cgi-bozo.c revision 1.38
1 1.38 mrg /* $NetBSD: cgi-bozo.c,v 1.38 2017/10/05 04:22:41 mrg Exp $ */ 2 1.4 tls 3 1.20 mrg /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ 4 1.1 tls 5 1.1 tls /* 6 1.37 mrg * Copyright (c) 1997-2017 Matthew R. Green 7 1.1 tls * All rights reserved. 8 1.1 tls * 9 1.1 tls * Redistribution and use in source and binary forms, with or without 10 1.1 tls * modification, are permitted provided that the following conditions 11 1.1 tls * are met: 12 1.1 tls * 1. Redistributions of source code must retain the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer. 14 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 15 1.1 tls * notice, this list of conditions and the following disclaimer and 16 1.1 tls * dedication in the documentation and/or other materials provided 17 1.1 tls * with the distribution. 18 1.1 tls * 19 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 tls * SUCH DAMAGE. 30 1.1 tls * 31 1.1 tls */ 32 1.1 tls 33 1.1 tls /* this code implements CGI/1.2 for bozohttpd */ 34 1.1 tls 35 1.1 tls #ifndef NO_CGIBIN_SUPPORT 36 1.1 tls 37 1.1 tls #include <sys/param.h> 38 1.1 tls #include <sys/socket.h> 39 1.1 tls 40 1.1 tls #include <ctype.h> 41 1.1 tls #include <errno.h> 42 1.1 tls #include <paths.h> 43 1.1 tls #include <signal.h> 44 1.1 tls #include <stdlib.h> 45 1.1 tls #include <string.h> 46 1.13 mrg #include <syslog.h> 47 1.1 tls #include <unistd.h> 48 1.1 tls 49 1.1 tls #include <netinet/in.h> 50 1.1 tls 51 1.1 tls #include "bozohttpd.h" 52 1.1 tls 53 1.1 tls #define CGIBIN_PREFIX "cgi-bin/" 54 1.1 tls #define CGIBIN_PREFIX_LEN (sizeof(CGIBIN_PREFIX)-1) 55 1.1 tls 56 1.15 mrg #ifndef USE_ARG 57 1.15 mrg #define USE_ARG(x) /*LINTED*/(void)&(x) 58 1.15 mrg #endif 59 1.15 mrg 60 1.15 mrg /* 61 1.15 mrg * given the file name, return a CGI interpreter 62 1.15 mrg */ 63 1.15 mrg static const char * 64 1.15 mrg content_cgihandler(bozohttpd_t *httpd, bozo_httpreq_t *request, 65 1.15 mrg const char *file) 66 1.15 mrg { 67 1.15 mrg bozo_content_map_t *map; 68 1.15 mrg 69 1.15 mrg USE_ARG(request); 70 1.15 mrg debug((httpd, DEBUG_FAT, "content_cgihandler: trying file %s", file)); 71 1.15 mrg map = bozo_match_content_map(httpd, file, 0); 72 1.15 mrg if (map) 73 1.15 mrg return map->cgihandler; 74 1.15 mrg return NULL; 75 1.15 mrg } 76 1.15 mrg 77 1.15 mrg static int 78 1.29 mrg parse_header(bozo_httpreq_t *request, const char *str, ssize_t len, 79 1.29 mrg char **hdr_str, char **hdr_val) 80 1.15 mrg { 81 1.29 mrg struct bozohttpd_t *httpd = request->hr_httpd; 82 1.15 mrg char *name, *value; 83 1.15 mrg 84 1.15 mrg /* if the string passed is zero-length bail out */ 85 1.15 mrg if (*str == '\0') 86 1.15 mrg return -1; 87 1.15 mrg 88 1.29 mrg value = bozostrdup(httpd, request, str); 89 1.15 mrg 90 1.15 mrg /* locate the ':' separator in the header/value */ 91 1.15 mrg name = bozostrnsep(&value, ":", &len); 92 1.15 mrg 93 1.15 mrg if (NULL == name || -1 == len) { 94 1.28 shm free(value); 95 1.15 mrg return -1; 96 1.15 mrg } 97 1.1 tls 98 1.15 mrg /* skip leading space/tab */ 99 1.15 mrg while (*value == ' ' || *value == '\t') 100 1.15 mrg len--, value++; 101 1.15 mrg 102 1.15 mrg *hdr_str = name; 103 1.15 mrg *hdr_val = value; 104 1.15 mrg 105 1.15 mrg return 0; 106 1.15 mrg } 107 1.15 mrg 108 1.15 mrg /* 109 1.15 mrg * handle parsing a CGI header output, transposing a Status: header 110 1.15 mrg * into the HTTP reply (ie, instead of "200 OK"). 