Commit graph

201 commits

Author SHA1 Message Date
Hiltjo Posthuma
4f2cc50416 if there is no matching vhost return 404 Not Found 2017-07-22 13:23:10 +02:00
Hiltjo Posthuma
c20aa17ae8 encode(): fix buffer-overflow and NUL terminate it 2017-07-22 13:23:10 +02:00
Laslo Hunhold
8ec042a1ba Properly escape backslash in regex 2017-07-21 18:37:55 +02:00
Laslo Hunhold
10d2ffe53a Fix example regex in vhosts
Thanks Hiltjo for noticing this!
2017-07-21 18:36:02 +02:00
Laslo Hunhold
a80f984ea3 Fix syntax error 2017-07-13 23:17:18 +02:00
Quentin Rameau
21115d4a1b Fix logic error in vhost chrooting (from e592bbc)
Thanks Hiltjo for having spotted it!
2017-07-13 21:11:06 +02:00
Laslo Hunhold
d7f5c6029e Fix the style a bit and prevent out-of-bounds index access for vhost[] 2017-07-11 15:02:24 +02:00
Laslo Hunhold
d3c1091669 Allow switching vhosts using flags and rework the usage 2017-07-11 15:02:00 +02:00
Quentin Rameau
141bb88af1 Cleanup socket file at exit.
We can't unlink the file if it's outside the chroot, so we need to keep
a simple worker outside of it.
2017-07-11 14:09:27 +02:00
Quentin Rameau
260ef0a988 Make the socketfile accessible by clients 2017-07-11 14:09:27 +02:00
Quentin Rameau
3b3fdd00e2 Split synopsis to reflect the dual usage. 2017-07-11 14:09:27 +02:00
Quentin Rameau
e46344e449 Change -U udsname to -U sockfile for clarification. 2017-07-11 14:09:27 +02:00
Laslo Hunhold
d7cf0d7f57 Reorder config.def.h a bit 2017-07-11 13:52:41 +02:00
Laslo Hunhold
06eba20e9d Add Quentin to LICENSE 2017-07-11 13:46:31 +02:00
Quentin Rameau
e592bbc0fe Integrate compiled regex into vhost array 2017-07-11 13:45:57 +02:00
Laslo Hunhold
233bf68b4b Style fix
Thanks Quentin!
2017-07-11 13:03:24 +02:00
Laslo Hunhold
000553d8c5 Add vhost support
As given in the config, we match a regex of hosts to a canonical host
which points to an internal directory.
Regexes are compiled on initialization, so we can error out early.
The rest is just modifications to use relative directories rather than
absolute ones, as we chdir() into the vhost directories dynamically.

Given we normalize the targets beforehand, there is no danger of
malformed requests escaping the vhost-context.
2017-07-11 12:55:39 +02:00
Laslo Hunhold
9e9facc9bf Properly serve empty files 2017-07-11 12:33:21 +02:00
Laslo Hunhold
af61e37a3a Check inet_pton() for system error 2017-07-09 00:11:30 +02:00
Laslo Hunhold
d598da3d52 Send absolute path when redirecting
The logic is a little more complicated, but we need it for some future
changes.
2017-07-07 13:33:43 +02:00
Hiltjo Posthuma
fc9f02cee3 memcpy regions may not overlap, use memmove
for example a path: "/../../" made quark abort().
2017-07-05 19:34:25 +02:00
Laslo Hunhold
bdff59a5f6 Check for UNIX-doman socket name truncation 2017-07-04 22:44:47 +02:00
Laslo Hunhold
d5a6e978b9 Small style fix 2017-07-04 22:26:17 +02:00
Laslo Hunhold
7f391b6134 Import strtonum() and get rid of atoi() 2017-07-04 22:21:36 +02:00
Laslo Hunhold
c0a2c5de0a Improve timestamp() semantics
Thanks Hiltjo! We are now in the enterprise(tm)!
2017-07-04 21:47:28 +02:00
Hiltjo Posthuma
eda2c150e4 improve byte-range support
this fixes the lower and upper offset and adds a 416 (range not satisfiable
status). It returns the filesize if it cannot be satisfied as the standard
suggests so the client can do something.
2017-07-04 21:45:46 +02:00
Hiltjo Posthuma
9b8e2bdeb6 byte-range: fix range check for upper limit
the range check was done after the check lower > upper
so if it meets these conditions: lower <= upper and
lower > st.st_size then lower could still be > upper.
2017-07-04 21:01:44 +02:00
Hiltjo Posthuma
a092d9aa4b the result of encode() and decode() is unused 2017-06-28 20:20:10 +02:00
Hiltjo Posthuma
e8dab1db94 config.mk: fix warning about strptime on glibc 2017-06-28 20:20:10 +02:00
Hiltjo Posthuma
f5270aa241 initialize request fields used as output in log
this could crash quark or print gibberish if the connection is closed
before parsing these fields: r->target is uninitialized, but printed
in the log.
2017-06-28 20:20:10 +02:00
Laslo Hunhold
5030846333 Rename filetype() to suffix() 2017-06-28 08:40:34 +02:00
Laslo Hunhold
1e65a4848e Fix dir-check in dirent
We cannot do this, as it falsely added a / to a link pointing to a
socket.
2017-06-28 08:29:31 +02:00
Hiltjo Posthuma
c369738fa4 make directory listing a run-time flag
remove const in the config.h since it can be changed at run-time now.
2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
434f2b3067 config.def.h: add jpeg alias, ogg audio mimetype 2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
fc0873853c minor code-style consistency fixes
:)
2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
96d035b284 add myself to the license (contributor) 2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
750f8381ce in the directory listing add / as suffix to save a redirect check 2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
b6559eb3e7 fix memleak in scandir() 2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
d1589c96fa header parsing: allow tabs are whitespace, compare case-insensitive
this is more conforming the HTTP spec
2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
2021da9bed send binary Content-Type by default (octet-stream) 2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
3efce07af9 fix memory leak in sendfile()
FILE *fp is not closed.
2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
a551445fba scandir: sort directories and show filetype
sort in order: directory or non-directory, filename (case-sensitive).
show filetypes after filename:

