1 /* $NetBSD: bozohttpd.c,v 1.128 2021/02/27 12:55:25 mrg Exp $ */
2
3 /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
4
5 /*
6 * Copyright (c) 1997-2021 Matthew R. Green
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer and
16 * dedication in the documentation and/or other materials provided
17 * with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
24 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
25 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 */
32
33 /* this program is dedicated to the Great God of Processed Cheese */
34
35 /*
36 * bozohttpd.c: minimal httpd; provides only these features:
37 * - HTTP/0.9 (by virtue of ..)
38 * - HTTP/1.0
39 * - HTTP/1.1
40 * - CGI/1.1 this will only be provided for "system" scripts
41 * - automatic "missing trailing slash" redirections
42 * - configurable translation of /~user/ to ~user/public_html,
43 * - access lists via libwrap via inetd/tcpd
44 * - virtual hosting
45 * - not that we do not even pretend to understand MIME, but
46 * rely only on the HTTP specification
47 * - ipv6 support
48 * - automatic `index.html' generation
49 * - configurable server name
50 * - directory index generation
51 * - daemon mode (lacks libwrap support)
52 * - .htpasswd support
53 */
54
55 /*
56 * requirements for minimal http/1.1 (at least, as documented in
57 * RFC 2616 (HTTP/1.1):
58 *
59 * - 14.11: content-encoding handling. [1]
60 *
61 * - 14.13: content-length handling. this is only a SHOULD header
62 * thus we could just not send it ever. [1]
63 *
64 * - 14.17: content-type handling. [1]
65 *
66 * - 14.28: if-unmodified-since handling. if-modified-since is
67 * done since, shouldn't be too hard for this one.
68 *
69 * [1] need to revisit to ensure proper behaviour
70 *
71 * and the following is a list of features that we do not need
72 * to have due to other limits, or are too lazy. there are more
73 * of these than are listed, but these are of particular note,
74 * and could perhaps be implemented.
75 *
76 * - 3.5/3.6: content/transfer codings. probably can ignore
77 * this? we "SHOULD"n't. but 4.4 says we should ignore a
78 * `content-length' header upon reciept of a `transfer-encoding'
79 * header.
80 *
81 * - 5.1.1: request methods. only MUST support GET and HEAD,
82 * but there are new ones besides POST that are currently
83 * supported: OPTIONS PUT DELETE TRACE and CONNECT, plus
84 * extensions not yet known?
85 *
86 * - 10.1: we can ignore informational status codes
87 *
88 * - 10.3.3/10.3.4/10.3.8: just use '302' codes always.
89 *
90 * - 14.1/14.2/14.3/14.27: we do not support Accept: headers.
91 * just ignore them and send the request anyway. they are
92 * only SHOULD.
93 *
94 * - 14.5/14.16/14.35: only support simple ranges: %d- and %d-%d
95 * would be nice to support more.
96 *
97 * - 14.9: we aren't a cache.
98 *
99 * - 14.15: content-md5 would be nice.
100 *
101 * - 14.24/14.26/14.27: if-match, if-none-match, if-range. be
102 * nice to support this.
103 *
104 * - 14.44: Vary: seems unneeded. ignore it for now.
105 */
106
107 #ifndef INDEX_HTML
108 #define INDEX_HTML "index.html"
109 #endif
110 #ifndef SERVER_SOFTWARE
111 #define SERVER_SOFTWARE "bozohttpd/20210227"
112 #endif
113 #ifndef PUBLIC_HTML
114 #define PUBLIC_HTML "public_html"
115 #endif
116
117 #ifndef USE_ARG
118 #define USE_ARG(x) /*LINTED*/(void)&(x)
119 #endif
120
121 /*
122 * And so it begins ..
123 */
124
125 #include <sys/param.h>
126 #include <sys/socket.h>
127 #include <sys/time.h>
128 #include <sys/mman.h>
129
130 #include <arpa/inet.h>
131
132 #include <ctype.h>
133 #include <dirent.h>
134 #include <errno.h>
135 #include <fcntl.h>
136 #include <netdb.h>
137 #include <pwd.h>
138 #include <grp.h>
139 #include <stdarg.h>
140 #include <stdlib.h>
141 #include <strings.h>
142 #include <string.h>
143 #include <syslog.h>
144 #include <time.h>
145 #include <unistd.h>
146
147 #include "bozohttpd.h"
148
149 #ifndef SSL_TIMEOUT
150 #define SSL_TIMEOUT "30" /* wait for 30 seconds for ssl handshake */
151 #endif
152 #ifndef INITIAL_TIMEOUT
153 #define INITIAL_TIMEOUT "30" /* wait for 30 seconds initially */
154 #endif
155 #ifndef HEADER_WAIT_TIME
156 #define HEADER_WAIT_TIME "10" /* need more headers every 10 seconds */
157 #endif
158 #ifndef TOTAL_MAX_REQ_TIME
159 #define TOTAL_MAX_REQ_TIME "600" /* must have total request in 600 */
160 #endif /* seconds */
161
162 /* if monotonic time is not available try real time. */
163 #ifndef CLOCK_MONOTONIC
164 #define CLOCK_MONOTONIC CLOCK_REALTIME
165 #endif
166
167 /* variables and functions */
168 #ifndef LOG_FTP
169 #define LOG_FTP LOG_DAEMON
170 #endif
171
172 /*
173 * List of special file that we should never serve.
174 */
175 struct {
176 const char *file;
177 const char *name;
178 } specials[] = {
179 { DIRECT_ACCESS_FILE, "rejected direct access request" },
180 { REDIRECT_FILE, "rejected redirect request" },
181 { ABSREDIRECT_FILE, "rejected absredirect request" },
182 { REMAP_FILE, "rejected remap request" },
183 { AUTH_FILE, "rejected authfile request" },
184 { NULL, NULL },
185 };
186
187 volatile sig_atomic_t bozo_timeout_hit;
188
189 /*
190 * check there's enough space in the prefs and names arrays.
191 */
192 static int
size_arrays(bozohttpd_t * httpd,bozoprefs_t * bozoprefs,size_t needed)193 size_arrays(bozohttpd_t *httpd, bozoprefs_t *bozoprefs, size_t needed)
194 {
195 size_t len = sizeof(char *) * needed;
196
197 if (bozoprefs->size == 0) {
198 /* only get here first time around */
199 bozoprefs->name = bozomalloc(httpd, len);
200 bozoprefs->value = bozomalloc(httpd, len);
201 } else if (bozoprefs->count == bozoprefs->size) {
202 /* only uses 'needed' when filled array */
203 bozoprefs->name = bozorealloc(httpd, bozoprefs->name, len);
204 bozoprefs->value = bozorealloc(httpd, bozoprefs->value, len);
205 }
206
207 bozoprefs->size = needed;
208 return 1;
209 }
210
211 static ssize_t
findvar(bozoprefs_t * bozoprefs,const char * name)212 findvar(bozoprefs_t *bozoprefs, const char *name)
213 {
214 size_t i;
215
216 for (i = 0; i < bozoprefs->count; i++)
217 if (strcmp(bozoprefs->name[i], name) == 0)
218 return (ssize_t)i;
219 return -1;
220 }
221
222 int
bozo_set_pref(bozohttpd_t * httpd,bozoprefs_t * bozoprefs,const char * name,const char * value)223 bozo_set_pref(bozohttpd_t *httpd, bozoprefs_t *bozoprefs,
224 const char *name, const char *value)
225 {
226 ssize_t i;
227
228 if ((i = findvar(bozoprefs, name)) < 0) {
229 /* add the element to the array */
230 if (!size_arrays(httpd, bozoprefs, bozoprefs->size + 15))
231 return 0;
232 i = bozoprefs->count++;
233 bozoprefs->name[i] = bozostrdup(httpd, NULL, name);
234 } else {
235 /* replace the element in the array */
236 free(bozoprefs->value[i]);
237 }
238 bozoprefs->value[i] = bozostrdup(httpd, NULL, value);
239 return 1;
240 }
241
242 static void
bozo_clear_prefs(bozoprefs_t * prefs)243 bozo_clear_prefs(bozoprefs_t *prefs)
244 {
245 size_t i;
246
247 for (i = 0; i < prefs->count; i++) {
248 free(prefs->name[i]);
249 free(prefs->value[i]);
250 }
251
252 free(prefs->name);
253 free(prefs->value);
254 }
255
256 /*
257 * get a variable's value, or NULL
258 */
259 char *
bozo_get_pref(bozoprefs_t * bozoprefs,const char * name)260 bozo_get_pref(bozoprefs_t *bozoprefs, const char *name)
261 {
262 ssize_t i;
263
264 i = findvar(bozoprefs, name);
265 return i < 0 ? NULL : bozoprefs->value[i];
266 }
267
268 char *
bozo_http_date(char * date,size_t datelen)269 bozo_http_date(char *date, size_t datelen)
270 {
271 struct tm *tm;
272 time_t now;
273
274 /* Sun, 06 Nov 1994 08:49:37 GMT */
275 now = time(NULL);
276 tm = gmtime(&now); /* HTTP/1.1 spec rev 06 sez GMT only */
277 strftime(date, datelen, "%a, %d %b %Y %H:%M:%S GMT", tm);
278 return date;
279 }
280
281 /*
282 * convert "in" into the three parts of a request (first line).
283 * we allocate into file and query, but return pointers into
284 * "in" for proto and method.
285 */
286 static void
parse_request(bozohttpd_t * httpd,char * in,char ** method,char ** file,char ** query,char ** proto)287 parse_request(bozohttpd_t *httpd, char *in, char **method, char **file,
288 char **query, char **proto)
289 {
290 ssize_t len;
291 char *val;
292
293 USE_ARG(httpd);
294 debug((httpd, DEBUG_EXPLODING, "parse in: %s", in));
295 *method = *file = *query = *proto = NULL;
296
297 len = (ssize_t)strlen(in);
298 val = bozostrnsep(&in, " \t\n\r", &len);
299 if (len < 1 || val == NULL || in == NULL)
300 return;
301 *method = val;
302
303 while (*in == ' ' || *in == '\t')
304 in++;
305 val = bozostrnsep(&in, " \t\n\r", &len);
306 if (len < 1) {
307 if (len == 0)
308 *file = val;
309 else
310 *file = in;
311 } else {
312 *file = val;
313
314 *query = strchr(*file, '?');
315 if (*query)
316 *(*query)++ = '\0';
317
318 if (in) {
319 while (*in && (*in == ' ' || *in == '\t'))
320 in++;
321 if (*in)
322 *proto = in;
323 }
324 }
325
326 /* allocate private copies */
327 *file = bozostrdup(httpd, NULL, *file);
328 if (*query)
329 *query = bozostrdup(httpd, NULL, *query);
330
331 debug((httpd, DEBUG_FAT,
332 "url: method: \"%s\" file: \"%s\" query: \"%s\" proto: \"%s\"",
333 *method, *file, *query ? *query : "", *proto ? *proto : ""));
334 }
335
336 /*
337 * cleanup a bozo_httpreq_t after use
338 */
339 void
bozo_clean_request(bozo_httpreq_t * request)340 bozo_clean_request(bozo_httpreq_t *request)
341 {
342 struct bozoheaders *hdr, *ohdr = NULL;
343
344 if (request == NULL)
345 return;
346
347 /* If SSL enabled cleanup SSL structure. */
348 bozo_ssl_destroy(request->hr_httpd);
349
350 /* clean up request */
351 free(request->hr_remotehost);
352 free(request->hr_remoteaddr);
353 free(request->hr_serverport);
354 free(request->hr_virthostname);
355 free(request->hr_file_free);
356 /* XXX this is gross */
357 if (request->hr_file_free != request->hr_oldfile)
358 free(request->hr_oldfile);
359 else
360 free(request->hr_file);
361 free(request->hr_query);
362 free(request->hr_host);
363 bozo_user_free(request->hr_user);
364 bozo_auth_cleanup(request);
365 for (hdr = SIMPLEQ_FIRST(&request->hr_headers); hdr;
366 hdr = SIMPLEQ_NEXT(hdr, h_next)) {
367 free(hdr->h_value);
368 free(hdr->h_header);
369 free(ohdr);
370 ohdr = hdr;
371 }
372 free(ohdr);
373 ohdr = NULL;
374 for (hdr = SIMPLEQ_FIRST(&request->hr_replheaders); hdr;
375 hdr = SIMPLEQ_NEXT(hdr, h_next)) {
376 free(hdr->h_value);
377 free(hdr->h_header);
378 free(ohdr);
379 ohdr = hdr;
380 }
381 free(ohdr);
382
383 free(request);
384 }
385
386 /*
387 * send a HTTP/1.1 408 response if we timeout.
