diff options
Diffstat (limited to 'www/pserv')
-rw-r--r-- | www/pserv/Makefile | 3 | ||||
-rw-r--r-- | www/pserv/distinfo | 6 | ||||
-rw-r--r-- | www/pserv/files/patch-handlers.c | 97 | ||||
-rw-r--r-- | www/pserv/files/patch-main.c | 93 |
4 files changed, 94 insertions, 105 deletions
diff --git a/www/pserv/Makefile b/www/pserv/Makefile index 4039f8679ee6..a42c39d69ffa 100644 --- a/www/pserv/Makefile +++ b/www/pserv/Makefile @@ -6,10 +6,11 @@ # PORTNAME= pserv -PORTVERSION= 3.3 +PORTVERSION= 3.4 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} +EXTRACT_SUFX= .tar.Z MAINTAINER= ale@FreeBSD.org COMMENT= A portable and small webserver written in C diff --git a/www/pserv/distinfo b/www/pserv/distinfo index 813a9266b829..632e2b64d35f 100644 --- a/www/pserv/distinfo +++ b/www/pserv/distinfo @@ -1,3 +1,3 @@ -MD5 (pserv-3.3.tar.gz) = fa8c5f18af5b7bab277f5dab2ad2a48e -SHA256 (pserv-3.3.tar.gz) = b5b51bf641d0e2d6918cc826e9ef65dbf86dbd2848ea4e6defb9c22ac8c3417e -SIZE (pserv-3.3.tar.gz) = 105048 +MD5 (pserv-3.4.tar.Z) = 65c31088ac3ac74fc1986b4de04c1391 +SHA256 (pserv-3.4.tar.Z) = 6a37e3056504db4e5623ce59fda95a759f7692f67dcb174ceb32d340b3441977 +SIZE (pserv-3.4.tar.Z) = 178760 diff --git a/www/pserv/files/patch-handlers.c b/www/pserv/files/patch-handlers.c index 93f4a73df9c8..ec95ce6bdfc4 100644 --- a/www/pserv/files/patch-handlers.c +++ b/www/pserv/files/patch-handlers.c @@ -1,5 +1,5 @@ ---- sources/handlers.c.orig Tue May 17 00:03:16 2005 -+++ sources/handlers.c Mon May 30 11:44:23 2005 +--- sources/handlers.c.orig 2005-06-01 12:36:18.000000000 +0200 ++++ sources/handlers.c 2008-09-03 14:25:41.000000000 +0200 @@ -25,6 +25,7 @@ #endif @@ -8,22 +8,38 @@ extern int port; /* server port */ extern char defaultFileName[MAX_PATH_LEN+1]; /* default name for index, default or similar file */ -@@ -269,6 +270,14 @@ +@@ -261,6 +262,17 @@ i = 0; /* beware of not overfilling this array, check MAX_ENVP_LEN */ + if (req.contentLength != -1) + { ++ newEnvp[i] = (char *) calloc(35, sizeof(char)); + sprintf(newEnvp[i++], "CONTENT_LENGTH=%ld", req.contentLength); ++ newEnvp[i] = (char *) calloc(CONTENT_TYPE_LEN + 14, sizeof(char)); + strcpy(newEnvp[i], "CONTENT_TYPE="); + strcat(newEnvp[i++], req.contentType); + } ++ newEnvp[i] = (char *) calloc(strlen(DEFAULT_SERVER_NAME) + 13, sizeof(char)); + strcpy(newEnvp[i], "SERVER_NAME="); + strcat(newEnvp[i++], DEFAULT_SERVER_NAME); + newEnvp[i] = (char *) calloc(128, sizeof(char)); strcpy(newEnvp[i], "SERVER_SOFTWARE="); strcat(newEnvp[i], SERVER_SOFTWARE_STR); - strcat(newEnvp[i], "/"); -@@ -326,8 +335,233 @@ +@@ -293,6 +305,12 @@ + completedPath[MAX_PATH_LEN]='\0'; + strcpy(newEnvp[i], "SCRIPT_FILENAME="); + strcat(newEnvp[i++], completedPath); ++ if (req.cookie[0] != '\0') ++ { ++ newEnvp[i] = (char *) calloc(MAX_COOKIE_LEN+13, sizeof(char)); ++ strcpy(newEnvp[i], "HTTP_COOKIE="); ++ strcat(newEnvp[i++], req.cookie); ++ } + + /* extracting PATH env variable */ + envPath = getenv("PATH"); +@@ -333,8 +351,236 @@ } #endif /* ENABLE_CGI */ @@ -38,7 +54,7 @@ +{ + char *envPath; /* pointer to the envrionment PATH variable */ + char *relativePath; -+ char scriptWorkingDir[MAX_PATH_LEN+1]; ++ char scriptWorkingDir[2*MAX_PATH_LEN+1]; + char **newArgv; + char **newEnvp; + int i; @@ -57,17 +73,13 @@ + /* first we create the pipes needed for stdout redirection */ + if (pipe(outStdPipe)) + { -+#ifdef PRINTF_DEBUG -+ printf("Pipe creation error\n"); ++ DBGPRINTF(("Pipe creation error\n")); + return -1; -+#endif + } + if (pipe(inStdPipe)) + { -+#ifdef PRINTF_DEBUG -+ printf("Pipe creation error\n"); ++ DBGPRINTF(("Pipe creation error\n")); + return -1; -+#endif + } + + @@ -77,25 +89,24 @@ + { /* this is the parent process */ + if (pid < 0) + { /* we check for creation error */ -+ printf ("Forking error during cgi exec: %d\n", errno); ++ DBGPRINTF(("Forking error during cgi exec: %d\n", errno)); + return -1; + } + /* we close the unused end of the pipe */ + close(outStdPipe[WRITE]); + close(inStdPipe[READ]); + -+ if (!strcmp(req.method, "POST")) /* we have to feed the stdin of the script */ ++ if (req.method[0]=='P' && req.method[1]=='O' && req.method[2]=='S' && req.method[3]=='T' && req.method[4]=='\0') + { ++ /* we have to feed the stdin of the script */ + if(!strlen(postStr)) + { -+#ifdef PRINTF_DEBUG -+ printf("cannot post empty data\n"); -+#endif ++ DBGPRINTF(("cannot post empty data\n")); + return -1; + } + howMany = write(inStdPipe[WRITE], postStr, strlen(postStr)); + if (howMany < 0) -+ printf("Error during script pipe read.\n"); ++ DBGPRINTF(("Error during script pipe read (POST).\n")); + } + totalSentFromPipe = 0; + fatal = NO; @@ -103,16 +114,14 @@ + while (howMany > 0 && !fatal) + { + howMany = read(outStdPipe[READ], pipeReadBuf, PIPE_READ_BUF); -+ if (howMany < 0) -+ printf("Error during script pipe read.\n"); -+ else if (!howMany) -+ printf("Nothing read from script pipe.\n"); -+ else { ++ if (howMany > 0) ++ { + if (sendChunk(sock, pipeReadBuf, howMany) < 0) + fatal = YES; + else + totalSentFromPipe += howMany; -+ } ++ } else ++ fatal = YES; /* it may be EOF too */ + } + /* now we finished and we clean up */ + wait(&i); @@ -132,13 +141,6 @@ + } + + newEnvp = (char **)calloc(MAX_ENVP_LEN + 1, sizeof(char*)); -+ for (i = 0; i < MAX_ENVP_LEN + 1; i++) -+ { -+ newEnvp[i] = calloc(MAX_PATH_LEN, sizeof(char)); -+ } -+ -+ /* extract PATH env variable */ -+ envPath = getenv("PATH"); + + i = 0; + strcpy(newArgv[i++], phpFileName); /* here