NetBSD Problem Report #38466
From arto.huusko@pp2.inet.fi Sun Apr 20 08:08:13 2008
Return-Path: <arto.huusko@pp2.inet.fi>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id B95F063B293
for <gnats-bugs@gnats.NetBSD.org>; Sun, 20 Apr 2008 08:08:13 +0000 (UTC)
Message-Id: <20080420080809.C3DBE8E305@mutteri.local>
Date: Sun, 20 Apr 2008 11:08:09 +0300 (EEST)
From: arto.huusko@pp2.inet.fi
To: gnats-bugs@gnats.NetBSD.org
Subject: cvsweb does not work with httpd
X-Send-Pr-Version: 3.95
>Number: 38466
>Category: bin
>Synopsis: cvsweb does not work with httpd
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: mrg
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Apr 20 08:10:01 +0000 2008
>Closed-Date: Sun Jun 20 06:46:42 +0000 2010
>Last-Modified: Sun Jun 20 06:46:42 +0000 2010
>Originator: Arto Huusko
>Release: NetBSD 4.99.55
>Organization:
>Environment:
System: NetBSD mutteri.local 4.99.55 NetBSD 4.99.55 (MUTTERI) #1: Wed Mar 12 18:38:08 EET 2008 root@mutteri.local:/local/netbsd/build/netbsd-current/amd64/obj/sys/arch/amd64/compile/MUTTERI amd64
Architecture: x86_64
Machine: amd64
>Description:
httpd, in cgi-bozo.c on line 121 appends index.html to CGI URLs that end
in '/'. This breaks cvsweb, and quite likely many other CGI applications
that use trailing paths.
>How-To-Repeat:
Install cvsweb, use it with httpd, see it fail with error message
'index.html not found'.
>Fix:
A new option to disable appending index.html for CGI scripts?
Disabling index.html for CGI unconditionally (which is what I have done
for my local copy for the time being)?
>Release-Note:
>Audit-Trail:
From: matthew green <mrg@eterna.com.au>
To: arto.huusko@pp2.inet.fi, gnats-bugs@NetBSD.org
Cc: gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: re: bin/38466: cvsweb does not work with httpd
Date: Mon, 21 Apr 2008 02:02:22 +1000
could you please test this patch? (it might not apply
directly, i have only tested it outside of netbsd src.)
it changes the cgi index.html code to only run if you
set the index.html name, so the default should work for
you now.
.mrg.
Index: bozohttpd.c
===================================================================
RCS file: /home/cvs/bozohttpd/bozohttpd.c,v
retrieving revision 1.145
diff -p -u -r1.145 bozohttpd.c
--- bozohttpd.c 4 Mar 2008 08:10:13 -0000 1.145
+++ bozohttpd.c 20 Apr 2008 15:57:44 -0000
@@ -165,6 +165,7 @@ static int eflag; /* don't clean enviro
const char *Iflag = "http";/* bind port; default "http" */
int Iflag_set;
int dflag = 0; /* debugging level */
+ int xflag_set; /* have set index_html */
char *myname; /* my name */
#ifndef LOG_FTP
@@ -344,6 +345,7 @@ main(int argc, char **argv)
break;
case 'x':
+ xflag_set = 1;
index_html = optarg;
break;
Index: bozohttpd.h
===================================================================
RCS file: /home/cvs/bozohttpd/bozohttpd.h,v
retrieving revision 1.19
diff -p -u -r1.19 bozohttpd.h
--- bozohttpd.h 4 Mar 2008 04:46:38 -0000 1.19
+++ bozohttpd.h 20 Apr 2008 15:57:44 -0000
@@ -130,7 +130,7 @@ void *bozorealloc(void *, size_t);
char *bozostrdup(const char *);
extern const char *Iflag;
-extern int Iflag_set;
+extern int Iflag_set, xflag_set;
extern int bflag, fflag;
extern char *slashdir;
extern const char http_09[];
Index: cgi-bozo.c
===================================================================
RCS file: /home/cvs/bozohttpd/cgi-bozo.c,v
retrieving revision 1.20
diff -p -u -r1.20 cgi-bozo.c
--- cgi-bozo.c 4 Mar 2008 05:42:28 -0000 1.20
+++ cgi-bozo.c 20 Apr 2008 15:57:44 -0000
@@ -117,7 +117,8 @@ process_cgi(http_req *request)
info = NULL;
len = strlen(url);
- if (len == 0 || url[len - 1] == '/') { /* append index.html */
+ /* only append index.html if -x is set */
+ if (xflag_set && (len == 0 || url[len - 1] == '/')) {
debug((DEBUG_FAT, "appending index.html"));
url = bozorealloc(url, len + strlen(index_html) + 1);
if (url == NULL)
From: Arto Huusko <arto.huusko@pp2.inet.fi>
To: matthew green <mrg@eterna.com.au>
Cc: gnats-bugs@NetBSD.org
Subject: Re: bin/38466: cvsweb does not work with httpd
Date: Wed, 23 Apr 2008 18:59:37 +0300
matthew green wrote:
> could you please test this patch? (it might not apply
> directly, i have only tested it outside of netbsd src.)