388 */
389 /* ARGSUSED */
390 static void
alarmer(int sig)391 alarmer(int sig)
392 {
393 USE_ARG(sig);
394 bozo_timeout_hit = 1;
395 }
396
397
398 /*
399 * set a timeout for "ssl", "initial", "header", or "request".
400 */
401 int
bozo_set_timeout(bozohttpd_t * httpd,bozoprefs_t * prefs,const char * target,const char * val)402 bozo_set_timeout(bozohttpd_t *httpd, bozoprefs_t *prefs,
403 const char *target, const char *val)
404 {
405 const char **cur, *timeouts[] = {
406 "ssl timeout",
407 "initial timeout",
408 "header timeout",
409 "request timeout",
410 NULL,
411 };
412 /* adjust minlen if more timeouts appear with conflicting names */
413 const size_t minlen = 1;
414 size_t len = strlen(target);
415
416 for (cur = timeouts; len >= minlen && *cur; cur++) {
417 if (strncmp(target, *cur, len) == 0) {
418 bozo_set_pref(httpd, prefs, *cur, val);
419 return 0;
420 }
421 }
422 return 1;
423 }
424
425 /*
426 * a list of header quirks: currently, a list of headers that
427 * can't be folded into a single line.
428 */
429 const char *header_quirks[] = { "WWW-Authenticate", NULL };
430
431 /*
432 * add or merge this header (val: str) into the requests list
433 */
434 static bozoheaders_t *
addmerge_header(bozo_httpreq_t * request,struct qheaders * headers,const char * val,const char * str,ssize_t len)435 addmerge_header(bozo_httpreq_t *request, struct qheaders *headers,
436 const char *val, const char *str, ssize_t len)
437 {
438 struct bozohttpd_t *httpd = request->hr_httpd;
439 struct bozoheaders *hdr = NULL;
440 const char **quirk;
441
442 USE_ARG(len);
443 for (quirk = header_quirks; *quirk; quirk++)
444 if (strcasecmp(*quirk, val) == 0)
445 break;
446
447 if (*quirk == NULL) {
448 /* do we exist already? */
449 SIMPLEQ_FOREACH(hdr, headers, h_next) {
450 if (strcasecmp(val, hdr->h_header) == 0)
451 break;
452 }
453 }
454
455 if (hdr) {
456 /* yup, merge it in */
457 char *nval;
458
459 bozoasprintf(httpd, &nval, "%s, %s", hdr->h_value, str);
460 free(hdr->h_value);
461 hdr->h_value = nval;
462 } else {
463 /* nope, create a new one */
464
465 hdr = bozomalloc(httpd, sizeof *hdr);
466 hdr->h_header = bozostrdup(httpd, request, val);
467 if (str && *str)
468 hdr->h_value = bozostrdup(httpd, request, str);
469 else
470 hdr->h_value = bozostrdup(httpd, request, " ");
471
472 SIMPLEQ_INSERT_TAIL(headers, hdr, h_next);
473 request->hr_nheaders++;
474 }
475
476 return hdr;
477 }
478
479 bozoheaders_t *
addmerge_reqheader(bozo_httpreq_t * request,const char * val,const char * str,ssize_t len)480 addmerge_reqheader(bozo_httpreq_t *request, const char *val, const char *str,
481 ssize_t len)
482 {
483
484 return addmerge_header(request, &request->hr_headers, val, str, len);
485 }
486
487 bozoheaders_t *
addmerge_replheader(bozo_httpreq_t * request,const char * val,const char * str,ssize_t len)488 addmerge_replheader(bozo_httpreq_t *request, const char *val, const char *str,
489 ssize_t len)
490 {
491
492 return addmerge_header(request, &request->hr_replheaders,
493 val, str, len);
494 }
495
496 /*
497 * as the prototype string is not constant (eg, "HTTP/1.1" is equivalent
498 * to "HTTP/001.01"), we MUST parse this.
499 */
500 static int
process_proto(bozo_httpreq_t * request,const char * proto)501 process_proto(bozo_httpreq_t *request, const char *proto)
502 {
503 struct bozohttpd_t *httpd = request->hr_httpd;
504 char majorstr[16], *minorstr;
505 int majorint, minorint;
506
507 if (proto == NULL) {
508 got_proto_09:
509 request->hr_proto = httpd->consts.http_09;
510 debug((httpd, DEBUG_FAT, "request %s is http/0.9",
511 request->hr_file));
512 return 0;
513 }
514
515 if (strncasecmp(proto, "HTTP/", 5) != 0)
516 goto bad;
517 strncpy(majorstr, proto + 5, sizeof(majorstr)-1);
518 majorstr[sizeof(majorstr)-1] = 0;
519 minorstr = strchr(majorstr, '.');
520 if (minorstr == NULL)
521 goto bad;
522 *minorstr++ = 0;
523
524 majorint = atoi(majorstr);
525 minorint = atoi(minorstr);
526
527 switch (majorint) {
528 case 0:
529 if (minorint != 9)
530 break;
531 goto got_proto_09;
532 case 1:
533 if (minorint == 0)
534 request->hr_proto = httpd->consts.http_10;
535 else if (minorint == 1)
536 request->hr_proto = httpd->consts.http_11;
537 else
538 break;
539
540 debug((httpd, DEBUG_FAT, "request %s is %s",
541 request->hr_file, request->hr_proto));
542 SIMPLEQ_INIT(&request->hr_headers);
543 request->hr_nheaders = 0;
544 return 0;
545 }
546 bad:
547 return bozo_http_error(httpd, 404, NULL, "unknown prototype");
548 }
549
550 /*
551 * process each type of HTTP method, setting this HTTP requests
552 * method type.
553 */
554 static struct method_map {
555 const char *name;
556 int type;
557 } method_map[] = {
558 { "GET", HTTP_GET, },
559 { "POST", HTTP_POST, },
560 { "HEAD", HTTP_HEAD, },
561 #if 0 /* other non-required http/1.1 methods */
562 { "OPTIONS", HTTP_OPTIONS, },
563 { "PUT", HTTP_PUT, },
564 { "DELETE", HTTP_DELETE, },
565 { "TRACE", HTTP_TRACE, },
566 { "CONNECT", HTTP_CONNECT, },
567 #endif
568 { NULL, 0, },
569 };
570
571 static int
process_method(bozo_httpreq_t * request,const char * method)572 process_method(bozo_httpreq_t *request, const char *method)
573 {
574 struct bozohttpd_t *httpd = request->hr_httpd;
575 struct method_map *mmp;
576
577 if (request->hr_proto == httpd->consts.http_11)
578 request->hr_allow = "GET, HEAD, POST";
579
580 for (mmp = method_map; mmp->name; mmp++)
581 if (strcasecmp(method, mmp->name) == 0) {
582 request->hr_method = mmp->type;
583 request->hr_methodstr = mmp->name;
584 return 0;
585 }
586
587 return bozo_http_error(httpd, 404, request, "unknown method");
588 }
589
590 /* check header byte count */
591 static int
bozo_got_header_length(bozo_httpreq_t * request,size_t len)592 bozo_got_header_length(bozo_httpreq_t *request, size_t len)
593 {
594
595 if (len > BOZO_HEADERS_MAX_SIZE - request->hr_header_bytes)
596 return bozo_http_error(request->hr_httpd, 413, request,
597 "too many headers");
598
599 request->hr_header_bytes += len;
600
601 return 0;
602 }
603
604 /*
605 * This function reads a http request from stdin, returning a pointer to a
606 * bozo_httpreq_t structure, describing the request.
607 */
608 bozo_httpreq_t *
bozo_read_request(bozohttpd_t * httpd)609 bozo_read_request(bozohttpd_t *httpd)
610 {
611 struct sigaction sa;
612 char *str, *val, *method, *file, *proto, *query;
613 char *host, *addr, *port;
614 char bufport[10];
615 char hbuf[NI_MAXHOST], abuf[NI_MAXHOST];
616 struct sockaddr_storage ss;
617 ssize_t len;
618 int line = 0;
619 socklen_t slen;
620 bozo_httpreq_t *request;
621 struct timespec ots, ts;
622
623 /*
624 * if we're in daemon mode, bozo_daemon_fork() will return here twice
625 * for each call. once in the child, returning 0, and once in the
626 * parent, returning 1 for each child.
627 */
628 if (bozo_daemon_fork(httpd))
629 return NULL;
630
631 request = bozomalloc(httpd, sizeof(*request));
632 memset(request, 0, sizeof(*request));
633 request->hr_httpd = httpd;
634 request->hr_allow = request->hr_host = NULL;
635 request->hr_content_type = request->hr_content_length = NULL;
636 request->hr_range = NULL;
637 request->hr_last_byte_pos = -1;
638 request->hr_if_modified_since = NULL;
639 request->hr_virthostname = NULL;
640 request->hr_file_free = NULL;
641 request->hr_file = NULL;
642 request->hr_oldfile = NULL;
643 SIMPLEQ_INIT(&request->hr_replheaders);
644 bozo_auth_init(request);
645
646 slen = sizeof(ss);
647 if (getpeername(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
648 host = addr = NULL;
649 else {
650 if (getnameinfo((struct sockaddr *)(void *)&ss, slen,
651 abuf, sizeof abuf, NULL, 0, NI_NUMERICHOST) == 0)
652 addr = abuf;
653 else
654 addr = NULL;
655 if (httpd->numeric == 0 &&
656 getnameinfo((struct sockaddr *)(void *)&ss, slen,
657 hbuf, sizeof hbuf, NULL, 0, 0) == 0)
658 host = hbuf;
659 else
660 host = NULL;
661 }
662 if (host != NULL)
663 request->hr_remotehost = bozostrdup(httpd, request, host);
664 if (addr != NULL)
665 request->hr_remoteaddr = bozostrdup(httpd, request, addr);
666 slen = sizeof(ss);
667
668 /*
669 * Override the bound port from the request value, so it works even
670 * if passed through a proxy that doesn't rewrite the port.
671 */
672 if (httpd->bindport) {
673 if (strcmp(httpd->bindport, BOZO_HTTP_PORT) != 0)
674 port = httpd->bindport;
675 else
676 port = NULL;
677 } else {
678 if (getsockname(0, (struct sockaddr *)(void *)&ss, &slen) < 0)
679 port = NULL;
680 else {
681 if (getnameinfo((struct sockaddr *)(void *)&ss, slen,
682 NULL, 0, bufport, sizeof bufport,
683 NI_NUMERICSERV) == 0)
684 port = bufport;
685 else
686 port = NULL;
687 }
688 }
689 if (port != NULL)
690 request->hr_serverport = bozostrdup(httpd, request, port);
691
692 /*
693 * setup a timer to make sure the request is not hung
694 */
695 sa.sa_handler = alarmer;
696 sigemptyset(&sa.sa_mask);
697 sigaddset(&sa.sa_mask, SIGALRM);
698 sa.sa_flags = 0;
699 sigaction(SIGALRM, &sa, NULL);
700
701 if (clock_gettime(CLOCK_MONOTONIC, &ots) != 0) {
702 bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
703 goto cleanup;
704 }
705
706 /*
707 * now to try to setup SSL, and upon failure parent can signal the
708 * caller there was no request to process and it will wait for
709 * another.
710 */
711 if (bozo_ssl_accept(httpd))
712 return NULL;
713
714 alarm(httpd->initial_timeout);
715 while ((str = bozodgetln(httpd, STDIN_FILENO, &len, bozo_read)) != NULL) {
716 alarm(0);
717
718 if (clock_gettime(CLOCK_MONOTONIC, &ts) != 0) {
719 bozo_http_error(httpd, 500, NULL, "clock_gettime failed");
720 goto cleanup;
721 }
722 /*
723 * don't timeout if old tv_sec is not more than current
724 * tv_sec, or if current tv_sec is less than the request
725 * timeout (these shouldn't happen, but the first could
726 * if monotonic time is not available.)
727 *
728 * the other timeout and header size checks should ensure
729 * that even if time it set backwards or forwards a very
730 * long way, timeout will eventually happen, even if this
731 * one fails.
