Commits
- Commit:
cb28978f0a91612f91f0bf4b8bda365941b5df25
- From:
- Omar Polo <op@omarpolo.com>
- Date:
refactor landlock
refactor the landlock-related code into something more manageable.
The only real difference is that before the logger process would try
to landlock itself to "/" without perms, something that landlock
doesn't support (now it enables landlock and then restrict itself,
which is the correct move.)
- Commit:
775ef04f82b0cbcdfe62660fc0454717dcac8cc6
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention the thanks to cage for the bugfix
Since I was in a hurry, I forgot to mention it in the tag message :/
- Commit:
0d9a5b7a181d1456d3aba46ba75a70317d2e7886
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync release
- Commit:
3571854e942b2354ae216f340add076d71d0776a
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fix possible out-of-bound access
While computing the parent directory it an out-of-bound access can
occur, which usually means the server process dies.
In particular, it can be triggered by making a request for a
non-existent file in the root of a virtual host if the path matches
the `cgi` pattern.
Thanks cage for helping in debugging!
- Commit:
353e3c8ebe516943a38d051a0bf390bb6116574c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
style
- Commit:
e15fc9573666054bdff5feecf8b2b130ca00cc76
- From:
- Omar Polo <op@omarpolo.com>
- Date:
change struct initialization
makes more explicit which fields we're setting.
(and kill an extra empty line)
- Commit:
81e0f0007842bc82fe234ffe4e5e0ce362b3a280
- From:
- Omar Polo <op@omarpolo.com>
- Date:
fmt
- Commit:
df0c2926ccb753d07a3f20f3626a20f7079453ee
- From:
- Omar Polo <op@omarpolo.com>
- Date:
use memset(3) rather than bzero(3)
There's no difference, but bzero(3) says
STANDARDS
The bzero() function conforms to the X/Open System Interfaces option of
the IEEE Std 1003.1-2004 (“POSIX.1”) specification. It was removed from
the standard in IEEE Std 1003.1-2008 (“POSIX.1”), which recommends using
memset(3) instead.
so here we are.
- Commit:
a91ad7f2ffac3f1cec0c6c42e780ab5efc92ba5c
- From:
- Omar Polo <op@omarpolo.com>
- Date:
drop unnecessary bzero
the whole struct client is already memset'd to 0 in do_accept.
handle_handshake doesn't touch the request or iri buffer in the code
path that leads to handle_open_conn. (It does so in the error router
alone.)
- Commit:
79288c8b6077a573243c4654e3b3c4948febdb99
- From:
- Omar Polo <op@omarpolo.com>
- Date:
making more explicit the case of missing SNI
Missing SNI (i.e. servname == NULL) is already handled correctly.
puny_decode refuses to work on NULL servname, c->domain is still the
empty string and everything flows as expected towards the error at the
end. However, it's better to bail out early and make more explicit
how the case of missing SNI is handled.
- Commit:
2b38d395cdf3a5b9a91d0495fc322181341d5862
- From:
- Martin <devel@datenbrei.de>
- Via:
- Omar Polo <op@omarpolo.com>
- Date:
Improve gmid.service
Changed gmid.service to not to fork the server and forced to run under
user "gmid". gmid now waits for the network stack beeing available
before starting. Also "gmid" is now the syslog id.
- Commit:
36d2d7b4b39d91868b97c86e6242f19edf6e4103
- From:
- Omar Polo <op@omarpolo.com>
- Date:
sync changelog
- Commit:
b0be0653909864ac2ea070184f6fc4f0dcc62299
- From:
- Omar Polo <op@omarpolo.com>
- Date:
landlock the logger process too
Disallow everything landlock can handle. The logger process doesn't
need any fs access (on OpenBSD it runs with pledge("stdio recvfd")).
- Commit:
0ea22af2805935f4562fb537eb57d85809e70a84
- From:
- Omar Polo <op@omarpolo.com>
- Date:
add helper function gmid_create_landlock_rs
- Commit:
67c49bc5c794c4375344ea010be608572d6f0070
- From:
- Omar Polo <op@omarpolo.com>
- Date:
mention landlock in the README