we should pass the phppath */ @@ -180,51 +182,68 @@ + /* beware of not overfilling this array, check MAX_ENVP_LEN */ + if (req.contentLength != -1) + { ++ newEnvp[i] = (char *) calloc(35, sizeof(char)); + sprintf(newEnvp[i++], "CONTENT_LENGTH=%ld", req.contentLength); ++ newEnvp[i] = (char *) calloc(CONTENT_TYPE_LEN + 14, sizeof(char)); + strcpy(newEnvp[i], "CONTENT_TYPE="); + strcat(newEnvp[i++], req.contentType); + } ++ newEnvp[i] = (char *) calloc(strlen(DEFAULT_SERVER_NAME) + 13, sizeof(char)); + strcpy(newEnvp[i], "SERVER_NAME="); + strcat(newEnvp[i++], DEFAULT_SERVER_NAME); ++ newEnvp[i] = (char *) calloc(128, sizeof(char)); + strcpy(newEnvp[i], "SERVER_SOFTWARE="); + strcat(newEnvp[i], SERVER_SOFTWARE_STR); + strcat(newEnvp[i], "/"); + strcat(newEnvp[i++], SERVER_VERSION_STR); ++ newEnvp[i] = (char *) calloc(METHOD_LEN+16, sizeof(char)); + strcpy(newEnvp[i], "REQUEST_METHOD="); + strcat(newEnvp[i++], req.method); ++ newEnvp[i] = (char *) calloc(MAX_PATH_LEN+16, sizeof(char)); + strcpy(newEnvp[i], "SCRIPT_NAME="); + strcat(newEnvp[i++], req.documentAddress); ++ newEnvp[i] = (char *) calloc(32, sizeof(char)); + strcpy(newEnvp[i], "GATEWAY_INTERFACE="); + strcat(newEnvp[i++], CGI_VERSION); ++ newEnvp[i] = (char *) calloc(18, sizeof(char)); + sprintf(newEnvp[i++], "SERVER_PORT=%d", port); ++ newEnvp[i] = (char *) calloc(MAX_QUERY_STRING_LEN+16, sizeof(char)); + strcpy(newEnvp[i], "QUERY_STRING="); + strcat(newEnvp[i++], req.queryString); ++ newEnvp[i] = (char *) calloc(PROTOCOL_LEN+17, sizeof(char)); + strcpy(newEnvp[i], "SERVER_PROTOCOL="); + strcat(newEnvp[i++], req.protocolVersion); ++ newEnvp[i] = (char *) calloc(ADDRESS_LEN+13, sizeof(char)); + strcpy(newEnvp[i], "REMOTE_ADDR="); + strcat(newEnvp[i++], req.address); ++ newEnvp[i] = (char *) calloc(USER_AGENT_LEN+17, sizeof(char)); + strcpy(newEnvp[i], "HTTP_USER_AGENT="); + strcat(newEnvp[i++], req.userAgent); ++ newEnvp[i] = (char *) calloc(MAX_PATH_LEN+17, sizeof(char)); ++ completedPath[MAX_PATH_LEN]='\0'; + strcpy(newEnvp[i], "SCRIPT_FILENAME="); + strcat(newEnvp[i++], completedPath); + if (req.cookie[0] != '\0') + { ++ newEnvp[i] = (char *) calloc(MAX_COOKIE_LEN+13, sizeof(char)); + strcpy(newEnvp[i], "HTTP_COOKIE="); + strcat(newEnvp[i++], req.cookie); + } -+ if (envPath != NULL) -+ { -+ strcpy(newEnvp[i], "PATH="); -+ strcat(newEnvp[i++], envPath); -+ } ++ ++ /* extracting PATH env variable */ ++ envPath = getenv("PATH"); ++ /* we get the path from the env itself so we assume it safe */ ++ newEnvp[i] = (char *) calloc(MAX_PATH_LEN+16, sizeof(char)); ++ strcpy(newEnvp[i], "PATH="); ++ strcat(newEnvp[i++], envPath); ++ ++ /* terminate the array */ + newEnvp[i] = NULL; + + /* we change the current