cgi-bozo.c revision 1.48.2.1
1 1.48.2.1 martin /* $NetBSD: cgi-bozo.c,v 1.48.2.1 2021/03/05 13:34:19 martin Exp $ */ 2 1.4 tls 3 1.20 mrg /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ 4 1.1 tls 5 1.1 tls /* 6 1.48.2.1 martin * Copyright (c) 1997-2021 Matthew R. Green 7 1.1 tls * All rights reserved. 8 1.1 tls * 9 1.1 tls * Redistribution and use in source and binary forms, with or without 10 1.1 tls * modification, are permitted provided that the following conditions 11 1.1 tls * are met: 12 1.1 tls * 1. Redistributions of source code must retain the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer. 14 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 15 1.1 tls * notice, this list of conditions and the following disclaimer and 16 1.1 tls * dedication in the documentation and/or other materials provided 17 1.1 tls * with the distribution. 18 1.1 tls * 19 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 tls * SUCH DAMAGE. 30 1.1 tls * 31 1.1 tls */ 32 1.1 tls 33 1.1 tls /* this code implements CGI/1.2 for bozohttpd */ 34 1.1 tls 35 1.1 tls #ifndef NO_CGIBIN_SUPPORT 36 1.1 tls 37 1.1 tls #include <sys/param.h> 38 1.1 tls #include <sys/socket.h> 39 1.1 tls 40 1.1 tls #include <ctype.h> 41 1.1 tls #include <errno.h> 42 1.1 tls #include <paths.h> 43 1.1 tls #include <signal.h> 44 1.1 tls #include <stdlib.h> 45 1.1 tls #include <string.h> 46 1.13 mrg #include <syslog.h> 47 1.1 tls #include <unistd.h> 48 1.43 mrg #include <assert.h> 49 1.1 tls 50 1.1 tls #include <netinet/in.h> 51 1.1 tls 52 1.1 tls #include "bozohttpd.h" 53 1.1 tls 54 1.1 tls #define CGIBIN_PREFIX "cgi-bin/" 55 1.1 tls #define CGIBIN_PREFIX_LEN (sizeof(CGIBIN_PREFIX)-1) 56 1.1 tls 57 1.15 mrg #ifndef USE_ARG 58 1.15 mrg #define USE_ARG(x) /*LINTED*/(void)&(x) 59 1.15 mrg #endif 60 1.15 mrg 61 1.15 mrg /* 62 1.15 mrg * given the file name, return a CGI interpreter 63 1.15 mrg */ 64 1.15 mrg static const char * 65 1.15 mrg content_cgihandler(bozohttpd_t *httpd, bozo_httpreq_t *request, 66 1.42 mrg const char *file) 67 1.15 mrg { 68 1.15 mrg bozo_content_map_t *map; 69 1.15 mrg 70 1.15 mrg USE_ARG(request); 71 1.15 mrg debug((httpd, DEBUG_FAT, "content_cgihandler: trying file %s", file)); 72 1.15 mrg map = bozo_match_content_map(httpd, file, 0); 73 1.15 mrg if (map) 74 1.15 mrg return map->cgihandler; 75 1.15 mrg return NULL; 76 1.15 mrg } 77 1.15 mrg 78 1.15 mrg static int 79 1.29 mrg parse_header(bozo_httpreq_t *request, const char *str, ssize_t len, 80 1.29 mrg char **hdr_str, char **hdr_val) 81 1.15 mrg { 82 1.29 mrg struct bozohttpd_t *httpd = request->hr_httpd; 83 1.15 mrg char *name, *value; 84 1.15 mrg 85 1.15 mrg /* if the string passed is zero-length bail out */ 86 1.15 mrg if (*str == '\0') 87 1.15 mrg return -1; 88 1.15 mrg 89 1.29 mrg value = bozostrdup(httpd, request, str); 90 1.15 mrg 91 1.15 mrg /* locate the ':' separator in the header/value */ 92 1.15 mrg name = bozostrnsep(&value, ":", &len); 93 1.15 mrg 94 1.15 mrg if (NULL == name || -1 == len) { 95 1.28 shm free(value); 96 1.15 mrg return -1; 97 1.15 mrg } 98 1.1 tls 99 1.15 mrg /* skip leading space/tab */ 100 1.15 mrg while (*value == ' ' || *value == '\t') 101 1.15 mrg len--, value++; 102 1.15 mrg 103 1.15 mrg *hdr_str = name; 104 1.15 mrg *hdr_val = value; 105 1.15 mrg 106 1.15 mrg return 0; 107 1.40 mrg } 108 1.15 mrg 109 1.15 mrg /* 110 1.15 mrg * handle parsing a CGI header output, transposing a Status: header 111 1.15 mrg * into the HTTP reply (ie, instead of "200 OK"). 