cgi-bozo.c revision 1.55
1 1.55 shm /* $NetBSD: cgi-bozo.c,v 1.55 2023/09/20 07:09:14 shm Exp $ */ 2 1.4 tls 3 1.20 mrg /* $eterna: cgi-bozo.c,v 1.40 2011/11/18 09:21:15 mrg Exp $ */ 4 1.1 tls 5 1.1 tls /* 6 1.53 mrg * Copyright (c) 1997-2021 Matthew R. Green 7 1.1 tls * All rights reserved. 8 1.1 tls * 9 1.1 tls * Redistribution and use in source and binary forms, with or without 10 1.1 tls * modification, are permitted provided that the following conditions 11 1.1 tls * are met: 12 1.1 tls * 1. Redistributions of source code must retain the above copyright 13 1.1 tls * notice, this list of conditions and the following disclaimer. 14 1.1 tls * 2. Redistributions in binary form must reproduce the above copyright 15 1.1 tls * notice, this list of conditions and the following disclaimer and 16 1.1 tls * dedication in the documentation and/or other materials provided 17 1.1 tls * with the distribution. 18 1.1 tls * 19 1.1 tls * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 20 1.1 tls * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 1.1 tls * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 1.1 tls * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 23 1.1 tls * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 24 1.1 tls * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 25 1.1 tls * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 26 1.1 tls * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 27 1.1 tls * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28 1.1 tls * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29 1.1 tls * SUCH DAMAGE. 30 1.1 tls * 31 1.1 tls */ 32 1.1 tls 33 1.1 tls /* this code implements CGI/1.2 for bozohttpd */ 34 1.1 tls 35 1.1 tls #ifndef NO_CGIBIN_SUPPORT 36 1.1 tls 37 1.1 tls #include <sys/param.h> 38 1.1 tls #include <sys/socket.h> 39 1.1 tls 40 1.1 tls #include <ctype.h> 41 1.1 tls #include <errno.h> 42 1.1 tls #include <paths.h> 43 1.1 tls #include <signal.h> 44 1.1 tls #include <stdlib.h> 45 1.1 tls #include <string.h> 46 1.13 mrg #include <syslog.h> 47 1.1 tls #include <unistd.h> 48 1.43 mrg #include <assert.h> 49 1.1 tls 50 1.1 tls #include <netinet/in.h> 51 1.1 tls 52 1.1 tls #include "bozohttpd.h" 53 1.1 tls 54 1.1 tls #define CGIBIN_PREFIX "cgi-bin/" 55 1.1 tls #define CGIBIN_PREFIX_LEN (sizeof(CGIBIN_PREFIX)-1) 56 1.1 tls 57 1.15 mrg #ifndef USE_ARG 58 1.15 mrg #define USE_ARG(x) /*LINTED*/(void)&(x) 59 1.15 mrg #endif 60 1.15 mrg 61 1.15 mrg /* 62 1.15 mrg * given the file name, return a CGI interpreter 63 1.15 mrg */ 64 1.15 mrg static const char * 65 1.15 mrg content_cgihandler(bozohttpd_t *httpd, bozo_httpreq_t *request, 66 1.42 mrg const char *file) 67 1.15 mrg { 68 1.15 mrg bozo_content_map_t *map; 69 1.15 mrg 70 1.15 mrg USE_ARG(request); 71 1.15 mrg debug((httpd, DEBUG_FAT, "content_cgihandler: trying file %s", file)); 72 1.15 mrg map = bozo_match_content_map(httpd, file, 0); 73 1.15 mrg if (map) 74 1.15 mrg return map->cgihandler; 75 1.15 mrg return NULL; 76 1.15 mrg } 77 1.15 mrg 78 1.15 mrg static int 79 1.29 mrg parse_header(bozo_httpreq_t *request, const char *str, ssize_t len, 80 1.29 mrg char **hdr_str, char **hdr_val) 81 1.15 mrg { 82 1.29 mrg struct bozohttpd_t *httpd = request->hr_httpd; 83 1.15 mrg char *name, *value; 84 1.15 mrg 85 1.15 mrg /* if the string passed