index in directory without index.gmi must redirect
 OUT=$(printf "gemini://host.name/autoidx\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5)
-if ! [ $OUT = "5742b21d465e377074408045a71656dc" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "874f5e1af67eff6b93bedf8ac8033066" ] ; then echo "error" ; exit 1 ; fi
 
 # auto index in directory
 OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5)
-if ! [ $OUT = "2d4a82fea3f10ab3e123e9f9d5dd1fbc" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "765bbbe2add810be8eb191bbde59e258" ] ; then echo "error" ; exit 1 ; fi
 
 # cgi simple script
-OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
+OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c cgi-bin | tee /dev/stderr | MD5)
 if ! [ $OUT = "666e48200f90018b5e96c2cf974882dc" ] ; then echo "error" ; exit 1 ; fi
 
 # cgi with use of variables
-OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
+OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c cgi-bin | tee /dev/stderr | MD5)
 if ! [ $OUT = "fa065a67d1f7c973501d4a9e3ca2ea57" ] ; then echo "error" ; exit 1 ; fi
 
 # cgi with error
-OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
-if ! [ $OUT = "74ba4b36dcebec9ce9dae33033f3378a" ] ; then echo "error" ; exit 1 ; fi
+OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c cgi-bin | tee /dev/stderr | MD5)
+if ! [ $OUT = "31b98e160402a073298c12f763d5db64" ] ; then echo "error" ; exit 1 ; fi
+
+# cgi with PATH_INFO
+OUT=$(printf "gemini://host.name/cgi-bin/test.cgi/path/info\r\n" | ../vger -d var/gemini -c cgi-bin | tee /dev/stderr | MD5)
+if ! [ $OUT = "ec64da76dc578ffb479fbfb23e3a7a5b" ] ; then echo "error" ; exit 1 ; fi
 
 # virtualhost + cgi
-OUT=$(printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | ../vger -v -d var/gemini/ -c var/gemini/perso.pw/cgi-bin | tee /dev/stderr | MD5)
+OUT=$(printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | ../vger -v -d var/gemini/ -c cgi-bin | tee /dev/stderr | MD5)
 if ! [ $OUT = "666e48200f90018b5e96c2cf974882dc" ] ; then echo "error" ; exit 1 ; fi
 
 # percent-decoding

utils.c

@@ -1,5 +1,8 @@
+#include <sys/types.h>
+
 #include <err.h>
 #include <errno.h>
+#include <regex.h>
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -7,6 +10,7 @@
 #include <unistd.h>
 
 #include "utils.h"
+#include "vger.h"
 
 #if defined(__OpenBSD__) || defined(__FreeBSD__) || defined( __NetBSD__) || defined(__DragonFly__)
 #include <string.h>
@@ -25,8 +29,8 @@ void
 eunveil(const char *path, const char *permissions)
 {
 	if (unveil(path, permissions) == -1) {
-		syslog(LOG_DAEMON, "unveil on %s failed", path);
-		err(1, "unveil on %s failed", path);
+		status(41, "Error when unveil(), see logs");
+		stop(EXIT_FAILURE, "unveil on %s failed", path);
 	}
 }
 
@@ -34,33 +38,28 @@ void
 epledge(const char *promises, const char *execpromises)
 {
 	if (pledge(promises, execpromises) == -1) {
-		syslog(LOG_DAEMON, "pledge failed for: %s", promises);
-		err(1, "pledge failed for: %s", promises);
+		status(41, "Error when pledge(), see logs");
+		stop(EXIT_FAILURE, "pledge failed for: %s", promises);
 	}
 }
 #endif
 
 size_t
-estrlcpy(char *dst, const char *src, size_t dstsize)
+esnprintf(char *str, size_t size, const char *format, ...)
 {
-	size_t n = 0;
+	/* usage : esnprintf(str, sizeof(str), "%s ... %s", arg1, arg2); */
+	va_list ap;
+	size_t ret = 0;
 
-	n = strlcpy(dst, src, dstsize);
-	if (n >= dstsize) {
-        err(1, "strlcpy failed for %s = %s", dst, src);
+	va_start(ap, format);
+	ret = vsnprintf(str, size, format, ap);
+	va_end(ap);
+	if (ret < 0 || ret >= size) {
+		status(41, "vnsprintf failed: Output trunkated");
+		stop(EXIT_FAILURE, "vsnprintf: Output trunkated");
 	}
 