112 1.15 mrg */ 113 1.15 mrg static void 114 1.15 mrg finish_cgi_output(bozohttpd_t *httpd, bozo_httpreq_t *request, int in, int nph) 115 1.15 mrg { 116 1.15 mrg char buf[BOZO_WRSZ]; 117 1.15 mrg char *str; 118 1.15 mrg ssize_t len; 119 1.15 mrg ssize_t rbytes; 120 1.15 mrg SIMPLEQ_HEAD(, bozoheaders) headers; 121 1.15 mrg bozoheaders_t *hdr, *nhdr; 122 1.15 mrg int write_header, nheaders = 0; 123 1.15 mrg 124 1.15 mrg /* much of this code is like bozo_read_request()'s header loop. */ 125 1.15 mrg SIMPLEQ_INIT(&headers); 126 1.15 mrg write_header = nph == 0; 127 1.15 mrg while (nph == 0 && 128 1.15 mrg (str = bozodgetln(httpd, in, &len, bozo_read)) != NULL) { 129 1.15 mrg char *hdr_name, *hdr_value; 130 1.15 mrg 131 1.29 mrg if (parse_header(request, str, len, &hdr_name, &hdr_value)) 132 1.15 mrg break; 133 1.15 mrg 134 1.15 mrg /* 135 1.15 mrg * The CGI 1.{1,2} spec both say that if the cgi program 136 1.15 mrg * returns a `Status:' header field then the server MUST 137 1.15 mrg * return it in the response. If the cgi program does 138 1.15 mrg * not return any `Status:' header then the server should 139 1.15 mrg * respond with 200 OK. 140 1.48.2.1 martin * The CGI 1.1 and 1.2 specification differ slightly on 141 1.15 mrg * this in that v1.2 says that the script MUST NOT return a 142 1.15 mrg * `Status:' header if it is returning a `Location:' header. 143 1.15 mrg * For compatibility we are going with the CGI 1.1 behavior. 144 1.15 mrg */ 145 1.15 mrg if (strcasecmp(hdr_name, "status") == 0) { 146 1.15 mrg debug((httpd, DEBUG_OBESE, 147 1.40 mrg "%s: writing HTTP header " 148 1.40 mrg "from status %s ..", __func__, hdr_value)); 149 1.15 mrg bozo_printf(httpd, "%s %s\r\n", request->hr_proto, 150 1.44 mrg hdr_value); 151 1.15 mrg bozo_flush(httpd, stdout); 152 1.15 mrg write_header = 0; 153 1.15 mrg free(hdr_name); 154 1.15 mrg break; 155 1.15 mrg } 156 1.15 mrg 157 1.15 mrg hdr = bozomalloc(httpd, sizeof *hdr); 158 1.15 mrg hdr->h_header = hdr_name; 159 1.15 mrg hdr->h_value = hdr_value; 160 1.15 mrg SIMPLEQ_INSERT_TAIL(&headers, hdr, h_next); 161 1.15 mrg nheaders++; 162 1.15 mrg } 163 1.15 mrg 164 1.15 mrg if (write_header) { 165 1.15 mrg debug((httpd, DEBUG_OBESE, 166 1.40 mrg "%s: writing HTTP header ..", __func__)); 167 1.15 mrg bozo_printf(httpd, 168 1.15 mrg "%s 200 OK\r\n", request->hr_proto); 169 1.15 mrg bozo_flush(httpd, stdout); 170 1.15 mrg } 171 1.15 mrg 172 1.15 mrg if (nheaders) { 173 1.15 mrg debug((httpd, DEBUG_OBESE, 174 1.40 mrg "%s: writing delayed HTTP headers ..", __func__)); 175 1.15 mrg SIMPLEQ_FOREACH_SAFE(hdr, &headers, h_next, nhdr) { 176 1.15 mrg bozo_printf(httpd, "%s: %s\r\n", hdr->h_header, 177 1.44 mrg hdr->h_value); 178 1.15 mrg free(hdr->h_header); 179 1.15 mrg free(hdr); 180 1.15 mrg } 181 1.15 mrg bozo_printf(httpd, "\r\n"); 182 1.15 mrg bozo_flush(httpd, stdout); 183 1.15 mrg } 184 1.15 mrg 185 1.48.2.1 martin /* CGI programs should perform their own timeouts */ 186 1.15 mrg while ((rbytes = read(in, buf, sizeof