is zero-length bail out */ 86 1.15 mrg if (*str == '\0') 87 1.15 mrg return -1; 88 1.15 mrg 89 1.29 mrg value = bozostrdup(httpd, request, str); 90 1.15 mrg 91 1.15 mrg /* locate the ':' separator in the header/value */ 92 1.15 mrg name = bozostrnsep(&value, ":", &len); 93 1.15 mrg 94 1.15 mrg if (NULL == name || -1 == len) { 95 1.28 shm free(value); 96 1.15 mrg return -1; 97 1.15 mrg } 98 1.1 tls 99 1.15 mrg /* skip leading space/tab */ 100 1.15 mrg while (*value == ' ' || *value == '\t') 101 1.15 mrg len--, value++; 102 1.15 mrg 103 1.15 mrg *hdr_str = name; 104 1.15 mrg *hdr_val = value; 105 1.15 mrg 106 1.15 mrg return 0; 107 1.40 mrg } 108 1.15 mrg 109 1.15 mrg /* 110 1.15 mrg * handle parsing a CGI header output, transposing a Status: header 111 1.15 mrg * into the HTTP reply (ie, instead of "200 OK"). 112 1.15 mrg */ 113 1.15 mrg static void 114 1.15 mrg finish_cgi_output(bozohttpd_t *httpd, bozo_httpreq_t *request, int in, int nph) 115 1.15 mrg { 116 1.15 mrg char buf[BOZO_WRSZ]; 117 1.15 mrg char *str; 118 1.15 mrg ssize_t len; 119 1.15 mrg ssize_t rbytes; 120 1.15 mrg SIMPLEQ_HEAD(, bozoheaders) headers; 121 1.15 mrg bozoheaders_t *hdr, *nhdr; 122 1.15 mrg int write_header, nheaders = 0; 123 1.15 mrg 124 1.15 mrg /* much of this code is like bozo_read_request()'s header loop. */ 125 1.15 mrg SIMPLEQ_INIT(&headers); 126 1.15 mrg write_header = nph == 0; 127 1.15 mrg while (nph == 0 && 128 1.15 mrg (str = bozodgetln(httpd, in, &len, bozo_read)) != NULL) { 129 1.15 mrg char *hdr_name, *hdr_value; 130 1.15 mrg 131 1.29 mrg if (parse_header(request, str, len, &hdr_name, &hdr_value)) 132 1.15 mrg break; 133 1.15 mrg 134 1.15 mrg /* 135 1.15 mrg * The CGI 1.{1,2} spec both say that if the cgi program 136 1.15 mrg * returns a `Status:' header field then the server MUST 137 1.15 mrg * return it in the response. If the cgi program does 138 1.15 mrg * not return any `Status:' header then the server should 139 1.15 mrg * respond with 200 OK. 140 1.49 mrg * The CGI 1.1 and 1.2 specification differ slightly on 141 1.15 mrg * this in that v1.2 says that the script MUST NOT return a 142 1.15 mrg * `Status:' header if it is returning a `Location:' header. 143 1.15 mrg * For compatibility we are going with the CGI 1.1 behavior. 144 1.15 mrg */ 145 1.15 mrg if (strcasecmp(hdr_name, "status") == 0) { 146 1.15 mrg debug((httpd, DEBUG_OBESE, 147 1.40 mrg "%s: writing HTTP header " 148 1.40 mrg "from status %s ..", __func__, hdr_value)); 149 1.15 mrg bozo_printf(httpd, "%s %s\r\n", request->hr_proto, 150 1.44 mrg hdr_value); 151 1.15 mrg bozo_flush(httpd, stdout); 152 1.15 mrg write_header = 0; 153 1.15 mrg free(hdr_name); 154 1.15 mrg break; 155 1.15 mrg } 156 1.15 mrg 157 1.15 mrg hdr = bozomalloc(httpd, sizeof *hdr); 158 1.15 mrg hdr->h_header = hdr_name; 159 1.15 mrg hdr->h_value = hdr_value; 160 1.15 mrg SIMPLEQ_INSERT_TAIL(&headers, hdr, h_next); 161 1.15 mrg nheaders++; 162 1.15 mrg } 163 1.15 mrg 164 1.15 mrg if (write_header) { 165 1.15 mrg debug((httpd, DEBUG_OBESE, 166 1.40 mrg "%s: writing HTTP header ..", __func__)); 167 1.15 mrg bozo_printf(httpd, 168 1.15 mrg "%s 200 OK\r\n", request->hr_proto); 169 1.15 mrg bozo_flush(httpd, stdout); 170 1.15 mrg } 171 1.15 mrg 172 1.15 mrg if (nheaders) { 173 1.15 mrg debug((httpd, DEBUG_OBESE, 174 1.40 mrg "%s: writing