forked from jesrui/althttpd
-
Notifications
You must be signed in to change notification settings - Fork 0
/
althttpd.c
2592 lines (2491 loc) · 89.8 KB
/
althttpd.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/*
** 2001-09-15
**
** The author disclaims copyright to this source code. In place of
** a legal notice, here is a blessing:
**
** May you do good and not evil.
** May you find forgiveness for yourself and forgive others.
** May you share freely, never taking more than you give.
**
*************************************************************************
**
** This source code file implements a small, simple, stand-alone HTTP
** server.
**
** Features:
**
** * Launched from inetd/xinetd/stunnel4, or as a stand-alone server
** * One process per request
** * Deliver static content or run CGI or SCGI
** * Virtual sites based on the "Host:" property of the HTTP header
** * Runs in a chroot jail
** * Unified log file in a CSV format
** * Small code base (this 1 file) to facilitate security auditing
** * Simple setup - no configuration files to misconfigure
**
** This file implements a small and simple but secure and effective web
** server. There are no frills. Anything that could be reasonably
** omitted has been.
**
** Setup rules:
**
** (1) Launch as root from inetd like this:
**
** httpd -logfile logfile -root /home/www -user nobody
**
** It will automatically chroot to /home/www and become user "nobody".
** The logfile name should be relative to the chroot jail.
**
** (2) Directories of the form "*.website" (ex: www_sqlite_org.website)
** contain content. The directory is chosen based on the HTTP_HOST
** request header. If there is no HTTP_HOST header or if the
** corresponding host directory does not exist, then the
** "default.website" is used. If the HTTP_HOST header contains any
** charaters other than [a-zA-Z0-9_.,*~/] then a 403 error is
** generated.
**
** (3) Any file or directory whose name begins with "." or "-" is ignored,
** except if the URL begins with "/.well-known/" then initial "." and
** "-" characters are allowed, but not initial "..". The exception is
** for RFC-5785 to allow letsencrypt or certbot to generate a TLS cert
** using webroot.
**
** (4) Characters other than [0-9a-zA-Z,-./:_~] and any %HH characters
** escapes in the filename are all translated into "_". This is
** a defense against cross-site scripting attacks and other mischief.
**
** (5) Executable files are run as CGI. Files whose name ends with ".scgi"
** trigger and SCGI request (see item 10 below). All other files
** are delivered as is.
**
** (6) For SSL support use stunnel and add the -https 1 option on the
** httpd command-line.
**
** (7) If a file named "-auth" exists in the same directory as the file to
** be run as CGI or to be delivered, then it contains information
** for HTTP Basic authorization. See file format details below.
**
** (8) To run as a stand-alone server, simply add the "-port N" command-line
** option to define which TCP port to listen on.
**
** (9) For static content, the mimetype is determined by the file suffix
** using a table built into the source code below. If you have
** unusual content files, you might need to extend this table.
**
** (10) Content files that end with ".scgi" and that contain text of the
** form "SCGI hostname port" will format an SCGI request and send it
** to hostname:port, the relay back the reply. Error behavior is
** determined by subsequent lines of the .scgi file. See SCGI below
** for details.
**
** Command-line Options:
**
** --root DIR Defines the directory that contains the various
** $HOST.website subdirectories, each containing web content
** for a single virtual host. If launched as root and if
** "--user USER" also appears on the command-line and if
** "--jail 0" is omitted, then the process runs in a chroot
** jail rooted at this directory and under the userid USER.
** This option is required for xinetd launch but defaults
** to "." for a stand-alone web server.
**
** --port N Run in standalone mode listening on TCP port N
**
** --user USER Define the user under which the process should run if
** originally launched as root. This process will refuse to
** run as root (for security). If this option is omitted and
** the process is launched as root, it will abort without
** processing any HTTP requests.
**
** --logfile FILE Append a single-line, CSV-format, log file entry to FILE
** for each HTTP request. FILE should be a full pathname.
** The FILE name is interpreted inside the chroot jail. The
** FILE name is expanded using strftime() if it contains
** at least one '%' and is not too long.
**
** --https Indicates that input is coming over SSL and is being
** decoded upstream, perhaps by stunnel. (This program
** only understands plaintext.)
**
** --family ipv4 Only accept input from IPV4 or IPV6, respectively.
** --family ipv6 These options are only meaningful if althttpd is run
** as a stand-alone server.
**
** --jail BOOLEAN Indicates whether or not to form a chroot jail if
** initially run as root. The default is true, so the only
** useful variant of this option is "--jail 0" which prevents
** the formation of the chroot jail.
**
** --max-age SEC The value for "Cache-Control: max-age=%d". Defaults to
** 120 seconds.
**
** --max-cpu SEC Maximum number of seconds of CPU time allowed per
** HTTP connection. Default 30. 0 means no limit.