732 */
733 if (ts.tv_sec > ots.tv_sec &&
734 ts.tv_sec > httpd->request_timeout &&
735 ts.tv_sec - httpd->request_timeout > ots.tv_sec)
736 bozo_timeout_hit = 1;
737
738 if (bozo_timeout_hit) {
739 bozo_http_error(httpd, 408, NULL, "request timed out");
740 goto cleanup;
741 }
742 line++;
743
744 if (line == 1) {
745 if (len < 1) {
746 bozo_http_error(httpd, 404, NULL, "null method");
747 goto cleanup;
748 }
749 bozowarn(httpd,
750 "got request ``%s'' from host %s to port %s",
751 str,
752 host ? host : addr ? addr : "<local>",
753 port ? port : "<stdin>");
754
755 /* we allocate return space in file and query only */
756 parse_request(httpd, str, &method, &file, &query, &proto);
757 request->hr_file_free = request->hr_file = file;
758 request->hr_query = query;
759 if (method == NULL) {
760 bozo_http_error(httpd, 404, NULL, "null method");
761 goto cleanup;
762 }
763 if (file == NULL) {
764 bozo_http_error(httpd, 404, NULL, "null file");
765 goto cleanup;
766 }
767
768 /*
769 * note that we parse the proto first, so that we
770 * can more properly parse the method and the url.
771 */
772
773 if (process_proto(request, proto) ||
774 process_method(request, method)) {
775 goto cleanup;
776 }
777
778 debug((httpd, DEBUG_FAT, "got file \"%s\" query \"%s\"",
779 request->hr_file,
780 request->hr_query ? request->hr_query : "<none>"));
781
782 /* http/0.9 has no header processing */
783 if (request->hr_proto == httpd->consts.http_09)
784 break;
785 } else { /* incoming headers */
786 bozoheaders_t *hdr;
787
788 if (*str == '\0')
789 break;
790
791 val = bozostrnsep(&str, ":", &len);
792 debug((httpd, DEBUG_EXPLODING, "read_req2: after "
793 "bozostrnsep: str `%s' val `%s'",
794 str ? str : "<null>", val ? val : "<null>"));
795 if (val == NULL || len == -1) {
796 bozo_http_error(httpd, 404, request, "no header");
797 goto cleanup;
798 }
799 if (str == NULL) {
800 bozo_http_error(httpd, 404, request,
801 "malformed header");
802 goto cleanup;
803 }
804 while (*str == ' ' || *str == '\t')
805 len--, str++;
806 while (*val == ' ' || *val == '\t')
807 val++;
808
809 if (bozo_got_header_length(request, len))
810 goto cleanup;
811
812 if (bozo_auth_check_headers(request, val, str, len))
813 goto next_header;
814
815 hdr = addmerge_reqheader(request, val, str, len);
816
817 if (strcasecmp(hdr->h_header, "content-type") == 0)
818 request->hr_content_type = hdr->h_value;
819 else if (strcasecmp(hdr->h_header, "content-length") == 0)
820 request->hr_content_length = hdr->h_value;
821 else if (strcasecmp(hdr->h_header, "host") == 0) {
822 if (request->hr_host) {
823 /* RFC 7230 (HTTP/1.1): 5.4 */
824 bozo_http_error(httpd, 400, request,
825 "Only allow one Host: header");
826 goto cleanup;
827 }
828 request->hr_host = bozostrdup(httpd, request,
829 hdr->h_value);
830 }
831 /* RFC 2616 (HTTP/1.1): 14.20 */
832 else if (strcasecmp(hdr->h_header, "expect") == 0) {
833 bozo_http_error(httpd, 417, request,
834 "we don't support Expect:");
835 goto cleanup;
836 }
837 else if (strcasecmp(hdr->h_header, "referrer") == 0 ||
838 strcasecmp(hdr->h_header, "referer") == 0)
839 request->hr_referrer = hdr->h_value;
840 else if (strcasecmp(hdr->h_header, "range") == 0)
841 request->hr_range = hdr->h_value;
842 else if (strcasecmp(hdr->h_header,
843 "if-modified-since") == 0)
844 request->hr_if_modified_since = hdr->h_value;
845 else if (strcasecmp(hdr->h_header,
846 "accept-encoding") == 0)
847 request->hr_accept_encoding = hdr->h_value;
848
849 debug((httpd, DEBUG_FAT, "adding header %s: %s",
850 hdr->h_header, hdr->h_value));
851 }
852 next_header:
853 alarm(httpd->header_timeout);
854 }
855
856 /* now, clear it all out */
857 alarm(0);
858 signal(SIGALRM, SIG_DFL);
859
860 /* RFC1945, 8.3 */
861 if (request->hr_method == HTTP_POST &&
862 request->hr_content_length == NULL) {
863 bozo_http_error(httpd, 400, request, "missing content length");
864 goto cleanup;
865 }
866
867 /* RFC 2616 (HTTP/1.1), 14.23 & 19.6.1.1 */
868 if (request->hr_proto == httpd->consts.http_11 &&
869 /*(strncasecmp(request->hr_file, "http://", 7) != 0) &&*/
870 request->hr_host == NULL) {
871 bozo_http_error(httpd, 400, request, "missing Host header");
872 goto cleanup;
873 }
874
875 if (request->hr_range != NULL) {
876 debug((httpd, DEBUG_FAT, "hr_range: %s", request->hr_range));
877 /* support only simple ranges %d- and %d-%d */
878 if (strchr(request->hr_range, ',') == NULL) {
879 const char *rstart, *dash;
880
881 rstart = strchr(request->hr_range, '=');
882 if (rstart != NULL) {
883 rstart++;
884 dash = strchr(rstart, '-');
885 if (dash != NULL && dash != rstart) {
886 dash++;
887 request->hr_have_range = 1;
888 request->hr_first_byte_pos =
889 strtoll(rstart, NULL, 10);
890 if (request->hr_first_byte_pos < 0)
891 request->hr_first_byte_pos = 0;
892 if (*dash != '\0') {
893 request->hr_last_byte_pos =
894 strtoll(dash, NULL, 10);
895 if (request->hr_last_byte_pos < 0)
896 request->hr_last_byte_pos = -1;
897 }
898 }
899 }
900 }
901 }
902
903 debug((httpd, DEBUG_FAT, "bozo_read_request returns url %s in request",
904 request->hr_file));
905 return request;
906
907 cleanup:
908 bozo_clean_request(request);
909
910 return NULL;
911 }
912
913 static int
mmap_and_write_part(bozohttpd_t * httpd,int fd,off_t first_byte_pos,size_t sz)914 mmap_and_write_part(bozohttpd_t *httpd, int fd, off_t first_byte_pos, size_t sz)
915 {
916 size_t mappedsz, wroffset;
917 off_t mappedoffset;
918 char *addr;
919 void *mappedaddr;
920
921 /*
922 * we need to ensure that both the size *and* offset arguments to
923 * mmap() are page-aligned. our formala for this is:
924 *
925 * input offset: first_byte_pos
926 * input size: sz
927 *
928 * mapped offset = page align truncate (input offset)
929 * mapped size =
930 * page align extend (input offset - mapped offset + input size)
931 * write offset = input offset - mapped offset
932 *
933 * we use the write offset in all writes
934 */
935 mappedoffset = first_byte_pos & ~((off_t)httpd->page_size - 1);
936 mappedsz = (size_t)
937 (first_byte_pos - mappedoffset + sz + httpd->page_size - 1) &
938 ~(httpd->page_size - 1);
939 wroffset = (size_t)(first_byte_pos - mappedoffset);
940
941 addr = mmap(0, mappedsz, PROT_READ, MAP_SHARED, fd, mappedoffset);
942 if (addr == MAP_FAILED) {
943 bozowarn(httpd, "mmap failed: %s", strerror(errno));
944 return -1;
945 }
946 mappedaddr = addr;
947
948 #ifdef MADV_SEQUENTIAL
949 (void)madvise(addr, sz, MADV_SEQUENTIAL);
950 #endif
951 while (sz > BOZO_WRSZ) {
952 if (bozo_write(httpd, STDOUT_FILENO, addr + wroffset,
953 BOZO_WRSZ) != BOZO_WRSZ) {
954 bozowarn(httpd, "write failed: %s", strerror(errno));
955 goto out;
956 }
957 debug((httpd, DEBUG_OBESE, "wrote %d bytes", BOZO_WRSZ));
958 sz -= BOZO_WRSZ;
959 addr += BOZO_WRSZ;
960 }
961 if (sz && (size_t)bozo_write(httpd, STDOUT_FILENO, addr + wroffset,
962 sz) != sz) {
963 bozowarn(httpd, "final write failed: %s", strerror(errno));
964 goto out;
965 }
966 debug((httpd, DEBUG_OBESE, "wrote %d bytes", (int)sz));
967 out:
968 if (munmap(mappedaddr, mappedsz) < 0) {
969 bozowarn(httpd, "munmap failed");
970 return -1;
971 }
972
973 return 0;
974 }
975
976 static int
parse_http_date(const char * val,time_t * timestamp)977 parse_http_date(const char *val, time_t *timestamp)
978 {
979 char *remainder;
980 struct tm tm;
981
982 if ((remainder = strptime(val, "%a, %d %b %Y %T GMT", &tm)) == NULL &&
983 (remainder = strptime(val, "%a, %d-%b-%y %T GMT", &tm)) == NULL &&
984 (remainder = strptime(val, "%a %b %d %T %Y", &tm)) == NULL)
985 return 0; /* Invalid HTTP date format */
986
987 if (*remainder)
988 return 0; /* No trailing garbage */
989
990 *timestamp = timegm(&tm);
991 return 1;
992 }
993
994 /*
995 * given an url, encode it ala rfc 3986. ie, escape ? and friends.
996 * note that this function returns a static buffer, and thus needs
997 * to be updated for any sort of parallel processing. escape only
998 * chosen characters for absolute redirects
999 */
1000 char *
bozo_escape_rfc3986(bozohttpd_t * httpd,const char * url,int absolute)1001 bozo_escape_rfc3986(bozohttpd_t *httpd, const char *url, int absolute)
1002 {
1003 static char *buf;
1004 static size_t buflen = 0;
1005 size_t len;
1006 const char *s;
1007 char *d;
1008
1009 len = strlen(url);
1010 if (buflen < len * 3 + 1) {
1011 buflen = len * 3 + 1;
1012 buf = bozorealloc(httpd, buf, buflen);
1013 }
1014
1015 for (s = url, d = buf; *s;) {
1016 if (*s & 0x80)
1017 goto encode_it;
1018 switch (*s) {
1019 case ':':
1020 case '?':
1021 case '#':
1022 case '[':
1023 case ']':
1024 case '@':
1025 case '!':
1026 case '$':
1027 case '&':
1028 case '\'':
1029 case '(':
1030 case ')':
1031 case '*':
1032 case '+':
1033 case ',':
1034 case ';':
1035 case '=':
1036 case '%':
1037 case '"':
1038 if (absolute)
1039 goto leave_it;
1040 /*FALLTHROUGH*/
1041 case '\n':
1042 case '\r':
1043 case ' ':
1044 encode_it:
1045 snprintf(d, 4, "%%%02X", (unsigned char)*s++);
1046 d += 3;
1047 break;
1048 default:
1049 leave_it:
1050 *d++ = *s++;
1051 break;
1052 }
1053 }
1054 *d = 0;
1055
1056 return buf;
1057 }
1058
1059 /*
1060 * do automatic redirection -- if there are query parameters or userdir for
1061 * the URL we will tack these on to the new (redirected) URL.
1062 */
1063 static void
handle_redirect(bozo_httpreq_t * request,const char * url,int absolute)1064 handle_redirect(bozo_httpreq_t *request, const char *url, int absolute)
1065 {
1066 bozohttpd_t *httpd = request->hr_httpd;
1067 char *finalurl, *urlbuf;
1068 #ifndef NO_USER_SUPPORT
1069 char *userbuf;
1070 #endif /* !NO_USER_SUPPORT */
1071 char portbuf[20];
1072 const char *scheme, *query, *quest;
1073 const char *hostname = BOZOHOST(httpd, request);
1074 int absproto = 0; /* absolute redirect provides own schema */
1075
1076 if (url == NULL) {
1077 bozoasprintf(httpd, &urlbuf, "/%s/", request->hr_file);
1078 url = urlbuf;
1079 } else
1080 urlbuf = NULL;
1081
1082 #ifndef NO_USER_SUPPORT
1083 if (request->hr_user && !absolute) {
1084 bozoasprintf(httpd, &userbuf, "/~%s%s", request->hr_user, url);
1085 url = userbuf;
1086 } else
1087 userbuf = NULL;
1088 #endif /* !NO_USER_SUPPORT */
1089
1090 if (absolute) {
1091 char *sep = NULL;
1092 const char *s;
1093
1094 /*
1095 * absolute redirect may specify own protocol i.e. to redirect
1096 * to another schema like https:// or ftp://.