-	return n;
-}
-
-size_t
-estrlcat(char *dst, const char *src, size_t dstsize)
-{
-    size_t size;
-    if ((size = strlcat(dst, src, dstsize)) >= dstsize)
-        err(1, "strlcat on %s + %s", dst, src);
-
-    return size;
+	return ret;
 }
 
 int
@@ -70,25 +69,56 @@ esetenv(const char *name, const char *value, int overwrite)
 	ret = setenv(name, value, overwrite);
 
 	if (ret != 0) {
-		err(1, "setenv %s:%s", name, value);
+		status(41, "setenv() failed, see logs");
+		stop(EXIT_FAILURE, "setenv() %s:%s", name, value);
 	}
 
 	return ret;
 }
 
-/* send error in syslog, to stdout and die */
 void
-errlog(const char *format, ...)
+echdir(const char *path)
 {
-	char e[1024] = {'\0'};
-    va_list ap;
-
-    fflush(stdout); /* make sure older messages are printed */
-
-    va_start(ap, format);
-    vsnprintf(e, sizeof(e), format, ap);
-    va_end(ap);
-
-	syslog(LOG_DAEMON, "%s", e);
-	err(1, "%s", e);
+	if (chdir(path) == -1) {
+		switch (errno) {
+		case ENOTDIR:	/* FALLTHROUGH */
+		case ENOENT:
+			status(51, "file not found");
+			break;
+		case EACCES:
+			status(50, "Forbidden path");
+			break;
+		default:
+			status(50, "Internal server error");
+			break;
+		}
+		stop(EXIT_FAILURE, "chdir(%s) failed", path);
+	}
+}
+
+/* read the file fd byte after byte in buffer and write it to stdout
+ * return number of bytes read
+ */
+size_t
+print_file(FILE *fd)
+{
+	ssize_t 	nread = 0;
+	ssize_t 	datasent = 0;
+	char           *buffer[BUFSIZ];
+
+	while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
+		datasent += fwrite(buffer, 1, nread, stdout);
+	return datasent;
+}
+
+void
+getsubexp(const char *str, regmatch_t m, char *dst)
+{
+	size_t len = 0;
+
+	if ((len = m.rm_eo - m.rm_so) > 0) { /* skip empty substring */
+		len = m.rm_eo - m.rm_so;
+		memcpy(dst, str + m.rm_so, len);
+		dst[len] = '\0';
+	}
 }

utils.h

@@ -1,6 +1,8 @@
-void        epledge(const char *, const char *);
-void        errlog(const char *format, ...);
-void        eunveil(const char *, const char *);
-int         esetenv(const char *, const char *, int);
-size_t      estrlcat(char *, const char *, size_t);
-size_t      estrlcpy(char *, const char *, size_t);
+void		getsubexp(const char *, regmatch_t, char *);
+void		echdir(const char *);
+void		epledge(const char *, const char *);
+void		eunveil(const char *, const char *);
+int		esetenv(const char *, const char *, int);
+size_t		esnprintf(char *, size_t, const char *, ...);
+size_t		print_file(FILE *fd);
+void		set_errmsg(const char *, ...);

vger.8

@@ -45,11 +45,10 @@ will read the file /var/gemini/hostname.example/file.gmi
 Enable CGI support.
 .Ar cgi_path
 files will be executed as a cgi script instead of returning their content.
-.Ar cgi_path must not end with '/'.
-If using virtualhost, you must insert the virtualhost directory in the cgi path.
+.Ar cgi_path should be relative to chroot so cgi can be called for different virtualhosts.
 As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set:
 .Bd -literal -offset indent
-vger -c /var/gemini/hostname.example/cgi-bin/hello.cgi
+vger -c cgi-bin
 .Ed
 .Pp
 In this case,