**
** --debug Disables input timeouts. This is useful for debugging
** when inputs is being typed in manually.
**
** Command-line options can take either one or two initial "-" characters.
** So "--debug" and "-debug" mean the same thing, for example.
**
**
** Security Features:
**
** (1) This program automatically puts itself inside a chroot jail if
** it can and if not specifically prohibited by the "--jail 0"
** command-line option. The root of the jail is the directory that
** contains the various $HOST.website content subdirectories.
**
** (2) No input is read while this process has root privileges. Root
** privileges are dropped prior to reading any input (but after entering
** the chroot jail, of course). If root privileges cannot be dropped
** (for example because the --user command-line option was omitted or
** because the user specified by the --user option does not exist),
** then the process aborts with an error prior to reading any input.
**
** (3) The length of an HTTP request is limited to MAX_CONTENT_LENGTH bytes
** (default: 250 million). Any HTTP request longer than this fails
** with an error.
**
** (4) There are hard-coded time-outs on each HTTP request. If this process
** waits longer than the timeout for the complete request, or for CGI
** to finish running, then this process aborts. (The timeout feature
** can be disabled using the --debug command-line option.)
**
** (5) If the HTTP_HOST request header contains characters other than
** [0-9a-zA-Z,-./:_~] then the entire request is rejected.
**
** (6) Any characters in the URI pathname other than [0-9a-zA-Z,-./:_~]
** are converted into "_". This applies to the pathname only, not
** to the query parameters or fragment.
**
** (7) If the first character of any URI pathname component is "." or "-"
** then a 404 Not Found reply is generated. This prevents attacks
** such as including ".." or "." directory elements in the pathname
** and allows placing files and directories in the content subdirectory
** that are invisible to all HTTP requests, by making the first
** character of the file or subdirectory name "-" or ".".
**
** (8) The request URI must begin with "/" or else a 404 error is generated.
**
** (9) This program never sets the value of an environment variable to a
** string that begins with "() {".
**
** Security Auditing:
**
** This webserver mostly only serves static content. Any security risk will
** come from CGI and SCGI. To check an installation for security, then, it
** makes sense to focus on the CGI and SCGI scripts.
**
** To local all CGI files:
**
** find *.website -executable -type f -print
** OR: find *.website -perm +0111 -type f -print
**
** The first form of the "find" command is preferred, but is only supported
** by GNU find. On a Mac, you'll have to use the second form.
**
** To find all SCGI files:
**
** find *.website -name '*.scgi' -type f -print
**
** If any file is a security concern, it can be disabled on a live
** installation by turning off read permissions:
**
** chmod 0000 file-of-concern
**
** SCGI Specification Files:
**
** Content files (files without the execute bit set) that end with ".scgi"
** specify a connection to an SCGI server. The format of the .scgi file
** follows this template:
**
** SCGI hostname port
** fallback: fallback-filename
** relight: relight-command
**
** The first line specifies the location and TCP/IP port of the SCGI server
** that will handle the request. Subsequent lines determine what to do if
** the SCGI server cannot be contacted. If the "relight:" line is present,
** then the relight-command is run using system() and the connection is
** retried after a 1-second delay. Use "&" at the end of the relight-command
** to run it in the background. Make sure the relight-command does not
** send generate output, or that output will become part of the SCGI reply.
** Add a ">/dev/null" suffix (before the "&") to the relight-command if
** necessary to suppress output. If there is no relight-command, or if the
** relight is attempted but the SCGI server still cannot be contacted, then
** the content of the fallback-filename file is returned as a substitute for
** the SCGI request. The mimetype is determined by the suffix on the
** fallback-filename. The fallback-filename would typically be an error
** message indicating that the service is temporarily unavailable.
**
** Basic Authorization:
**
** If the file "-auth" exists in the same directory as the content file
** (for both static content and CGI) then it contains the information used
** for basic authorization. The file format is as follows:
**
** * Blank lines and lines that begin with '#' are ignored
** * "http-redirect" forces a redirect to HTTPS if not there already
** * "https-only" disallows operation in HTTP
** * "user NAME LOGIN:PASSWORD" checks to see if LOGIN:PASSWORD
** authorization credentials are provided, and if so sets the
** REMOTE_USER to NAME.
** * "realm TEXT" sets the realm to TEXT.
**
** There can be multiple "user" lines. If no "user" line matches, the
** request fails with a 401 error.
**
** Because of security rule (7), there is no way for the content of the "-auth"
** file to leak out via HTTP request.
*/
#include <stdio.h>
#include <ctype.h>
#include <syslog.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <unistd.h>
#include <fcntl.h>
#include <string.h>
#include <pwd.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/resource.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdarg.h>