delayed HTTP headers ..", __func__)); 175 1.15 mrg SIMPLEQ_FOREACH_SAFE(hdr, &headers, h_next, nhdr) { 176 1.15 mrg bozo_printf(httpd, "%s: %s\r\n", hdr->h_header, 177 1.44 mrg hdr->h_value); 178 1.15 mrg free(hdr->h_header); 179 1.15 mrg free(hdr); 180 1.15 mrg } 181 1.15 mrg bozo_printf(httpd, "\r\n"); 182 1.15 mrg bozo_flush(httpd, stdout); 183 1.15 mrg } 184 1.15 mrg 185 1.49 mrg /* CGI programs should perform their own timeouts */ 186 1.15 mrg while ((rbytes = read(in, buf, sizeof buf)) > 0) { 187 1.15 mrg ssize_t wbytes; 188 1.15 mrg 189 1.15 mrg while (rbytes) { 190 1.15 mrg wbytes = bozo_write(httpd, STDOUT_FILENO, buf, 191 1.44 mrg (size_t)rbytes); 192 1.55 shm if (wbytes > 0) 193 1.15 mrg rbytes -= wbytes; 194 1.55 shm else 195 1.30 mrg bozoerr(httpd, 1, 196 1.15 mrg "cgi output write failed: %s", 197 1.15 mrg strerror(errno)); 198 1.15 mrg } 199 1.15 mrg } 200 1.15 mrg } 201 1.15 mrg 202 1.15 mrg static void 203 1.15 mrg append_index_html(bozohttpd_t *httpd, char **url) 204 1.15 mrg { 205 1.15 mrg *url = bozorealloc(httpd, *url, 206 1.15 mrg strlen(*url) + strlen(httpd->index_html) + 1); 207 1.15 mrg strcat(*url, httpd->index_html); 208 1.15 mrg debug((httpd, DEBUG_NORMAL, 209 1.15 mrg "append_index_html: url adjusted to `%s'", *url)); 210 1.15 mrg } 211 1.1 tls 212 1.33 mrg /* This function parse search-string according to section 4.4 of RFC3875 */ 213 1.33 mrg static char ** 214 1.33 mrg parse_search_string(bozo_httpreq_t *request, const char *query, size_t *args_len) 215 1.33 mrg { 216 1.33 mrg struct bozohttpd_t *httpd = request->hr_httpd; 217 1.33 mrg size_t i; 218 1.33 mrg char *s, *str, **args; 219 1.33 mrg 220 1.33 mrg *args_len = 0; 221 1.33 mrg 222 1.33 mrg /* URI MUST not contain any unencoded '=' - RFC3875, section 4.4 */ 223 1.44 mrg if (strchr(query, '=')) 224 1.33 mrg return NULL; 225 1.33 mrg 226 1.33 mrg str = bozostrdup(httpd, request, query); 227 1.33 mrg 228 1.33 mrg /* 229 1.33 mrg * there's no more arguments than '+' chars in the query string as it's 230 1.33 mrg * the separator 231 1.33 mrg */ 232 1.33 mrg *args_len = 1; 233 1.33 mrg /* count '+' in str */ 234 1.45 christos for (s = str; (s = strchr(s, '+')) != NULL; (*args_len)++) 235 1.36 mrg s++; 236 1.33 mrg 237 1.33 mrg args = bozomalloc(httpd, sizeof(*args) * (*args_len + 1)); 238 1.33 mrg 239 1.33 mrg args[0] = str; 240 1.33 mrg args[*args_len] = NULL; 241 1.46 mrg for (s = str, i = 1; (s = strchr(s, '+')) != NULL; i++) { 242 1.33 mrg *s = '\0'; 243 1.33 mrg s++; 244 1.46 mrg args[i] = s; 245 1.33 mrg } 246 1.33 mrg 247 1.33 mrg /* 248 1.33 mrg * check if search-strings are valid: 249 1.33 mrg * 250 1.33 mrg * RFC3875, section 4.4: 251 1.33 mrg * 252 1.33 mrg * search-string = search-word *( "+" search-word ) 253 1.33 mrg * search-word = 1*schar 254 1.33 mrg * schar = unreserved | escaped | xreserved 255 1.33 mrg * xreserved = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "," | 256 1.33 mrg * "$" 257 1.33 mrg * 258 1.33 mrg * section 2.3: 259 1.33 mrg * 260 1.33 mrg * hex = digit | "A" | "B" | "C" | "D" | "E" | "F" | "a" | 261 1.33 mrg * "b" | "c" | "d" | "e" | "f" 262 1.33 mrg * escaped = "%" hex hex 263 1.33 mrg * unreserved = alpha | digit | mark 264 1.33 mrg * mark = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")" 265 1.33 mrg * 266 1.33 mrg * section 