111 1.15 mrg */ 112 1.15 mrg static void 113 1.15 mrg finish_cgi_output(bozohttpd_t *httpd, bozo_httpreq_t *request, int in, int nph) 114 1.15 mrg { 115 1.15 mrg char buf[BOZO_WRSZ]; 116 1.15 mrg char *str; 117 1.15 mrg ssize_t len; 118 1.15 mrg ssize_t rbytes; 119 1.15 mrg SIMPLEQ_HEAD(, bozoheaders) headers; 120 1.15 mrg bozoheaders_t *hdr, *nhdr; 121 1.15 mrg int write_header, nheaders = 0; 122 1.15 mrg 123 1.15 mrg /* much of this code is like bozo_read_request()'s header loop. */ 124 1.15 mrg SIMPLEQ_INIT(&headers); 125 1.15 mrg write_header = nph == 0; 126 1.15 mrg /* was read(2) here - XXX - agc */ 127 1.15 mrg while (nph == 0 && 128 1.15 mrg (str = bozodgetln(httpd, in, &len, bozo_read)) != NULL) { 129 1.15 mrg char *hdr_name, *hdr_value; 130 1.15 mrg 131 1.29 mrg if (parse_header(request, str, len, &hdr_name, &hdr_value)) 132 1.15 mrg break; 133 1.15 mrg 134 1.15 mrg /* 135 1.15 mrg * The CGI 1.{1,2} spec both say that if the cgi program 136 1.15 mrg * returns a `Status:' header field then the server MUST 137 1.15 mrg * return it in the response. If the cgi program does 138 1.15 mrg * not return any `Status:' header then the server should 139 1.15 mrg * respond with 200 OK. 140 1.15 mrg * XXX The CGI 1.1 and 1.2 specification differ slightly on 141 1.15 mrg * this in that v1.2 says that the script MUST NOT return a 142 1.15 mrg * `Status:' header if it is returning a `Location:' header. 143 1.15 mrg * For compatibility we are going with the CGI 1.1 behavior. 144 1.15 mrg */ 145 1.15 mrg if (strcasecmp(hdr_name, "status") == 0) { 146 1.15 mrg debug((httpd, DEBUG_OBESE, 147 1.15 mrg "bozo_process_cgi: writing HTTP header " 148 1.15 mrg "from status %s ..", hdr_value)); 149 1.15 mrg bozo_printf(httpd, "%s %s\r\n", request->hr_proto, 150 1.15 mrg hdr_value); 151 1.15 mrg bozo_flush(httpd, stdout); 152 1.15 mrg write_header = 0; 153 1.15 mrg free(hdr_name); 154 1.15 mrg break; 155 1.15 mrg } 156 1.15 mrg 157 1.15 mrg hdr = bozomalloc(httpd, sizeof *hdr); 158 1.15 mrg hdr->h_header = hdr_name; 159 1.15 mrg hdr->h_value = hdr_value; 160 1.15 mrg SIMPLEQ_INSERT_TAIL(&headers, hdr, h_next); 161 1.15 mrg nheaders++; 162 1.15 mrg } 163 1.15 mrg 164 1.15 mrg if (write_header) { 165 1.15 mrg debug((httpd, DEBUG_OBESE, 166 1.15 mrg "bozo_process_cgi: writing HTTP header ..")); 167 1.15 mrg bozo_printf(httpd, 168 1.15 mrg "%s 200 OK\r\n", request->hr_proto); 169 1.15 mrg bozo_flush(httpd, stdout); 170 1.15 mrg } 171 1.15 mrg 172 1.15 mrg if (nheaders) { 173 1.15 mrg debug((httpd, DEBUG_OBESE, 174 1.15 mrg "bozo_process_cgi: writing delayed HTTP headers ..")); 175 1.15 mrg SIMPLEQ_FOREACH_SAFE(hdr, &headers, h_next, nhdr) { 176 1.15 mrg bozo_printf(httpd, "%s: %s\r\n", hdr->h_header, 177 1.15 mrg hdr->h_value); 178 1.15 mrg free(hdr->h_header); 179 1.15 mrg free(hdr); 180 1.15 mrg } 181 1.15 mrg bozo_printf(httpd, "\r\n"); 182 1.15 mrg