#include <time.h>
#include <sys/times.h>
#include <netdb.h>
#include <errno.h>
#include <sys/resource.h>
#include <signal.h>
#ifdef linux
#include <sys/sendfile.h>
#endif
#include <assert.h>
/*
** Configure the server by setting the following macros and recompiling.
*/
#ifndef DEFAULT_PORT
#define DEFAULT_PORT "80" /* Default TCP port for HTTP */
#endif
#ifndef MAX_CONTENT_LENGTH
#define MAX_CONTENT_LENGTH 250000000 /* Max length of HTTP request content */
#endif
#ifndef MAX_CPU
#define MAX_CPU 30 /* Max CPU cycles in seconds */
#endif
/*
** We record most of the state information as global variables. This
** saves having to pass information to subroutines as parameters, and
** makes the executable smaller...
*/
static char *zRoot = 0; /* Root directory of the website */
static char *zTmpNam = 0; /* Name of a temporary file */
static char zTmpNamBuf[500]; /* Space to hold the temporary filename */
static char *zProtocol = 0; /* The protocol being using by the browser */
static char *zMethod = 0; /* The method. Must be GET */
static char *zScript = 0; /* The object to retrieve */
static char *zRealScript = 0; /* The object to retrieve. Same as zScript
** except might have "/index.html" appended */
static char *zHome = 0; /* The directory containing content */
static char *zQueryString = 0; /* The query string on the end of the name */
static char *zFile = 0; /* The filename of the object to retrieve */
static int lenFile = 0; /* Length of the zFile name */
static char *zDir = 0; /* Name of the directory holding zFile */
static char *zPathInfo = 0; /* Part of the pathname past the file */
static char *zAgent = 0; /* What type if browser is making this query */
static char *zServerName = 0; /* The name after the http:// */
static char *zServerPort = 0; /* The port number */
static char *zCookie = 0; /* Cookies reported with the request */
static char *zHttpHost = 0; /* Name according to the web browser */
static char *zRealPort = 0; /* The real TCP port when running as daemon */
static char *zRemoteAddr = 0; /* IP address of the request */
static char *zReferer = 0; /* Name of the page that refered to us */
static char *zAccept = 0; /* What formats will be accepted */
static char *zAcceptEncoding =0; /* gzip or default */
static char *zContentLength = 0; /* Content length reported in the header */
static char *zContentType = 0; /* Content type reported in the header */
static char *zQuerySuffix = 0; /* The part of the URL after the first ? */
static char *zAuthType = 0; /* Authorization type (basic or digest) */
static char *zAuthArg = 0; /* Authorization values */
static char *zRemoteUser = 0; /* REMOTE_USER set by authorization module */
static char *zIfNoneMatch= 0; /* The If-None-Match header value */
static char *zIfModifiedSince=0; /* The If-Modified-Since header value */
static int nIn = 0; /* Number of bytes of input */
static int nOut = 0; /* Number of bytes of output */
static char zReplyStatus[4]; /* Reply status code */
static int statusSent = 0; /* True after status line is sent */
static char *zLogFile = 0; /* Log to this file */
static int debugFlag = 0; /* True if being debugged */
static struct timeval beginTime; /* Time when this process starts */
static int closeConnection = 0; /* True to send Connection: close in reply */
static int nRequest = 0; /* Number of requests processed */
static int omitLog = 0; /* Do not make logfile entries if true */