buf)) > 0) { 187 1.15 mrg ssize_t wbytes; 188 1.15 mrg char *bp = buf; 189 1.15 mrg 190 1.15 mrg while (rbytes) { 191 1.15 mrg wbytes = bozo_write(httpd, STDOUT_FILENO, buf, 192 1.44 mrg (size_t)rbytes); 193 1.15 mrg if (wbytes > 0) { 194 1.15 mrg rbytes -= wbytes; 195 1.15 mrg bp += wbytes; 196 1.15 mrg } else 197 1.30 mrg bozoerr(httpd, 1, 198 1.15 mrg "cgi output write failed: %s", 199 1.15 mrg strerror(errno)); 200 1.15 mrg } 201 1.15 mrg } 202 1.15 mrg } 203 1.15 mrg 204 1.15 mrg static void 205 1.15 mrg append_index_html(bozohttpd_t *httpd, char **url) 206 1.15 mrg { 207 1.15 mrg *url = bozorealloc(httpd, *url, 208 1.15 mrg strlen(*url) + strlen(httpd->index_html) + 1); 209 1.15 mrg strcat(*url, httpd->index_html); 210 1.15 mrg debug((httpd, DEBUG_NORMAL, 211 1.15 mrg "append_index_html: url adjusted to `%s'", *url)); 212 1.15 mrg } 213 1.1 tls 214 1.33 mrg /* This function parse search-string according to section 4.4 of RFC3875 */ 215 1.33 mrg static char ** 216 1.33 mrg parse_search_string(bozo_httpreq_t *request, const char *query, size_t *args_len) 217 1.33 mrg { 218 1.33 mrg struct bozohttpd_t *httpd = request->hr_httpd; 219 1.33 mrg size_t i; 220 1.33 mrg char *s, *str, **args; 221 1.33 mrg 222 1.33 mrg *args_len = 0; 223 1.33 mrg 224 1.33 mrg /* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */ 225 1.44 mrg if (strchr(query, '=')) 226 1.33 mrg return NULL; 227 1.33 mrg 228 1.33 mrg str = bozostrdup(httpd, request, query); 229 1.33 mrg 230 1.33 mrg /* 231 1.33 mrg * there's no more arguments than '+' chars in the query string as it's 232 1.33 mrg * the separator 233 1.33 mrg */ 234 1.33 mrg *args_len = 1; 235 1.33 mrg /* count '+' in str */ 236 1.45 christos for (s = str; (s = strchr(s, '+')) != NULL; (*args_len)++) 237 1.36 mrg s++; 238 1.33 mrg 239 1.33 mrg args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1)); 240 1.33 mrg 241 1.33 mrg args[0] = str; 242 1.33 mrg args[*args_len] = NULL; 243 1.46 mrg for (s = str, i = 1; (s = strchr(s, '+')) != NULL; i++) { 244 1.33 mrg *s = '\0'; 245 1.33 mrg s++; 246 1.46 mrg args[i] = s; 247 1.33 mrg } 248 1.33 mrg 249 1.33 mrg /* 250 1.33 mrg * check if search-strings are valid: 251 1.33 mrg * 252 1.33 mrg * RFC3875, section 4.4: 253 1.33 mrg * 254 1.33 mrg * search-string = search-word *( "+" search-word ) 255 1.33 mrg * search-word = 1*schar 256 1.33 mrg * schar = unreserved | escaped | xreserved 257 1.33 mrg * xreserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "," | 258 1.33 mrg * "$" 259 1.33 mrg * 260 1.33 mrg * section 2.3: 261 1.33 mrg * 262 1.33 mrg * hex = digit | "A" | "B" | "C" | "D" | "E" | "F" | "a" | 263 1.33 mrg * "b" | "c" | "d" | "e" | "f" 264 1.33 mrg * escaped = "%" hex hex 265 1.33 mrg * unreserved = alpha | digit | mark 266 1.33 mrg * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" 267 1.33 mrg * 268 1.33 mrg * section 2.2: 269 1.33 mrg * 270 1.33 mrg * alpha = lowalpha | hialpha 271 1.33 mrg * lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" | 272 1.33 mrg * "i" | "j" | "k" | "l" | "m" | "n" | "o" | "p" | 273 1.33 mrg * "q" | "r" | "s" | "t" | "u" | "v" | "w" | "x" | 274 1.33 mrg * "y" | "z" 275 1.33 mrg * hialpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | 276 1.33 mrg * "I" | "J" | "K" | "L" | "M" | "N" | "O" | "P" | 277 1.33 mrg * "Q" | "R" | "S" | "T" | "U" | "V" | "W" | "X" | 278 1.33 mrg * "Y" | "Z" 279 1.33 mrg * digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | 280 1.33 mrg * "8" | "9" 281 1.33 mrg */ 282 1.33 mrg #define UNRESERVED_CHAR "-_.!