1097 * Details: RFC 3986, section 3.
1098 */
1099
1100 /* 1. check if url contains :// */
1101 sep = strstr(url, "://");
1102
1103 /*
1104 * RFC 3986, section 3.1:
1105 * scheme = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
1106 */
1107 if (sep) {
1108 for (s = url; s != sep;) {
1109 if (!isalnum((int)*s) &&
1110 *s != '+' && *s != '-' && *s != '.')
1111 break;
1112 if (++s == sep) {
1113 absproto = 1;
1114 }
1115 }
1116 }
1117 }
1118
1119 /* construct final redirection url */
1120
1121 scheme = absproto ? "" : httpd->sslinfo ? "https://" : "http://";
1122
1123 if (absolute) {
1124 hostname = "";
1125 portbuf[0] = '\0';
1126 } else {
1127 const char *defport = httpd->sslinfo ? BOZO_HTTPS_PORT : BOZO_HTTP_PORT;
1128
1129 if (request->hr_serverport &&
1130 strcmp(request->hr_serverport, defport) != 0)
1131 snprintf(portbuf, sizeof(portbuf), ":%s",
1132 request->hr_serverport);
1133 else
1134 portbuf[0] = '\0';
1135 }
1136
1137 url = bozo_escape_rfc3986(httpd, url, absolute);
1138
1139 if (request->hr_query && strlen(request->hr_query)) {
1140 query = request->hr_query;
1141 quest = "?";
1142 } else {
1143 query = quest = "";
1144 }
1145
1146 bozoasprintf(httpd, &finalurl, "%s%s%s%s%s%s",
1147 scheme, hostname, portbuf, url, quest, query);
1148
1149 bozowarn(httpd, "redirecting %s", finalurl);
1150 debug((httpd, DEBUG_FAT, "redirecting %s", finalurl));
1151
1152 bozo_printf(httpd, "%s 301 Document Moved\r\n", request->hr_proto);
1153 if (request->hr_proto != httpd->consts.http_09)
1154 bozo_print_header(request, NULL, "text/html", NULL);
1155 if (request->hr_proto != httpd->consts.http_09)
1156 bozo_printf(httpd, "Location: %s\r\n", finalurl);
1157 bozo_printf(httpd, "\r\n");
1158 if (request->hr_method == HTTP_HEAD)
1159 goto head;
1160 bozo_printf(httpd, "<html><head><title>Document Moved</title></head>\n");
1161 bozo_printf(httpd, "<body><h1>Document Moved</h1>\n");
1162 bozo_printf(httpd, "This document had moved <a href=\"%s\">here</a>\n",
1163 finalurl);
1164 bozo_printf(httpd, "</body></html>\n");
1165 head:
1166 bozo_flush(httpd, stdout);
1167 free(urlbuf);
1168 free(finalurl);
1169 #ifndef NO_USER_SUPPORT
1170 free(userbuf);
1171 #endif /* !NO_USER_SUPPORT */
1172 }
1173
1174 /*
1175 * Like strncmp(), but s_esc may contain characters escaped by \.
1176 * The len argument does not include the backslashes used for escaping,
1177 * that is: it gives the raw len, after unescaping the string.
1178 */
1179 static int
esccmp(const char * s_plain,const char * s_esc,size_t len)1180 esccmp(const char *s_plain, const char *s_esc, size_t len)
1181 {
1182 bool esc = false;
1183
1184 while (len) {
1185 if (!esc && *s_esc == '\\') {
1186 esc = true;
1187 s_esc++;
1188 continue;
1189 }
1190 esc = false;
1191 if (*s_plain == 0 || *s_esc == 0 || *s_plain != *s_esc)
1192 return *s_esc - *s_plain;
1193 s_esc++;
1194 s_plain++;
1195 len--;
1196 }
1197 return 0;
1198 }
1199
1200 /*
1201 * Check if the request refers to a uri that is mapped via a .bzremap.
1202 * We have /requested/path:/re/mapped/to/this.html lines in there,
1203 * and the : separator may be use in the left hand side escaped with
1204 * \ to encode a path containig a : character.
1205 */
1206 static void
check_remap(bozo_httpreq_t * request)1207 check_remap(bozo_httpreq_t *request)
1208 {
1209 bozohttpd_t *httpd = request->hr_httpd;
1210 char *file = request->hr_file, *newfile;
1211 void *fmap;
1212 const char *replace = NULL, *map_to = NULL, *p;
1213 struct stat st;
1214 int mapfile;
1215 size_t avail, len, rlen, reqlen, num_esc = 0;
1216 bool escaped = false;
1217
1218 mapfile = open(REMAP_FILE, O_RDONLY, 0);
1219 if (mapfile == -1)
1220 return;
1221 debug((httpd, DEBUG_FAT, "remap file found"));
1222 if (fstat(mapfile, &st) == -1) {
1223 bozowarn(httpd, "could not stat " REMAP_FILE ", errno: %d",
1224 errno);
1225 goto out;
1226 }
1227
1228 fmap = mmap(NULL, st.st_size, PROT_READ, MAP_SHARED, mapfile, 0);
1229 if (fmap == MAP_FAILED) {
1230 bozowarn(httpd, "could not mmap " REMAP_FILE ", error %d",
1231 errno);
1232 goto out;
1233 }
1234 reqlen = strlen(file);
1235 for (p = fmap, avail = st.st_size; avail; ) {
1236 /*
1237 * We have lines like:
1238 * /this/url:/replacement/that/url
1239 * If we find a matching left hand side, replace will point
1240 * to it and len will be its length. map_to will point to
1241 * the right hand side and rlen wil be its length.
1242 * If we have no match, both pointers will be NULL.
1243 */
1244
1245 /* skip empty lines */
1246 while ((*p == '\r' || *p == '\n') && avail) {
1247 p++;
1248 avail--;
1249 }
1250 replace = p;
1251 escaped = false;
1252 while (avail) {
1253 if (*p == '\r' || *p == '\n')
1254 break;
1255 if (!escaped && *p == ':')
1256 break;
1257 if (escaped) {
1258 escaped = false;
1259 num_esc++;
1260 } else if (*p == '\\') {
1261 escaped = true;
1262 }
1263 p++;
1264 avail--;
1265 }
1266 if (!avail || *p != ':') {
1267 replace = NULL;
1268 map_to = NULL;
1269 break;
1270 }
1271 len = p - replace - num_esc;
1272 /*
1273 * reqlen < len: the left hand side is too long, can't be a
1274 * match
1275 * reqlen == len: full string has to match
1276 * reqlen > len: make sure there is a path separator at 'len'
1277 * avail < 2: we are at eof, missing right hand side
1278 */
1279 if (avail < 2 || reqlen < len ||
1280 (reqlen == len && esccmp(file, replace, len) != 0) ||
1281 (reqlen > len && (file[len] != '/' ||
1282 esccmp(file, replace, len) != 0))) {
1283
1284 /* non-match, skip to end of line and continue */
1285 while (*p != '\r' && *p != '\n' && avail) {
1286 p++;
1287 avail--;
1288 }
1289 replace = NULL;
1290 map_to = NULL;
1291 continue;
1292 }
1293 p++;
1294 avail--;
1295
1296 /* found a match, parse the target */
1297 map_to = p;
1298 while (*p != '\r' && *p != '\n' && avail) {
1299 p++;
1300 avail--;
1301 }
1302 rlen = p - map_to;
1303 break;
1304 }
1305
1306 if (replace && map_to) {
1307 newfile = bozomalloc(httpd, strlen(file) + rlen - len + 1);
1308 memcpy(newfile, map_to, rlen);
1309 strcpy(newfile+rlen, file + len);
1310 debug((httpd, DEBUG_NORMAL, "remapping found '%s'",
1311 newfile));
1312 free(request->hr_file_free);
1313 request->hr_file_free = request->hr_file = newfile;
1314 }
1315
1316 munmap(fmap, st.st_size);
1317 out:
1318 close(mapfile);
1319 }
1320
1321 /*
1322 * deal with virtual host names; we do this:
1323 * if we have a virtual path root (httpd->virtbase), and we are given a
1324 * virtual host spec (Host: ho.st or http://ho.st/), see if this
1325 * directory exists under httpd->virtbase. if it does, use this as the
1326 # new slashdir.
1327 */
1328 static int
check_virtual(bozo_httpreq_t * request)1329 check_virtual(bozo_httpreq_t *request)
1330 {
1331 bozohttpd_t *httpd = request->hr_httpd;
1332 char *file = request->hr_file, *s;
1333 size_t len;
1334
1335 /*
1336 * convert http://virtual.host/ to request->hr_host
1337 */
1338 debug((httpd, DEBUG_OBESE,
1339 "checking for http:// virtual host in '%s'", file));
1340 if (strncasecmp(file, "http://", 7) == 0) {
1341 /* we would do virtual hosting here? */
1342 file += 7;
1343 /* RFC 2616 (HTTP/1.1), 5.2: URI takes precedence over Host: */
1344 free(request->hr_host);
1345 request->hr_host = bozostrdup(httpd, request, file);
1346 if ((s = strchr(request->hr_host, '/')) != NULL)
1347 *s = '\0';
1348 s = strchr(file, '/');
1349 free(request->hr_file_free);
1350 request->hr_file_free = request->hr_file =
1351 bozostrdup(httpd, request, s ? s : "/");
1352 debug((httpd, DEBUG_OBESE, "got host '%s' file is now '%s'",
1353 request->hr_host, request->hr_file));
1354 } else if (!request->hr_host)
1355 goto use_slashdir;
1356
1357 /*
1358 * canonicalise hr_host - that is, remove any :80.
1359 */
1360 len = strlen(request->hr_host);
1361 if (len > 3 &&
1362 strcmp(request->hr_host + len - 3, ":" BOZO_HTTP_PORT) == 0) {
1363 request->hr_host[len - 3] = '\0';
1364 len = strlen(request->hr_host);
1365 }
1366
1367 if (!httpd->virtbase) {
1368 /*
1369 * if we don't use vhost support, then set virthostname if
1370 * user supplied Host header. It will be used for possible
1371 * redirections
1372 */
1373 if (request->hr_host) {
1374 s = strrchr(request->hr_host, ':');
1375 if (s != NULL)
1376 /*
1377 * truncate Host: as we want to copy it
1378 * without port part
1379 */
1380 *s = '\0';
1381 request->hr_virthostname = bozostrdup(httpd, request,
1382 request->hr_host);
1383 if (s != NULL)
1384 /* fix Host: again, if we truncated it */
1385 *s = ':';
1386 }
1387 goto use_slashdir;
1388 }
1389
1390 /*
1391 * ok, we have a virtual host, use opendir(3) to find a case
1392 * insensitive match for the virtual host we are asked for.
1393 * note that if the virtual host is the same as the master,
1394 * we don't need to do anything special.
1395 */
1396 debug((httpd, DEBUG_OBESE,
1397 "check_virtual: checking host `%s' under httpd->virtbase `%s' "
1398 "for file `%s'",
1399 request->hr_host, httpd->virtbase, request->hr_file));
1400 if (strncasecmp(httpd->virthostname, request->hr_host, len) != 0) {
1401 s = NULL;
1402 DIR *dirp;
1403 struct dirent *d;
1404
1405 if ((dirp = opendir(httpd->virtbase)) != NULL) {
1406 while ((d = readdir(dirp)) != NULL) {
1407 if (strcmp(d->d_name, ".") == 0 ||
1408 strcmp(d->d_name, "..") == 0) {
1409 continue;
1410 }
1411 debug((httpd, DEBUG_OBESE, "looking at dir '%s'",
1412 d->d_name));
1413 if (strcmp(d->d_name, request->hr_host) == 0) {
1414 /* found it, punch it */
1415 debug((httpd, DEBUG_OBESE, "found it punch it"));
1416 request->hr_virthostname =
1417 bozostrdup(httpd, request, d->d_name);
1418 bozoasprintf(httpd, &s, "%s/%s",
1419 httpd->virtbase,
1420 request->hr_virthostname);
1421 break;
1422 }
1423 }
1424 closedir(dirp);
1425 }
1426 else {
1427 debug((httpd, DEBUG_FAT, "opendir %s failed: %s",
1428 httpd->virtbase, strerror(errno)));
1429 }
1430 if (s == 0) {
1431 if (httpd->unknown_slash)
1432 goto use_slashdir;
1433 return bozo_http_error(httpd, 404, request,
1434 "unknown URL");
1435 }
1436 } else
1437 use_slashdir:
1438 s = httpd->slashdir;
1439
1440 /*
1441 * ok, nailed the correct slashdir, chdir to it
1442 */
1443 if (chdir(s) < 0)
1444 return bozo_http_error(httpd, 404, request,
1445 "can't chdir to slashdir");
1446
1447 /*
1448 * is there a mapping for this request?