bozo_flush(httpd, stdout); 183 1.15 mrg } 184 1.15 mrg 185 1.15 mrg /* XXX we should have some goo that times us out 186 1.15 mrg */ 187 1.15 mrg while ((rbytes = read(in, buf, sizeof buf)) > 0) { 188 1.15 mrg ssize_t wbytes; 189 1.15 mrg char *bp = buf; 190 1.15 mrg 191 1.15 mrg while (rbytes) { 192 1.15 mrg wbytes = bozo_write(httpd, STDOUT_FILENO, buf, 193 1.15 mrg (size_t)rbytes); 194 1.15 mrg if (wbytes > 0) { 195 1.15 mrg rbytes -= wbytes; 196 1.15 mrg bp += wbytes; 197 1.15 mrg } else 198 1.30 mrg bozoerr(httpd, 1, 199 1.15 mrg "cgi output write failed: %s", 200 1.15 mrg strerror(errno)); 201 1.15 mrg } 202 1.15 mrg } 203 1.15 mrg } 204 1.15 mrg 205 1.15 mrg static void 206 1.15 mrg append_index_html(bozohttpd_t *httpd, char **url) 207 1.15 mrg { 208 1.15 mrg *url = bozorealloc(httpd, *url, 209 1.15 mrg strlen(*url) + strlen(httpd->index_html) + 1); 210 1.15 mrg strcat(*url, httpd->index_html); 211 1.15 mrg debug((httpd, DEBUG_NORMAL, 212 1.15 mrg "append_index_html: url adjusted to `%s'", *url)); 213 1.15 mrg } 214 1.1 tls 215 1.33 mrg /* This function parse search-string according to section 4.4 of RFC3875 */ 216 1.33 mrg static char ** 217 1.33 mrg parse_search_string(bozo_httpreq_t *request, const char *query, size_t *args_len) 218 1.33 mrg { 219 1.33 mrg struct bozohttpd_t *httpd = request->hr_httpd; 220 1.33 mrg size_t i; 221 1.33 mrg char *s, *str, **args; 222 1.33 mrg 223 1.33 mrg *args_len = 0; 224 1.33 mrg 225 1.33 mrg /* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */ 226 1.33 mrg if (strchr(query, '=')) { 227 1.33 mrg return NULL; 228 1.33 mrg } 229 1.33 mrg 230 1.33 mrg str = bozostrdup(httpd, request, query); 231 1.33 mrg 232 1.33 mrg /* 233 1.33 mrg * there's no more arguments than '+' chars in the query string as it's 234 1.33 mrg * the separator 235 1.33 mrg */ 236 1.33 mrg *args_len = 1; 237 1.33 mrg /* count '+' in str */ 238 1.36 mrg for (s = str; (s = strchr(s, '+')); (*args_len)++) 239 1.36 mrg s++; 240 1.33 mrg 241 1.33 mrg args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1)); 242 1.33 mrg 243 1.33 mrg args[0] = str; 244 1.33 mrg args[*args_len] = NULL; 245 1.33 mrg for (s = str, i = 0; (s = strchr(s, '+'));) { 246 1.33 mrg *s = '\0'; 247 1.33 mrg s++; 248 1.33 mrg args[i++] = s; 249 1.33 mrg } 250 1.33 mrg 251 1.33 mrg /* 252 1.33 mrg * check if search-strings are valid: 253 1.33 mrg * 254 1.33 mrg * RFC3875, section 4.4: 255 1.33 mrg * 256 1.33 mrg * search-string = search-word *( "+" search-word ) 257 1.33 mrg * search-word = 1*schar 258 1.33 mrg * schar = unreserved | escaped | xreserved 259 1.33 mrg * xreserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "," | 260 1.33 mrg * "$" 261 1.33 mrg * 262 1.33 mrg * section 2.3: 263 1.33 mrg * 264 1.33 mrg * hex = digit | "A" | "B" | "C" | "D" | "E" | "F" | "a" | 265 1.33 mrg * "b" | "c" | "d" | "e" | "f" 266 1.33 mrg * escaped = "%" hex hex 267 1.33 mrg * unreserved = alpha | digit | mark 268 1.33 mrg * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" 269 1.33 mrg * 270 1.33 mrg * section 2.2: 271 1.33 mrg * 272 1.33 mrg * alpha = lowalpha | hialpha 273 1.33 mrg * lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" | 