2.2: 267 1.33 mrg * 268 1.33 mrg * alpha = lowalpha | hialpha 269 1.33 mrg * lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" | 270 1.33 mrg * "i" | "j" | "k" | "l" | "m" | "n" | "o" | "p" | 271 1.33 mrg * "q" | "r" | "s" | "t" | "u" | "v" | "w" | "x" | 272 1.33 mrg * "y" | "z" 273 1.33 mrg * hialpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | 274 1.33 mrg * "I" | "J" | "K" | "L" | "M" | "N" | "O" | "P" | 275 1.33 mrg * "Q" | "R" | "S" | "T" | "U" | "V" | "W" | "X" | 276 1.33 mrg * "Y" | "Z" 277 1.33 mrg * digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | 278 1.33 mrg * "8" | "9" 279 1.33 mrg */ 280 1.33 mrg #define UNRESERVED_CHAR "-_.!~*'()" 281 1.33 mrg #define XRESERVED_CHAR ";/?:@&=,$" 282 1.33 mrg 283 1.33 mrg for (i = 0; i < *args_len; i++) { 284 1.33 mrg s = args[i]; 285 1.33 mrg /* search-word MUST have at least one schar */ 286 1.33 mrg if (*s == '\0') 287 1.33 mrg goto parse_err; 288 1.44 mrg while (*s) { 289 1.33 mrg /* check if it's unreserved */ 290 1.54 rillig if (isalpha((unsigned char)*s) || 291 1.54 rillig isdigit((unsigned char)*s) || 292 1.33 mrg strchr(UNRESERVED_CHAR, *s)) { 293 1.33 mrg s++; 294 1.33 mrg continue; 295 1.33 mrg } 296 1.33 mrg 297 1.33 mrg /* check if it's escaped */ 298 1.33 mrg if (*s == '%') { 299 1.33 mrg if (s[1] == '\0' || s[2] == '\0') 300 1.33 mrg goto parse_err; 301 1.54 rillig if (!isxdigit((unsigned char)s[1]) || 302 1.54 rillig !isxdigit((unsigned char)s[2])) 303 1.33 mrg goto parse_err; 304 1.33 mrg s += 3; 305 1.33 mrg continue; 306 1.33 mrg } 307 1.33 mrg 308 1.33 mrg /* check if it's xreserved */ 309 1.33 mrg 310 1.33 mrg if (strchr(XRESERVED_CHAR, *s)) { 311 1.33 mrg s++; 312 1.33 mrg continue; 313 1.33 mrg } 314 1.33 mrg 315 1.33 mrg goto parse_err; 316 1.33 mrg } 317 1.33 mrg } 318 1.33 mrg 319 1.33 mrg /* decode percent encoding */ 320 1.33 mrg for (i = 0; i < *args_len; i++) { 321 1.33 mrg if (bozo_decode_url_percent(request, args[i])) 322 1.33 mrg goto parse_err; 323 1.33 mrg } 324 1.33 mrg 325 1.33 mrg /* allocate each arg separately */ 326 1.33 mrg for (i = 0; i < *args_len; i++) 327 1.33 mrg args[i] = bozostrdup(httpd, request, args[i]); 328 1.33 mrg free(str); 329 1.33 mrg 330 1.33 mrg return args; 331 1.33 mrg 332 1.33 mrg parse_err: 333 1.33 mrg 334 1.46 mrg free(str); 335 1.35 christos free(args); 336 1.33 mrg *args_len = 0; 337 1.33 mrg 338 1.35 christos return NULL; 339 1.33 mrg 340 1.33 mrg } 341 1.33 mrg 342 1.1 tls void 343 1.15 mrg bozo_cgi_setbin(bozohttpd_t *httpd, const char *path) 344 1.1 tls { 345 1.29 mrg httpd->cgibin = bozostrdup(httpd, NULL, path); 346 1.15 mrg debug((httpd, DEBUG_OBESE, "cgibin (cgi-bin directory) is %s", 347 1.44 mrg httpd->cgibin)); 348 1.1 tls } 349 1.1 tls 350 1.1 tls /* help build up the environ pointer */ 351 1.1 tls void 352 1.15 mrg bozo_setenv(bozohttpd_t *httpd, const char *env, const char *val, 353 1.15 mrg char **envp) 354 1.1 tls { 355 1.15 mrg char *s1 = bozomalloc(httpd, strlen(env) + strlen(val) + 2); 356 1.1 tls 357 1.1 tls strcpy(s1, env); 358 1.1 tls strcat(s1, "="); 359 1.1 tls strcat(s1, val); 360 1.15 mrg debug((httpd, DEBUG_OBESE, "bozo_setenv: %s", s1)); 361 1.1 tls *envp = s1; 362 1.1 tls } 363 1.1 tls 364 1.1 tls /* 365 1.1 tls * Checks if the request has asked for a cgi-bin. Should only be called if 366 1.1 tls * cgibin is set. If it starts CGIBIN_PREFIX or has a ncontent handler, 367 1.12 mrg * process the cgi, otherwise just return. Returns 0 if it did not handle 368 1.12 mrg * the request. 