1449 */
1450 check_remap(request);
1451
1452 return 0;
1453 }
1454
1455 /*
1456 * checks to see if this request has a valid .bzredirect file. returns
1457 * 0 when no redirection happend, or 1 when handle_redirect() has been
1458 * called, -1 on error.
1459 */
1460 static int
check_bzredirect(bozo_httpreq_t * request)1461 check_bzredirect(bozo_httpreq_t *request)
1462 {
1463 bozohttpd_t *httpd = request->hr_httpd;
1464 struct stat sb;
1465 char dir[MAXPATHLEN], redir[MAXPATHLEN], redirpath[MAXPATHLEN + 1],
1466 path[MAXPATHLEN + 1];
1467 char *basename, *finalredir;
1468 int rv, absolute;
1469
1470 /*
1471 * if this pathname is really a directory, but doesn't end in /,
1472 * use it as the directory to look for the redir file.
1473 */
1474 if ((size_t)snprintf(dir, sizeof(dir), "%s", request->hr_file + 1) >=
1475 sizeof(dir)) {
1476 bozo_http_error(httpd, 404, request, "file path too long");
1477 return -1;
1478 }
1479 debug((httpd, DEBUG_FAT, "check_bzredirect: dir %s", dir));
1480 basename = strrchr(dir, '/');
1481
1482 if ((!basename || basename[1] != '\0') &&
1483 lstat(dir, &sb) == 0 && S_ISDIR(sb.st_mode)) {
1484 strcpy(path, dir);
1485 basename = dir;
1486 } else if (basename == NULL) {
1487 strcpy(path, ".");
1488 strcpy(dir, "");
1489 basename = request->hr_file + 1;
1490 } else {
1491 *basename++ = '\0';
1492 strcpy(path, dir);
1493 }
1494 if (bozo_check_special_files(request, basename, true))
1495 return -1;
1496
1497 debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path));
1498
1499 if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
1500 REDIRECT_FILE) >= sizeof(redir)) {
1501 return bozo_http_error(httpd, 404, request,
1502 "redirectfile path too long");
1503 }
1504 if (lstat(redir, &sb) == 0) {
1505 if (!S_ISLNK(sb.st_mode))
1506 return 0;
1507 absolute = 0;
1508 } else {
1509 if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path,
1510 ABSREDIRECT_FILE) >= sizeof(redir)) {
1511 bozo_http_error(httpd, 404, request,
1512 "redirectfile path too long");
1513 return -1;
1514 }
1515 if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode))
1516 return 0;
1517 absolute = 1;
1518 }
1519 debug((httpd, DEBUG_FAT, "check_bzredirect: calling readlink"));
1520 rv = readlink(redir, redirpath, sizeof redirpath - 1);
1521 if (rv == -1 || rv == 0) {
1522 debug((httpd, DEBUG_FAT, "readlink failed"));
1523 return 0;
1524 }
1525 redirpath[rv] = '\0';
1526 debug((httpd, DEBUG_FAT, "readlink returned \"%s\"", redirpath));
1527
1528 /* check if we need authentication */
1529 snprintf(path, sizeof(path), "%s/", dir);
1530 if (bozo_auth_check(request, path))
1531 return 1;
1532
1533 /* now we have the link pointer, redirect to the real place */
1534 if (!absolute && redirpath[0] != '/') {
1535 if ((size_t)snprintf(finalredir = redir, sizeof(redir), "%s%s/%s",
1536 (strlen(dir) > 0 ? "/" : ""), dir, redirpath) >= sizeof(redir)) {
1537 bozo_http_error(httpd, 404, request,
1538 "redirect path too long");
1539 return -1;
1540 }
1541 } else
1542 finalredir = redirpath;
1543
1544 debug((httpd, DEBUG_FAT, "check_bzredirect: new redir %s", finalredir));
1545 handle_redirect(request, finalredir, absolute);
1546 return 1;
1547 }
1548
1549 /* this fixes the %HH hack that RFC2396 requires. */
1550 int
bozo_decode_url_percent(bozo_httpreq_t * request,char * str)1551 bozo_decode_url_percent(bozo_httpreq_t *request, char *str)
1552 {
1553 bozohttpd_t *httpd = request->hr_httpd;
1554 char *s, *t, buf[3];
1555 char *end; /* if end is not-zero, we don't translate beyond that */
1556
1557 end = str + strlen(str);
1558
1559 /* fast forward to the first % */
1560 if ((s = strchr(str, '%')) == NULL)
1561 return 0;
1562
1563 t = s;
1564 do {
1565 if (end && s >= end) {
1566 debug((httpd, DEBUG_EXPLODING,
1567 "fu_%%: past end, filling out.."));
1568 while (*s)
1569 *t++ = *s++;
1570 break;
1571 }
1572 debug((httpd, DEBUG_EXPLODING,
1573 "fu_%%: got s == %%, s[1]s[2] == %c%c",
1574 s[1], s[2]));
1575 if (s[1] == '\0' || s[2] == '\0')
1576 return bozo_http_error(httpd, 400, request,
1577 "percent hack missing two chars afterwards");
1578 if (s[1] == '0' && s[2] == '0')
1579 return bozo_http_error(httpd, 404, request,
1580 "percent hack was %00");
1581 if (s[1] == '2' && (s[2] == 'f' || s[2] == 'F'))
1582 return bozo_http_error(httpd, 404, request,
1583 "percent hack was %2f (/)");
1584
1585 buf[0] = *++s;
1586 buf[1] = *++s;
1587 buf[2] = '\0';
1588 s++;
1589 *t = (char)strtol(buf, NULL, 16);
1590 debug((httpd, DEBUG_EXPLODING,
1591 "fu_%%: strtol put '%02x' into *t", *t));
1592 if (*t++ == '\0')
1593 return bozo_http_error(httpd, 400, request,
1594 "percent hack got a 0 back");
1595
1596 while (*s && *s != '%') {
1597 if (end && s >= end)
1598 break;
1599 *t++ = *s++;
1600 }
1601 } while (*s);
1602 *t = '\0';
1603
1604 debug((httpd, DEBUG_FAT, "bozo_decode_url_percent returns `%s'",
1605 request->hr_file));
1606
1607 return 0;
1608 }
1609
1610 /*
1611 * transform_request does this:
1612 * - ``expand'' %20 crapola
1613 * - punt if it doesn't start with /
1614 * - look for "http://myname/" and deal with it.
1615 * - maybe call bozo_process_cgi()
1616 * - check for ~user and call bozo_user_transform() if so
1617 * - if the length > 1, check for trailing slash. if so,
1618 * add the index.html file
1619 * - if the length is 1, return the index.html file
1620 * - disallow anything ending up with a file starting
1621 * at "/" or having ".." in it.
1622 * - anything else is a really weird internal error
1623 * - returns malloced file to serve, if unhandled
1624 */
1625 static int
transform_request(bozo_httpreq_t * request,int * isindex)1626 transform_request(bozo_httpreq_t *request, int *isindex)
1627 {
1628 bozohttpd_t *httpd = request->hr_httpd;
1629 char *file, *newfile = NULL;
1630 size_t len;
1631
1632 file = NULL;
1633 *isindex = 0;
1634 debug((httpd, DEBUG_FAT, "tf_req: file %s", request->hr_file));
1635
1636 if (bozo_decode_url_percent(request, request->hr_file) ||
1637 check_virtual(request))
1638 goto bad_done;
1639
1640 file = request->hr_file;
1641
1642 if (file[0] != '/') {
1643 bozo_http_error(httpd, 404, request, "unknown URL");
1644 goto bad_done;
1645 }
1646
1647 /* omit additional slashes at the beginning */
1648 while (file[1] == '/')
1649 file++;
1650
1651 /* fix file provided by user as it's used in other handlers */
1652 request->hr_file = file;
1653
1654 len = strlen(file);
1655
1656 #ifndef NO_USER_SUPPORT
1657 /* first of all expand user path */
1658 if (len > 1 && httpd->enable_users && file[1] == '~') {
1659 if (file[2] == '\0') {
1660 bozo_http_error(httpd, 404, request,
1661 "missing username");
1662 goto bad_done;
1663 }
1664 if (strchr(file + 2, '/') == NULL) {
1665 char *userredirecturl;
1666
1667 bozoasprintf(httpd, &userredirecturl, "%s/", file);
1668 handle_redirect(request, userredirecturl, 0);
1669 free(userredirecturl);
1670 return 0;
1671 }
1672 debug((httpd, DEBUG_FAT, "calling bozo_user_transform"));
1673
1674 if (!bozo_user_transform(request))
1675 return 0;
1676
1677 file = request->hr_file;
1678 len = strlen(file);
1679 }
1680 #endif /* NO_USER_SUPPORT */
1681
1682
1683 switch (check_bzredirect(request)) {
1684 case -1:
1685 goto bad_done;
1686 case 0:
1687 break;
1688 default:
1689 return 0;
1690 }
1691
1692 if (len > 1) {
1693 debug((httpd, DEBUG_FAT, "file[len-1] == %c", file[len-1]));
1694 if (file[len-1] == '/') { /* append index.html */
1695 *isindex = 1;
1696 debug((httpd, DEBUG_FAT, "appending index.html"));
1697 newfile = bozomalloc(httpd,
1698 len + strlen(httpd->index_html) + 1);
1699 strcpy(newfile, file + 1);
1700 strcat(newfile, httpd->index_html);
1701 } else
1702 newfile = bozostrdup(httpd, request, file + 1);
1703 } else if (len == 1) {
1704 debug((httpd, DEBUG_EXPLODING, "tf_req: len == 1"));
1705 newfile = bozostrdup(httpd, request, httpd->index_html);
1706 *isindex = 1;
1707 } else { /* len == 0 ? */
1708 bozo_http_error(httpd, 500, request, "request->hr_file is nul");
1709 goto bad_done;
1710 }
1711
1712 if (newfile == NULL) {
1713 bozo_http_error(httpd, 500, request, "internal failure");
1714 goto bad_done;
1715 }
1716
1717 /*
1718 * stop traversing outside our domain
1719 *
1720 * XXX true security only comes from our parent using chroot(2)
1721 * before execve(2)'ing us. or our own built in chroot(2) support.
1722 */
1723
1724 debug((httpd, DEBUG_FAT, "newfile: %s", newfile));
1725
1726 if (*newfile == '/' || strcmp(newfile, "..") == 0 ||
1727 strstr(newfile, "/..") || strstr(newfile, "../")) {
1728 bozo_http_error(httpd, 403, request, "illegal request");
1729 goto bad_done;
1730 }
1731
1732 if (bozo_auth_check(request, newfile))
1733 goto bad_done;
1734
1735 if (strlen(newfile)) {
1736 request->hr_oldfile = request->hr_file_free;
1737 request->hr_file = newfile;
1738 }
1739
1740 if (bozo_process_cgi(request) ||
1741 bozo_process_lua(request))
1742 return 0;
1743
1744 debug((httpd, DEBUG_FAT, "transform_request set: %s", newfile));
1745 return 1;
1746
1747 bad_done:
1748 debug((httpd, DEBUG_FAT, "transform_request returning: 0"));
1749 free(newfile);
1750 return 0;
1751 }
1752
1753 /*
1754 * can_gzip checks if the request supports and prefers gzip encoding.
1755 *
1756 * XXX: we do not consider the associated q with gzip in making our
1757 * decision which is broken.