274 1.33 mrg * "i" | "j" | "k" | "l" | "m" | "n" | "o" | "p" | 275 1.33 mrg * "q" | "r" | "s" | "t" | "u" | "v" | "w" | "x" | 276 1.33 mrg * "y" | "z" 277 1.33 mrg * hialpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | 278 1.33 mrg * "I" | "J" | "K" | "L" | "M" | "N" | "O" | "P" | 279 1.33 mrg * "Q" | "R" | "S" | "T" | "U" | "V" | "W" | "X" | 280 1.33 mrg * "Y" | "Z" 281 1.33 mrg * digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | 282 1.33 mrg * "8" | "9" 283 1.33 mrg */ 284 1.33 mrg #define UNRESERVED_CHAR "-_.!~*'()" 285 1.33 mrg #define XRESERVED_CHAR ";/?:@&=,$" 286 1.33 mrg 287 1.33 mrg for (i = 0; i < *args_len; i++) { 288 1.33 mrg s = args[i]; 289 1.33 mrg /* search-word MUST have at least one schar */ 290 1.33 mrg if (*s == '\0') 291 1.33 mrg goto parse_err; 292 1.33 mrg while(*s) { 293 1.33 mrg /* check if it's unreserved */ 294 1.33 mrg if (isalpha((int)*s) || isdigit((int)*s) || 295 1.33 mrg strchr(UNRESERVED_CHAR, *s)) { 296 1.33 mrg s++; 297 1.33 mrg continue; 298 1.33 mrg } 299 1.33 mrg 300 1.33 mrg /* check if it's escaped */ 301 1.33 mrg if (*s == '%') { 302 1.33 mrg if (s[1] == '\0' || s[2] == '\0') 303 1.33 mrg goto parse_err; 304 1.33 mrg if (!isxdigit((int)s[1]) || 305 1.33 mrg !isxdigit((int)s[2])) 306 1.33 mrg goto parse_err; 307 1.33 mrg s += 3; 308 1.33 mrg continue; 309 1.33 mrg } 310 1.33 mrg 311 1.33 mrg /* check if it's xreserved */ 312 1.33 mrg 313 1.33 mrg if (strchr(XRESERVED_CHAR, *s)) { 314 1.33 mrg s++; 315 1.33 mrg continue; 316 1.33 mrg } 317 1.33 mrg 318 1.33 mrg goto parse_err; 319 1.33 mrg } 320 1.33 mrg } 321 1.33 mrg 322 1.33 mrg /* decode percent encoding */ 323 1.33 mrg for (i = 0; i < *args_len; i++) { 324 1.33 mrg if (bozo_decode_url_percent(request, args[i])) 325 1.33 mrg goto parse_err; 326 1.33 mrg } 327 1.33 mrg 328 1.33 mrg /* allocate each arg separately */ 329 1.33 mrg for (i = 0; i < *args_len; i++) 330 1.33 mrg args[i] = bozostrdup(httpd, request, args[i]); 331 1.33 mrg free(str); 332 1.33 mrg 333 1.33 mrg return args; 334 1.33 mrg 335 1.33 mrg parse_err: 336 1.33 mrg 337 1.35 christos free (str); 338 1.33 mrg free (*args); 339 1.35 christos free(args); 340 1.33 mrg *args_len = 0; 341 1.33 mrg 342 1.35 christos return NULL; 343 1.33 mrg 344 1.33 mrg } 345 1.33 mrg 346 1.1 tls void 347 1.15 mrg bozo_cgi_setbin(bozohttpd_t *httpd, const char *path) 348 1.1 tls { 349 1.29 mrg httpd->cgibin = bozostrdup(httpd, NULL, path); 350 1.15 mrg debug((httpd, DEBUG_OBESE, "cgibin (cgi-bin directory) is %s", 351 1.15 mrg httpd->cgibin)); 352 1.1 tls } 353 1.1 tls 354 1.1 tls /* help build up the environ pointer */ 355 1.1 tls void 356 1.15 mrg bozo_setenv(bozohttpd_t *httpd, const char *env, const char *val, 357 1.15 mrg char **envp) 358 1.1 tls { 359 1.15 mrg char *s1 = bozomalloc(httpd, strlen(env) + strlen(val) + 2); 360 1.1 tls 361 1.1 tls strcpy(s1, env); 362 1.1 tls strcat(s1, "="); 363 1.1 tls strcat(s1, val); 364 1.15 mrg debug((httpd, DEBUG_OBESE, "bozo_setenv: %s", s1)); 365 1.1 tls *envp = s1; 366 1.1 tls } 367 1.1 tls 368 1.1 tls /* 369 1.1 tls * Checks if the request has asked for a cgi-bin. Should only be called if 370 1.1 tls * cgibin is set. If it starts CGIBIN_PREFIX or has a ncontent handler, 371 1.12 mrg * process the cgi, otherwise just return. Returns 0 if it did not handle 372 1.12 mrg * the request. 