diff options
| -rw-r--r-- | sapi/thttpd/thttpd_patch | 89 |
1 files changed, 44 insertions, 45 deletions
diff --git a/sapi/thttpd/thttpd_patch b/sapi/thttpd/thttpd_patch index 43c2e90937..19c8ac92eb 100644 --- a/sapi/thttpd/thttpd_patch +++ b/sapi/thttpd/thttpd_patch @@ -1,6 +1,6 @@ diff -ur thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in --- thttpd-2.21b/Makefile.in Thu Mar 29 20:36:21 2001 -+++ thttpd-2.21b-cool/Makefile.in Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/Makefile.in Tue May 6 21:13:57 2003 @@ -46,13 +46,15 @@ # You shouldn't need to edit anything below here. @@ -40,7 +40,7 @@ diff -ur thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in diff -ur thttpd-2.21b/config.h thttpd-2.21b-cool/config.h --- thttpd-2.21b/config.h Mon Apr 9 23:57:36 2001 -+++ thttpd-2.21b-cool/config.h Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/config.h Tue May 6 21:13:57 2003 @@ -82,6 +82,11 @@ */ #define IDLE_READ_TIMELIMIT 60 @@ -64,7 +64,7 @@ diff -ur thttpd-2.21b/config.h thttpd-2.21b-cool/config.h ** index pages for directories that don't have an explicit index file. diff -ur thttpd-2.21b/configure thttpd-2.21b-cool/configure --- thttpd-2.21b/configure Sat Apr 21 02:07:14 2001 -+++ thttpd-2.21b-cool/configure Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/configure Tue May 6 21:13:57 2003 @@ -1021,7 +1021,7 @@ fi echo "$ac_t""$CPP" 1>&6 @@ -76,7 +76,7 @@ diff -ur thttpd-2.21b/configure thttpd-2.21b-cool/configure echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 diff -ur thttpd-2.21b/configure.in thttpd-2.21b-cool/configure.in --- thttpd-2.21b/configure.in Sat Apr 21 02:06:23 2001 -+++ thttpd-2.21b-cool/configure.in Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/configure.in Tue May 6 21:13:57 2003 @@ -64,7 +64,7 @@ AC_MSG_RESULT(no) fi @@ -88,7 +88,7 @@ diff -ur thttpd-2.21b/configure.in thttpd-2.21b-cool/configure.in diff -ur thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c --- thttpd-2.21b/fdwatch.c Fri Apr 13 07:36:08 2001 -+++ thttpd-2.21b-cool/fdwatch.c Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/fdwatch.c Tue May 6 21:13:57 2003 @@ -419,6 +419,7 @@ if ( pollfds == (struct pollfd*) 0 || poll_fdidx == (int*) 0 || poll_rfdidx == (int*) 0 ) @@ -119,7 +119,7 @@ diff -ur thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c } diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c --- thttpd-2.21b/libhttpd.c Tue Apr 24 00:42:40 2001 -+++ thttpd-2.21b-cool/libhttpd.c Tue Apr 29 00:05:46 2003 ++++ thttpd-2.21b-cool/libhttpd.c Tue May 6 21:14:56 2003 @@ -56,6 +56,10 @@ #include <unistd.h> #include <stdarg.h> @@ -392,7 +392,17 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c for (;;) { r = fread( buf, 1, sizeof(buf) - 1, fp ); -@@ -1436,7 +1516,7 @@ +@@ -1336,6 +1416,9 @@ + if ( hc->tildemapped ) + return 1; + ++ if ( hc->hostname[0] == '.' || strchr( hc->hostname, '/' ) != (char*) 0 ) ++ return 0; ++ + /* Figure out the host directory. */ + #ifdef VHOST_DIRLEVELS + httpd_realloc_str( +@@ -1436,7 +1519,7 @@ restlen = strlen( path ); httpd_realloc_str( &rest, &maxrest, restlen ); (void) strcpy( rest, path ); @@ -401,7 +411,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c rest[--restlen] = '\0'; /* trim trailing slash */ if ( ! tildemapped ) /* Remove any leading slashes. */ -@@ -1603,6 +1683,70 @@ +@@ -1603,6 +1686,70 @@ int @@ -472,7 +482,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c httpd_get_conn( httpd_server* hs, int listen_fd, httpd_conn* hc ) { httpd_sockaddr sa; -@@ -1612,6 +1756,7 @@ +@@ -1612,6 +1759,7 @@ { hc->read_size = 