Commits
Commit:
2025e96d976677a7bf6bbe54185eb7bca026fe9d
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Sep 10 09:48:30 2022 UTC
drop cgi vestiges from the struct host The `env' list is no longer used since CGI scripts were removed
Commit:
cd5826b8ba3b43ed9802309688ae029c0f5c4081
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Sep 10 09:43:57 2022 UTC
retire the deprecated `mime' and `map' config options
Commit:
aa9543b9fd1963d86f63fda13addb356f9039c37
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Sep 10 09:40:05 2022 UTC
make the mime types fixed-sized too
Commit:
7277bb7dc2971fad2a51b7975df85dda1df4c936
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Sep 10 09:21:09 2022 UTC
make config fields `chroot' and `user' fixed-size
Commit:
760009951357d4c36991c4c6a62db973289b32d9
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:40:38 2022 UTC
optionally disable the sandbox on some systems The FreeBSD and Linux' sandbox can't deal with `fastcgi' and `proxy' configuration rules: new sockets needs to be opened and it's either impossible (the former) or a huge pain in the arse (the latter). The sandbox is still always used in case only static files are served.
Commit:
36e6e793a159a4241b87c62345e4bad2485728c6
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:25:10 2022 UTC
gc FILE_EXECUTABLE
Commit:
1ab7c96bb305e818b5dfa3b525d5ff635ad12a0a
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:24:45 2022 UTC
gc sandbox_executor_process
Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
From:
Omar Polo <op@omarpolo.com>
Date:
Tue Sep 6 16:11:09 2022 UTC
get rid of the CGI support I really want to get rid of the `executor' process hack for CGI scripts and its escalation to allow fastcgi and proxying to work on non-OpenBSD. This drops the CGI support and the `executor' process entirely and is the first step towards gmid 2.0. It also allows to have more secure defaults. On non-OpenBSD systems this means that the sandbox will be deactivated as soon as fastcgi or proxying are used: you can't open sockets under FreeBSD' capsicum(4) and I don't want to go thru the pain of making it work under linux' seccomp/landlock. Patches are always welcome however. For folks using CGI scripts (hey, I'm one of you!) not all hope is lost: fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were FastCGI applications. fixes for the documentation and to the non-OpenBSD sandboxes will follow.
Commit:
f2f8eb35c86c4e1c1d858e782c864deac0511cd3
From:
Omar Polo <op@omarpolo.com>
Date:
Mon Jul 4 09:31:36 2022 UTC
encode file names in the directory index Spotted the hard way by cage
Commit:
18bd83915eab0f06b7e2920d0d71a39108b2d641
From:
Omar Polo <op@omarpolo.com>
Date:
Fri Apr 8 15:14:09 2022 UTC
sort the MIME mappings and do a binary search to match
Commit:
54203115cd0121ee0e44f5e58202a4d8054b9c09
From:
Omar Polo <op@omarpolo.com>
Date:
Fri Apr 8 13:52:35 2022 UTC
don't load the built-in list when using `types'
Commit:
d8d170aa5ee1498babee095078b3888f1525a2b3
From:
Omar Polo <op@omarpolo.com>
Date:
Fri Apr 8 13:44:49 2022 UTC
allow add_mime to fail add_mime nows allocate dinamically copies of the passed strings, so that we can actually free what we parse from the config file. This matters a lot especially with lengthy `types' block: strings that reach the internal mapping are never free'd, so every manual addition is leaked.
Commit:
ea27eaaa83d61792e75858dc624c58fe1fa13dc9
From:
Omar Polo <op@omarpolo.com>
Date:
Sun Mar 27 12:52:59 2022 UTC
fix an out-of-bound access in start_cgi Long time ago, client->req was a static buffer so the memcpy was safe. However, it's been since moved to a dynamically allocated string, so it's very often smaller than sizeof(req.buf) (1024), hence the out of bound access which results in a SIGSEGV very often on OpenBSD thanks to Otto' malloc. The situation with the iri parser, client->req and how the request is forwarded to the other process needs to be improved: this is just a fix to address the issue quickly, a better one would be to restructure the iri parser APIs and rethink how the info is forwarded to the ex process.
Commit:
3fdc457c8db0550a6143ab626bfefe3351ab0b93
From:
Omar Polo <op@omarpolo.com>
Date:
Sat Mar 26 11:32:26 2022 UTC
swap try_client_by_id with client_by_id i.e. allow client_by_id to fail and return NULL. Initially I thought it was a good idea to shut down a server process if we receive an invalid client id as reply from one of our requests to the executor process. This turned out not to be correct since a client can (read: will) disconnect in the delay beteewn we acknowledge their request and the cgi script execution. The fastcgi and proxy handler already handled this situation, so they're unaffected. This allows an attacker to make gmid unresponsible by just making enough requests until they hit the right timing.
Commit:
1cdea97b6c74ec86e202431a208b5c99343f7273
From:
Omar Polo <op@omarpolo.com>
Date:
Sun Jan 30 10:14:44 2022 UTC
allow using a custom hostname for SNI during proxying add a `sni' option for the `proxy' block: the given name is used instead of the one extracted by the `relay-to' rule.
Omar Polo