373 1.1 tls */ 374 1.12 mrg int 375 1.15 mrg bozo_process_cgi(bozo_httpreq_t *request) 376 1.1 tls { 377 1.15 mrg bozohttpd_t *httpd = request->hr_httpd; 378 1.15 mrg char buf[BOZO_WRSZ]; 379 1.15 mrg char date[40]; 380 1.15 mrg bozoheaders_t *headp; 381 1.1 tls const char *type, *clen, *info, *cgihandler; 382 1.32 mrg char *query, *s, *t, *path, *env, *command, *file, *url; 383 1.33 mrg char **envp, **curenvp, **argv, **search_string_argv = NULL; 384 1.17 mrg char *uri; 385 1.33 mrg size_t i, len, search_string_argc = 0; 386 1.1 tls ssize_t rbytes; 387 1.1 tls pid_t pid; 388 1.1 tls int envpsize, ix, nph; 389 1.1 tls int sv[2]; 390 1.1 tls 391 1.15 mrg if (!httpd->cgibin && !httpd->process_cgi) 392 1.12 mrg return 0; 393 1.1 tls 394 1.28 shm #ifndef NO_USER_SUPPORT 395 1.30 mrg if (request->hr_user && !httpd->enable_cgi_users) 396 1.28 shm return 0; 397 1.28 shm #endif /* !NO_USER_SUPPORT */ 398 1.28 shm 399 1.25 shm if (request->hr_oldfile && strcmp(request->hr_oldfile, "/") != 0) 400 1.25 shm uri = request->hr_oldfile; 401 1.25 shm else 402 1.25 shm uri = request->hr_file; 403 1.25 shm 404 1.17 mrg if (uri[0] == '/') 405 1.29 mrg file = bozostrdup(httpd, request, uri); 406 1.17 mrg else 407 1.31 mrg bozoasprintf(httpd, &file, "/%s", uri); 408 1.17 mrg 409 1.12 mrg if (request->hr_query && strlen(request->hr_query)) 410 1.29 mrg query = bozostrdup(httpd, request, request->hr_query); 411 1.12 mrg else 412 1.12 mrg query = NULL; 413 1.12 mrg 414 1.31 mrg bozoasprintf(httpd, &url, "%s%s%s", 415 1.31 mrg file, 416 1.31 mrg query ? "?" : "", 417 1.31 mrg query ? query : ""); 418 1.15 mrg debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: url `%s'", url)); 419 1.1 tls 420 1.1 tls path = NULL; 421 1.1 tls envp = NULL; 422 1.1 tls cgihandler = NULL; 423 1.32 mrg command = NULL; 424 1.1 tls info = NULL; 425 1.13 mrg 426 1.1 tls len = strlen(url); 427 1.1 tls 428 1.16 mrg if (bozo_auth_check(request, url + 1)) 429 1.12 mrg goto out; 430 1.12 mrg 431 1.15 mrg if (!httpd->cgibin || 432 1.15 mrg strncmp(url + 1, CGIBIN_PREFIX, CGIBIN_PREFIX_LEN) != 0) { 433 1.15 mrg cgihandler = content_cgihandler(httpd, request, file + 1); 434 1.1 tls if (cgihandler == NULL) { 435 1.15 mrg debug((httpd, DEBUG_FAT, 436 1.15 mrg "bozo_process_cgi: no handler, returning")); 437 1.12 mrg goto out; 438 1.1 tls } 439 1.9 tls if (len == 0 || file[len - 1] == '/') 440 1.15 mrg append_index_html(httpd, &file); 441 1.15 mrg debug((httpd, DEBUG_NORMAL, "bozo_process_cgi: cgihandler `%s'", 442 1.1 tls cgihandler)); 443 1.8 mrg } else if (len - 1 == CGIBIN_PREFIX_LEN) /* url is "/cgi-bin/" */ 444 1.15 mrg append_index_html(httpd, &file); 445 1.12 mrg 446 1.33 mrg /* RFC3875 sect. 4.4. - search-string support */ 447 1.33 mrg if (query != NULL) { 448 1.33 mrg search_string_argv = parse_search_string(request, query, 449 1.33 mrg &search_string_argc); 450 1.33 mrg } 451 1.33 mrg 452 1.34 mrg debug((httpd, DEBUG_NORMAL, "parse_search_string args no: %zu", 453 1.33 mrg