1758 */
1759
1760 static int
can_gzip(bozo_httpreq_t * request)1761 can_gzip(bozo_httpreq_t *request)
1762 {
1763 const char *pos;
1764 const char *tmp;
1765 size_t len;
1766
1767 /* First we decide if the request can be gzipped at all. */
1768
1769 /* not if we already are encoded... */
1770 tmp = bozo_content_encoding(request, request->hr_file);
1771 if (tmp && *tmp)
1772 return 0;
1773
1774 /* not if we are not asking for the whole file... */
1775 if (request->hr_last_byte_pos != -1 || request->hr_have_range)
1776 return 0;
1777
1778 /* Then we determine if gzip is on the cards. */
1779
1780 for (pos = request->hr_accept_encoding; pos && *pos; pos += len) {
1781 while (*pos == ' ')
1782 pos++;
1783
1784 len = strcspn(pos, ";,");
1785
1786 if ((len == 4 && strncasecmp("gzip", pos, 4) == 0) ||
1787 (len == 6 && strncasecmp("x-gzip", pos, 6) == 0))
1788 return 1;
1789
1790 if (pos[len] == ';')
1791 len += strcspn(&pos[len], ",");
1792
1793 if (pos[len])
1794 len++;
1795 }
1796
1797 return 0;
1798 }
1799
1800 /*
1801 * bozo_process_request does the following:
1802 * - check the request is valid
1803 * - process cgi-bin if necessary
1804 * - transform a filename if necesarry
1805 * - return the HTTP request
1806 */
1807 void
bozo_process_request(bozo_httpreq_t * request)1808 bozo_process_request(bozo_httpreq_t *request)
1809 {
1810 bozohttpd_t *httpd = request->hr_httpd;
1811 struct stat sb;
1812 time_t timestamp;
1813 char *file;
1814 const char *type, *encoding;
1815 int fd, isindex;
1816
1817 /*
1818 * note that transform_request chdir()'s if required. also note
1819 * that cgi is handed here. if transform_request() returns 0
1820 * then the request has been handled already.
1821 */
1822 if (transform_request(request, &isindex) == 0)
1823 return;
1824
1825 fd = -1;
1826 encoding = NULL;
1827 if (can_gzip(request)) {
1828 bozoasprintf(httpd, &file, "%s.gz", request->hr_file);
1829 fd = open(file, O_RDONLY);
1830 if (fd >= 0)
1831 encoding = "gzip";
1832 free(file);
1833 }
1834
1835 file = request->hr_file;
1836
1837 if (fd < 0)
1838 fd = open(file, O_RDONLY);
1839
1840 if (fd < 0) {
1841 debug((httpd, DEBUG_FAT, "open failed: %s", strerror(errno)));
1842 switch (errno) {
1843 case EPERM:
1844 case EACCES:
1845 bozo_http_error(httpd, 403, request,
1846 "no permission to open file");
1847 break;
1848 case ENAMETOOLONG:
1849 /*FALLTHROUGH*/
1850 case ENOENT:
1851 if (!bozo_dir_index(request, file, isindex))
1852 bozo_http_error(httpd, 404, request, "no file");
1853 break;
1854 default:
1855 bozo_http_error(httpd, 500, request, "open file");
1856 }
1857 goto cleanup_nofd;
1858 }
1859 if (fstat(fd, &sb) < 0) {
1860 bozo_http_error(httpd, 500, request, "can't fstat");
1861 goto cleanup;
1862 }
1863 if (S_ISDIR(sb.st_mode)) {
1864 handle_redirect(request, NULL, 0);
1865 goto cleanup;
1866 }
1867
1868 if (request->hr_if_modified_since &&
1869 parse_http_date(request->hr_if_modified_since, ×tamp) &&
1870 timestamp >= sb.st_mtime) {
1871 /* XXX ignore subsecond of timestamp */
1872 bozo_printf(httpd, "%s 304 Not Modified\r\n",
1873 request->hr_proto);
1874 bozo_printf(httpd, "\r\n");
1875 bozo_flush(httpd, stdout);
1876 goto cleanup;
1877 }
1878
1879 /* validate requested range */
1880 if (request->hr_last_byte_pos == -1 ||
1881 request->hr_last_byte_pos >= sb.st_size)
1882 request->hr_last_byte_pos = sb.st_size - 1;
1883 if (request->hr_have_range &&
1884 request->hr_first_byte_pos > request->hr_last_byte_pos) {
1885 request->hr_have_range = 0; /* punt */
1886 request->hr_first_byte_pos = 0;
1887 request->hr_last_byte_pos = sb.st_size - 1;
1888 }
1889 debug((httpd, DEBUG_FAT, "have_range %d first_pos %lld last_pos %lld",
1890 request->hr_have_range,
1891 (long long)request->hr_first_byte_pos,
1892 (long long)request->hr_last_byte_pos));
1893 if (request->hr_have_range)
1894 bozo_printf(httpd, "%s 206 Partial Content\r\n",
1895 request->hr_proto);
1896 else
1897 bozo_printf(httpd, "%s 200 OK\r\n", request->hr_proto);
1898
1899 if (request->hr_proto != httpd->consts.http_09) {
1900 type = bozo_content_type(request, file);
1901 if (!encoding)
1902 encoding = bozo_content_encoding(request, file);
1903
1904 bozo_print_header(request, &sb, type, encoding);
1905 bozo_printf(httpd, "\r\n");
1906 }
1907 bozo_flush(httpd, stdout);
1908
1909 if (request->hr_method != HTTP_HEAD) {
1910 off_t szleft, cur_byte_pos;
1911
1912 szleft =
1913 request->hr_last_byte_pos - request->hr_first_byte_pos + 1;
1914 cur_byte_pos = request->hr_first_byte_pos;
1915
1916 retry:
1917 while (szleft) {
1918 size_t sz;
1919
1920 if ((off_t)httpd->mmapsz < szleft)
1921 sz = httpd->mmapsz;
1922 else
1923 sz = (size_t)szleft;
1924 if (mmap_and_write_part(httpd, fd, cur_byte_pos, sz)) {
1925 if (errno == ENOMEM) {
1926 httpd->mmapsz /= 2;
1927 if (httpd->mmapsz >= httpd->page_size)
1928 goto retry;
1929 }
1930 goto cleanup;
1931 }
1932 cur_byte_pos += sz;
1933 szleft -= sz;
1934 }
1935 }
1936 cleanup:
1937 close(fd);
1938 cleanup_nofd:
1939 /* If SSL enabled send close_notify. */
1940 bozo_ssl_shutdown(request->hr_httpd);
1941 close(STDIN_FILENO);
1942 close(STDOUT_FILENO);
1943 /*close(STDERR_FILENO);*/
1944 }
1945
1946 /* make sure we're not trying to access special files */
1947 int
bozo_check_special_files(bozo_httpreq_t * request,const char * name,bool doerror)1948 bozo_check_special_files(bozo_httpreq_t *request, const char *name, bool doerror)
1949 {
1950 bozohttpd_t *httpd = request->hr_httpd;
1951 size_t i;
1952 int error = 0;
1953
1954 for (i = 0; specials[i].file; i++) {
1955 if (strcmp(name, specials[i].file) == 0) {
1956 if (doerror) {
1957 error = bozo_http_error(httpd, 403, request,
1958 specials[i].name);
1959 } else {
1960 error = -1;
1961 }
1962 }
1963 }
1964
1965 return error;
1966 }
1967
1968 /* generic header printing routine */
1969 void
bozo_print_header(bozo_httpreq_t * request,struct stat * sbp,const char * type,const char * encoding)1970 bozo_print_header(bozo_httpreq_t *request,
1971 struct stat *sbp, const char *type, const char *encoding)
1972 {
1973 bozohttpd_t *httpd = request->hr_httpd;
1974 off_t len;
1975 char date[40];
1976 bozoheaders_t *hdr;
1977
1978 SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) {
1979 bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
1980 hdr->h_value);
1981 }
1982
1983 bozo_printf(httpd, "Date: %s\r\n", bozo_http_date(date, sizeof(date)));
1984 bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
1985 bozo_printf(httpd, "Accept-Ranges: bytes\r\n");
1986 if (sbp) {
1987 char filedate[40];
1988 struct tm *tm;
1989
1990 tm = gmtime(&sbp->st_mtime);
1991 strftime(filedate, sizeof filedate,
1992 "%a, %d %b %Y %H:%M:%S GMT", tm);
1993 bozo_printf(httpd, "Last-Modified: %s\r\n", filedate);
1994 }
1995 if (type && *type)
1996 bozo_printf(httpd, "Content-Type: %s\r\n", type);
1997 if (encoding && *encoding)
1998 bozo_printf(httpd, "Content-Encoding: %s\r\n", encoding);
1999 if (sbp) {
2000 if (request->hr_have_range) {
2001 len = request->hr_last_byte_pos -
2002 request->hr_first_byte_pos +1;
2003 bozo_printf(httpd,
2004 "Content-Range: bytes %qd-%qd/%qd\r\n",
2005 (long long) request->hr_first_byte_pos,
2006 (long long) request->hr_last_byte_pos,
2007 (long long) sbp->st_size);
2008 } else
2009 len = sbp->st_size;
2010 bozo_printf(httpd, "Content-Length: %qd\r\n", (long long)len);
2011 }
2012 if (request->hr_proto == httpd->consts.http_11)
2013 bozo_printf(httpd, "Connection: close\r\n");
2014 bozo_flush(httpd, stdout);
2015 }
2016
2017 #ifndef NO_DEBUG
2018 void
debug__(bozohttpd_t * httpd,int level,const char * fmt,...)2019 debug__(bozohttpd_t *httpd, int level, const char *fmt, ...)
2020 {
2021 va_list ap;
2022 int savederrno;
2023
2024 /* only log if the level is low enough */
2025 if (httpd->debug < level)
2026 return;
2027
2028 savederrno = errno;
2029 va_start(ap, fmt);
2030 if (httpd->logstderr) {
2031 vfprintf(stderr, fmt, ap);
2032 fputs("\n", stderr);
2033 } else
2034 vsyslog(LOG_DEBUG, fmt, ap);
2035 va_end(ap);
2036 errno = savederrno;
2037 }
2038 #endif /* NO_DEBUG */
2039
2040 /* these are like warn() and err(), except for syslog not stderr */
2041 void
bozowarn(bozohttpd_t * httpd,const char * fmt,...)2042 bozowarn(bozohttpd_t *httpd, const char *fmt, ...)
2043 {
2044 va_list ap;
2045
2046 va_start(ap, fmt);
2047 if (httpd->logstderr || isatty(STDERR_FILENO)) {
2048 //fputs("warning: ", stderr);
2049 vfprintf(stderr, fmt, ap);
2050 fputs("\n", stderr);
2051 } else
2052 vsyslog(LOG_INFO, fmt, ap);
2053 va_end(ap);
2054 }
2055
2056 void
bozoerr(bozohttpd_t * httpd,int code,const char * fmt,...)2057 bozoerr(bozohttpd_t *httpd, int code, const char *fmt, ...)
2058 {
2059 va_list ap;
2060
2061 va_start(ap, fmt);
2062 if (httpd->logstderr || isatty(STDERR_FILENO)) {
2063 //fputs("error: ", stderr);
2064 vfprintf(stderr, fmt, ap);
2065 fputs("\n", stderr);
2066 } else
2067 vsyslog(LOG_ERR, fmt, ap);
2068 va_end(ap);
2069 exit(code);
2070 }
2071
2072 void
bozoasprintf(bozohttpd_t * httpd,char ** str,const char * fmt,...)2073 bozoasprintf(bozohttpd_t *httpd, char **str, const char *fmt, ...)
2074 {
2075 va_list ap;
2076 int e;
2077
2078 va_start(ap, fmt);
2079 e = vasprintf(str, fmt, ap);
2080 va_end(ap);
2081
2082 if (e < 0)
2083 bozoerr(httpd, EXIT_FAILURE, "asprintf");
2084 }
2085
2086 /*
2087 * this escapes HTML tags. returns allocated escaped
2088 * string if needed, or NULL on allocation failure or
2089 * lack of escape need.
2090 * call with NULL httpd in error paths, to avoid recursive
2091 * malloc failure. call with valid httpd in normal paths
2092 * to get automatic allocation failure handling.
2093 */
2094 char *
bozo_escape_html(bozohttpd_t * httpd,const char * url)2095 bozo_escape_html(bozohttpd_t *httpd, const char *url)
2096 {
2097 int i, j;
2098 char *tmp;
2099 size_t len;
2100
2101 for (i = 0, j = 0; url[i]; i++) {
2102 switch (url[i]) {
2103 case '<':
2104 case '>':
2105 j += 4;
2106 break;
2107 case '&':
2108 j += 5;
2109 break;
2110 case '"':
2111 j += 6;
2112 break;
2113 }
2114 }
2115
2116 if (j == 0)
2117 return NULL;
2118
2119 /*
2120 * we need to handle being called from different
2121 * pathnames.