- / for directory
- @ for symlink
- | for pipe
- = for socket
- etc
2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
ee10f83391 send status code for method not allowed if not GET or HEAD 2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
102cf09cc5 add newline after </html> 2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
241449454f remove unused fields and redundant check for HTTP method 2017-06-27 23:31:08 +02:00
Hiltjo Posthuma
6ec37625f8 config.mk: fix compiler warning, just use DEFAULT_SOURCE
warning was:
warning: implicit declaration of function 'strptime'
warning: implicit declaration of function 'setgroups'
2017-06-27 23:31:08 +02:00
Laslo Hunhold
bd2e9e66ff Fix normabspath() to handle consecutive '..'s properly
The approach with lastp only works if we only go back one dir at a time.
Of course, this cannot be assumed, so we traverse the path backwards
looking for the previous /.
2017-06-21 11:02:35 +02:00
Laslo Hunhold
58450ffced Fix wording a little bit 2017-06-21 10:37:39 +02:00
Laslo Hunhold
283bf91a0e Add normabspath() to replace realpath(), making quark work with musl
Compiled against musl, quark will not work as musl needs the presence
of procfs to process paths in realpath().
We could wait for it to be implemented[0] or also notice that we don't
want to overengineer the target-resolving. I don't think it's very
suckless if we deploy such a huge infrastructure to resolve paths.

To counteract this and given there are no good solutions available, I
set out to write the function normabspath(), which normalizes an
absolute path.
It is idempotent and works on the buffer passed to it. We don't need a
target, as the resulting resolved path is guaranteed to be of equal
length or shorter. This requires a memcpy in our case before calling it,
but I see it as a nice demonstration of the possibilities and it might
prove to be useful for other projects.

Not requiring a target buffer (that needs to have its length specified),
the one-string-call also simplifies the calling semantics drasticly.

With this function in place, quark works with musl. Statically linked,
stripped and with -Os, it only weighs 102K.

[0]: http://www.openwall.com/lists/musl/2016/11/03/5
2017-06-21 10:35:40 +02:00
Laslo Hunhold
f4db83f68c Use dprintf() instead of snprintf()+sendbuffer()
The aim was to write quark without any mallocs. This was successful, but
proved to be a bit ugly looking at how we construct data to be sent.
Before this change, we had static buffers in each function that needed
them and filled them up, possibly risking overflow.
After that, we sent them off using our own function sendbuffer(), which
in itself represented a buffering mechanism.
Using dprintf, which is POSIX 2008, we can send things off directly,
with no need for sendbuffer() or buffers for these things.
This way we can factor out sendbuffer(), dropping a few more LOCs.

Thanks Hiltjo for the suggestion!
2017-06-21 07:56:40 +02:00