Attachment #253307 for bug #281255

View | Details | Raw Unified | Return to bug 281255
Collapse All | Expand All

Lines 1-5 Link Here

(-)b/www/pound/Makefile (+1 lines)
1	PORTNAME= pound	1	PORTNAME= pound
2	PORTVERSION= 4.13	2	PORTVERSION= 4.13
		3	PORTREVISION= 1
3	CATEGORIES= www net	4	CATEGORIES= www net
4	MASTER_SITES= https://github.com/graygnuorg/pound/releases/download/v${PORTVERSION}/	5	MASTER_SITES= https://github.com/graygnuorg/pound/releases/download/v${PORTVERSION}/
5		6




--- src/http.c.orig	2024-08-20 06:46:04 UTC
+++ src/http.c
@@ -241,6 +241,14 @@ isws (int c)
 {
   return c == ' ' || c == '\t';
 }
+
+static char const *
+trimwsl (char const *s)
+{
+  while (*s && isws (*s))
+    s++;
+  return s;
+}
 
 static int
 submatch_realloc (struct submatch *sm, GENPAT re)
@@ -1162,7 +1170,7 @@ get_line (BIO *in, char *const buf, int bufsize)
       case 0:
 	if (BIO_should_retry (in))
 	  continue;
-	return COPY_EOF;
+	return i == 0 ? COPY_EOF : COPY_OK;
       case -1:
 	return COPY_READ_ERR;
       default:
@@ -1312,15 +1320,11 @@ get_content_length (char const *arg, int mode)
   CONTENT_LENGTH n;
 
   if (mode == CL_HEADER)
-    {
-      while (isws (*arg))
-	arg++;
-    }
+    arg = trimwsl (arg);
 
   if (strtoclen (arg, mode == CL_HEADER ? 10 : 16, &n, &p))
     return NO_CONTENT_LENGTH;
-  while (isws (*p))
-    p++;
+  p = (char*) trimwsl (p);
   if (*p)
     {
       if (!(mode == CL_CHUNK && *p == ';'))
@@ -3219,6 +3223,30 @@ static int
 }
 
 static int
+set_header_from_bio (BIO *bio, struct http_request *req,
+		     char const *hdr, struct stringbuf *sb)
+{
+  char buf[MAXBUF];
+  int rc;
+  char *str;
+
+  if ((rc = get_line (bio, buf, sizeof (buf))) == COPY_OK)
+    {
+      stringbuf_reset (sb);
+      stringbuf_printf (sb, "%s: %s", hdr, trimwsl (buf));
+      if ((str = stringbuf_finish (sb)) == NULL
+	  || http_header_list_append (&req->headers, str, H_REPLACE))
+	{
+	  return -1;
+	}
+    }
+  else if (rc != COPY_EOF)
+    logmsg (LOG_ERR, "(%"PRItid") error reading data: %s",
+	    POUND_TID (), copy_status_string (rc));
+  return 0;
+}
+
+static int
 add_ssl_headers (POUND_HTTP *phttp)
 {
   int res = 0;
@@ -3248,72 +3276,40 @@ add_ssl_headers (POUND_HTTP *phttp)
   if (phttp->lstn->clnt_check > 0 && phttp->x509 != NULL
       && (bio = BIO_new (BIO_s_mem ())) != NULL)
     {
+      int i;
+
+      BIO_set_mem_eof_return (bio, 0);
       X509_NAME_print_ex (bio, X509_get_subject_name (phttp->x509), 8,
 			  XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
-      if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
+      if (set_header_from_bio (bio, &phttp->request, "X-SSL-Subject", &sb))
 	{
 	  res = -1;
 	  goto end;
 	}
 
-      stringbuf_printf (&sb, "X-SSL-Subject: %s", buf);
-      if ((str = stringbuf_finish (&sb)) == NULL
-	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
-	{
-	  res = -1;
-	  goto end;
-	}
-      stringbuf_reset (&sb);
-
       X509_NAME_print_ex (bio, X509_get_issuer_name (phttp->x509), 8,
 			  XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
-      if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
+      if (set_header_from_bio (bio, &phttp->request, "X-SSL-Issuer", &sb))
 	{
 	  res = -1;
 	  goto end;
 	}
 
-      stringbuf_printf (&sb, "X-SSL-Issuer: %s", buf);
-      if ((str = stringbuf_finish (&sb)) == NULL
-	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
-	{
-	  res = -1;
-	  goto end;
-	}
-      stringbuf_reset (&sb);
-
       ASN1_TIME_print (bio, X509_get_notBefore (phttp->x509));
-      if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
+      if (set_header_from_bio (bio, &phttp->request, "X-SSL-notBefore", &sb))
 	{
 	  res = -1;
 	  goto end;
 	}
 