static int useHttps = 0; /* True to use HTTPS: instead of HTTP: */
static char *zHttp = "http"; /* http or https */
static int useTimeout = 1; /* True to use times */
static int standalone = 0; /* Run as a standalone server (no inetd) */
static int ipv6Only = 0; /* Use IPv6 only */
static int ipv4Only = 0; /* Use IPv4 only */
static struct rusage priorSelf; /* Previously report SELF time */
static struct rusage priorChild; /* Previously report CHILD time */
static int mxAge = 120; /* Cache-control max-age */
static char *default_path = "/bin:/usr/bin"; /* Default PATH variable */
static char *zScgi = 0; /* Value of the SCGI env variable */
static int rangeStart = 0; /* Start of a Range: request */
static int rangeEnd = 0; /* End of a Range: request */
static int maxCpu = MAX_CPU; /* Maximum CPU time per process */
/*
** Mapping between CGI variable names and values stored in
** global variables.
*/
static struct {
char *zEnvName;
char **pzEnvValue;
} cgienv[] = {
{ "CONTENT_LENGTH", &zContentLength }, /* Must be first for SCGI */
{ "AUTH_TYPE", &zAuthType },
{ "AUTH_CONTENT", &zAuthArg },
{ "CONTENT_TYPE", &zContentType },
{ "DOCUMENT_ROOT", &zHome },
{ "HTTP_ACCEPT", &zAccept },
{ "HTTP_ACCEPT_ENCODING", &zAcceptEncoding },
{ "HTTP_COOKIE", &zCookie },
{ "HTTP_HOST", &zHttpHost },
{ "HTTP_IF_MODIFIED_SINCE", &zIfModifiedSince },
{ "HTTP_IF_NONE_MATCH", &zIfNoneMatch },
{ "HTTP_REFERER", &zReferer },
{ "HTTP_USER_AGENT", &zAgent },
{ "PATH", &default_path },
{ "PATH_INFO", &zPathInfo },
{ "QUERY_STRING", &zQueryString },
{ "REMOTE_ADDR", &zRemoteAddr },
{ "REQUEST_METHOD", &zMethod },
{ "REQUEST_URI", &zScript },
{ "REMOTE_USER", &zRemoteUser },
{ "SCGI", &zScgi },
{ "SCRIPT_DIRECTORY", &zDir },
{ "SCRIPT_FILENAME", &zFile },
{ "SCRIPT_NAME", &zRealScript },
{ "SERVER_NAME", &zServerName },
{ "SERVER_PORT", &zServerPort },
{ "SERVER_PROTOCOL", &zProtocol },
};
/*
** Double any double-quote characters in a string.
*/
static char *Escape(char *z){
size_t i, j;
size_t n;
char c;
char *zOut;
for(i=0; (c=z[i])!=0 && c!='"'; i++){}
if( c==0 ) return z;
n = 1;
for(i++; (c=z[i])!=0; i++){ if( c=='"' ) n++; }
zOut = malloc( i+n+1 );
if( zOut==0 ) return "";
for(i=j=0; (c=z[i])!=0; i++){
zOut[j++] = c;
if( c=='"' ) zOut[j++] = c;
}
zOut[j] = 0;
return zOut;
}
/*
** Convert a struct timeval into an integer number of microseconds
*/
static long long int tvms(struct timeval *p){
return ((long long int)p->tv_sec)*1000000 + (long long int)p->tv_usec;
}
/*
** Make an entry in the log file. If the HTTP connection should be
** closed, then terminate this process. Otherwise return.
*/
static void MakeLogEntry(int exitCode, int lineNum){
FILE *log;
if( zTmpNam ){
unlink(zTmpNam);
}
if( zLogFile && !omitLog ){
struct timeval now;
struct tm *pTm;
struct rusage self, children;
int waitStatus;
char *zRM = zRemoteUser ? zRemoteUser : "";
char *zFilename;
size_t sz;
char zDate[200];
char zExpLogFile[500];
if( zScript==0 ) zScript = "";
if( zRealScript==0 ) zRealScript = "";
if( zRemoteAddr==0 ) zRemoteAddr = "";
if( zHttpHost==0 ) zHttpHost = "";
if( zReferer==0 ) zReferer = "";
if( zAgent==0 ) zAgent = "";
gettimeofday(&now, 0);
pTm = localtime(&now.tv_sec);
strftime(zDate, sizeof(zDate), "%Y-%m-%d %H:%M:%S", pTm);
sz = strftime(zExpLogFile, sizeof(zExpLogFile), zLogFile, pTm);
if( sz>0 && sz<sizeof(zExpLogFile)-2 ){
zFilename = zExpLogFile;
}else{
zFilename = zLogFile;
}
waitpid(-1, &waitStatus, WNOHANG);
getrusage(RUSAGE_SELF, &self);