~*'()" 283 1.33 mrg #define XRESERVED_CHAR ";/?:@&=,$" 284 1.33 mrg 285 1.33 mrg for (i = 0; i < *args_len; i++) { 286 1.33 mrg s = args[i]; 287 1.33 mrg /* search-word MUST have at least one schar */ 288 1.33 mrg if (*s == '\0') 289 1.33 mrg goto parse_err; 290 1.44 mrg while (*s) { 291 1.33 mrg /* check if it's unreserved */ 292 1.33 mrg if (isalpha((int)*s) || isdigit((int)*s) || 293 1.33 mrg strchr(UNRESERVED_CHAR, *s)) { 294 1.33 mrg s++; 295 1.33 mrg continue; 296 1.33 mrg } 297 1.33 mrg 298 1.33 mrg /* check if it's escaped */ 299 1.33 mrg if (*s == '%') { 300 1.33 mrg if (s[1] == '\0' || s[2] == '\0') 301 1.33 mrg goto parse_err; 302 1.33 mrg if (!isxdigit((int)s[1]) || 303 1.33 mrg !isxdigit((int)s[2])) 304 1.33 mrg goto parse_err; 305 1.33 mrg s += 3; 306 1.33 mrg continue; 307 1.33 mrg } 308 1.33 mrg 309 1.33 mrg /* check if it's xreserved */ 310 1.33 mrg 311 1.33 mrg if (strchr(XRESERVED_CHAR, *s)) { 312 1.33 mrg s++; 313 1.33 mrg continue; 314 1.33 mrg } 315 1.33 mrg 316 1.33 mrg goto parse_err; 317 1.33 mrg } 318 1.33 mrg } 319 1.33 mrg 320 1.33 mrg /* decode percent encoding */ 321 1.33 mrg for (i = 0; i < *args_len; i++) { 322 1.33 mrg if (bozo_decode_url_percent(request, args[i])) 323 1.33 mrg goto parse_err; 324 1.33 mrg } 325 1.33 mrg 326 1.33 mrg /* allocate each arg separately */ 327 1.33 mrg for (i = 0; i < *args_len; i++) 328 1.33 mrg args[i] = bozostrdup(httpd, request, args[i]); 329 1.33 mrg free(str); 330 1.33 mrg 331 1.33 mrg return args; 332 1.33 mrg 333 1.33 mrg parse_err: 334 1.33 mrg 335 1.46 mrg free(str); 336 1.35 christos free(args); 337 1.33 mrg *args_len = 0; 338 1.33 mrg 339 1.35 christos return NULL; 340 1.33 mrg 341 1.33 mrg } 342 1.33 mrg 343 1.1 tls void 344 1.15 mrg bozo_cgi_setbin(bozohttpd_t *httpd, const char *path) 345 1.1 tls { 346 1.29 mrg httpd->cgibin = bozostrdup(httpd, NULL, path); 347 1.15 mrg debug((httpd, DEBUG_OBESE, "cgibin (cgi-bin directory) is %s", 348 1.44 mrg httpd->cgibin)); 349 1.1 tls } 350 1.1 tls 351 1.1 tls /* help build up the environ pointer */ 352 1.1 tls void 353 1.15 mrg bozo_setenv(bozohttpd_t *httpd, const char *env, const char *val, 354 1.15 mrg char **envp) 355 1.1 tls { 356 1.15 mrg char *s1 = bozomalloc(httpd, strlen(env) + strlen(val) + 2); 357 1.1 tls 358 1.1 tls strcpy(s1, env); 359 1.1 tls strcat(s1, "="); 360 1.1 tls strcat(s1, val); 361 1.15 mrg debug((httpd, DEBUG_OBESE, "bozo_setenv: %s", s1)); 362 1.1 tls *envp = s1; 363 1.1 tls } 364 1.1 tls 365 1.1 tls /* 366 1.1 tls * Checks if the request has asked for a cgi-bin. Should only be called if 367 1.1 tls * cgibin is set. If it starts CGIBIN_PREFIX or has a ncontent handler, 368 1.12 mrg * process the cgi, otherwise just return. Returns 0 if it did not handle 369 1.12 mrg * the request. 