2122 */
2123 len = strlen(url) + j;
2124 if (httpd)
2125 tmp = bozomalloc(httpd, len);
2126 else if ((tmp = malloc(len)) == 0)
2127 return NULL;
2128
2129 for (i = 0, j = 0; url[i]; i++) {
2130 switch (url[i]) {
2131 case '<':
2132 memcpy(tmp + j, "<", 4);
2133 j += 4;
2134 break;
2135 case '>':
2136 memcpy(tmp + j, ">", 4);
2137 j += 4;
2138 break;
2139 case '&':
2140 memcpy(tmp + j, "&", 5);
2141 j += 5;
2142 break;
2143 case '"':
2144 memcpy(tmp + j, """, 6);
2145 j += 6;
2146 break;
2147 default:
2148 tmp[j++] = url[i];
2149 }
2150 }
2151 tmp[j] = 0;
2152
2153 return tmp;
2154 }
2155
2156 /* short map between error code, and short/long messages */
2157 static struct errors_map {
2158 int code; /* HTTP return code */
2159 const char *shortmsg; /* short version of message */
2160 const char *longmsg; /* long version of message */
2161 } errors_map[] = {
2162 { 200, "200 OK", "The request was valid", },
2163 { 400, "400 Bad Request", "The request was not valid", },
2164 { 401, "401 Unauthorized", "No authorization", },
2165 { 403, "403 Forbidden", "Access to this item has been denied",},
2166 { 404, "404 Not Found", "This item has not been found", },
2167 { 408, "408 Request Timeout", "This request took too long", },
2168 { 413, "413 Payload Too Large", "Use smaller requests", },
2169 { 417, "417 Expectation Failed","Expectations not available", },
2170 { 420, "420 Enhance Your Calm","Chill, Winston", },
2171 { 500, "500 Internal Error", "An error occured on the server", },
2172 { 501, "501 Not Implemented", "This request is not available", },
2173 { 0, NULL, NULL, },
2174 };
2175
2176 static const char *help = "DANGER! WILL ROBINSON! DANGER!";
2177
2178 static const char *
http_errors_short(int code)2179 http_errors_short(int code)
2180 {
2181 struct errors_map *ep;
2182
2183 for (ep = errors_map; ep->code; ep++)
2184 if (ep->code == code)
2185 return (ep->shortmsg);
2186 return (help);
2187 }
2188
2189 static const char *
http_errors_long(int code)2190 http_errors_long(int code)
2191 {
2192 struct errors_map *ep;
2193
2194 for (ep = errors_map; ep->code; ep++)
2195 if (ep->code == code)
2196 return (ep->longmsg);
2197 return (help);
2198 }
2199
2200 #ifndef NO_BLACKLIST_SUPPORT
2201 static struct blacklist *blstate;
2202
2203 void
pfilter_notify(const int what,const int code)2204 pfilter_notify(const int what, const int code)
2205 {
2206
2207 if (blstate == NULL)
2208 blstate = blacklist_open();
2209
2210 if (blstate == NULL)
2211 return;
2212
2213 (void)blacklist_r(blstate, what, 0, http_errors_short(code));
2214 }
2215 #endif /* !NO_BLACKLIST_SUPPORT */
2216
2217 /* the follow functions and variables are used in handling HTTP errors */
2218 int
bozo_http_error(bozohttpd_t * httpd,int code,bozo_httpreq_t * request,const char * msg)2219 bozo_http_error(bozohttpd_t *httpd, int code, bozo_httpreq_t *request,
2220 const char *msg)
2221 {
2222 char portbuf[20];
2223 const char *header = http_errors_short(code);
2224 const char *reason = http_errors_long(code);
2225 const char *proto = (request && request->hr_proto) ?
2226 request->hr_proto : httpd->consts.http_11;
2227 int size;
2228 bozoheaders_t *hdr;
2229
2230 USE_ARG(msg);
2231
2232 debug((httpd, DEBUG_FAT, "bozo_http_error %d: %s", code, msg));
2233 if (header == NULL || reason == NULL) {
2234 bozoerr(httpd, 1,
2235 "bozo_http_error() failed (short = %p, long = %p)",
2236 header, reason);
2237 return code;
2238 }
2239
2240 if (request && request->hr_serverport &&
2241 strcmp(request->hr_serverport, BOZO_HTTP_PORT) != 0)
2242 snprintf(portbuf, sizeof(portbuf), ":%s",
2243 request->hr_serverport);
2244 else
2245 portbuf[0] = '\0';
2246
2247 if (request && request->hr_file) {
2248 char *file = NULL, *user = NULL;
2249 int file_alloc = 0;
2250 const char *hostname = BOZOHOST(httpd, request);
2251
2252 /* bozo_escape_html() failure here is just too bad. */
2253 file = bozo_escape_html(NULL, request->hr_file);
2254 if (file == NULL)
2255 file = request->hr_file;
2256 else
2257 file_alloc = 1;
2258
2259 #ifndef NO_USER_SUPPORT
2260 if (request->hr_user != NULL) {
2261 char *user_escaped;
2262
2263 user_escaped = bozo_escape_html(NULL, request->hr_user);
2264 if (user_escaped == NULL)
2265 user_escaped = request->hr_user;
2266 /* expand username to ~user/ */
2267 bozoasprintf(httpd, &user, "~%s/", user_escaped);
2268 if (user_escaped != request->hr_user)
2269 free(user_escaped);
2270 }
2271 #endif /* !NO_USER_SUPPORT */
2272
2273 size = snprintf(httpd->errorbuf, BUFSIZ,
2274 "<html><head><title>%s</title></head>\n"
2275 "<body><h1>%s</h1>\n"
2276 "%s%s: <pre>%s</pre>\n"
2277 "<hr><address><a href=\"//%s%s/\">%s%s</a></address>\n"
2278 "</body></html>\n",
2279 header, header,
2280 user ? user : "", file,
2281 reason, hostname, portbuf, hostname, portbuf);
2282 free(user);
2283 if (size >= (int)BUFSIZ) {
2284 bozowarn(httpd,
2285 "bozo_http_error buffer too small, truncated");
2286 size = (int)BUFSIZ;
2287 }
2288
2289 if (file_alloc)
2290 free(file);
2291 } else
2292 size = 0;
2293
2294 bozo_printf(httpd, "%s %s\r\n", proto, header);
2295
2296 if (request) {
2297 bozo_auth_check_401(request, code);
2298 SIMPLEQ_FOREACH(hdr, &request->hr_replheaders, h_next) {
2299 bozo_printf(httpd, "%s: %s\r\n", hdr->h_header,
2300 hdr->h_value);
2301 }
2302 }
2303
2304 bozo_printf(httpd, "Content-Type: text/html\r\n");
2305 bozo_printf(httpd, "Content-Length: %d\r\n", size);
2306 bozo_printf(httpd, "Server: %s\r\n", httpd->server_software);
2307 if (request && request->hr_allow)
2308 bozo_printf(httpd, "Allow: %s\r\n", request->hr_allow);
2309 /* RFC 7231 (HTTP/1.1) 6.5.7 */
2310 if (code == 408 && request &&
2311 request->hr_proto == httpd->consts.http_11)
2312 bozo_printf(httpd, "Connection: close\r\n");
2313 bozo_printf(httpd, "\r\n");
2314 /* According to the RFC 2616 sec. 9.4 HEAD method MUST NOT return a
2315 * message-body in the response */
2316 if (size && request && request->hr_method != HTTP_HEAD)
2317 bozo_printf(httpd, "%s", httpd->errorbuf);
2318 bozo_flush(httpd, stdout);
2319
2320 #ifndef NO_BLACKLIST_SUPPORT
2321 switch(code) {
2322
2323 case 401:
2324 pfilter_notify(BLACKLIST_AUTH_FAIL, code);
2325 break;
2326
2327 case 403:
2328 pfilter_notify(BLACKLIST_ABUSIVE_BEHAVIOR, code);
2329 break;
2330 }
2331 #endif /* !NO_BLACKLIST_SUPPORT */
2332
2333 return code;
2334 }
2335
2336 /* Below are various modified libc functions */
2337
2338 /*
2339 * returns -1 in lenp if the string ran out before finding a delimiter,
2340 * but is otherwise the same as strsep. Note that the length must be
2341 * correctly passed in.
2342 */
2343 char *
bozostrnsep(char ** strp,const char * delim,ssize_t * lenp)2344 bozostrnsep(char **strp, const char *delim, ssize_t *lenp)
2345 {
2346 char *s;
2347 const char *spanp;
2348 int c, sc;
2349 char *tok;
2350
2351 if ((s = *strp) == NULL)
2352 return (NULL);
2353 for (tok = s;;) {
2354 if (lenp && --(*lenp) == -1)
2355 return (NULL);
2356 c = *s++;
2357 spanp = delim;
2358 do {
2359 if ((sc = *spanp++) == c) {
2360 if (c == 0)
2361 s = NULL;
2362 else
2363 s[-1] = '\0';
2364 *strp = s;
2365 return (tok);
2366 }
2367 } while (sc != 0);
2368 }
2369 /* NOTREACHED */
2370 }
2371
2372 /*
2373 * inspired by fgetln(3), but works for fd's. should work identically
2374 * except it, however, does *not* return the newline, and it does nul
2375 * terminate the string.
2376 */
2377 char *
bozodgetln(bozohttpd_t * httpd,int fd,ssize_t * lenp,ssize_t (* readfn)(bozohttpd_t *,int,void *,size_t))2378 bozodgetln(bozohttpd_t *httpd, int fd, ssize_t *lenp,
2379 ssize_t (*readfn)(bozohttpd_t *, int, void *, size_t))
2380 {
2381 ssize_t len;
2382 int got_cr = 0;
2383 char c, *nbuffer;
2384
2385 /* initialise */
2386 if (httpd->getln_buflen == 0) {
2387 /* should be plenty for most requests */
2388 httpd->getln_buflen = 128;
2389 httpd->getln_buffer = malloc((size_t)httpd->getln_buflen);
2390 if (httpd->getln_buffer == NULL) {
2391 httpd->getln_buflen = 0;
2392 return NULL;
2393 }
2394 }
2395 len = 0;
2396
2397 /*
2398 * we *have* to read one byte at a time, to not break cgi
2399 * programs (for we pass stdin off to them). could fix this
2400 * by becoming a fd-passing program instead of just exec'ing
2401 * the program
2402 *
2403 * the above is no longer true, we are the fd-passing
2404 * program already.
2405 */
2406 for (; readfn(httpd, fd, &c, 1) == 1; ) {
2407 debug((httpd, DEBUG_EXPLODING, "bozodgetln read %c", c));
2408
2409 if (len >= httpd->getln_buflen - 1) {
2410 httpd->getln_buflen *= 2;
2411 debug((httpd, DEBUG_EXPLODING, "bozodgetln: "
2412 "reallocating buffer to buflen %zu",
2413 httpd->getln_buflen));
2414 nbuffer = bozorealloc(httpd, httpd->getln_buffer,
2415 (size_t)httpd->getln_buflen);
2416 httpd->getln_buffer = nbuffer;
2417 }
2418
2419 httpd->getln_buffer[len++] = c;
2420 if (c == '\r') {
2421 got_cr = 1;
2422 continue;
2423 } else if (c == '\n') {
2424 /*
2425 * HTTP/1.1 spec says to ignore CR and treat
2426 * LF as the real line terminator. even though
2427 * the same spec defines CRLF as the line
2428 * terminator, it is recommended in section 19.3
2429 * to do the LF trick for tolerance.
2430 */
2431 if (got_cr)
2432 len -= 2;
2433 else
2434 len -= 1;
2435 break;
2436 }
2437
2438 }
2439 httpd->getln_buffer[len] = '\0';
2440 debug((httpd, DEBUG_OBESE, "bozodgetln returns: '%s' with len %zd",
2441 httpd->getln_buffer, len));
2442 *lenp = len;
2443 return httpd->getln_buffer;
2444 }
2445
2446 /*
2447 * allocation frontends with error handling.
2448 *
2449 * note that these may access members of the httpd and/or request.