getrusage(RUSAGE_CHILDREN, &children);
if( (log = fopen(zFilename,"a"))!=0 ){
#ifdef COMBINED_LOG_FORMAT
strftime(zDate, sizeof(zDate), "%d/%b/%Y:%H:%M:%S %Z", pTm);
fprintf(log, "%s - - [%s] \"%s %s %s\" %s %d \"%s\" \"%s\"\n",
zRemoteAddr, zDate, zMethod, zScript, zProtocol,
zReplyStatus, nOut, zReferer, zAgent);
#else
strftime(zDate, sizeof(zDate), "%Y-%m-%d %H:%M:%S", pTm);
/* Log record files:
** (1) Date and time
** (2) IP address
** (3) URL being accessed
** (4) Referer
** (5) Reply status
** (6) Bytes received
** (7) Bytes sent
** (8) Self user time
** (9) Self system time
** (10) Children user time
** (11) Children system time
** (12) Total wall-clock time
** (13) Request number for same TCP/IP connection
** (14) User agent
** (15) Remote user
** (16) Bytes of URL that correspond to the SCRIPT_NAME
** (17) Line number in source file
*/
fprintf(log,
"%s,%s,\"%s://%s%s\",\"%s\","
"%s,%d,%d,%lld,%lld,%lld,%lld,%lld,%d,\"%s\",\"%s\",%d,%d\n",
zDate, zRemoteAddr, zHttp, Escape(zHttpHost), Escape(zScript),
Escape(zReferer), zReplyStatus, nIn, nOut,
tvms(&self.ru_utime) - tvms(&priorSelf.ru_utime),
tvms(&self.ru_stime) - tvms(&priorSelf.ru_stime),
tvms(&children.ru_utime) - tvms(&priorChild.ru_utime),
tvms(&children.ru_stime) - tvms(&priorChild.ru_stime),
tvms(&now) - tvms(&beginTime),
nRequest, Escape(zAgent), Escape(zRM),
(int)(strlen(zHttp)+strlen(zHttpHost)+strlen(zRealScript)+3),
lineNum
);
priorSelf = self;
priorChild = children;
#endif
fclose(log);
nIn = nOut = 0;
}
}
if( closeConnection ){
exit(exitCode);
}
statusSent = 0;
}
/*
** Allocate memory safely
*/
static char *SafeMalloc( size_t size ){
char *p;
p = (char*)malloc(size);
if( p==0 ){
strcpy(zReplyStatus, "998");
MakeLogEntry(1,100); /* LOG: Malloc() failed */
exit(1);
}
return p;
}
/*
** Set the value of environment variable zVar to zValue.
*/
static void SetEnv(const char *zVar, const char *zValue){
char *z;
size_t len;
if( zValue==0 ) zValue="";
/* Disable an attempted bashdoor attack */
if( strncmp(zValue,"() {",4)==0 ) zValue = "";
len = strlen(zVar) + strlen(zValue) + 2;
z = SafeMalloc(len);
sprintf(z,"%s=%s",zVar,zValue);
putenv(z);
}
/*
** Remove the first space-delimited token from a string and return
** a pointer to it. Add a NULL to the string to terminate the token.
** Make *zLeftOver point to the start of the next token.
*/
static char *GetFirstElement(char *zInput, char **zLeftOver){
char *zResult = 0;
if( zInput==0 ){
if( zLeftOver ) *zLeftOver = 0;
return 0;
}
while( isspace(*(unsigned char*)zInput) ){ zInput++; }
zResult = zInput;
while( *zInput && !isspace(*(unsigned char*)zInput) ){ zInput++; }
if( *zInput ){
*zInput = 0;
zInput++;
while( isspace(*(unsigned char*)zInput) ){ zInput++; }
}
if( zLeftOver ){ *zLeftOver = zInput; }
return zResult;
}
/*
** Make a copy of a string into memory obtained from malloc.
*/
static char *StrDup(const char *zSrc){
char *zDest;
size_t size;
if( zSrc==0 ) return 0;
size = strlen(zSrc) + 1;
zDest = (char*)SafeMalloc( size );
strcpy(zDest,zSrc);
return zDest;
}
static char *StrAppend(char *zPrior, const char *zSep, const char *zSrc){
char *zDest;
size_t size;
size_t n0, n1, n2;
if( zSrc==0 ) return 0;
if( zPrior==0 ) return StrDup(zSrc);
n0 = strlen(zPrior);
n1 = strlen(zSep);
n2 = strlen(zSrc);
size = n0+n1+n2+1;
zDest = (char*)SafeMalloc( size );
memcpy(zDest, zPrior, n0);
free(zPrior);
memcpy(&zDest[n0],zSep,n1);
memcpy(&zDest[n0+n1],zSrc,n2+1);
return zDest;