working directory to the scripts one */ + if(chdir(scriptWorkingDir)) + { -+#ifdef PRINTF_DEBUG -+ printf("error while changing PWD in script execution: %d\n", errno); -+#endif ++ DBGPRINTF(("error while changing PWD in script execution: %d\n", errno)); + } + + close(outStdPipe[READ]); /* we close the unused end*/ diff --git a/www/pserv/files/patch-main.c b/www/pserv/files/patch-main.c index e299755b5bc7..d3be8f83dd11 100644 --- a/www/pserv/files/patch-main.c +++ b/www/pserv/files/patch-main.c @@ -1,6 +1,6 @@ ---- sources/main.c.orig Mon May 16 23:13:18 2005 -+++ sources/main.c Sat May 28 10:42:47 2005 -@@ -23,6 +23,7 @@ +--- sources/main.c.orig 2005-06-01 12:36:18.000000000 +0200 ++++ sources/main.c 2008-09-03 13:13:27.000000000 +0200 +@@ -27,6 +27,7 @@ char defaultFileName[MAX_PATH_LEN+1]; char logFileName[MAX_PATH_LEN+1]; char mimeTypesFileName[MAX_PATH_LEN+1]; @@ -8,7 +8,7 @@ char cgiRoot[MAX_PATH_LEN+1]; /* root for CGI scripts exec */ struct timeval sockTimeVal; mimeData *mimeArray; /* here we will hold all MIME data, inited once, never to be changed */ -@@ -314,10 +315,13 @@ +@@ -302,10 +303,13 @@ reqStruct->keepAlive = YES; else if (!strncmp(reqArray[1], "Connection: keep-alive", strlen("Connection: keep-alive"))) reqStruct->keepAlive = YES; @@ -23,7 +23,7 @@ while (i < readLines) { if (!strncmp(reqArray[i], "User-Agent:", strlen("User-Agent:"))) -@@ -332,6 +336,20 @@ +@@ -320,6 +324,20 @@ #ifdef PRINTF_DEBUG printf("content length %ld\n", reqStruct->contentLength); #endif @@ -44,7 +44,7 @@ } i++; } -@@ -442,18 +460,39 @@ +@@ -433,18 +451,39 @@ * we append the default file name */ strcat(completeFilePath, defaultFileName); analyzeExtension(mimeType, completeFilePath); @@ -86,8 +86,16 @@ +#endif } } - } else if (!strcmp(req.method, "HEAD")) -@@ -485,7 +524,14 @@ + } else if (req.method[0]=='H' && req.method[1]=='E' && req.method[2]=='A' && req.method[3]=='D' && req.method[4]=='\0') +@@ -461,6 +500,7 @@ + { + strcpy(completeFilePath, homePath); + strcat(completeFilePath, req.documentAddress); ++ + /* now we check if the given file is a directory or a plain file */ + stat(completeFilePath, &fileStats); + if ((fileStats.st_mode & S_IFDIR) == S_IFDIR) +@@ -475,7 +515,14 @@ strcat(completeFilePath, defaultFileName); } analyzeExtension(mimeType, completeFilePath); @@ -101,12 +109,12 @@ + phpHandler(port, sock, phpFileName, completeFilePath, req, NULL); +#endif } - } else if (!strcmp(req.method, "POST")) + } else if (req.method[0]=='P' && req.method[1]=='O' && req.method[2]=='S' && req.method[3]=='T' && req.method[4]=='\0') { -@@ -499,13 +545,6 @@ - int readFinished; +@@ -488,13 +535,6 @@ + int ch; - printf("Handling of POST method\n"); + DBGPRINTF(("Handling of POST