vger.c

@@ -0,0 +1,468 @@
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/wait.h>
+
+#include <ctype.h>
+#include <dirent.h>
+#include <err.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <pwd.h>
+#include <regex.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include "mimes.h"
+#include "opts.h"
+#include "utils.h"
+#include "vger.h"
+
+void
+stop(const int r, const char *fmt, ...)
+{
+	va_list ap, ap2;
+
+	fflush(stdout); /* ensure all data is sent */
+
+	/* log the request and retcode */
+	syslog(LOG_DAEMON|LOG_INFO, "\"%s\" %i %zd", _request, _retcode, _datasiz);
+
+	if (r != EXIT_SUCCESS) {
+		/* log and print error */
+		va_copy(ap2, ap);
+
+		va_start(ap, fmt);
+		vsyslog(LOG_ERR, fmt, ap);
+		va_end(ap);
+
+		va_start(ap2, fmt);
+		vfprintf(stderr, fmt, ap2);
+		va_end(ap2);
+
+	}
+	exit(r);
+}
+
+void
+status(const int code, const char *fmt, ...)
+{
+	va_list ap;
+
+	_datasiz += fprintf(stdout, "%i ", code);
+
+	va_start(ap, fmt);
+	_datasiz += vfprintf(stdout, fmt, ap);
+	va_end(ap);
+
+	_datasiz += fprintf(stdout, "\r\n");	/* make sure status end correctly */
+
+	_retcode = code;	/* store return code for logs */
+}
+
+int
+uridecode(char *uri)
+{
+	int 		n = 0;
+	char 		c = '\0';
+	long 		l = 0;
+	char           *pos = NULL;
+
+	if ((pos = strchr(uri, '%')) == NULL)
+	    return n;
+
+	while ((pos = strchr(pos, '%')) != NULL) {
+		if (strlen(pos) < 3)
+		    return n;
+
+		char 		hex[3] = {'\0'};
+		for (size_t i = 0; i < 2; i++)
+		    hex[i] = tolower(pos[i + 1]);
+
+		errno = 0;
+		l = strtol(hex, 0, 16);
+		if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN))
+		    continue;	/* conversion failed */
+
+		c = (char)l;
+		pos[0] = c;
+		/* rewind of two char to remove %hex */
+		memmove(pos + 1, pos + 3, strlen(pos + 3) + 1);	/* +1 for \0 */
+		n++;
+		pos++;		/* avoid infinite loop */
+	}
+	return n;
+}
+
+void
+drop_privileges(const char *user)
+{
+	struct passwd	*pw;
+
+	/*
+	 * use chroot() if an user is specified requires root user to be
+	 * running the program to run chroot() and then drop privileges
+	 */
+
+	/* is root? */
+	if (getuid() != 0) {
+		status(41, "privileges issue, see logs");
+		stop(EXIT_FAILURE, "%s",
+			"chroot requires program to be run as root");
+	}
+
+	/* search user uid from name */
+	if ((pw = getpwnam(user)) == NULL) {
+		status(41, "privileges issue, see logs");
+		stop(EXIT_FAILURE,
+			"the user %s can't be found on the system", user);
+	}
+
+	/* drop privileges */
+	if (setgroups(1, &pw->pw_gid) ||
+	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
+	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
+		status(41, "privileges issue, see logs");
+		stop(EXIT_FAILURE,
+			"dropping privileges to user %s (uid=%i) failed", \
+			user, pw->pw_uid);
+	}
+}
+
+void
+set_rootdir(const char *chroot_dir, const char *cgi_dir, const char *user)
+{
+	char capsule_dir[PATH_MAX] = {'\0'};
+
+	if (*user) {
+		/* chroot worked? */
+		if (chroot(chroot_dir) != 0) {
+			status(41, "privileges issue, see logs");
+			stop(EXIT_FAILURE,
+				"the chroot_dir %s can't be used for chroot", chroot_dir);
+		}
+
+		/* now chroot_dir is / */
+		esnprintf(capsule_dir, sizeof(capsule_dir), "%s", "/");
+
+	} else {
+		esnprintf(capsule_dir, sizeof(capsule_dir), "%s", chroot_dir);
+	}
+
+#ifdef __OpenBSD__
+	/*
+	 * prevent access to files other than the one in chroot_dir
+	 */
+	eunveil(capsule_dir, "r");
+
+	/* permission to execute what's inside cgi_dir */
+	if (*cgi_dir)
+		eunveil(cgi_dir, "rx");
+
+	eunveil(NULL, NULL);	/* no more call to unveil() */
+
+	/* promise permissions */
+	if (*cgi_dir)
+		epledge("stdio rpath exec proc", NULL);
+	else
+		epledge("stdio rpath", NULL);
+#endif
+	echdir(capsule_dir);	/* move to the gemini data directory */
+}
+
+ssize_t
+display_file(const char *path)
+{
+	FILE           *fd = NULL;
+	const char     *file_mime;
+
+	/*