search_string_argc)); 454 1.33 mrg for (i = 0; i < search_string_argc; i++) { 455 1.33 mrg debug((httpd, DEBUG_FAT, 456 1.34 mrg "search_string[%zu]: `%s'", i, search_string_argv[i])); 457 1.33 mrg } 458 1.33 mrg 459 1.33 mrg argv = bozomalloc(httpd, sizeof(*argv) * (3 + search_string_argc)); 460 1.33 mrg 461 1.1 tls ix = 0; 462 1.1 tls if (cgihandler) { 463 1.32 mrg command = file + 1; 464 1.29 mrg path = bozostrdup(httpd, request, cgihandler); 465 1.1 tls } else { 466 1.32 mrg command = file + CGIBIN_PREFIX_LEN + 1; 467 1.1 tls if ((s = strchr(command, '/')) != NULL) { 468 1.29 mrg info = bozostrdup(httpd, request, s); 469 1.1 tls *s = '\0'; 470 1.1 tls } 471 1.15 mrg path = bozomalloc(httpd, 472 1.15 mrg strlen(httpd->cgibin) + 1 + strlen(command) + 1); 473 1.15 mrg strcpy(path, httpd->cgibin); 474 1.1 tls strcat(path, "/"); 475 1.1 tls strcat(path, command); 476 1.1 tls } 477 1.33 mrg 478 1.33 mrg argv[ix++] = path; 479 1.33 mrg 480 1.33 mrg /* copy search-string args */ 481 1.33 mrg for (i = 0; i < search_string_argc; i++) 482 1.33 mrg argv[ix++] = search_string_argv[i]; 483 1.33 mrg 484 1.1 tls argv[ix++] = NULL; 485 1.1 tls nph = strncmp(command, "nph-", 4) == 0; 486 1.1 tls 487 1.1 tls type = request->hr_content_type; 488 1.1 tls clen = request->hr_content_length; 489 1.1 tls 490 1.1 tls envpsize = 13 + request->hr_nheaders + 491 1.1 tls (info && *info ? 1 : 0) + 492 1.1 tls (query && *query ? 1 : 0) + 493 1.1 tls (type && *type ? 1 : 0) + 494 1.1 tls (clen && *clen ? 1 : 0) + 495 1.1 tls (request->hr_remotehost && *request->hr_remotehost ? 1 : 0) + 496 1.1 tls (request->hr_remoteaddr && *request->hr_remoteaddr ? 1 : 0) + 497 1.15 mrg bozo_auth_cgi_count(request) + 498 1.1 tls (request->hr_serverport && *request->hr_serverport ? 1 : 0); 499 1.1 tls 500 1.15 mrg debug((httpd, DEBUG_FAT, 501 1.15 mrg "bozo_process_cgi: path `%s', cmd `%s', info `%s', " 502 1.15 mrg "query `%s', nph `%d', envpsize `%d'", 503 1.15 mrg path, command, strornull(info), 504 1.15 mrg strornull(query), nph, envpsize)); 505 1.14 mrg 506 1.15 mrg envp = bozomalloc(httpd, sizeof(*envp) * envpsize); 507 1.1 tls for (ix = 0; ix < envpsize; ix++) 508 1.1 tls envp[ix] = NULL; 509 1.1 tls curenvp = envp; 510 1.3 tls 511 1.3 tls SIMPLEQ_FOREACH(headp, &request->hr_headers, h_next) { 512 1.1 tls const char *s2; 513 1.15 mrg env = bozomalloc(httpd, 6 + strlen(headp->h_header) + 1 + 514 1.1 tls strlen(headp->h_value)); 515 1.1 tls 516 1.1 tls t = env; 517 1.1 tls strcpy(t, "HTTP_"); 518 1.1 tls t += strlen(t); 519 1.1 tls for (s2 = headp->h_header; *s2; t++, s2++) 520 1.38 mrg if (islower((unsigned)*s2)) 521 1.38 mrg *t = toupper((unsigned)*s2); 522 1.1 tls else if (*s2 == '-') 523 1.1 tls *t = '_'; 524 1.1 tls else 525 1.1 tls *t = *s2; 526 1.1 tls *t = '\0'; 527 1.15 mrg debug((httpd, DEBUG_OBESE, "setting header %s as %s = %s", 528 1.1 tls headp->h_header, env, headp->h_value)); 529 1.15 mrg bozo_setenv(httpd, env, headp->h_value, curenvp++); 530 1.1 tls free(env); 531 1.1 tls } 532 1.14 mrg 533 1.1 tls #ifndef _PATH_DEFPATH 534 1.1 tls #define _PATH_DEFPATH "/usr/bin:/bin" 535 1.1 tls #endif 536 1.1 tls 537 1.15 mrg