370 1.1 tls */ 371 1.12 mrg int 372 1.15 mrg bozo_process_cgi(bozo_httpreq_t *request) 373 1.1 tls { 374 1.15 mrg bozohttpd_t *httpd = request->hr_httpd; 375 1.15 mrg char buf[BOZO_WRSZ]; 376 1.15 mrg char date[40]; 377 1.15 mrg bozoheaders_t *headp; 378 1.1 tls const char *type, *clen, *info, *cgihandler; 379 1.32 mrg char *query, *s, *t, *path, *env, *command, *file, *url; 380 1.33 mrg char **envp, **curenvp, **argv, **search_string_argv = NULL; 381 1.43 mrg char **lastenvp; 382 1.17 mrg char *uri; 383 1.33 mrg size_t i, len, search_string_argc = 0; 384 1.1 tls ssize_t rbytes; 385 1.1 tls pid_t pid; 386 1.1 tls int envpsize, ix, nph; 387 1.1 tls int sv[2]; 388 1.1 tls 389 1.15 mrg if (!httpd->cgibin && !httpd->process_cgi) 390 1.12 mrg return 0; 391 1.1 tls 392 1.28 shm #ifndef NO_USER_SUPPORT 393 1.30 mrg if (request->hr_user && !httpd->enable_cgi_users) 394 1.28 shm return 0; 395 1.28 shm #endif /* !NO_USER_SUPPORT */ 396 1.28 shm 397 1.25 shm if (request->hr_oldfile && strcmp(request->hr_oldfile, "/") != 0) 398 1.25 shm uri = request->hr_oldfile; 399 1.25 shm else 400 1.25 shm uri = request->hr_file; 401 1.25 shm 402 1.17 mrg if (uri[0] == '/') 403 1.29 mrg file = bozostrdup(httpd, request, uri); 404 1.17 mrg else 405 1.31 mrg bozoasprintf(httpd, &file, "/%s", uri); 406 1.17 mrg 407 1.12 mrg if (request->hr_query && strlen(request->hr_query)) 408 1.29 mrg query = bozostrdup(httpd, request, request->hr_query); 409 1.12 mrg else 410 1.12 mrg query = NULL; 411 1.12 mrg 412 1.31 mrg bozoasprintf(httpd, &url, "%s%s%s", 413 1.31 mrg file, 414 1.31 mrg query ? "?" : "", 415 1.31 mrg query ? query : ""); 416 1.40 mrg debug((httpd, DEBUG_NORMAL, "%s: url `%s'", __func__, url)); 417 1.1 tls 418 1.1 tls path = NULL; 419 1.1 tls envp = NULL; 420 1.1 tls cgihandler = NULL; 421 1.32 mrg command = NULL; 422 1.1 tls info = NULL; 423 1.13 mrg 424 1.1 tls len = strlen(url); 425 1.1 tls 426 1.16 mrg if (bozo_auth_check(request, url + 1)) 427 1.12 mrg goto out; 428 1.12 mrg 429 1.15 mrg if (!httpd->cgibin || 430 1.15 mrg strncmp(url + 1, CGIBIN_PREFIX, CGIBIN_PREFIX_LEN) != 0) { 431 1.15 mrg cgihandler = content_cgihandler(httpd, request, file + 1); 432 1.1 tls if (cgihandler == NULL) { 433 1.15 mrg debug((httpd, DEBUG_FAT, 434 1.40 mrg "%s: no handler, returning", __func__)); 435 1.12 mrg goto out; 436 1.1 tls } 437 1.9 tls if (len == 0 || file[len - 1] == '/') 438 1.15 mrg append_index_html(httpd, &file); 439 1.40 mrg debug((httpd, DEBUG_NORMAL, "%s: cgihandler `%s'", 440 1.40 mrg __func__, cgihandler)); 441 1.8 mrg } else if (len - 1 == CGIBIN_PREFIX_LEN) /* url is "/cgi-bin/" */ 442 1.15 mrg append_index_html(httpd, &file); 443 1.12 mrg 444 1.44 mrg /* RFC3875 sect. 4.4. - search-string support */ 445 1.33 mrg if (query != NULL) { 446 1.33 mrg search_string_argv = parse_search_string(request, query, 447 1.33 mrg &search_string_argc); 448 1.33 mrg } 449 1.33 mrg 450 1.34 mrg debug((httpd, DEBUG_NORMAL, "parse_search_string args no: %zu", 451 1.33 mrg search_string_argc)); 452 1.33 mrg for (i = 0; i < search_string_argc; i++) { 453 1.33 mrg debug((httpd, DEBUG_FAT, 454 1.34 mrg "search_string[%zu]: `%s'", i, search_string_argv[i])); 455 1.33 mrg } 456 1.33 mrg 457 1.33 mrg argv = bozomalloc(httpd, sizeof(*argv) * (3 + search_string_argc)); 458 1.33 mrg 459 1.1 tls ix = 0; 460 1.1 tls if (cgihandler) { 461 1.32 mrg command = file + 1; 462 1.29 mrg path = bozostrdup(httpd, request, cgihandler); 463 1.1 tls } else { 464 1.32 mrg command = file + CGIBIN_PREFIX_LEN + 1; 465 1.1 tls if ((s = strchr(command, '/')) != NULL) { 466 1.29 mrg info = bozostrdup(httpd, request, s); 467 1.1 tls *s = '\0'; 468 1.1 tls } 469 1.15 mrg path = bozomalloc(httpd, 470 1.15 mrg strlen(httpd->cgibin) + 1 + strlen(command) + 1); 471 1.15 mrg strcpy(path, httpd->cgibin); 472 1.1 tls strcat(path, "/"); 473 1.1 tls strcat(path, command); 474 1.1 tls } 475 1.33 mrg 476 1.33 mrg argv[ix++] = path; 477 1.33 mrg 478 1.33 mrg /* copy search-string args */ 479 1.33 mrg for (i = 0; i < search_string_argc; i++) 480 1.33 mrg argv[ix++] = search_string_argv[i]; 481 1.33 mrg 482 1.1 tls argv[ix++] = NULL; 483 1.1 tls nph = strncmp(command, "nph-", 4) == 0; 484 1.1 tls 485 1.1 tls type = request->hr_content_type; 486 1.1 tls clen = request->hr_content_length; 487 1.1 tls 488 1.1 tls envpsize = 13 + request->hr_nheaders + 489 1.1 tls (info && *info ? 1 : 0) + 490 1.1 tls (query && *query ? 1 : 0) + 491 1.1 tls (type && *type ? 1 : 0) + 492 1.1 tls (clen && *clen ? 1 : 0) + 493 1.1 tls (request->hr_remotehost && *request->hr_remotehost ? 1 : 0) + 494 1.1 tls (request->hr_remoteaddr && *request->hr_remoteaddr ? 1 : 0) + 495 1.48 martin (cgihandler ? 1 : 0) + 496 1.15 mrg bozo_auth_cgi_count(request) + 497 1.1 tls (request->hr_serverport && *request->hr_serverport ? 1 : 0); 498 1.1 tls 499 1.15 mrg debug((httpd, DEBUG_FAT, 500 1.40 mrg "%s: path `%s', cmd `%s', info `%s', " 501 1.40 mrg "query `%s', nph `%d', envpsize `%d'", __func__, 502 1.15 mrg path, command, strornull(info), 503 1.15 mrg strornull(query), nph, envpsize)); 504 1.14 mrg 505 1.15 mrg envp = bozomalloc(httpd, sizeof(*envp) * envpsize); 506 1.1 tls for (ix = 0; ix < envpsize; ix++) 507 1.1 tls envp[ix] = NULL; 508 1.1 tls curenvp = envp; 509 1.43 mrg lastenvp = envp + envpsize; 510 1.3 tls 511 1.3 tls SIMPLEQ_FOREACH(headp, &request->hr_headers, h_next) { 512 1.1 tls const char *s2; 513 1.15 mrg env = bozomalloc(httpd, 6 + strlen(headp->h_header) + 1 + 514 1.1 tls strlen(headp->h_value)); 515 1.1 tls 516 1.1 tls t = env; 517 1.1 tls strcpy(t, "HTTP_"); 518 1.1 tls t += strlen(t); 519 1.1 tls for (s2 = headp->h_header; *s2; t++, s2++) 520 1.38 mrg if (islower((unsigned)*s2)) 521 1.38 mrg *t = toupper((unsigned)*s2); 522 1.1 tls else if (*s2 == '-') 523 1.1 tls *t = '_'; 524 1.1 tls else 525 1.1 tls *t = *s2; 526 1.1 tls *t = '\0'; 527 1.15 mrg debug((httpd, DEBUG_OBESE, "setting header %s as %s = %s", 528 1.1 tls headp->h_header, env, headp->h_value)); 529 1.15 mrg bozo_setenv(httpd, env, headp->h_value, curenvp++); 530 1.1 tls free(env); 531 1.1 tls } 532 1.14 mrg 533 1.1 tls #ifndef _PATH_DEFPATH 534 1.1 tls #define _PATH_DEFPATH "/usr/bin:/bin" 535 1.1 tls #endif 536 1.1 tls 537 1.15 mrg bozo_setenv(httpd, "PATH", _PATH_DEFPATH, curenvp++); 538 1.15 mrg bozo_setenv(httpd, "IFS", " \t\n", curenvp++); 539 1.21 martin bozo_setenv(httpd, "SERVER_NAME", BOZOHOST(httpd,request), curenvp++); 540 1.15 mrg bozo_setenv(httpd, "GATEWAY_INTERFACE", "CGI/1.1", curenvp++); 541 1.15 mrg bozo_setenv(httpd, "SERVER_PROTOCOL", request->hr_proto, curenvp++); 542 1.15 mrg bozo_setenv(httpd, "REQUEST_METHOD", request->hr_methodstr, curenvp++); 543 