+	 * special case : path ends with "/". The user requested a dir
+	 */
+	if ((path[strlen(path)-1] == '/') && (doautoidx)) {
+		/* no index.gmi, so display autoindex if enabled */
+		_datasiz += autoindex(path);
+		return _datasiz;
+	}
+
+	/* open the file requested */
+	if ((fd = fopen(path, "r")) != NULL) {
+		file_mime = get_file_mime(path, default_mime);
+		if (strcmp(file_mime, "text/gemini") == 0)
+			status(20, "%s; %s", file_mime, lang);
+		else
+			status(20, "%s", file_mime);
+
+		_datasiz += print_file(fd);
+		fclose(fd); /* close file descriptor */
+	} else {
+		/* return an error code and no content.
+		 * seems unlikely to happen unless the file vanished
+		 * since we checked with stat() if it exists
+		 */
+		status(51, "%s", "file not found and may have vanished");
+	}
+
+	return _datasiz;
+}
+
+int
+do_cgi(const char *rel_cgi_dir, const char *path, const char *hostname, const char *query)
+{
+
+	struct stat	sbcgi	           = {0};
+	struct stat	sbpath	           = {0};
+	char 	        cgifp[PATH_MAX]	   = {'\0'}; /* cgi file to execute */
+	char 	        path_dir[PATH_MAX] = {'\0'};
+	char	        *path_info	   = NULL;
+
+	/* get beginning of path */
+	/* path_dir is initialized so there is an \0 at the end */
+	memcpy(path_dir, path, strlen(rel_cgi_dir));
+
+	if (stat(rel_cgi_dir, &sbcgi) + stat(path_dir, &sbpath) != 0)
+		goto nocgi;
+
+	/* compare inodes */
+	if (sbcgi.st_ino != sbpath.st_ino)
+		goto nocgi; /* not in cgi_dir, go to display_file */
+
+	/* set env variables for CGI
+	 * see
+	 * https://lists.orbitalfox.eu/archives/gemini/2020/000315.html
+	 */
+	esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
+	esetenv("SERVER_PROTOCOL", "GEMINI", 1);
+	esetenv("SERVER_SOFTWARE", "vger/1", 1);
+
+	if (*query)
+		esetenv("QUERY_STRING", query, 1);
+
+	/*
+	 * if in cgi_dir, only the first file after cgi_dir/FILE 
+	 * is to be executed
+	 * the rest is PATH_INFO
+	 */
+
+	/* find next item after cgi_dir in path:
+	 *  path + strlen(rel_cgi_dir) + 1 (skip '/')
+	*/
+
+	/* cgi file to execute */
+	esnprintf(cgifp, sizeof(cgifp), "%s", path + strlen(rel_cgi_dir) + 1);
+	if (!(*cgifp)) /* problem with cgi file, abort */
+		goto nocgi;
+
+	/* check if there is something after cgi file for PATH_INFO */
+	path_info = strchr(cgifp, '/');
+
+	if (path_info != NULL) {
+		esetenv("PATH_INFO", path_info, 1);
+		*path_info = '\0'; /* stop cgifp before PATH_INFO */
+	}
+
+	esetenv("SCRIPT_NAME", cgifp, 1);
+	esetenv("SERVER_NAME", hostname, 1);
+
+	echdir(rel_cgi_dir);
+
+	cgi(cgifp);
+	return 0;
+
+nocgi:
+	return 1;
+}
+
+ssize_t
+autoindex(const char *path)
+{
+	/* display list of files in path + a link to parent (..) */
+
+	int 		n = 0;
+	struct dirent **namelist;	/* this must be freed at last */
+	size_t 		bs = 0;
+
+	/* use alphasort to always have the same order on every system */
+	if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) {
+		status(50, "Can't scan %s", path);
+	} else {
+		status(20, "text/gemini");
+		bs += fprintf(stdout, "=> .. ../\n");	/* display link to parent */
+		for (int j = 0; j < n; j++) {
+			/* skip self and parent */
+			if ((strcmp(namelist[j]->d_name, ".") == 0) ||
+			    (strcmp(namelist[j]->d_name, "..") == 0)) {
+				continue;
+			}
+			/* add "/" at the end of a directory path */
+			if (namelist[j]->d_type == DT_DIR) {
+			    bs += fprintf(stdout, "=> ./%s/ %s/\n",
+				namelist[j]->d_name, namelist[j]->d_name);
+			} else {
+			    bs += fprintf(stdout, "=> ./%s %s\n",
+			    namelist[j]->d_name, namelist[j]->d_name);
+			}
+			free(namelist[j]);
+		}
+		free(namelist);
+	}
+
+	return bs;
+}
+
+void
+cgi(const char *cgicmd)
+{
+	int	fildes[2]	= {0};
+	int	retcode	        = 0;
+	pid_t	pid	        = 0;
+	FILE	*output	        = NULL;
+
+	if (pipe(fildes) != 0)
+		goto cgierr;
+
+	if ((pid = fork()) < 0)
+		goto cgierr;
+
+	if (pid > 0) {	/* parent */
+		close(fildes[1]); /* make sure entry is closed to get EOF */
