diff -ruN pserv.orig/Makefile pserv/Makefile --- pserv.orig/Makefile Thu Jan 8 11:29:18 2004 +++ pserv/Makefile Thu Jan 8 12:35:53 2004 @@ -6,27 +6,28 @@ # PORTNAME= pserv -PORTVERSION= 3.0.b2 +PORTVERSION= 3.0.b3 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} -DISTNAME= ${PORTNAME}-20-Oct-03 +DISTNAME= ${PORTNAME}-08-Jan-04 EXTRACT_SUFX= .tar.Z MAINTAINER= sysadmin@alexdupre.com COMMENT= A portable and small webserver written in C WRKSRC= ${WRKDIR}/${PORTNAME} +BUILD_WRKSRC= ${WRKSRC}/sources USE_REINPLACE= yes post-patch: @${REINPLACE_CMD} "s|%%PREFIX%%|${PREFIX}|g;s|%%LOCALBASE%%|${LOCALBASE}|g" \ - ${WRKSRC}/pserv.conf + ${WRKSRC}/defaults/pserv.conf do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/pserv ${PREFIX}/sbin/ - ${INSTALL_DATA} ${WRKSRC}/mime_types.dat ${PREFIX}/etc/mime.types - ${INSTALL_DATA} ${WRKSRC}/pserv.conf ${PREFIX}/etc/ + ${INSTALL_PROGRAM} ${WRKSRC}/sources/pserv ${PREFIX}/sbin/ + ${INSTALL_DATA} ${WRKSRC}/defaults/mime_types.dat ${PREFIX}/etc/mime.types + ${INSTALL_DATA} ${WRKSRC}/defaults/pserv.conf ${PREFIX}/etc/ ${INSTALL_SCRIPT} ${FILESDIR}/pserv.sh ${PREFIX}/etc/rc.d/ .include diff -ruN pserv.orig/distinfo pserv/distinfo --- pserv.orig/distinfo Thu Jan 8 11:29:18 2004 +++ pserv/distinfo Thu Jan 8 11:31:17 2004 @@ -1 +1 @@ -MD5 (pserv-20-Oct-03.tar.Z) = 1b38238b8de0704b03ae245271f4899e +MD5 (pserv-08-Jan-04.tar.Z) = 716795e74babdf70daeb7b93dbb7f47b diff -ruN pserv.orig/files/patch-Makefile pserv/files/patch-Makefile --- pserv.orig/files/patch-Makefile Thu Jan 8 11:29:18 2004 +++ pserv/files/patch-Makefile Thu Jan 8 12:38:14 2004 @@ -1,12 +1,12 @@ ---- Makefile.orig Tue Oct 21 00:05:55 2003 -+++ Makefile Tue Oct 21 00:07:34 2003 +--- sources/Makefile.orig Thu Oct 23 12:43:08 2003 ++++ sources/Makefile Thu Jan 8 12:37:57 2004 @@ -1,11 +1,11 @@ #Change the following to your needs --CC = gcc +-CC = cc +-#insert here flags, eg. optimizations +-CFLAGS = -Wall +CC ?= gcc - #insert here flags, eg. optimizations --CFLAGS = -Wall -O3 --LIBS = + LIBS = SRCS = main.c handlers.c mime.c log.c OBJS = main.o handlers.o mime.o log.o PROGRAM = pserv diff -ruN pserv.orig/files/patch-handlers.c pserv/files/patch-handlers.c --- pserv.orig/files/patch-handlers.c Thu Jan 8 11:29:18 2004 +++ pserv/files/patch-handlers.c Thu Jan 8 12:20:11 2004 @@ -1,5 +1,5 @@ ---- handlers.c.orig Mon Oct 20 10:27:32 2003 -+++ handlers.c Tue Oct 21 00:13:59 2003 +--- sources/handlers.c.orig Mon Oct 20 10:27:32 2003 ++++ sources/handlers.c Tue Oct 21 00:13:59 2003 @@ -24,6 +24,7 @@ #endif @@ -295,20 +295,3 @@ fatal = NO; retry = NO; while(!feof(inFile) && !fatal) -@@ -408,11 +659,11 @@ - if (howMany > 0) - { - #ifdef ON_THE_FLY_CONVERSION -- { -- int i; -- for (i = 0; i < howMany; i++) -- if(outBuff[i] == '\r') outBuff[i] = '\n'; -- } -+ { -+ int i; -+ for (i = 0; i < howMany; i++) -+ if(outBuff[i] == '\r') outBuff[i] = '\n'; -+ } - #endif - if (send(sock, outBuff, howMany, 0) < 0) - { diff -ruN pserv.orig/files/patch-handlers.h pserv/files/patch-handlers.h --- pserv.orig/files/patch-handlers.h Thu Jan 8 11:29:18 2004 +++ pserv/files/patch-handlers.h Thu Jan 8 11:35:59 2004 @@ -1,5 +1,5 @@ ---- handlers.h.orig Wed Oct 15 17:06:59 2003 -+++ handlers.h Wed Oct 15 17:07:08 2003 +--- sources/handlers.h.orig Wed Oct 15 17:06:59 2003 ++++ sources/handlers.h Wed Oct 15 17:07:08 2003 @@ -19,6 +19,7 @@ /* handlers.c */ diff -ruN pserv.orig/files/patch-main.c