369 1.1 tls */ 370 1.12 mrg int 371 1.15 mrg bozo_process_cgi(bozo_httpreq_t *request) 372 1.1 tls { 373 1.15 mrg bozohttpd_t *httpd = request->hr_httpd; 374 1.15 mrg char buf[BOZO_WRSZ]; 375 1.15 mrg char date[40]; 376 1.15 mrg bozoheaders_t *headp; 377 1.1 tls const char *type, *clen, *info, *cgihandler; 378 1.32 mrg char *query, *s, *t, *path, *env, *command, *file, *url; 379 1.33 mrg char **envp, **curenvp, **argv, **search_string_argv = NULL; 380 1.43 mrg char **lastenvp; 381 1.17 mrg char *uri; 382 1.33 mrg size_t i, len, search_string_argc = 0; 383 1.1 tls ssize_t rbytes; 384 1.1 tls pid_t pid; 385 1.1 tls int envpsize, ix, nph; 386 1.1 tls int sv[2]; 387 1.1 tls 388 1.15 mrg if (!httpd->cgibin && !httpd->process_cgi) 389 1.12 mrg return 0; 390 1.1 tls 391 1.28 shm #ifndef NO_USER_SUPPORT 392 1.30 mrg if (request->hr_user && !httpd->enable_cgi_users) 393 1.28 shm return 0; 394 1.28 shm #endif /* !NO_USER_SUPPORT */ 395 1.28 shm 396 1.25 shm if (request->hr_oldfile && strcmp(request->hr_oldfile, "/") != 0) 397 1.25 shm uri = request->hr_oldfile; 398 1.25 shm else 399 1.25 shm uri = request->hr_file; 400 1.25 shm 401 1.17 mrg if (uri[0] == '/') 402 1.29 mrg file = bozostrdup(httpd, request, uri); 403 1.17 mrg else 404 1.31 mrg bozoasprintf(httpd, &file, "/%s", uri); 405 1.17 mrg 406 1.12 mrg if (request->hr_query && strlen(request->hr_query)) 407 1.29 mrg query = bozostrdup(httpd, request, request->hr_query); 408 1.12 mrg else 409 1.12 mrg query = NULL; 410 1.12 mrg 411 1.31 mrg bozoasprintf(httpd, &url, "%s%s%s", 412 1.31 mrg file, 413 1.31 mrg query ? "?" : "", 414 1.31 mrg query ? query : ""); 415 1.40 mrg debug((httpd, DEBUG_NORMAL, "%s: url `%s'", __func__, url)); 416 1.1 tls 417 1.1 tls path = NULL; 418 1.1 tls envp = NULL; 419 1.1 tls cgihandler = NULL; 420 1.32 mrg command = NULL; 421 1.1 tls info = NULL; 422 1.13 mrg 423 1.1 tls len = strlen(url); 424 1.1 tls 425 1.16 mrg if (bozo_auth_check(request, url + 1)) 426 1.12 mrg goto out; 427 1.12 mrg 428 1.15 mrg if (!httpd->cgibin || 429 1.15 mrg strncmp(url + 1, CGIBIN_PREFIX, CGIBIN_PREFIX_LEN) != 0) { 430 1.15 mrg cgihandler = content_cgihandler(httpd, request, file + 1); 431 1.1 tls if (cgihandler == NULL) { 432 1.15 mrg debug((httpd, DEBUG_FAT, 433 1.40 mrg "%s: no handler, returning", __func__)); 434 1.12 mrg goto out; 435 1.1 tls } 436 1.9 tls if (len == 0 || file[len - 1] == '/') 437 1.15 mrg append_index_html(httpd, &file); 438 1.40 mrg debug((httpd, DEBUG_NORMAL, "%s: cgihandler `%s'", 439 1.40 mrg __func__, cgihandler)); 440 1.8 mrg } else if (len - 1 == CGIBIN_PREFIX_LEN) /* url is "/cgi-bin/" */ 441 1.15 mrg append_index_html(httpd, &file); 442 1.12 mrg 443 1.44 mrg /* RFC3875 sect. 4.4. - search-string support */ 444 1.33 mrg if (query != NULL) { 445 1.33 mrg search_string_argv = parse_search_string(request, query, 446 1.33 mrg &search_string_argc); 447 1.33 mrg } 448 1.33 mrg 449 1.34 mrg debug((httpd, DEBUG_NORMAL, "parse_search_string args no: %zu", 450 1.33 mrg search_string_argc)); 451 1.33 mrg for (i = 0; i < search_string_argc; i++) { 452 1.33 mrg debug((httpd, DEBUG_FAT, 453 1.34 mrg "search_string[%zu]: `%s'", i, search_string_argv[i])); 454 1.33 mrg } 455 1.33 mrg 456 1.33 mrg argv = bozomalloc(httpd, sizeof(*argv) * (3 + search_string_argc)); 457 1.33 mrg 458 1.1 tls ix = 0; 459 1.1 tls if (cgihandler) { 460 1.32 mrg command = file + 1; 461 1.29 mrg path = bozostrdup(httpd, request, cgihandler); 462 1.1 tls } else { 463 1.32 mrg command = file + CGIBIN_PREFIX_LEN + 1; 464 1.1 tls if ((s = strchr(command, '/')) != NULL) { 465 1.29 mrg info = bozostrdup(httpd, request, s); 466 1.1 tls *s = '\0'; 467 1.1 tls } 468 1.15 mrg path = bozomalloc(httpd, 469 1.15 mrg strlen(httpd->cgibin) + 1 + strlen(command) + 1); 470 1.15 mrg strcpy(path, httpd->cgibin); 471 1.1 tls strcat(path, "/"); 472 1.1 tls strcat(path, command); 473 1.1 tls } 474 1.33 mrg 475 1.33 mrg argv[ix++] = path; 476 1.33 mrg 477 1.33 mrg /* copy search-string args */ 478 1.33 mrg for (i = 0; i < search_string_argc; i++) 479 1.33 mrg argv[ix++] = search_string_argv[i]; 480 1.33 mrg 481 1.1 tls argv[ix++] = NULL; 482 1.1 tls nph = strncmp(command, "nph-", 4) == 0; 483 1.1 tls 484 1.1 tls type = request->hr_content_type; 485 1.1 tls clen = request->hr_content_length; 486 1.1 tls 487 1.1 tls envpsize = 13 + request->hr_nheaders + 488 1.1 tls (info && *info ? 1 : 0) + 489 1.1 tls (query && *query ? 1 : 0) + 490 1.1 tls (type && *type ? 1 : 0) + 491 1.1 tls (clen && *clen ? 1 : 0) + 492 1.1 tls (request->hr_remotehost && *request->hr_remotehost ? 1 : 0) + 493 1.1 tls (request->hr_remoteaddr && *request->hr_remoteaddr ? 1 : 0) + 494 1.48 martin (cgihandler ? 1 : 0) + 495 1.15 mrg bozo_auth_cgi_count(request) + 496 1.1 tls (request->hr_serverport && *request->hr_serverport ? 1 : 0); 497 1.1 tls 498 1.15 mrg debug((httpd, DEBUG_FAT, 499 1.40 mrg "%s: path `%s', cmd `%s', info `%s', " 500 1.40 mrg "query `%s', nph `%d', envpsize `%d'", __func__, 501 1.15 mrg path, command, strornull(info), 502 1.15 mrg strornull(query), nph, envpsize)); 503 1.14 mrg 504 1.15 mrg envp = bozomalloc(httpd, sizeof(*envp) * envpsize); 505 1.1 tls for (ix = 0; ix < envpsize; ix++) 506 1.1 tls envp[ix] = NULL; 507 1.1 tls curenvp = envp; 508 1.43 mrg lastenvp = envp + envpsize; 509 1.3 tls 510 1.3 tls SIMPLEQ_FOREACH(headp, &request->hr_headers, h_next) { 511 1.1 tls const char *s2; 512 1.15 mrg env = bozomalloc(httpd, 6 + strlen(headp->h_header) + 1 + 513 1.1 tls strlen(headp->h_value)); 514 1.1 tls 515 1.1 tls t = env; 516 1.1 tls strcpy(t, "HTTP_"); 517 1.1 tls t += strlen(t); 518 1.1 tls for (s2 = headp->h_header; *s2; t++, s2++) 519 1.54 rillig if (islower((unsigned char)*s2)) 520 1.54 rillig *t = toupper((unsigned char)*s2); 521 1.1 tls else if (*s2 == '-') 522 1.1 tls *t = '_'; 523 1.1 tls else 524 1.1 tls *t = *s2; 525 1.1 tls *t = '\0'; 526 1.15 mrg debug((httpd, DEBUG_OBESE, "setting header %s as %s = %s", 527 1.1 tls headp->h_header, env, headp->h_value)); 528 1.15 mrg bozo_setenv(httpd, env, headp->h_value, curenvp++); 529 1.1 tls free(env); 530 1.1 tls } 531 1.14 mrg 532 1.1 tls #ifndef _PATH_DEFPATH 533 1.1 tls #define _PATH_DEFPATH "/usr/bin:/bin" 534 1.1 tls #endif 535 1.1 tls 536 1.15 mrg bozo_setenv(httpd, "PATH", _PATH_DEFPATH, curenvp++); 537 1.15 mrg bozo_setenv(httpd, "IFS", " \t\n", curenvp++); 538 1.21 martin bozo_setenv(httpd, "SERVER_NAME", BOZOHOST(httpd,request), curenvp++); 539 1.15 mrg