2450 */
2451 void *
bozorealloc(bozohttpd_t * httpd,void * ptr,size_t size)2452 bozorealloc(bozohttpd_t *httpd, void *ptr, size_t size)
2453 {
2454 void *p;
2455
2456 p = realloc(ptr, size);
2457 if (p)
2458 return p;
2459
2460 bozo_http_error(httpd, 500, NULL, "memory allocation failure");
2461 exit(EXIT_FAILURE);
2462 }
2463
2464 void *
bozomalloc(bozohttpd_t * httpd,size_t size)2465 bozomalloc(bozohttpd_t *httpd, size_t size)
2466 {
2467 void *p;
2468
2469 p = malloc(size);
2470 if (p)
2471 return p;
2472
2473 bozo_http_error(httpd, 500, NULL, "memory allocation failure");
2474 exit(EXIT_FAILURE);
2475 }
2476
2477 char *
bozostrdup(bozohttpd_t * httpd,bozo_httpreq_t * request,const char * str)2478 bozostrdup(bozohttpd_t *httpd, bozo_httpreq_t *request, const char *str)
2479 {
2480 char *p;
2481
2482 p = strdup(str);
2483 if (p)
2484 return p;
2485
2486 if (!request)
2487 bozoerr(httpd, EXIT_FAILURE, "strdup");
2488
2489 bozo_http_error(httpd, 500, request, "memory allocation failure");
2490 exit(EXIT_FAILURE);
2491 }
2492
2493 /* set default values in bozohttpd_t struct */
2494 int
bozo_init_httpd(bozohttpd_t * httpd)2495 bozo_init_httpd(bozohttpd_t *httpd)
2496 {
2497 /* make sure everything is clean */
2498 (void) memset(httpd, 0x0, sizeof(*httpd));
2499
2500 /* constants */
2501 httpd->consts.http_09 = "HTTP/0.9";
2502 httpd->consts.http_10 = "HTTP/1.0";
2503 httpd->consts.http_11 = "HTTP/1.1";
2504 httpd->consts.text_plain = "text/plain";
2505
2506 /* mmap region size */
2507 httpd->mmapsz = BOZO_MMAPSZ;
2508
2509 /* error buffer for bozo_http_error() */
2510 if ((httpd->errorbuf = malloc(BUFSIZ)) == NULL) {
2511 fprintf(stderr,
2512 "bozohttpd: memory_allocation failure\n");
2513 return 0;
2514 }
2515 #ifndef NO_LUA_SUPPORT
2516 SIMPLEQ_INIT(&httpd->lua_states);
2517 #endif
2518 return 1;
2519 }
2520
2521 /* set default values in bozoprefs_t struct */
2522 int
bozo_init_prefs(bozohttpd_t * httpd,bozoprefs_t * prefs)2523 bozo_init_prefs(bozohttpd_t *httpd, bozoprefs_t *prefs)
2524 {
2525 int rv = 0;
2526
2527 /* make sure everything is clean */
2528 (void) memset(prefs, 0x0, sizeof(*prefs));
2529
2530 /* set up default values */
2531 if (!bozo_set_pref(httpd, prefs, "server software", SERVER_SOFTWARE))
2532 rv = 1;
2533 if (!bozo_set_pref(httpd, prefs, "index.html", INDEX_HTML))
2534 rv = 1;
2535 if (!bozo_set_pref(httpd, prefs, "public_html", PUBLIC_HTML))
2536 rv = 1;
2537 if (!bozo_set_pref(httpd, prefs, "ssl timeout", SSL_TIMEOUT))
2538 rv = 1;
2539 if (!bozo_set_pref(httpd, prefs, "initial timeout", INITIAL_TIMEOUT))
2540 rv = 1;
2541 if (!bozo_set_pref(httpd, prefs, "header timeout", HEADER_WAIT_TIME))
2542 rv = 1;
2543 if (!bozo_set_pref(httpd, prefs, "request timeout", TOTAL_MAX_REQ_TIME))
2544 rv = 1;
2545
2546 return rv;
2547 }
2548
2549 /* set default values */
2550 int
bozo_set_defaults(bozohttpd_t * httpd,bozoprefs_t * prefs)2551 bozo_set_defaults(bozohttpd_t *httpd, bozoprefs_t *prefs)
2552 {
2553 return bozo_init_httpd(httpd) && bozo_init_prefs(httpd, prefs);
2554 }
2555
2556 /* set the virtual host name, port and root */
2557 int
bozo_setup(bozohttpd_t * httpd,bozoprefs_t * prefs,const char * vhost,const char * root)2558 bozo_setup(bozohttpd_t *httpd, bozoprefs_t *prefs, const char *vhost,
2559 const char *root)
2560 {
2561 struct passwd *pw;
2562 extern char **environ;
2563 static char *cleanenv[1] = { NULL };
2564 uid_t uid;
2565 int uidset = 0;
2566 char *chrootdir;
2567 char *username;
2568 char *portnum;
2569 char *cp;
2570 int dirtyenv;
2571
2572 dirtyenv = 0;
2573
2574 if (vhost == NULL) {
2575 httpd->virthostname = bozomalloc(httpd, MAXHOSTNAMELEN+1);
2576 if (gethostname(httpd->virthostname, MAXHOSTNAMELEN+1) < 0)
2577 bozoerr(httpd, 1, "gethostname");
2578 httpd->virthostname[MAXHOSTNAMELEN] = '\0';
2579 } else {
2580 httpd->virthostname = bozostrdup(httpd, NULL, vhost);
2581 }
2582 httpd->slashdir = bozostrdup(httpd, NULL, root);
2583 if ((portnum = bozo_get_pref(prefs, "port number")) != NULL) {
2584 httpd->bindport = bozostrdup(httpd, NULL, portnum);
2585 }
2586
2587 /* go over preferences now */
2588 if ((cp = bozo_get_pref(prefs, "numeric")) != NULL &&
2589 strcmp(cp, "true") == 0) {
2590 httpd->numeric = 1;
2591 }
2592 if ((cp = bozo_get_pref(prefs, "log to stderr")) != NULL &&
2593 strcmp(cp, "true") == 0) {
2594 httpd->logstderr = 1;
2595 }
2596 if ((cp = bozo_get_pref(prefs, "bind address")) != NULL) {
2597 httpd->bindaddress = bozostrdup(httpd, NULL, cp);
2598 }
2599 if ((cp = bozo_get_pref(prefs, "background")) != NULL) {
2600 httpd->background = atoi(cp);
2601 }
2602 if ((cp = bozo_get_pref(prefs, "foreground")) != NULL &&
2603 strcmp(cp, "true") == 0) {
2604 httpd->foreground = 1;
2605 }
2606 if ((cp = bozo_get_pref(prefs, "pid file")) != NULL) {
2607 httpd->pidfile = bozostrdup(httpd, NULL, cp);
2608 }
2609 if ((cp = bozo_get_pref(prefs, "unknown slash")) != NULL &&
2610 strcmp(cp, "true") == 0) {
2611 httpd->unknown_slash = 1;
2612 }
2613 if ((cp = bozo_get_pref(prefs, "virtual base")) != NULL) {
2614 httpd->virtbase = bozostrdup(httpd, NULL, cp);
2615 }
2616 if ((cp = bozo_get_pref(prefs, "enable users")) != NULL &&
2617 strcmp(cp, "true") == 0) {
2618 httpd->enable_users = 1;
2619 }
2620 if ((cp = bozo_get_pref(prefs, "enable user cgibin")) != NULL &&
2621 strcmp(cp, "true") == 0) {
2622 httpd->enable_cgi_users = 1;
2623 }
2624 if ((cp = bozo_get_pref(prefs, "dirty environment")) != NULL &&
2625 strcmp(cp, "true") == 0) {
2626 dirtyenv = 1;
2627 }
2628 if ((cp = bozo_get_pref(prefs, "hide dots")) != NULL &&
2629 strcmp(cp, "true") == 0) {
2630 httpd->hide_dots = 1;
2631 }
2632 if ((cp = bozo_get_pref(prefs, "directory indexing")) != NULL &&
2633 strcmp(cp, "true") == 0) {
2634 httpd->dir_indexing = 1;
2635 }
2636 if ((cp = bozo_get_pref(prefs, "directory index readme")) != NULL) {
2637 httpd->dir_readme = bozostrdup(httpd, NULL, cp);
2638 }
2639 if ((cp = bozo_get_pref(prefs, "public_html")) != NULL) {
2640 httpd->public_html = bozostrdup(httpd, NULL, cp);
2641 }
2642 if ((cp = bozo_get_pref(prefs, "ssl timeout")) != NULL) {
2643 httpd->ssl_timeout = atoi(cp);
2644 }
2645 if ((cp = bozo_get_pref(prefs, "initial timeout")) != NULL) {
2646 httpd->initial_timeout = atoi(cp);
2647 }
2648 if ((cp = bozo_get_pref(prefs, "header timeout")) != NULL) {
2649 httpd->header_timeout = atoi(cp);
2650 }
2651 if ((cp = bozo_get_pref(prefs, "request timeout")) != NULL) {
2652 httpd->request_timeout = atoi(cp);
2653 }
2654 httpd->server_software =
2655 bozostrdup(httpd, NULL, bozo_get_pref(prefs, "server software"));
2656 httpd->index_html =
2657 bozostrdup(httpd, NULL, bozo_get_pref(prefs, "index.html"));
2658
2659 /*
2660 * initialise ssl and daemon mode if necessary.
2661 */
2662 bozo_ssl_init(httpd);
2663 bozo_daemon_init(httpd);
2664
2665 username = bozo_get_pref(prefs, "username");
2666 if (username != NULL) {
2667 if ((pw = getpwnam(username)) == NULL)
2668 bozoerr(httpd, 1, "getpwnam(%s): %s", username,
2669 strerror(errno));
2670 if (initgroups(pw->pw_name, pw->pw_gid) == -1)
2671 bozoerr(httpd, 1, "initgroups: %s", strerror(errno));
2672 if (setgid(pw->pw_gid) == -1)
2673 bozoerr(httpd, 1, "setgid(%u): %s", pw->pw_gid,
2674 strerror(errno));
2675 uid = pw->pw_uid;
2676 uidset = 1;
2677 }
2678 /*
2679 * handle chroot.
2680 */
2681 if ((chrootdir = bozo_get_pref(prefs, "chroot dir")) != NULL) {
2682 httpd->rootdir = bozostrdup(httpd, NULL, chrootdir);
2683 if (chdir(httpd->rootdir) == -1)
2684 bozoerr(httpd, 1, "chdir(%s): %s", httpd->rootdir,
2685 strerror(errno));
2686 if (chroot(httpd->rootdir) == -1)
2687 bozoerr(httpd, 1, "chroot(%s): %s", httpd->rootdir,
2688 strerror(errno));
2689 }
2690
2691 if (uidset && setuid(uid) == -1)
2692 bozoerr(httpd, 1, "setuid(%d): %s", uid, strerror(errno));
2693
2694 /*
2695 * prevent info leakage between different compartments.
2696 * some PATH values in the environment would be invalided
2697 * by chroot. cross-user settings might result in undesirable
2698 * effects.
2699 */
2700 if ((chrootdir != NULL || username != NULL) && !dirtyenv)
2701 environ = cleanenv;
2702
2703 #ifdef _SC_PAGESIZE
2704 httpd->page_size = (long)sysconf(_SC_PAGESIZE);
2705 #else
2706 httpd->page_size = 4096;
2707 #endif
2708 debug((httpd, DEBUG_OBESE, "myname is %s, slashdir is %s",
2709 httpd->virthostname, httpd->slashdir));
2710
2711 return 1;
2712 }
2713
2714 void
bozo_cleanup(bozohttpd_t * httpd,bozoprefs_t * prefs)2715 bozo_cleanup(bozohttpd_t *httpd, bozoprefs_t *prefs)
2716 {
2717 bozo_clear_prefs(prefs);
2718
2719 free(httpd->virthostname);
2720 free(httpd->errorbuf);
2721 free(httpd->getln_buffer);
2722 free(httpd->slashdir);
2723 #define bozo_unconst(x) ((void *)(uintptr_t)x)
2724 free(bozo_unconst(httpd->server_software));
2725 free(bozo_unconst(httpd->index_html));
2726 free(bozo_unconst(httpd->dir_readme));
2727 free(bozo_unconst(httpd->public_html));
2728 #undef bozo_unconst
2729 }
2730
2731 int
bozo_get_version(char * buf,size_t size)2732 bozo_get_version(char *buf, size_t size)
2733 {
2734 return snprintf(buf, size, "%s", SERVER_SOFTWARE);
2735 }
2736