bozo_setenv(httpd, "PATH", _PATH_DEFPATH, curenvp++); 538 1.15 mrg bozo_setenv(httpd, "IFS", " \t\n", curenvp++); 539 1.21 martin bozo_setenv(httpd, "SERVER_NAME", BOZOHOST(httpd,request), curenvp++); 540 1.15 mrg bozo_setenv(httpd, "GATEWAY_INTERFACE", "CGI/1.1", curenvp++); 541 1.15 mrg bozo_setenv(httpd, "SERVER_PROTOCOL", request->hr_proto, curenvp++); 542 1.15 mrg bozo_setenv(httpd, "REQUEST_METHOD", request->hr_methodstr, curenvp++); 543 1.15 mrg bozo_setenv(httpd, "SCRIPT_NAME", file, curenvp++); 544 1.15 mrg bozo_setenv(httpd, "SCRIPT_FILENAME", file + 1, curenvp++); 545 1.15 mrg bozo_setenv(httpd, "SERVER_SOFTWARE", httpd->server_software, 546 1.15 mrg curenvp++); 547 1.17 mrg bozo_setenv(httpd, "REQUEST_URI", uri, curenvp++); 548 1.15 mrg bozo_setenv(httpd, "DATE_GMT", bozo_http_date(date, sizeof(date)), 549 1.15 mrg curenvp++); 550 1.33 mrg /* RFC3875 section 4.1.7 says that QUERY_STRING MUST be defined. */ 551 1.1 tls if (query && *query) 552 1.15 mrg bozo_setenv(httpd, "QUERY_STRING", query, curenvp++); 553 1.33 mrg else 554 1.33 mrg bozo_setenv(httpd, "QUERY_STRING", "", curenvp++); 555 1.1 tls if (info && *info) 556 1.15 mrg bozo_setenv(httpd, "PATH_INFO", info, curenvp++); 557 1.1 tls if (type && *type) 558 1.15 mrg bozo_setenv(httpd, "CONTENT_TYPE", type, curenvp++); 559 1.1 tls if (clen && *clen) 560 1.15 mrg bozo_setenv(httpd, "CONTENT_LENGTH", clen, curenvp++); 561 1.1 tls if (request->hr_serverport && *request->hr_serverport) 562 1.15 mrg bozo_setenv(httpd, "SERVER_PORT", request->hr_serverport, 563 1.15 mrg curenvp++); 564 1.1 tls if (request->hr_remotehost && *request->hr_remotehost) 565 1.15 mrg bozo_setenv(httpd, "REMOTE_HOST", request->hr_remotehost, 566 1.15 mrg curenvp++); 567 1.1 tls if (request->hr_remoteaddr && *request->hr_remoteaddr) 568 1.15 mrg bozo_setenv(httpd, "REMOTE_ADDR", request->hr_remoteaddr, 569 1.15 mrg curenvp++); 570 1.19 tls /* 571 1.31 mrg * Apache does this when invoking content handlers, and PHP 572 1.31 mrg * 5.3 requires it as a "security" measure. 573 1.19 tls */ 574 1.19 tls if (cgihandler) 575 1.19 tls bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++); 576 1.16 mrg bozo_auth_cgi_setenv(request, &curenvp); 577 1.1 tls 578 1.33 mrg debug((httpd, DEBUG_FAT, "bozo_process_cgi: going exec %s with args:", 579 1.33 mrg path)); 580 1.33 mrg 581 1.33 mrg for (i = 0; argv[i] != NULL; i++) { 582 1.34 mrg debug((httpd, DEBUG_FAT, "bozo_process_cgi: argv[%zu] = `%s'", 583 1.33 mrg i, argv[i])); 584 1.33 mrg } 585 1.12 mrg 586 1.15 mrg if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, sv) == -1) 587 1.30 mrg bozoerr(httpd, 1, "child socketpair failed: %s", 588 1.15 mrg strerror(errno)); 589 1.1 tls 590 1.1 tls /* 591 1.1 tls * We create 2 procs: one to become the CGI, one read from 592 1.1 tls * the CGI and output to the network, and this parent will 593 1.1 tls * continue reading from the network and writing to the 594 1.1 tls * CGI procsss. 