bozo_setenv(httpd, "GATEWAY_INTERFACE", "CGI/1.1", curenvp++); 540 1.15 mrg bozo_setenv(httpd, "SERVER_PROTOCOL", request->hr_proto, curenvp++); 541 1.15 mrg bozo_setenv(httpd, "REQUEST_METHOD", request->hr_methodstr, curenvp++); 542 1.15 mrg bozo_setenv(httpd, "SCRIPT_NAME", file, curenvp++); 543 1.15 mrg bozo_setenv(httpd, "SCRIPT_FILENAME", file + 1, curenvp++); 544 1.15 mrg bozo_setenv(httpd, "SERVER_SOFTWARE", httpd->server_software, 545 1.15 mrg curenvp++); 546 1.17 mrg bozo_setenv(httpd, "REQUEST_URI", uri, curenvp++); 547 1.15 mrg bozo_setenv(httpd, "DATE_GMT", bozo_http_date(date, sizeof(date)), 548 1.15 mrg curenvp++); 549 1.33 mrg /* RFC3875 section 4.1.7 says that QUERY_STRING MUST be defined. */ 550 1.1 tls if (query && *query) 551 1.15 mrg bozo_setenv(httpd, "QUERY_STRING", query, curenvp++); 552 1.33 mrg else 553 1.33 mrg bozo_setenv(httpd, "QUERY_STRING", "", curenvp++); 554 1.1 tls if (info && *info) 555 1.15 mrg bozo_setenv(httpd, "PATH_INFO", info, curenvp++); 556 1.1 tls if (type && *type) 557 1.15 mrg bozo_setenv(httpd, "CONTENT_TYPE", type, curenvp++); 558 1.1 tls if (clen && *clen) 559 1.15 mrg bozo_setenv(httpd, "CONTENT_LENGTH", clen, curenvp++); 560 1.1 tls if (request->hr_serverport && *request->hr_serverport) 561 1.15 mrg bozo_setenv(httpd, "SERVER_PORT", request->hr_serverport, 562 1.15 mrg curenvp++); 563 1.1 tls if (request->hr_remotehost && *request->hr_remotehost) 564 1.15 mrg bozo_setenv(httpd, "REMOTE_HOST", request->hr_remotehost, 565 1.15 mrg curenvp++); 566 1.1 tls if (request->hr_remoteaddr && *request->hr_remoteaddr) 567 1.15 mrg bozo_setenv(httpd, "REMOTE_ADDR", request->hr_remoteaddr, 568 1.15 mrg curenvp++); 569 1.19 tls /* 570 1.31 mrg * Apache does this when invoking content handlers, and PHP 571 1.31 mrg * 5.3 requires it as a "security" measure. 572 1.19 tls */ 573 1.19 tls if (cgihandler) 574 1.19 tls bozo_setenv(httpd, "REDIRECT_STATUS", "200", curenvp++); 575 1.16 mrg bozo_auth_cgi_setenv(request, &curenvp); 576 1.1 tls 577 1.40 mrg debug((httpd, DEBUG_FAT, "%s: going exec %s with args:", __func__, 578 1.33 mrg path)); 579 1.33 mrg 580 1.33 mrg for (i = 0; argv[i] != NULL; i++) { 581 1.40 mrg debug((httpd, DEBUG_FAT, "%s: argv[%zu] = `%s'", __func__, 582 1.33 mrg i, argv[i])); 583 1.33 mrg } 584 1.12 mrg 585 1.15 mrg if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, sv) == -1) 586 1.30 mrg bozoerr(httpd, 1, "child socketpair failed: %s", 587 1.15 mrg strerror(errno)); 588 1.1 tls 589 1.39 martin *curenvp = 0; 590 1.43 mrg assert(lastenvp > curenvp); 591 1.39 martin 592 1.1 tls /* 593 1.1 tls * We create 2 procs: one to become the CGI, one read from 594 1.1 tls * the CGI and output to the network, and this parent will 595 1.1 tls * continue reading from the network and writing to the 596 1.1 tls * CGI procsss. 597 1.1 tls */ 598 1.1 tls switch (fork()) { 599 1.1 tls case -1: /* eep, failure */ 600 1.30 mrg bozoerr(httpd, 1, "child fork failed: %s", strerror(errno)); 601 1.15 mrg /*NOTREACHED*/ 602 1.1 tls case 0: 603 1.1 tls close(sv[0]); 604 1.1 tls dup2(sv[1], STDIN_FILENO); 605 1.1 tls dup2(sv[1], STDOUT_FILENO); 606 1.13 mrg close(2); 607 1.13 mrg close(sv[1]); 608 1.13 mrg closelog(); 609 1.15 mrg bozo_daemon_closefds(httpd); 610 1.10 tls 611 1.46 mrg if (-1 == execve(path, argv, envp)) { 612 1.52 