-      stringbuf_printf (&sb, "X-SSL-notBefore: %s", buf);
-      if ((str = stringbuf_finish (&sb)) == NULL
-	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
-	{
-	  res = -1;
-	  goto end;
-	}
-      stringbuf_reset (&sb);
-
       ASN1_TIME_print (bio, X509_get_notAfter (phttp->x509));
-      if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
+      if (set_header_from_bio (bio, &phttp->request, "X-SSL-notAfter", &sb))
 	{
 	  res = -1;
 	  goto end;
 	}
 
-      stringbuf_printf (&sb, "X-SSL-notAfter: %s", buf);
-      if ((str = stringbuf_finish (&sb)) == NULL
-	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
-	{
-	  res = -1;
-	  goto end;
-	}
       stringbuf_reset (&sb);
-
       stringbuf_printf (&sb, "X-SSL-serial: %ld",
 			ASN1_INTEGER_get (X509_get_serialNumber (phttp->x509)));
       if ((str = stringbuf_finish (&sb)) == NULL
@@ -3326,9 +3322,13 @@ add_ssl_headers (POUND_HTTP *phttp)
 
       PEM_write_bio_X509 (bio, phttp->x509);
       stringbuf_add_string (&sb, "X-SSL-certificate: ");
+      i = 0;
       while (get_line (bio, buf, sizeof (buf)) == COPY_OK)
 	{
+	  if (i > 0)
+	    stringbuf_add_string (&sb, "\r\n\t");
 	  stringbuf_add_string (&sb, buf);
+	  i++;
 	}
       if ((str = stringbuf_finish (&sb)) == NULL
 	  || http_header_list_append (&phttp->request.headers, str, H_REPLACE))
@@ -3580,7 +3580,7 @@ http_response_validate (struct http_request *req)
 static int
 http_response_validate (struct http_request *req)
 {
-  char *str = req->request;
+  char const *str = req->request;
   int http_ver;
 
   if (!(strncmp (str, "HTTP/1.", 7) == 0 &&
@@ -3589,9 +3589,7 @@ http_response_validate (struct http_request *req)
     return 0;
   req->version = http_ver - '0';
 
-  for (str += 8; isws (*str); str++)
-    if (!*str)
-      return 0;
+  str = trimwsl (str + 8);
 