0; httpd_realloc_str( &hc->read_buf, &hc->read_size, 500 ); @@ -480,7 +490,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c hc->maxdecodedurl = hc->maxorigfilename = hc->maxexpnfilename = hc->maxencodings = hc->maxpathinfo = hc->maxquery = hc->maxaccept = -@@ -1631,12 +1776,19 @@ +@@ -1631,12 +1779,19 @@ httpd_realloc_str( &hc->reqhost, &hc->maxreqhost, 0 ); httpd_realloc_str( &hc->hostdir, &hc->maxhostdir, 0 ); httpd_realloc_str( &hc->remoteuser, &hc->maxremoteuser, 0 ); @@ -501,7 +511,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c /* Accept the new connection. */ sz = sizeof(sa); -@@ -1657,53 +1809,12 @@ +@@ -1657,53 +1812,12 @@ hc->hs = hs; memset( &hc->client_addr, 0, sizeof(hc->client_addr) ); memcpy( &hc->client_addr, &sa, sockaddr_len( &sa ) ); @@ -561,7 +571,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c } -@@ -1720,6 +1831,9 @@ +@@ -1720,6 +1834,9 @@ { char c; @@ -571,7 +581,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c for ( ; hc->checked_idx < hc->read_idx; ++hc->checked_idx ) { c = hc->read_buf[hc->checked_idx]; -@@ -1912,8 +2026,11 @@ +@@ -1912,8 +2029,11 @@ eol = strpbrk( protocol, " \t\n\r" ); if ( eol != (char*) 0 ) *eol = '\0'; @@ -584,19 +594,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c } } /* Check for HTTP/1.1 absolute URL. */ -@@ -2012,6 +2129,11 @@ - cp = strchr( hc->hdrhost, ':' ); - if ( cp != (char*) 0 ) - *cp = '\0'; -+ if ( hc->hdrhost[0] == '.' || strpbrk( hc->hdrhost, "/\\" ) != 0 ) -+ { -+ httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" ); -+ return -1; -+ } - } - else if ( strncasecmp( buf, "Accept:", 7 ) == 0 ) - { -@@ -2129,6 +2251,7 @@ +@@ -2129,6 +2249,7 @@ cp = &buf[11]; cp += strspn( cp, " \t" ); if ( strcasecmp( cp, "keep-alive" ) == 0 ) @@ -604,7 +602,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c hc->keep_alive = 1; } #ifdef LOG_UNKNOWN_HEADERS -@@ -2168,6 +2291,9 @@ +@@ -2168,6 +2289,9 @@ } } @@ -614,7 +612,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c if ( hc->one_one ) { /* Check that HTTP/1.1 requests specify a host, as required. */ -@@ -2177,14 +2303,14 @@ +@@ -2177,14 +2301,14 @@ return -1; } @@ -636,7 +634,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c } /* Ok, the request has been parsed. Now we resolve stuff that -@@ -2349,15 +2475,24 @@ +@@ -2349,15 +2473,24 @@ void @@ -665,7 +663,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c if ( hc->conn_fd >= 0 ) { (void) close( hc->conn_fd ); -@@ -2370,7 +2505,12 @@ +@@ -2370,7 +2503,12 @@ { if ( hc->initialized ) { @@ -679,7 +677,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c free( (void*) hc->decodedurl ); free( (void*) hc->origfilename ); free( (void*) hc->expnfilename ); -@@ -2556,7 +2696,7 @@ +@@ -2556,7 +2694,7 @@ return -1; } @@ -688,7 +686,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c if ( hc->method == METHOD_HEAD ) closedir( dirp ); else if ( hc->method == METHOD_GET ) -@@ -3026,11 +3166,9 @@ +@@ -3026,11 +3164,9 @@ post_post_garbage_hack( httpd_conn* hc ) { char buf[2]; @@ -702,7 +700,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c } -@@ -3313,6 +3451,11 @@ +@@ -3313,6 +3449,11 @@ int r; ClientData client_data; @@ -714,7 +712,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c if ( hc->method == METHOD_GET || hc->method == METHOD_POST ) { httpd_clear_ndelay( hc->conn_fd ); -@@ -3369,6 +3512,7 @@ +@@ -3369,6 +3510,7 @@ int expnlen, indxlen; char* cp; char* pi; @@ -722,7 +720,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c expnlen = strlen( hc->expnfilename ); -@@ -3561,6 +3705,16 @@ +@@ -3561,6 +3703,16 @@ match( hc->hs->cgi_pattern, hc->expnfilename ) ) return cgi( hc ); @@ -739,7 +737,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c /* It's not CGI. If it's executable or there's pathinfo, someone's ** trying to either serve or run a non-CGI file as CGI. Either case ** is prohibited. -@@ -3594,32 +3748,47 @@ +@@ -3594,32 +3746,47 @@ hc->end_byte_loc = hc->sb.st_size - 1; figure_mime( hc ); @@ -793,7 +791,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c } return 0; -@@ -3638,6 +3807,9 @@ +@@ -3638,6 +3805,9 @@ return r; } @@ -803,7 +801,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c static void make_log_entry( httpd_conn* hc, struct timeval* nowP ) -@@ -3648,88 +3820,62 @@ +@@ -3648,88 +3818,62 @@ if ( hc->hs->no_log ) return; @@ -938,7 +936,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c } -@@ -3840,7 +3986,24 @@ +@@ -3840,7 +3984,24 @@ { #ifdef HAVE_GETNAMEINFO static char str[200]; @@ -963,9 +961,10 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c if ( getnameinfo( &saP->sa, sockaddr_len( saP ), str, sizeof(str), 0, 0, NI_NUMERICHOST ) != 0 ) { str[0] = '?'; +Only in thttpd-2.21b-cool: libhttpd.c~ diff -ur thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h --- thttpd-2.21b/libhttpd.h Tue Apr 24 00:36:50 2001 -+++ thttpd-2.21b-cool/libhttpd.h Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/libhttpd.h Tue May 6 21:13:57 2003 @@ -69,6 +69,8 @@ char* server_hostname; int port; @@ -1027,7 +1026,7 @@ diff -ur thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h ** mallocced strings. diff -ur thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt --- thttpd-2.21b/mime_encodings.txt Wed May 10 03:22:28 2000 -+++ thttpd-2.21b-cool/mime_encodings.txt Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/mime_encodings.txt Tue May 6 21:13:57 2003 @@ -3,6 +3,6 @@ # A list of file extensions followed by the corresponding MIME encoding. # Extensions not found in the table proceed to the mime_types table. @@ -1039,7 +1038,7 @@ diff -ur thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt uu x-uuencode diff -ur thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt --- thttpd-2.21b/mime_types.txt Sat Apr 14 04:53:30 2001 -+++ thttpd-2.21b-cool/mime_types.txt Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/mime_types.txt Tue May 6 21:13:57 2003 @@ -1,135 +1,138 @@ -# mime_types.txt -# @@ -1290,7 +1289,7 @@ diff -ur thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt +ice x-conference/x-cooltalk diff -ur thttpd-2.21b/mmc.c thttpd-2.21b-cool/mmc.c --- thttpd-2.21b/mmc.c Fri Apr 13 23:02:15 2001 -+++ thttpd-2.21b-cool/mmc.c Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/mmc.c Tue May 6 21:13:57 2003 @@ -70,6 +70,9 @@ unsigned int hash; int hash_idx; @@ -1393,7 +1392,7 @@ diff -ur thttpd-2.21b/mmc.c thttpd-2.21b-cool/mmc.c else diff -ur thttpd-2.21b/mmc.h thttpd-2.21b-cool/mmc.h --- thttpd-2.21b/mmc.h Fri Apr 13 07:36:54 2001 -+++ thttpd-2.21b-cool/mmc.h Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/mmc.h Tue May 6 21:13:57 2003 @@ -31,8 +31,9 @@ /* Returns an mmap()ed area for the given file, or (void*) 0 on errors. ** If you have a stat buffer on the file, pass it in, otherwise pass 0. @@ -1407,7 +1406,7 @@ diff -ur thttpd-2.21b/mmc.h thttpd-2.21b-cool/mmc.h ** If you have a stat buffer on the file, pass it in, otherwise pass 0. diff -ur thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c --- thttpd-2.21b/thttpd.c Tue Apr 24 00:41:57 2001 -+++ thttpd-2.21b-cool/thttpd.c Tue Apr 29 00:05:19 2003 ++++ thttpd-2.21b-cool/thttpd.c Tue May 6 21:13:57 2003 @@ -53,6 +53,10 @@ #endif #include <unistd.h> |