}
/*
** Compare two ETag values. Return 0 if they match and non-zero if they differ.
**
** The one on the left might be a NULL pointer and it might be quoted.
*/
static int CompareEtags(const char *zA, const char *zB){
if( zA==0 ) return 1;
if( zA[0]=='"' ){
int lenB = (int)strlen(zB);
if( strncmp(zA+1, zB, lenB)==0 && zA[lenB+1]=='"' ) return 0;
}
return strcmp(zA, zB);
}
/*
** Break a line at the first \n or \r character seen.
*/
static void RemoveNewline(char *z){
if( z==0 ) return;
while( *z && *z!='\n' && *z!='\r' ){ z++; }
*z = 0;
}
/* Render seconds since 1970 as an RFC822 date string. Return
** a pointer to that string in a static buffer.
*/
static char *Rfc822Date(time_t t){
struct tm *tm;
static char zDate[100];
tm = gmtime(&t);
strftime(zDate, sizeof(zDate), "%a, %d %b %Y %H:%M:%S %Z", tm);
return zDate;
}
/*
** Print a date tag in the header. The name of the tag is zTag.
** The date is determined from the unix timestamp given.
*/
static int DateTag(const char *zTag, time_t t){
return printf("%s: %s\r\n", zTag, Rfc822Date(t));
}
/*
** Parse an RFC822-formatted timestamp as we'd expect from HTTP and return
** a Unix epoch time. <= zero is returned on failure.
*/
time_t ParseRfc822Date(const char *zDate){
int mday, mon, year, yday, hour, min, sec;
char zIgnore[4];
char zMonth[4];
static const char *const azMonths[] =
{"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
if( 7==sscanf(zDate, "%3[A-Za-z], %d %3[A-Za-z] %d %d:%d:%d", zIgnore,
&mday, zMonth, &year, &hour, &min, &sec)){
if( year > 1900 ) year -= 1900;
for(mon=0; mon<12; mon++){
if( !strncmp( azMonths[mon], zMonth, 3 )){
int nDay;
int isLeapYr;
static int priorDays[] =
{ 0, 31, 59, 90,120,151,181,212,243,273,304,334 };
isLeapYr = year%4==0 && (year%100!=0 || (year+300)%400==0);
yday = priorDays[mon] + mday - 1;
if( isLeapYr && mon>1 ) yday++;
nDay = (year-70)*365 + (year-69)/4 - year/100 + (year+300)/400 + yday;
return ((time_t)(nDay*24 + hour)*60 + min)*60 + sec;
}
}
}
return 0;
}
/*
** Test procedure for ParseRfc822Date
*/
void TestParseRfc822Date(void){
time_t t1, t2;
for(t1=0; t1<0x7fffffff; t1 += 127){
t2 = ParseRfc822Date(Rfc822Date(t1));
assert( t1==t2 );
}
}
/*
** Print the first line of a response followed by the server type.
*/
static void StartResponse(const char *zResultCode){
time_t now;
time(&now);
if( statusSent ) return;
nOut += printf("%s %s\r\n", zProtocol, zResultCode);
strncpy(zReplyStatus, zResultCode, 3);
zReplyStatus[3] = 0;
if( zReplyStatus[0]>='4' ){
closeConnection = 1;
}
if( closeConnection ){
nOut += printf("Connection: close\r\n");
}else{
nOut += printf("Connection: keep-alive\r\n");
}
nOut += DateTag("Date", now);
statusSent = 1;
}
/*
** Tell the client that there is no such document
*/
static void NotFound(int lineno){
StartResponse("404 Not Found");
nOut += printf(
"Content-type: text/html; charset=utf-8\r\n"
"\r\n"
"<head><title lineno=\"%d\">Not Found</title></head>\n"
"<body><h1>Document Not Found</h1>\n"
"The document %s is not available on this server\n"
"</body>\n", lineno, zScript);
MakeLogEntry(0, lineno);
exit(0);
}
/*
** Tell the client that they are not welcomed here.
*/
static void Forbidden(int lineno){
StartResponse("403 Forbidden");
nOut += printf(
"Content-type: text/plain; charset=utf-8\r\n"
"\r\n"
"Access denied\n"
);
closeConnection = 1;
MakeLogEntry(0, lineno);
exit(0);