method\n")); - /* first we check if the path contains the directory selected for cgi's and in case handle it */ - if (strncmp(req.documentAddress, CGI_MATCH_STRING, strlen(CGI_MATCH_STRING))) - { @@ -115,21 +123,21 @@ - return -1; - } #ifdef ENABLE_CGI - #ifdef PRINTF_DEBUG - printf ("begin of post handling\n"); -@@ -522,7 +561,7 @@ + DBGPRINTF(("begin of post handling\n")); + buff[0] = '\0'; +@@ -507,7 +547,7 @@ return -1; - } else if (req.contentLength >= BUFFER_SIZE) + } else if (req.contentLength >= POST_BUFFER_SIZE) { - sayError(sock, BUFFER_OVERFLOW, "", req); + sayError(sock, POST_BUFFER_OVERFLOW, "", req); return -1; } while (!readFinished) -@@ -601,7 +640,77 @@ - #ifdef PRINTF_DEBUG - printf("buff: |%s|\n", buff); - #endif +@@ -557,7 +597,38 @@ + buff[totalRead] = '\0'; + } + DBGPRINTF(("buff: |%s|\n", buff)); - cgiHandler(port, sock, req, buff); + if (!strncmp(req.documentAddress, CGI_MATCH_STRING, strlen(CGI_MATCH_STRING))) + { @@ -139,45 +147,6 @@ +#ifdef PHP + strcpy(completeFilePath, homePath); + strcat(completeFilePath, req.documentAddress); -+ /* now we check if the given path tries to get out of the root */ -+ { -+ int i,j; -+ int sL; -+ char dirName[MAX_PATH_LEN+1]; -+ int depthCount = 0; -+ -+ sL = strlen(req.documentAddress); -+ dirName[0] = '\0'; -+ if (sL > 3) { -+ dirName[0] = req.documentAddress[1]; -+ dirName[1] = req.documentAddress[2]; -+ dirName[2] = req.documentAddress[3]; -+ dirName[3] ='\0'; -+ if (!strcmp(dirName, "../")) -+ { -+ sayError(sock, FORBIDDEN, req.documentAddress, req); -+ return -1; -+ } -+ } -+ j = 0; -+ for (i = 1; i < sL; i++) { -+ if (req.documentAddress[i] == '/') -+ { -+ dirName[j] = '\0'; -+ if (strcmp(dirName, "..")) -+ depthCount ++; -+ else -+ depthCount--; -+ j = 0; -+ } else -+ dirName[j++] = req.documentAddress[i]; -+ } -+ if (depthCount < 0) -+ { -+ sayError(sock, FORBIDDEN, req.documentAddress, req); -+ return -1; -+ } -+ } + /* now we check if the given file is a directory or a plain file */ + stat(completeFilePath, &fileStats); + if ((fileStats.st_mode & S_IFDIR) == S_IFDIR) @@ -205,7 +174,7 @@ } #endif /* ENABLE_CGI */ #ifndef ENABLE_CGI -@@ -637,7 +746,7 @@ +@@ -593,7 +664,7 @@ f = fopen(configFile, "r"); if (f == NULL) { @@ -214,7 +183,7 @@ *serverPort = DEFAULT_PORT; *maxChildren = DEFAULT_MAX_CHILDREN; strcpy(homePath, DEFAULT_DOCS_LOCATION); -@@ -646,7 +755,9 @@ +@@ -602,7 +673,9 @@ sockTimeVal.tv_usec = DEFAULT_USEC_TO; strcpy(logFileName, DEFAULT_LOG_FILE); strcpy(mimeTypesFileName, DEFAULT_MIME_FILE); @@ -224,7 +193,7 @@ return -1; } if (!feof(f)) fscanf(f, "%s %s", str1, str2); -@@ -747,11 +858,25 @@ +@@ -703,11 +776,25 @@ if (mimeTypesFileName == NULL) { strcpy(mimeTypesFileName, DEFAULT_MIME_FILE); |