+		if ((output = fdopen(fildes[0], "r")) == NULL)
+			goto cgierr;
+
+		_datasiz += print_file(output);
+		close(fildes[0]);
+		fclose(output);
+		waitpid(pid, &retcode, 0);
+		stop(EXIT_SUCCESS, "cgi ran with exit code %d", status);
+
+	} else {	/* child */
+		/* set pipe output equal to stdout & stderr */
+		dup2(fildes[1], STDOUT_FILENO); 
+		close(fildes[1]); /* no longer required */
+		execl(cgicmd, cgicmd, NULL);
+	}
+
+ cgierr:
+	/* if execl is ok, this will never be reached */
+	close(fildes[0]);
+	close(fildes[1]);
+	status(42, "error when trying run cgi");
+	stop(EXIT_FAILURE, "error when trying to execl %s", cgicmd);
+}
+
+char *
+read_request(char *request)
+{
+	/* read 1024 +1 chars from stdin to get the request (1024 + \0) */
+
+	if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
+		/* EOF reached before reading anything */
+		if (feof(stdin)) {
+			status(59, "%s", "request is too short and probably empty");
+			stop(EXIT_FAILURE, "%s", "request is too short and probably empty");
+
+		/* error before reading anything */
+		} else if (ferror(stdin)) {
+			status(59, "Error while reading request: %s", request);
+			stop(EXIT_FAILURE, "Error while reading request: %s", request);
+		}
+	}
+
+	/* check if string ends with '\n', or to long */
+	if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') {
+		status(59, "request is too long (1024 max): %s", request);
+		stop(EXIT_FAILURE, "request is too long (1024 max): %s", request);
+	}
+
+	/* remove \r\n at the end of string */
+	request[strcspn(request, "\r\n")] = '\0';
+
+	/* save request for logs */
+	esnprintf(_request, sizeof(_request), "%s", request);
+
+	return request;
+}
+
+
+void
+remove_double_dot(char *request)
+{
+	char *pos = NULL;
+
+	/* remove all "/.." for safety reasons */
+	while ((pos = strstr(request, "/..")) != NULL)
+	    memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */
+}
+
+void
+check_path(char *path, size_t pathsiz)
+{
+	struct stat 	sb               = {0};
+	char 		tmp[PATH_MAX] = {'\0'};
+
+	if (stat(path, &sb) == -1) {
+		if (lstat(path, &sb) != -1 && S_ISLNK(sb.st_mode) == 1) {
+			if (readlink(path, tmp, sizeof(tmp)) > 0) {
+				status(30, "%s", tmp);
+				stop(EXIT_SUCCESS, NULL);
+			}
+		}
+		status(51, "%s", "file not found");
+		stop(EXIT_SUCCESS, NULL);
+	}
+
+	if (S_ISDIR(sb.st_mode)) {
+		/* check if dir path end with "/" */
+		if (path[strlen(path) - 1] != '/') {
+			esnprintf(tmp, sizeof(tmp), "/%s/", path);
+			status(31, "%s", tmp);
+			stop(EXIT_SUCCESS, NULL);
+		}
+		/* check if DEFAULT_INDEX exists in directory */
+		esnprintf(tmp, sizeof(tmp), "%s/%s", path, DEFAULT_INDEX);
+		if (stat(tmp, &sb) == 0)
+			esnprintf(path, pathsiz, "%s", tmp);
+	}
+}
+
+void
+split_request(const char *request, char *hostname, char *path, char *query)
+{
+	size_t nmatch     = SE_MAX;	/* 3 "()" + 1 for whole match */
+	char buf[BUFSIZ]  = {'\0'};	/* to handle error messages */
+	int ret           = 0;
+	regex_t greg;			/* compiled gemini regex */
+	regmatch_t match[SE_MAX];	/* matches founds */
+
+	ret = regcomp(&greg, _gemini_regex, REG_EXTENDED);
+	if (ret != 0) {
+		regerror(ret, &greg, buf, sizeof(buf));
+		regfree(&greg);
+		status(50, "Internal server error");
+		stop(EXIT_FAILURE, "%s", buf);
+	}
+
+	ret = regexec(&greg, request, nmatch, match, 0);
+	if (ret != 0) {
+		regerror(ret, &greg, buf, sizeof(buf));
+		regfree(&greg);
+		status(59, "Malformed request");
+		stop(EXIT_FAILURE, "Malformed request, error:%s", buf);
+	}
+
+	/* one may want to check the return of getsubexp
+	 * and change memcpy to strlcpy
+	 * to make sure we didn't try to copy too long
+	 * and that string isn't trunkated.
+	 * It is unlikely to happen since dest string are as long as request
+	 */
+	getsubexp(request, match[1], hostname);
+	getsubexp(request, match[2], path);
+	getsubexp(request, match[3], query);
+
+	regfree(&greg);
+}