1.15 mrg bozo_setenv(httpd, "SCRIPT_NAME", file, curenvp++); 544 1.15 mrg bozo_setenv(httpd, "SCRIPT_FILENAME", file + 1, curenvp++); 545 1.15 mrg bozo_setenv(httpd, "SERVER_SOFTWARE", httpd->server_software, 546 1.15 mrg curenvp++); 547 1.17 mrg bozo_setenv(httpd, "REQUEST_URI", uri, curenvp++); 548 1.15 mrg bozo_setenv(httpd, "DATE_GMT", bozo_http_date(date, sizeof(date)), 549 1.15 mrg curenvp++); 550 1.33 mrg /* RFC3875 section 4.1.7 says that QUERY_STRING MUST be defined. */ 551 1.1 tls if (query && *query) 552 1.15 mrg bozo_setenv(httpd, "QUERY_STRING", query, curenvp++); 553 1.33 mrg else 554 1.33 mrg bozo_setenv(httpd, "QUERY_STRING", "", curenvp++); 555 1.1 tls if (info && *info) 556 1.15 mrg bozo_setenv(httpd, "PATH_INFO", info, curenvp++); 557 1.1 tls if (type && *type) 558 1.15 mrg bozo_setenv(httpd, "CONTENT_TYPE", type, curenvp++); 559 1.1 tls if (clen && *clen) 560 1.15 mrg bozo_setenv(httpd, "CONTENT_LENGTH", clen, curenvp++); 561 1.1 tls if (request->hr_serverport && *request->hr_serverport) 562 1.15 mrg bozo_setenv(httpd, "SERVER_PORT", request->hr_serverport, 563 1.15 mrg curenvp++); 564 1.1 tls if (request->hr_remotehost && *request->hr_remotehost) 565 1.15 mrg bozo_setenv(httpd, "REMOTE_HOST", request->hr_remotehost, 566 1.15 mrg curenvp++); 567 1.1 tls if (request->hr_remoteaddr && *request->hr_remoteaddr) 568 1.15 mrg bozo_setenv(httpd, "REMOTE_ADDR", request->hr_remoteaddr, 569 1.15 mrg curenvp++); 570 1.19 tls /* 571 1.31 mrg * Apache does this when invoking content handlers, and PHP 572 1.31 mrg * 5.3 requires it as a "security" measure. 573 1.19 tls */ 574 1.19 tls if (cgihandler) 575 1.19 tls bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++); 576 1.16 mrg bozo_auth_cgi_setenv(request, &curenvp); 577 1.1 tls 578 1.40 mrg debug((httpd, DEBUG_FAT, "%s: going exec %s with args:", __func__, 579 1.33 mrg path)); 580 1.33 mrg 581 1.33 mrg for (i = 0; argv[i] != NULL; i++) { 582 1.40 mrg debug((httpd, DEBUG_FAT, "%s: argv[%zu] = `%s'", __func__, 583 1.33 mrg i, argv[i])); 584 1.33 mrg } 585 1.12 mrg 586 1.15 mrg if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, sv) == -1) 587 1.30 mrg bozoerr(httpd, 1, "child socketpair failed: %s", 588 1.15 mrg strerror(errno)); 589 1.1 tls 590 1.39 martin *curenvp = 0; 591 1.43 mrg assert(lastenvp > curenvp); 592 1.39 martin 593 1.1 tls /* 594 1.1 tls * We create 2 procs: one to become the CGI, one read from 595 1.1 tls * the CGI and output to the network, and this parent will 596 1.1 tls * continue reading from the network and writing to the 597 1.1 tls * CGI procsss. 598 1.1 tls */ 599 1.1 tls switch (fork()) { 600 1.1 tls case -1: /* eep, failure */ 601 1.30 mrg bozoerr(httpd, 1, "child fork failed: %s", strerror(errno)); 602 1.15 mrg /*NOTREACHED*/ 603 1.1 tls case 0: 604 1.1 tls close(sv[0]); 605 1.1 tls dup2(sv[1], STDIN_FILENO); 606 1.1 tls dup2(sv[1], STDOUT_FILENO); 607 1.13 mrg close(2); 608 1.13 mrg close(sv[1]); 609 1.13 mrg closelog(); 610 1.15 mrg bozo_daemon_closefds(httpd); 611 1.10 tls 612 1.46 mrg if (-1 == execve(path, argv, envp)) { 613 1.48.2.1 martin int saveerrno = errno; 614 1.46 mrg bozo_http_error(httpd, 404, request, 615 1.46 mrg "Cannot execute CGI"); 616 1.48.2.1 martin /* don't log easy to