mrg int saveerrno = errno; 613 1.46 mrg bozo_http_error(httpd, 404, request, 614 1.46 mrg "Cannot execute CGI"); 615 1.52 mrg /* don't log easy to trigger events */ 616 1.52 mrg if (saveerrno != ENOENT && 617 1.52 mrg saveerrno != EISDIR && 618 1.52 mrg saveerrno != EACCES) 619 1.52 mrg bozoerr(httpd, 1, "child exec failed: %s: %s", 620 1.52 mrg path, strerror(saveerrno)); 621 1.52 mrg _exit(1); 622 1.46 mrg } 623 1.1 tls /* NOT REACHED */ 624 1.30 mrg bozoerr(httpd, 1, "child execve returned?!"); 625 1.1 tls } 626 1.1 tls 627 1.32 mrg free(query); 628 1.32 mrg free(file); 629 1.32 mrg free(url); 630 1.33 mrg for (i = 0; i < search_string_argc; i++) 631 1.33 mrg free(search_string_argv[i]); 632 1.33 mrg free(search_string_argv); 633 1.32 mrg 634 1.1 tls close(sv[1]); 635 1.1 tls 636 1.15 mrg /* parent: read from stdin (bozo_read()) write to sv[0] */ 637 1.15 mrg /* child: read from sv[0] (bozo_write()) write to stdout */ 638 1.1 tls pid = fork(); 639 1.1 tls if (pid == -1) 640 1.30 mrg bozoerr(httpd, 1, "io child fork failed: %s", strerror(errno)); 641 1.1 tls else if (pid == 0) { 642 1.1 tls /* child reader/writer */ 643 1.1 tls close(STDIN_FILENO); 644 1.15 mrg finish_cgi_output(httpd, request, sv[0], nph); 645 1.50 spz /* if we do SSL, send a SSL_shutdown now */ 646 1.50 spz bozo_ssl_shutdown(request->hr_httpd); 647 1.1 tls /* if we're done output, our parent is useless... */ 648 1.1 tls kill(getppid(), SIGKILL); 649 1.15 mrg debug((httpd, DEBUG_FAT, "done processing cgi output")); 650 1.1 tls _exit(0); 651 1.1 tls } 652 1.1 tls close(STDOUT_FILENO); 653 1.1 tls 654 1.49 mrg /* CGI programs should perform their own timeouts */ 655 1.15 mrg while ((rbytes = bozo_read(httpd, STDIN_FILENO, buf, sizeof buf)) > 0) { 656 1.1 tls ssize_t wbytes; 657 1.55 shm /* char *bp = buf; */ 658 1.1 tls 659 1.1 tls while (rbytes) { 660 1.15 mrg wbytes = write(sv[0], buf, (size_t)rbytes); 661 1.55 shm if (wbytes > 0) 662 1.1 tls rbytes -= wbytes; 663 1.55 shm else 664 1.30 mrg bozoerr(httpd, 1, "write failed: %s", 665 1.15 mrg strerror(errno)); 666 1.1 tls } 667 1.1 tls } 668 1.15 mrg debug((httpd, DEBUG_FAT, "done processing cgi input")); 669 1.1 tls exit(0); 670 1.12 mrg 671 1.12 mrg out: 672 1.33 mrg 673 1.33 mrg for (i = 0; i < search_string_argc; i++) 674 1.33 mrg free(search_string_argv[i]); 675 1.33 mrg free(search_string_argv); 676 1.23 mbalmer free(query); 677 1.23 mbalmer free(file); 678 1.23 mbalmer free(url); 679 1.12 mrg return 0; 680 1.1 tls } 681 1.1 tls 682 1.1 tls #ifndef NO_DYNAMIC_CONTENT 683 1.1 tls /* cgi maps are simple ".postfix /path/to/prog" */ 684 1.1 tls void 685 1.29 mrg bozo_add_content_map_cgi(bozohttpd_t *httpd, const char *arg, 686 1.29 mrg const char *cgihandler) 687 1.1 tls { 688 1.15 mrg bozo_content_map_t *map; 689 1.1 tls 690 1.15 mrg debug((httpd, DEBUG_NORMAL, "bozo_add_content_map_cgi: name %s cgi %s", 691 1.15 mrg arg, cgihandler)); 692 1.1 tls 693 1.15 mrg httpd->process_cgi = 1; 694 1.1 tls 695 1.15 mrg map = bozo_get_content_map(httpd, arg); 696 1.1 tls map->name = arg; 697 1.1 tls map->type = map->encoding = map->encoding11 = NULL; 698 1.1 tls map->cgihandler = cgihandler; 699 1.1 tls } 700 1.1 tls #endif /* NO_DYNAMIC_CONTENT */ 701 1.1 tls 702 1.1 tls #endif /* NO_CGIBIN_SUPPORT */ 703
Indexes created Wed Oct 15 16:09:53 GMT 2025