}
/*
** Tell the client that authorization is required to access the
** document.
*/
static void NotAuthorized(const char *zRealm){
StartResponse("401 Authorization Required");
nOut += printf(
"WWW-Authenticate: Basic realm=\"%s\"\r\n"
"Content-type: text/html; charset=utf-8\r\n"
"\r\n"
"<head><title>Not Authorized</title></head>\n"
"<body><h1>401 Not Authorized</h1>\n"
"A login and password are required for this document\n"
"</body>\n", zRealm);
MakeLogEntry(0, 110); /* LOG: Not authorized */
}
/*
** Tell the client that there is an error in the script.
*/
static void CgiError(void){
StartResponse("500 Error");
nOut += printf(
"Content-type: text/html; charset=utf-8\r\n"
"\r\n"
"<head><title>CGI Program Error</title></head>\n"
"<body><h1>CGI Program Error</h1>\n"
"The CGI program %s generated an error\n"
"</body>\n", zScript);
MakeLogEntry(0, 120); /* LOG: CGI Error */
exit(0);
}
/*
** This is called if we timeout or catch some other kind of signal.
** Log an error code which is 900+iSig and then quit.
*/
static void Timeout(int iSig){
if( !debugFlag ){
if( zScript && zScript[0] ){
char zBuf[10];
zBuf[0] = '9';
zBuf[1] = '0' + (iSig/10)%10;
zBuf[2] = '0' + iSig%10;
zBuf[3] = 0;
strcpy(zReplyStatus, zBuf);
MakeLogEntry(0, 130); /* LOG: Timeout */
}
exit(0);
}
}
/*
** Tell the client that there is an error in the script.
*/
static void CgiScriptWritable(void){
StartResponse("500 CGI Configuration Error");
nOut += printf(
"Content-type: text/plain; charset=utf-8\r\n"
"\r\n"
"The CGI program %s is writable by users other than its owner.\n",
zRealScript);
MakeLogEntry(0, 140); /* LOG: CGI script is writable */
exit(0);
}
/*
** Tell the client that the server malfunctioned.
*/
static void Malfunction(int linenum, const char *zFormat, ...){
va_list ap;
va_start(ap, zFormat);
StartResponse("500 Server Malfunction");
nOut += printf(
"Content-type: text/plain; charset=utf-8\r\n"
"\r\n"
"Web server malfunctioned; error number %d\n\n", linenum);
if( zFormat ){
nOut += vprintf(zFormat, ap);
printf("\n");
nOut++;
}
MakeLogEntry(0, linenum);
exit(0);
}
/*
** Do a server redirect to the document specified. The document
** name not contain scheme or network location or the query string.
** It will be just the path.
*/
static void Redirect(const char *zPath, int iStatus, int finish, int lineno){
switch( iStatus ){
case 301:
StartResponse("301 Permanent Redirect");
break;
case 308:
StartResponse("308 Permanent Redirect");
break;
default:
StartResponse("302 Temporary Redirect");
break;
}
if( zServerPort==0 || zServerPort[0]==0 || strcmp(zServerPort,"80")==0 ){
nOut += printf("Location: %s://%s%s%s\r\n",
zHttp, zServerName, zPath, zQuerySuffix);
}else{
nOut += printf("Location: %s://%s:%s%s%s\r\n",
zHttp, zServerName, zServerPort, zPath, zQuerySuffix);
}
if( finish ){
nOut += printf("Content-length: 0\r\n");
nOut += printf("\r\n");
MakeLogEntry(0, lineno);
}
fflush(stdout);
}
/*
** This function treats its input as a base-64 string and returns the
** decoded value of that string. Characters of input that are not
** valid base-64 characters (such as spaces and newlines) are ignored.
*/
void Decode64(char *z64){
char *zData;
int n64;
int i, j;
int a, b, c, d;
static int isInit = 0;
static int trans[128];
static unsigned char zBase[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
if( !isInit ){
for(i=0; i<128; i++){ trans[i] = 0; }
for(i=0; zBase[i]; i++){ trans[zBase[i] & 0x7f] = i; }
isInit = 1;
}
n64 = strlen(z64);
while( n64>0 && z64[n64-1]=='=' ) n64--;
zData = z64;
for(i=j=0; i+3<n64; i+=4){
a = trans[z64[i] & 0x7f];
b = trans[z64[i+1] & 0x7f];
c = trans[z64[i+2] & 0x7f];
d = trans[z64[i+3] & 0x7f];
zData[j++] = ((a<<2) & 0xfc) | ((b>>4) & 0x03);
zData[j++] = ((b<<4) & 0xf0) | ((c>>2) & 0x0f);
zData[j++] = ((c<<6) & 0xc0) | (d & 0x3f);
}
if( i+2<n64 ){
a = trans[z64[i] & 0x7f];
b = trans[z64[i+1] & 0x7f];
c = trans[z64[i+2] & 0x7f];
zData[j++] = ((a<<2) & 0xfc) | ((b>>4) & 0x03);
zData[j++] = ((b<<4) & 0xf0) | ((c>>2) & 0x0f);
}else if( i+1<n64 ){
a = trans[z64[i] & 0x7f];
b = trans[z64[i+1] & 0x7f];
zData[j++] = ((a<<2) & 0xfc) | ((b>>4) & 0x03);
}
zData[j] = 0;
