NetBSD Problem Report #48810
From netbsd@precedence.co.uk Wed May 14 13:45:00 2014
Return-Path: <netbsd@precedence.co.uk>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 77286A5850
for <gnats-bugs@gnats.NetBSD.org>; Wed, 14 May 2014 13:45:00 +0000 (UTC)
Message-Id: <Pine.NEB.4.64.1405141444110.4872@ugly.internal.precedence.co.uk>
Date: Wed, 14 May 2014 14:44:54 +0100 (BST)
From: Stephen Borrill <netbsd@precedence.co.uk>
To: gnats-bugs@gnats.NetBSD.org
Subject: httpd does not use cgi handler for index
>Number: 48810
>Category: bin
>Synopsis: httpd does not use cgi handler for index
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: shm
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Wed May 14 13:45:00 +0000 2014
>Closed-Date: Mon Oct 20 07:27:10 +0000 2014
>Last-Modified: Mon Oct 20 07:27:10 +0000 2014
>Originator: Stephen Borrill
>Release: NetBSD 6.1_STABLE
>Organization:
>Environment:
System: NetBSD 6.1_STABLE NetBSD 6.1_STABLE (XEN3_DOMU) amd64
Architecture: x86_64
Machine: amd64
>Description:
httpd -C allows you to specify a cgi handler for a certain file extension.
-x allows you to set the default index document.
If you combine the two and set an index document with an extension that
should be handled by a cgi handler, you get the raw contents of the
document, instead of it being passed to the cgi handler.
The bozohttpd changelog suggests this was fixed years ago:
changes since bozohttpd 20021106:
[snip]
o allow -x (index.html) mode to work with CGI handlers
>How-To-Repeat:
In inetd.conf set httpd -C .sh /bin/sh -x index.sh /var/www
Create /var/www/index.sh (and chmod +x it):
#!/bin/sh
echo "Content-Type: text/plain"
echo
echo "Hello"
Visit http://localhost/ and you will see the raw contents of index.sh
Visit http://localhost/index.sh and you will see the processed output.
Alternatively, use telnet:
test# telnet localhost 80
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.0 200 OK
Date: Wed, 14 May 2014 13:38:43 GMT
Server: bozohttpd/20111118
Accept-Ranges: bytes
Last-Modified: Wed, 14 May 2014 13:35:08 GMT
Content-Length: 61
#!/bin/sh
echo "Content-Type: text/plain"
echo
echo "Hello"
Connection closed by foreign host.
test# telnet localhost 80
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.sh HTTP/1.0
HTTP/1.0 200 OK
Content-Type: text/plain
Hello
Connection closed by foreign host.
>Fix:
>Release-Note:
>Audit-Trail:
From: "Mateusz Kocielski" <shm@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/48810 CVS commit: src/libexec/httpd
Date: Tue, 24 Jun 2014 07:23:59 +0000
Module Name: src
Committed By: shm
Date: Tue Jun 24 07:23:59 UTC 2014
Modified Files:
src/libexec/httpd: cgi-bozo.c
Log Message:
PR/48810 use cgi handler for index files
OK mrg@ martin@
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/libexec/httpd/cgi-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Responsible-Changed-From-To: bin-bug-people->shm
Responsible-Changed-By: shm@NetBSD.org
Responsible-Changed-When: Tue, 24 Jun 2014 07:28:56 +0000
Responsible-Changed-Why:
State-Changed-From-To: open->feedback
State-Changed-By: shm@NetBSD.org
State-Changed-When: Tue, 24 Jun 2014 07:28:56 +0000
State-Changed-Why:
Patch committed, awaiting for verification.
From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@netbsd.org
Cc: prlw1@cam.ac.uk
Subject: Re: bin/48810
Date: Mon, 30 Jun 2014 23:26:04 +0100
In some sense this fixes it for me with HTTP/0.9 in that we get the output
of the script rather than the source:
$ telnet localhost 80
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/0.9
HTTP/0.9 200 OK
Content-Type: text/plain
Hello
Connection closed by foreign host.
However with HTTP/1.0 (and 1.1), the connection hangs:
$ telnet localhost 80
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 408 Request Timeout
Content-Type: text/html
Content-Length: 0
Server: bozohttpd/20140516
Connection closed by foreign host.
From: Mateusz Kocielski <shm@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48810
Date: Tue, 1 Jul 2014 07:11:51 +0000
Thanks for the report. According to the RFC 1945 (which defines HTTP/1.0
HTTP) and RFC 2616 (which defines HTTP/1.1) request looks as follows:
[...]
5 Request
A request message from a client to a server includes, within the
first line of that message, the method to be applied to the resource,
the identifier of the resource, and the protocol version in use.
Request = Request-Line ; Section 5.1
*(( general-header ; Section 4.5
| request-header ; Section 5.3
| entity-header ) CRLF) ; Section 7.1
CRLF
[ message-body ] ; Section 4.3
[...]
The code waits for headers after you sent "GET / HTTP/1.0", that's why
you get 408 (timeout). To complete the request, you should send
additional empty line. (It should be "GET / HTTP/1.0\r\n\r\n").
From: Patrick Welche <prlw1@cam.ac.uk>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: bin/48810
Date: Wed, 16 Jul 2014 09:10:44 +0100
Sorry about the broken test - your fix does work for me. Thanks!
State-Changed-From-To: feedback->closed
State-Changed-By: shm@NetBSD.org
State-Changed-When: Mon, 20 Oct 2014 07:27:10 +0000
State-Changed-Why:
fixed, patched, tested.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.