vger.h

@@ -0,0 +1,57 @@
+#ifndef vger_h_INCLUDED
+#define vger_h_INCLUDED
+
+/* length of "gemini://" */
+#define GEMINI_PART	 9
+
+/*
+ * number of bytes to read with fgets() : 2014 + 1.
+ * fgets() reads at most size-1 (1024 here).
+ * See https://gemini.circumlunar.space/docs/specification.html.
+ */
+#define GEMINI_REQUEST_MAX 1025
+
+/* max subexpression in regex : 3 + 1 */
+#define SE_MAX 4
+
+/* gemini_regex:
+ * =============
+ * ^gemini://+ : in case of gemini:///
+ * 1: hostname
+ *	([^/|^\?|^:]*) :
+ *		catch everything, stop when /, ? or : is found
+ *		don't catch :port
+ *	[:[0-9]*]? : skip :1234 (port number) if any
+ *	/ * : skip "/" if any
+ * 2: path
+ *	([^\?]*) :
+ *		catch everything and stop at ? if any
+ * 3 : query
+ *	[\?]?(.*)$:
+ *		catch everything after ? if any
+ */
+static const char *_gemini_regex =
+	"^gemini://+([^/|^\?|^:]*)[:[0-9]*]?/*([^\?]*)[\?]?(.*)$";
+
+/* global vars */
+static int	_retcode = 0;
+static ssize_t	_datasiz = 0;
+static char 	_request[GEMINI_REQUEST_MAX]  = {'\0'};
+
+/* functions */
+ssize_t 	autoindex(const char *);
+void		cgi(const char *);
+char *		read_request(char *);
+void		check_path(char *, size_t);
+ssize_t		display_file(const char *);
+int		do_cgi(const char *, const char *, const char *, const char *);
+void 		drop_privileges(const char *);
+void		set_rootdir(const char *, const char *, const char *);
+void		remove_double_dot(char *);
+void		split_request(const char *, char *, char *, char *);
+void		status(const int, const char *, ...);
+void		stop(const int, const char *, ...);
+int 		uridecode (char *);
+
+#endif // vger_h_INCLUDED
+