}
/*
** Check to see if basic authorization credentials are provided for
** the user according to the information in zAuthFile. Return true
** if authorized. Return false if not authorized.
**
** File format:
**
** * Blank lines and lines that begin with '#' are ignored
** * "http-redirect" forces a redirect to HTTPS if not there already
** * "https-only" disallows operation in HTTP
** * "user NAME LOGIN:PASSWORD" checks to see if LOGIN:PASSWORD
** authorization credentials are provided, and if so sets the
** REMOTE_USER to NAME.
** * "realm TEXT" sets the realm to TEXT.
** * "anyone" bypasses authentication and allows anyone to see the
** files. Useful in combination with "http-redirect"
*/
static int CheckBasicAuthorization(const char *zAuthFile){
FILE *in;
char *zRealm = "unknown realm";
char *zLoginPswd;
char *zName;
char zLine[2000];
in = fopen(zAuthFile, "rb");
if( in==0 ){
NotFound(150); /* LOG: Cannot open -auth file */
return 0;
}
if( zAuthArg ) Decode64(zAuthArg);
while( fgets(zLine, sizeof(zLine), in) ){
char *zFieldName;
char *zVal;
zFieldName = GetFirstElement(zLine,&zVal);
if( zFieldName==0 || *zFieldName==0 ) continue;
if( zFieldName[0]=='#' ) continue;
RemoveNewline(zVal);
if( strcmp(zFieldName, "realm")==0 ){
zRealm = StrDup(zVal);
}else if( strcmp(zFieldName,"user")==0 ){
if( zAuthArg==0 ) continue;
zName = GetFirstElement(zVal, &zVal);
zLoginPswd = GetFirstElement(zVal, &zVal);
if( zLoginPswd==0 ) continue;
if( zAuthArg && strcmp(zAuthArg,zLoginPswd)==0 ){
zRemoteUser = StrDup(zName);
fclose(in);
return 1;
}
}else if( strcmp(zFieldName,"https-only")==0 ){
if( !useHttps ){
NotFound(160); /* LOG: http request on https-only page */
fclose(in);
return 0;
}
}else if( strcmp(zFieldName,"http-redirect")==0 ){
if( !useHttps ){
zHttp = "https";
Redirect(zScript, 301, 1, 170); /* LOG: -auth redirect */
fclose(in);
return 0;
}
}else if( strcmp(zFieldName,"anyone")==0 ){
fclose(in);
return 1;
}else{
NotFound(180); /* LOG: malformed entry in -auth file */
fclose(in);
return 0;
}
}
fclose(in);
NotAuthorized(zRealm);
return 0;
}
/*
** Guess the mime-type of a document based on its name.
*/
const char *GetMimeType(const char *zName, int nName){
const char *z;
int i;
int first, last;
int len;
char zSuffix[20];
/* A table of mimetypes based on file suffixes.
** Suffixes must be in sorted order so that we can do a binary
** search to find the mime-type
*/
static const struct {
const char *zSuffix; /* The file suffix */
int size; /* Length of the suffix */
const char *zMimetype; /* The corresponding mimetype */
} aMime[] = {
{ "ai", 2, "application/postscript" },
{ "aif", 3, "audio/x-aiff" },
{ "aifc", 4, "audio/x-aiff" },
{ "aiff", 4, "audio/x-aiff" },
{ "arj", 3, "application/x-arj-compressed" },
{ "asc", 3, "text/plain" },
{ "asf", 3, "video/x-ms-asf" },
{ "asx", 3, "video/x-ms-asx" },
{ "au", 2, "audio/ulaw" },
{ "avi", 3, "video/x-msvideo" },
{ "bat", 3, "application/x-msdos-program" },
{ "bcpio", 5, "application/x-bcpio" },
{ "bin", 3, "application/octet-stream" },
{ "c", 1, "text/plain" },