595 1.1 tls */ 596 1.1 tls switch (fork()) { 597 1.1 tls case -1: /* eep, failure */ 598 1.30 mrg bozoerr(httpd, 1, "child fork failed: %s", strerror(errno)); 599 1.15 mrg /*NOTREACHED*/ 600 1.1 tls case 0: 601 1.1 tls close(sv[0]); 602 1.1 tls dup2(sv[1], STDIN_FILENO); 603 1.1 tls dup2(sv[1], STDOUT_FILENO); 604 1.13 mrg close(2); 605 1.13 mrg close(sv[1]); 606 1.13 mrg closelog(); 607 1.15 mrg bozo_daemon_closefds(httpd); 608 1.10 tls 609 1.1 tls if (-1 == execve(path, argv, envp)) 610 1.30 mrg bozoerr(httpd, 1, "child exec failed: %s: %s", 611 1.13 mrg path, strerror(errno)); 612 1.1 tls /* NOT REACHED */ 613 1.30 mrg bozoerr(httpd, 1, "child execve returned?!"); 614 1.1 tls } 615 1.1 tls 616 1.32 mrg free(query); 617 1.32 mrg free(file); 618 1.32 mrg free(url); 619 1.33 mrg for (i = 0; i < search_string_argc; i++) 620 1.33 mrg free(search_string_argv[i]); 621 1.33 mrg free(search_string_argv); 622 1.32 mrg 623 1.1 tls close(sv[1]); 624 1.1 tls 625 1.15 mrg /* parent: read from stdin (bozo_read()) write to sv[0] */ 626 1.15 mrg /* child: read from sv[0] (bozo_write()) write to stdout */ 627 1.1 tls pid = fork(); 628 1.1 tls if (pid == -1) 629 1.30 mrg bozoerr(httpd, 1, "io child fork failed: %s", strerror(errno)); 630 1.1 tls else if (pid == 0) { 631 1.1 tls /* child reader/writer */ 632 1.1 tls close(STDIN_FILENO); 633 1.15 mrg finish_cgi_output(httpd, request, sv[0], nph); 634 1.1 tls /* if we're done output, our parent is useless... */ 635 1.1 tls kill(getppid(), SIGKILL); 636 1.15 mrg debug((httpd, DEBUG_FAT, "done processing cgi output")); 637 1.1 tls _exit(0); 638 1.1 tls } 639 1.1 tls close(STDOUT_FILENO); 640 1.1 tls 641 1.1 tls /* XXX we should have some goo that times us out 642 1.1 tls */ 643 1.15 mrg while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) { 644 1.1 tls ssize_t wbytes; 645 1.1 tls char *bp = buf; 646 1.1 tls 647 1.1 tls while (rbytes) { 648 1.15 mrg wbytes = write(sv[0], buf, (size_t)rbytes); 649 1.1 tls if (wbytes > 0) { 650 1.1 tls rbytes -= wbytes; 651 1.1 tls bp += wbytes; 652 1.1 tls } else 653 1.30 mrg bozoerr(httpd, 1, "write failed: %s", 654 1.15 mrg strerror(errno)); 655 1.1 tls } 656 1.1 tls } 657 1.15 mrg debug((httpd, DEBUG_FAT, "done processing cgi input")); 658 1.1 tls exit(0); 659 1.12 mrg 660 1.12 mrg out: 661 1.33 mrg 662 1.33 mrg for (i = 0; i < search_string_argc; i++) 663 1.33 mrg free(search_string_argv[i]); 664 1.33 mrg free(search_string_argv); 665 1.23 mbalmer free(query); 666 1.23 mbalmer free(file); 667 1.23 mbalmer free(url); 668 1.12 mrg return 0; 669 1.1 tls } 670 1.1 tls 671 1.1 tls #ifndef NO_DYNAMIC_CONTENT 672 1.1 tls /* cgi maps are simple ".postfix /path/to/prog" */ 673 1.1 tls void 674 1.29 mrg bozo_add_content_map_cgi(bozohttpd_t *httpd, const char *arg, 675 1.29 mrg const char *cgihandler) 676 1.1 tls { 677 1.15 mrg bozo_content_map_t *map; 678 1.1 tls 679 1.15 mrg debug((httpd, DEBUG_NORMAL, "bozo_add_content_map_cgi: name %s cgi %s", 680 1.15 mrg arg, cgihandler)); 681 1.1 tls 682 1.15 mrg httpd->process_cgi = 1; 683 1.1 tls 684 1.15 mrg map = bozo_get_content_map(httpd, arg); 685 1.1 tls map->name = arg; 686 1.1 tls map->type = map->encoding = map->encoding11 = NULL; 687 1.1 tls map->cgihandler = cgihandler; 688 1.1 tls } 689 1.1 tls #endif /* NO_DYNAMIC_CONTENT */ 690 1.1 tls 691 1.1 tls #endif /* NO_CGIBIN_SUPPORT */ 692
Indexes created Tue Oct 14 21:09:58 GMT 2025