   switch (str[0])
     {

Return to bug 281255

Added Link Here

(-)b/www/pound/files/patch-src_http.c (+189 lines)
1	--- src/http.c.orig 2024-08-20 06:46:04 UTC
2	+++ src/http.c
3	@@ -241,6 +241,14 @@ isws (int c)
4	{
5	return c == ' ' \|\| c == '\t';
6	}
7	+
8	+static char const *
9	+trimwsl (char const *s)
10	+{
11	+ while (s && isws (s))
12	+ s++;
13	+ return s;
14	+}
15
16	static int
17	submatch_realloc (struct submatch *sm, GENPAT re)
18	@@ -1162,7 +1170,7 @@ get_line (BIO in, char const buf, int bufsize)
19	case 0:
20	if (BIO_should_retry (in))
21	continue;
22	- return COPY_EOF;
23	+ return i == 0 ? COPY_EOF : COPY_OK;
24	case -1:
25	return COPY_READ_ERR;
26	default:
27	@@ -1312,15 +1320,11 @@ get_content_length (char const *arg, int mode)
28	CONTENT_LENGTH n;
29
30	if (mode == CL_HEADER)
31	- {
32	- while (isws (*arg))
33	- arg++;
34	- }
35	+ arg = trimwsl (arg);
36
37	if (strtoclen (arg, mode == CL_HEADER ? 10 : 16, &n, &p))
38	return NO_CONTENT_LENGTH;
39	- while (isws (*p))
40	- p++;
41	+ p = (char*) trimwsl (p);
42	if (*p)
43	{
44	if (!(mode == CL_CHUNK && *p == ';'))
45	@@ -3219,6 +3223,30 @@ static int
46	}
47
48	static int
49	+set_header_from_bio (BIO bio, struct http_request req,
50	+ char const hdr, struct stringbuf sb)
51	+{
52	+ char buf[MAXBUF];
53	+ int rc;
54	+ char *str;
55	+
56	+ if ((rc = get_line (bio, buf, sizeof (buf))) == COPY_OK)
57	+ {
58	+ stringbuf_reset (sb);
59	+ stringbuf_printf (sb, "%s: %s", hdr, trimwsl (buf));
60	+ if ((str = stringbuf_finish (sb)) == NULL
61	+ \|\| http_header_list_append (&req->headers, str, H_REPLACE))
62	+ {
63	+ return -1;
64	+ }
65	+ }
66	+ else if (rc != COPY_EOF)
67	+ logmsg (LOG_ERR, "(%"PRItid") error reading data: %s",
68	+ POUND_TID (), copy_status_string (rc));
69	+ return 0;
70	+}
71	+
72	+static int
73	add_ssl_headers (POUND_HTTP *phttp)
74	{
75	int res = 0;
76	@@ -3248,72 +3276,40 @@ add_ssl_headers (POUND_HTTP *phttp)
77	if (phttp->lstn->clnt_check > 0 && phttp->x509 != NULL
78	&& (bio = BIO_new (BIO_s_mem ())) != NULL)
79	{
80	+ int i;
81	+
82	+ BIO_set_mem_eof_return (bio, 0);
83	X509_NAME_print_ex (bio, X509_get_subject_name (phttp->x509), 8,
84	XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
85	- if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
86	+ if (set_header_from_bio (bio, &phttp->request, "X-SSL-Subject", &sb))
87	{
88	res = -1;
89	goto end;
90	}
91
92	- stringbuf_printf (&sb, "X-SSL-Subject: %s", buf);
93	- if ((str = stringbuf_finish (&sb)) == NULL
94	- \|\| http_header_list_append (&phttp->request.headers, str, H_REPLACE))
95	- {
96	- res = -1;
97	- goto end;
98	- }
99	- stringbuf_reset (&sb);
100	-
101	X509_NAME_print_ex (bio, X509_get_issuer_name (phttp->x509), 8,
102	XN_FLAG_ONELINE & ~ASN1_STRFLGS_ESC_MSB);
103	- if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
104	+ if (set_header_from_bio (bio, &phttp->request, "X-SSL-Issuer", &sb))
105	{
106	res = -1;
107	goto end;
108	}
109
110	- stringbuf_printf (&sb, "X-SSL-Issuer: %s", buf);
111	- if ((str = stringbuf_finish (&sb)) == NULL
112	- \|\| http_header_list_append (&phttp->request.headers, str, H_REPLACE))
113	- {
114	- res = -1;
115	- goto end;
116	- }
117	- stringbuf_reset (&sb);
118	-
119	ASN1_TIME_print (bio, X509_get_notBefore (phttp->x509));
120	- if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
121	+ if (set_header_from_bio (bio, &phttp->request, "X-SSL-notBefore", &sb))
122	{
123	res = -1;
124	goto end;
125	}
126
127	- stringbuf_printf (&sb, "X-SSL-notBefore: %s", buf);
128	- if ((str = stringbuf_finish (&sb)) == NULL
129	- \|\| http_header_list_append (&phttp->request.headers, str, H_REPLACE))
130	- {
131	- res = -1;
132	- goto end;
133	- }
134	- stringbuf_reset (&sb);
135	-
136	ASN1_TIME_print (bio, X509_get_notAfter (phttp->x509));
137	- if (get_line (bio, buf, sizeof (buf)) != COPY_OK)
138	+ if (set_header_from_bio (bio, &phttp->request, "X-SSL-notAfter", &sb))
139	{
140	res = -1;
141	goto end;
142	}
143
144	- stringbuf_printf (&sb, "X-SSL-notAfter: %s", buf);
145	- if ((str = stringbuf_finish (&sb)) == NULL
146	- \|\| http_header_list_append (&phttp->request.headers, str, H_REPLACE))
147	- {
148	- res = -1;
149	- goto end;
150	- }
151	stringbuf_reset (&sb);
152	-
153	stringbuf_printf (&sb, "X-SSL-serial: %ld",
154	ASN1_INTEGER_get (X509_get_serialNumber (phttp->x509)));
155	if ((str = stringbuf_finish (&sb)) == NULL
156	@@ -3326,9 +3322,13 @@ add_ssl_headers (POUND_HTTP *phttp)
157
158	PEM_write_bio_X509 (bio, phttp->x509);
159	stringbuf_add_string (&sb, "X-SSL-certificate: ");
160	+ i = 0;
161	while (get_line (bio, buf, sizeof (buf)) == COPY_OK)
162	{
163	+ if (i > 0)
164	+ stringbuf_add_string (&sb, "\r\n\t");
165	stringbuf_add_string (&sb, buf);
166	+ i++;
167	}
168	if ((str = stringbuf_finish (&sb)) == NULL
169	\|\| http_header_list_append (&phttp->request.headers, str, H_REPLACE))
170	@@ -3580,7 +3580,7 @@ http_response_validate (struct http_request *req)
171	static int
172	http_response_validate (struct http_request *req)
173	{
174	- char *str = req->request;
175	+ char const *str = req->request;
176	int http_ver;
177
178	if (!(strncmp (str, "HTTP/1.", 7) == 0 &&
179	@@ -3589,9 +3589,7 @@ http_response_validate (struct http_request *req)
180	return 0;
181	req->version = http_ver - '0';
182
183	- for (str += 8; isws (*str); str++)
184	- if (!*str)
185	- return 0;
186	+ str = trimwsl (str + 8);
187
188	switch (str[0])
189	{