Commits
- Commit:
0126d91d1d80d7d8e794b2176556fce969f165cd
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add ge: gemini export!
- Commit:
760009951357d4c36991c4c6a62db973289b32d9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
optionally disable the sandbox on some systems
The FreeBSD and Linux' sandbox can't deal with `fastcgi' and `proxy'
configuration rules: new sockets needs to be opened and it's either
impossible (the former) or a huge pain in the arse (the latter).
The sandbox is still always used in case only static files are served.
- Commit:
d29a2ee2246e1b1b0c5222a823820e42422c894e
- From:
- Omar Polo <op@omarpolo.com>
- Date:
get rid of the CGI support
I really want to get rid of the `executor' process hack for CGI scripts
and its escalation to allow fastcgi and proxying to work on non-OpenBSD.
This drops the CGI support and the `executor' process entirely and is
the first step towards gmid 2.0. It also allows to have more secure
defaults.
On non-OpenBSD systems this means that the sandbox will be deactivated
as soon as fastcgi or proxying are used: you can't open sockets under
FreeBSD' capsicum(4) and I don't want to go thru the pain of making it
work under linux' seccomp/landlock. Patches are always welcome however.
For folks using CGI scripts (hey, I'm one of you!) not all hope is lost:
fcgiwrap or OpenBSD' slowcgi(8) are ways to run CGI scripts as they were
FastCGI applications.
fixes for the documentation and to the non-OpenBSD sandboxes will
follow.
- Commit:
543f4a66fec191b16621ae4f7783782131a3b067
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add a trailing / for dirs in the directory index.
- Commit:
a555e0d67baef271ffe4a186326ee5f1c16fff75
- From:
- Omar Polo <op@omarpolo.com>
- Date:
copyright years
- Commit:
f2f8eb35c86c4e1c1d858e782c864deac0511cd3
- From:
- Omar Polo <op@omarpolo.com>
- Date:
encode file names in the directory index
Spotted the hard way by cage
- Commit:
3bd4a6dea08fc977e314877cefed1c6fdd6b1613
- From:
- Omar Polo <op@omarpolo.com>
- Date:
log when it fails to open a file because of permissions
- Commit:
ea27eaaa83d61792e75858dc624c58fe1fa13dc9
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix an out-of-bound access in start_cgi
Long time ago, client->req was a static buffer so the memcpy was safe.
However, it's been since moved to a dynamically allocated string, so
it's very often smaller than sizeof(req.buf) (1024), hence the out of
bound access which results in a SIGSEGV very often on OpenBSD thanks to
Otto' malloc.
The situation with the iri parser, client->req and how the request is
forwarded to the other process needs to be improved: this is just a fix
to address the issue quickly, a better one would be to restructure the
iri parser APIs and rethink how the info is forwarded to the ex process.
- Commit:
3fdc457c8db0550a6143ab626bfefe3351ab0b93
- From:
- Omar Polo <op@omarpolo.com>
- Date:
swap try_client_by_id with client_by_id
i.e. allow client_by_id to fail and return NULL.
Initially I thought it was a good idea to shut down a server process
if we receive an invalid client id as reply from one of our requests
to the executor process. This turned out not to be correct since a
client can (read: will) disconnect in the delay beteewn we acknowledge
their request and the cgi script execution.
The fastcgi and proxy handler already handled this situation, so
they're unaffected.
This allows an attacker to make gmid unresponsible by just making
enough requests until they hit the right timing.
- Commit:
d98ae929b23af35e2e837c97b5c20559f48d584b
- From:
- Omar Polo <op@omarpolo.com>
- Date:
don't log errno, it's always zero after libtls returns
The libevent error value is much more interesting!
see github issue #13
- Commit:
e0f6dc646d6c257869c17f16db977cd064262830
- From:
- Omar Polo <op@omarpolo.com>
- Date:
improve proxy error path
properly release everything when during client_close if the request
was managed by a proxy.
- Commit:
d28bd963c2450790bdb6bf2193af5670581c0c24
- From:
- Omar Polo <op@omarpolo.com>
- Date:
always mark requests as done when their code is != 20
- Commit:
b9b77f5344ba6d6116044360feb3a7927778169f
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix comment
- Commit:
901905e0cf0f5f141461df7ea199711ea951c919
- From:
- Omar Polo <op@omarpolo.com>
- Date:
bail out of client_read if we've already decide what to do
libevent2 can still somehowe call client_read even in code paths
that never enable reading from the evbuffer. Can't reproduce on
the libevent in base on OpenBSD. It's a bit ugly, but it's a small
workaround for something that otherwise *always* make gmid crash
when linked against libevent2. (client_read works under the
assumption that c->host != NULL, matched_proxy crashes otherwise.)
- Commit:
876a417023a6a38cc61f61bf3083305455a7f8ec
- From:
- Omar Polo <op@omarpolo.com>
- Date:
tweak comment