trigger events */ 617 1.48.2.1 martin if (saveerrno != ENOENT && 618 1.48.2.1 martin saveerrno != EISDIR && 619 1.48.2.1 martin saveerrno != EACCES) 620 1.48.2.1 martin bozoerr(httpd, 1, "child exec failed: %s: %s", 621 1.48.2.1 martin path, strerror(saveerrno)); 622 1.48.2.1 martin _exit(1); 623 1.46 mrg } 624 1.1 tls /* NOT REACHED */ 625 1.30 mrg bozoerr(httpd, 1, "child execve returned?!"); 626 1.1 tls } 627 1.1 tls 628 1.32 mrg free(query); 629 1.32 mrg free(file); 630 1.32 mrg free(url); 631 1.33 mrg for (i = 0; i < search_string_argc; i++) 632 1.33 mrg free(search_string_argv[i]); 633 1.33 mrg free(search_string_argv); 634 1.32 mrg 635 1.1 tls close(sv[1]); 636 1.1 tls 637 1.15 mrg /* parent: read from stdin (bozo_read()) write to sv[0] */ 638 1.15 mrg /* child: read from sv[0] (bozo_write()) write to stdout */ 639 1.1 tls pid = fork(); 640 1.1 tls if (pid == -1) 641 1.30 mrg bozoerr(httpd, 1, "io child fork failed: %s", strerror(errno)); 642 1.1 tls else if (pid == 0) { 643 1.1 tls /* child reader/writer */ 644 1.1 tls close(STDIN_FILENO); 645 1.15 mrg finish_cgi_output(httpd, request, sv[0], nph); 646 1.48.2.1 martin /* if we do SSL, send a SSL_shutdown now */ 647 1.48.2.1 martin bozo_ssl_shutdown(request->hr_httpd); 648 1.1 tls /* if we're done output, our parent is useless... */ 649 1.1 tls kill(getppid(), SIGKILL); 650 1.15 mrg debug((httpd, DEBUG_FAT, "done processing cgi output")); 651 1.1 tls _exit(0); 652 1.1 tls } 653 1.1 tls close(STDOUT_FILENO); 654 1.1 tls 655 1.48.2.1 martin /* CGI programs should perform their own timeouts */ 656 1.15 mrg while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) { 657 1.1 tls ssize_t wbytes; 658 1.1 tls char *bp = buf; 659 1.1 tls 660 1.1 tls while (rbytes) { 661 1.15 mrg wbytes = write(sv[0], buf, (size_t)rbytes); 662 1.1 tls if (wbytes > 0) { 663 1.1 tls rbytes -= wbytes; 664 1.1 tls bp += wbytes; 665 1.1 tls } else 666 1.30 mrg bozoerr(httpd, 1, "write failed: %s", 667 1.15 mrg strerror(errno)); 668 1.1 tls } 669 1.1 tls } 670 1.15 mrg debug((httpd, DEBUG_FAT, "done processing cgi input")); 671 1.1 tls exit(0); 672 1.12 mrg 673 1.12 mrg out: 674 1.33 mrg 675 1.33 mrg for (i = 0; i < search_string_argc; i++) 676 1.33 mrg free(search_string_argv[i]); 677 1.33 mrg free(search_string_argv); 678 1.23 mbalmer free(query); 679 1.23 mbalmer free(file); 680 1.23 mbalmer free(url); 681 1.12 mrg return 0; 682 1.1 tls } 683 1.1 tls 684 1.1 tls #ifndef NO_DYNAMIC_CONTENT 685 1.1 tls /* cgi maps are simple ".postfix /path/to/prog" */ 686 1.1 tls void 687 1.29 mrg bozo_add_content_map_cgi(bozohttpd_t *httpd, const char *arg, 688 1.29 mrg const char *cgihandler) 689 1.1 tls { 690 1.15 mrg bozo_content_map_t *map; 691 1.1 tls 692 1.15 mrg debug((httpd, DEBUG_NORMAL, "bozo_add_content_map_cgi: name %s cgi %s", 693 1.15 mrg arg, cgihandler)); 694 1.1 tls 695 1.15 mrg httpd->process_cgi = 1; 696 1.1 tls 697 1.15 mrg map = bozo_get_content_map(httpd, arg); 698 1.1 tls map->name = arg; 699 1.1 tls map->type = map->encoding = map->encoding11 = NULL; 700 1.1 tls map->cgihandler = cgihandler; 701 1.1 tls } 702 1.1 tls #endif /* NO_DYNAMIC_CONTENT */ 703 1.1 tls 704 1.1 tls #endif /* NO_CGIBIN_SUPPORT */ 705
Indexes created Mon Oct 20 20:10:13 GMT 2025