>
> it changes the cgi index.html code to only run if you
> set the index.html name, so the default should work for
> you now.
The patch does work. However, I wonder if there should ever
be any need to append anything to CGI paths? If there is
path info after the CGI script, I should think that the
CGI script should in every case be allowed to decide what
to do.
From: Holger Weiss <holger@weiss.in-berlin.de>
To: Arto Huusko <arto.huusko@pp2.inet.fi>,
Matthew Green <mrg@eterna.com.au>
Cc: GNATS Bugs <gnats-bugs@NetBSD.org>,
GNATS Admin <gnats-admin@NetBSD.org>,
NetBSD Bugs <netbsd-bugs@NetBSD.org>
Subject: Re: bin/38466: cvsweb does not work with httpd
Date: Sat, 3 May 2008 16:01:33 +0200
--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Well, supporting configurations such as "-C .sh /bin/sh -x index.sh"
might be useful for some sites. I use the attached patch which appends
the `index.html' name to the URL <http://example.com/cgi-bin/>, but not
to <http://example.com/cgi-bin/script/info/>. The patch doesn't change
the current behaviour for CGI scripts outside the `cgibin' directory,
since bozohttpd doesn't provide PATH_INFO to those anyway.
--HcAYCG3uE/tztfnV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="2.cgibin-index-html.diff"
Index: cgi-bozo.c
===================================================================
RCS file: /cvsroot/src/libexec/httpd/cgi-bozo.c,v
retrieving revision 1.7
diff -u -r1.7 cgi-bozo.c
--- cgi-bozo.c 3 Mar 2008 22:15:09 -0000 1.7
+++ cgi-bozo.c 3 May 2008 13:45:08 -0000
@@ -60,6 +60,7 @@
static const char * content_cgihandler(http_req *, const char *);
static void finish_cgi_output(http_req *request, int, int);
static int parse_header(const char *, ssize_t, char **, char **);
+static void append_index_html(char **);
void
set_cgibin(char *path)
@@ -118,16 +119,12 @@
info = NULL;
len = strlen(url);
- if (len == 0 || url[len - 1] == '/') { /* append index.html */
- debug((DEBUG_FAT, "appending index.html"));
- url = bozorealloc(url, len + strlen(index_html) + 1);
- strcat(url, index_html);
- debug((DEBUG_NORMAL, "process_cgi: url adjusted to `%s'", url));
- }
auth_check(request, url + 1);
if (!cgibin || strncmp(url + 1, CGIBIN_PREFIX, CGIBIN_PREFIX_LEN) != 0) {
+ if (len == 0 || url[len - 1] == '/')
+ append_index_html(&url);
cgihandler = content_cgihandler(request, url + 1);
if (cgihandler == NULL) {
free(url);
@@ -135,7 +132,8 @@
}
debug((DEBUG_NORMAL, "process_cgi: cgihandler `%s'",
cgihandler));
- }
+ } else if (len - 1 == CGIBIN_PREFIX_LEN) /* url is "/cgi-bin/" */
+ append_index_html(&url);
ix = 0;
if (cgihandler) {
@@ -430,6 +428,15 @@
return (NULL);
}
+static void
+append_index_html(char **url)
+{
+ debug((DEBUG_FAT, "appending index.html"));
+ *url = bozorealloc(*url, strlen(*url) + strlen(index_html) + 1);
+ strcat(*url, index_html);
+ debug((DEBUG_NORMAL, "append_index_html: url adjusted to `%s'", *url));
+}
+
#ifndef NO_DYNAMIC_CONTENT
/* cgi maps are simple ".postfix /path/to/prog" */
void
--HcAYCG3uE/tztfnV--
Responsible-Changed-From-To: bin-bug-people->mrg
Responsible-Changed-By: mrg@NetBSD.org
Responsible-Changed-When: Sat, 03 May 2008 20:21:49 +0000
Responsible-Changed-Why:
mine.
State-Changed-From-To: open->pending-pullups
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Thu, 06 Nov 2008 06:39:07 +0000
State-Changed-Why:
i'll get this pulled up to netbsd-5.
From: matthew green <mrg@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38466 CVS commit: src/libexec/httpd
Date: Thu, 6 Nov 2008 06:38:43 +0000 (UTC)
Module Name: src
Committed By: mrg
Date: Thu Nov 6 06:38:43 UTC 2008
Modified Files:
src/libexec/httpd: cgi-bozo.c
Log Message:
pull across the fix from my master bozohttpd cvs tree for PR 38466.
To generate a diff of this commit:
cvs rdiff -r1.7 -r1.8 src/libexec/httpd/cgi-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Jeff Rizzo <riz@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/38466 CVS commit: [netbsd-5] src/libexec/httpd
Date: Sun, 23 Nov 2008 21:35:54 +0000 (UTC)
Module Name: src
Committed By: riz
Date: Sun Nov 23 21:35:54 UTC 2008
Modified Files:
src/libexec/httpd [netbsd-5]: cgi-bozo.c
Log Message:
Pull up following revision(s) (requested by mrg in ticket #115):
libexec/httpd/cgi-bozo.c: revision 1.8
pull across the fix from my master bozohttpd cvs tree for PR 38466.
To generate a diff of this commit:
cvs rdiff -r1.7 -r1.7.8.1 src/libexec/httpd/cgi-bozo.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: pending-pullups->closed
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Mon, 24 Nov 2008 05:42:32 +0000
State-Changed-Why:
all done, thanks!
From: Arto Huusko <arto.huusko@pp2.inet.fi>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: bin/38466
Date: Wed, 27 May 2009 00:17:42 +0300
httpd is again broken with cvsweb, and this bug should be reopened.
httpd automatically appends index.html to any request ending with /.
Apparently the new version appends the index.html unconditionally
in function transform_request(), so process_cgi() has nothing to do
with it this time around.
I'm using the following simple workaround patch, which strips the
index_html in process_cgi().
Index: bozohttpd.c
===================================================================
RCS file: /cvsroot/src/libexec/httpd/bozohttpd.c,v
retrieving revision 1.15
diff -r1.15 bozohttpd.c
1474c1474
< if (process_cgi(request))
---
> if (process_cgi(request, *isindex))
Index: bozohttpd.h
===================================================================
RCS file: /cvsroot/src/libexec/httpd/bozohttpd.h,v
retrieving revision 1.11
diff -r1.11 bozohttpd.h
189c189
< extern int process_cgi(http_req *);
---
> extern int process_cgi(http_req *, int isindex);
Index: cgi-bozo.c
===================================================================
RCS file: /cvsroot/src/libexec/httpd/cgi-bozo.c,v
retrieving revision 1.14
diff -r1.14 cgi-bozo.c
91c91
< process_cgi(http_req *request)
---
> process_cgi(http_req *request, int isindex)
109a110,112
> /* strip appended index.html */
> if (isindex)
> file[strlen(file) - strlen(index_html)] = 0;
State-Changed-From-To: closed->open
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Tue, 26 May 2009 21:36:10 +0000
State-Changed-Why:
re-opened at request of submitter.
State-Changed-From-To: open->analyzed
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Wed, 09 Jun 2010 07:55:25 +0000
State-Changed-Why:
OK, i think i understand what is wrong here, and see some other issues as well.
i've got a patch testing in my personal tree that fixes this issue, and should
be integrated into netbsd shortly.
State-Changed-From-To: analyzed->closed
State-Changed-By: mrg@NetBSD.org
State-Changed-When: Sun, 20 Jun 2010 06:46:42 +0000
State-Changed-Why:
latest bozohttpd fixes this problem. thanks.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home