pserv/files/patch-main.c --- pserv.orig/files/patch-main.c Thu Jan 8 11:29:18 2004 +++ pserv/files/patch-main.c Thu Jan 8 12:28:04 2004 @@ -1,5 +1,5 @@ ---- main.c.orig Mon Sep 22 10:39:24 2003 -+++ main.c Thu Oct 16 14:00:02 2003 +--- sources/main.c.orig Sat Dec 20 11:16:21 2003 ++++ sources/main.c Thu Jan 8 12:27:13 2004 @@ -23,6 +23,7 @@ char defaultFileName[MAX_PATH_LEN+1]; char logFileName[MAX_PATH_LEN+1]; @@ -8,68 +8,10 @@ char cgiRoot[MAX_PATH_LEN+1]; /* root for CGI scripts exec */ struct timeval sockTimeVal; mimeData *mimeArray; /* here we will hold all MIME data, inited once, never to be changed */ -@@ -206,10 +207,10 @@ - int reqSize; - int readLines; - int tokenEnd; -- -- /* we copy the header lines to an array for easier parsing */ -+ -+ /* we copy the header lines to an array for easier parsing */ - /* but first we make sure that our string has a newline and an end */ -- req[BUFFER_SIZE] = '\0'; -+ req[BUFFER_SIZE] = '\0'; - reqSize = strlen(req); - req[reqSize] = '\n'; - reqSize++; -@@ -230,7 +231,7 @@ - for (k = 0; k < readLines; k++) - printf("%d - |%s|\n", k, reqArray[k]); - #endif -- -+ - /* first line: method, path and protocol version */ - /* we copy to a temporary buffer to be more secure against overflows */ - i = j = 0; -@@ -246,7 +247,7 @@ - else - tokenEnd = NO; - i++; -- -+ - /* we look for the document address */ - j = 0; - reqStruct->documentAddress[0] = '\0'; -@@ -259,14 +260,14 @@ - else - token[j] = '\0'; /* to make sure we have a string */ - /* now we need to convert some escapings from the path like %20 */ -- convertPercents(token, j); -+ convertPercents(token, j); - strcpy(reqStruct->documentAddress, token); /* copy back */ - if (reqArray[0][i] == '\0') - tokenEnd = YES; - else - tokenEnd = NO; - i++; -- -+ - /* we need now to separate path from query string ("?" separated) */ - if (reqArray[0][i-1] == '?') - { -@@ -282,7 +283,7 @@ - i++; - } - } -- -+ - /* we analyze the HTTP protocol version */ - /* default is 0.9 since that version didn't report itself */ - strcpy(reqStruct->protocolVersion, "HTTP/0.9"); -@@ -306,10 +307,13 @@ +@@ -316,10 +317,13 @@ + reqStruct->keepAlive = YES; else if (!strncmp(reqArray[1], "Connection: Keep-Alive", strlen("Connection: keep-alive"))) reqStruct->keepAlive = YES; - - /* user-agent, content-length and else */ + /* user-agent, content-length, content-type, cookie and else */ i = 1; @@ -81,7 +23,7 @@ while (i < readLines) { if (!strncmp(reqArray[i], "User-Agent:", strlen("User-Agent:"))) -@@ -317,14 +321,28 @@ +@@ -327,14 +331,28 @@ strncpy(reqStruct->userAgent, &reqArray[i][strlen("User-Agent: ")], USER_AGENT_LEN - 1); reqStruct->userAgent[USER_AGENT_LEN] = '\0'; } @@ -93,11 +35,9 @@ + { + strcpy(token, &reqArray[i][strlen("Content-length: ")]); + sscanf(token, "%ld", &(reqStruct->contentLength)); - #ifdef PRINTF_DEBUG -- printf("content length %ld\n", reqStruct->contentLength); ++#ifdef PRINTF_DEBUG + printf("content length %ld\n", reqStruct->contentLength); - #endif -- } ++#endif + } + else if (!strncmp(reqArray[i], "Content-Type:", strlen("Content-type:")) || !strncmp(reqArray[i], "Content-type:", strlen("Content-type:"))) + { @@ -109,14 +49,16 @@ + else if (!strncmp(reqArray[i], "Cookie:", strlen("Cookie:"))) + { + strncpy(reqStruct->cookie, &reqArray[i][strlen("Cookie: ")], MAX_COOKIE_LEN - 1); -+#ifdef PRINTF_DEBUG + #ifdef PRINTF_DEBUG +- printf("content length %ld\n", reqStruct->contentLength); + printf("cookie %s\n", reqStruct->cookie); -+#endif + #endif +- } + } i++; } - /* if we didn't find a User-Aget we fill in a (N)ot(R)ecognized */ -@@ -414,18 +432,39 @@ + /* if we didn't find a User-Agent we fill in a (N)ot(R)ecognized */ +@@ -431,18 +449,39 @@ /* we append the default file name */ strcat(completeFilePath, defaultFileName); analyzeExtension(mimeType, completeFilePath); @@ -159,7 +101,7 @@ } } } else if (!strcmp(req.method, "HEAD")) -@@ -494,7 +533,14 @@ +@@ -511,7 +550,14 @@ strcat(completeFilePath, defaultFileName); } analyzeExtension(mimeType, completeFilePath); @@ -175,7 +117,7 @@ } } else if (!strcmp(req.method, "POST")) { -@@ -507,13 +553,6 @@ +@@ -525,13 +571,6 @@ int readFinished; printf("Handling of POST method\n"); @@ -189,50 +131,7 @@ #ifdef PRINTF_DEBUG printf ("begin of post handling\n"); -@@ -523,9 +562,15 @@ - totalRead = 0; - stuckCounter = 0; - timeOutCounter = 0; -- while (!readFinished) -- { -- howMany = recv(newSocket, tempBuff, BUFFER_SIZE, 0); -+ -+ /* SECURITY: Avoid malicious Content-Length -- check \r\n\r\n\0 also */ -+ if (req.contentLength < 0 || req.contentLength >= BUFFER_SIZE-5) { -+ sayError(sock, 500, "", req); -+ return -1; -+ } -+ -+ /* SECURITY: Remove loop to prevent buffer overflow */ -+ howMany = recv(newSocket, tempBuff, req.contentLength+5, 0); - tempBuff[howMany] = '\0'; /* seems that some Unices need this */ - #ifdef PRINTF_DEBUG - printf ("read: %d\n%s\n", howMany, tempBuff); -@@ -579,16 +624,15 @@ - if (howMany == req.contentLength) - readFinished = YES; - } -- } - #ifdef PRINTF_DEBUG -- printf("total read %d\n", totalRead); -+ printf("total read %d\n", totalRead); - #endif -- if (totalRead == 0) -- { -- printf("Request read error\n"); -- } else -- { -- if (buff[totalRead - 1] != '\n') /* we need a trailing \n or the script will wait forever */ -+ if (totalRead == 0) -+ { -+ printf("Request read error\n"); -+ } else -+ { -+ if (buff[totalRead - 1] != '\n') /* we need a trailing \n or the script will wait forever */ - { - buff[totalRead++] = '\n'; - buff[totalRead] = '\0'; -@@ -596,7 +640,77 @@ +@@ -625,7 +664,77 @@ #ifdef PRINTF_DEBUG printf("buff: |%s|\n", buff); #endif @@ -311,7 +210,7 @@ } } else { -@@ -625,7 +739,7 @@ +@@ -654,7 +763,7 @@ f = fopen(configFile, "r"); if (f == NULL) { @@ -320,7 +219,7 @@ *serverPort = DEFAULT_PORT; *maxChildren = DEFAULT_MAX_CHILDREN; strcpy(homePath, DEFAULT_DOCS_LOCATION); -@@ -634,7 +748,9 @@ +@@ -663,7 +772,9 @@ sockTimeVal.tv_usec = DEFAULT_USEC_TO; strcpy(logFileName, DEFAULT_LOG_FILE); strcpy(mimeTypesFileName, DEFAULT_MIME_FILE); @@ -330,7 +229,7 @@ return -1; } if (!feof(f)) fscanf(f, "%s %s", str1, str2); -@@ -735,11 +851,25 @@ +@@ -764,11 +875,25 @@ if (mimeTypesFileName == NULL) { strcpy(mimeTypesFileName, DEFAULT_MIME_FILE); @@ -358,29 +257,3 @@ } if (!feof(f)) fscanf(f, "%s %s", str1, str2); if (str1 != NULL && str2 != NULL && !strcmp(str1, "cgiRoot")) -@@ -775,6 +905,7 @@ - int readFinished; - struct request gottenReq; - int isKeepAlive; -+ int bool; - struct sockaddr_in listenName; /* data struct for the listen port */ - struct sockaddr_in acceptedSockStruct; /* sockaddr for the internetworking */ - int acceptedSocketLen; /* size of the structure */ -@@ -808,9 +939,16 @@ - printf("socket creation error occoured\n"); - return -1; - } -+ bool = 1; -+ error = setsockopt (theSocket, SOL_SOCKET, SO_REUSEADDR, &bool, sizeof(bool)); -+ if (error == -1) -+ { if (errno == EADDRINUSE) -+ printf("set socket option error occoured\n"); -+ return -1; -+ } - error = bind (theSocket, (struct sockaddr*) &listenName, sizeof(listenName)); - if (error == -1) -- { -+ { if (errno == EADDRINUSE) - printf("socket binding error occoured\n"); - return -2; - } diff -ruN pserv.orig/files/patch-main.h pserv/files/patch-main.h --- pserv.orig/files/patch-main.h Thu Jan 8 11:29:18 2004 +++ pserv/files/patch-main.h Thu Jan 8 12:31:33 2004 @@ -1,25 +1,25 @@ ---- main.h.orig Sun Oct 19 17:22:03 2003 -+++ main.h Tue Oct 21 00:19:57 2003 -@@ -27,11 +27,12 @@ +--- sources/main.h.orig Sat Dec 20 11:16:21 2003 ++++ sources/main.h Thu Jan 8 12:31:15 2004 +@@ -27,12 +27,13 @@ /* --- CPP parsing options --- */ -#define PRINTF_DEBUG /* enable this to print some debugging messages */ +#undef PRINTF_DEBUG /* enable this to print some debugging messages */ #undef ON_THE_FLY_CONVERSION /* enable this for line ending conversion */ - #undef BRAIN_DEAD_CAST /* if your compiler is brainwashed and does not cast standard types.h structures */ - #define FORKING_SERVER /* enables to fork for every request */ - #define AUTO_INDEX /* enables auto-index of directories */ -+#define PHP /* enables transparent PHP support */ + #define BRAIN_DEAD_CAST /* if your compiler is brainwashed and does not cast standard types.h structures */ + #define FORKING_SERVER /* enables to fork for every request */ + #define AUTO_INDEX /* enables auto-index of directories */ + #define SOCKADDR_REUSE /* enables reuse oth the socket (quick relaunch) */ ++#define PHP /* enables transparent PHP support */ + /* --- Configure options --- */ - #define CONFIG_FILE_NAME "pserv.conf" -@@ -42,19 +43,19 @@ +@@ -44,18 +45,19 @@ #define MIME_TYPE_DEFAULT "application/octet-stream" /* configuration file location */ --#define DEFAULT_CONFIG_LOCATION "/home/multix/pserv/" --//#define DEFAULT_CONFIG_LOCATION "/Users/multix/Documents/code/pserv/" +-#define DEFAULT_CONFIG_LOCATION "/home/multix/pserv/defaults/" +#define DEFAULT_CONFIG_LOCATION "/usr/local/etc/" /* hard-wired defaults, if loading of config file fails */ @@ -31,9 +31,9 @@ #define DEFAULT_FILE_NAME "index.html" #define DEFAULT_SEC_TO 1 #define DEFAULT_USEC_TO 100 --#define DEFAULT_LOG_FILE "/export/home/multix/pserv/pserv.log" --#define DEFAULT_MIME_FILE "/export/home/multix/pserv/mime_types.dat" --#define DEFAULT_CGI_ROOT "/export/home/multix/public_html/cgi-bin" +-#define DEFAULT_LOG_FILE "/home/multix/pserv/pserv.log" +-#define DEFAULT_MIME_FILE "/home/multix/pserv/mime_types.dat" +-#define DEFAULT_CGI_ROOT "/home/multix/public_html/cgi-bin" +#define DEFAULT_LOG_FILE "/var/log/pserv.log" +#define DEFAULT_MIME_FILE "/usr/local/etc/mime.types" +#define DEFAULT_PHP_FILE "/usr/local/bin/php" @@ -41,7 +41,7 @@ #define DEFAULT_SERVER_NAME "localhost" /* amount of connections queued in listening */ -@@ -123,8 +124,10 @@ +@@ -127,8 +129,10 @@ #define ADDRESS_LEN 16 #define METHOD_LEN 16 #define PROTOCOL_LEN 16 @@ -52,7 +52,7 @@ /* the maximum path name of your system should be available in MAXNAMLEN defined in dirent.h. If not, set a reasonable value like 1024 */ -@@ -139,7 +142,9 @@ +@@ -143,7 +147,9 @@ char protocolVersion[PROTOCOL_LEN+1]; int keepAlive; char userAgent[USER_AGENT_LEN+1]; diff -ruN pserv.orig/files/patch-mime.c pserv/files/patch-mime.c --- pserv.orig/files/patch-mime.c Thu Jan 8 11:29:18 2004 +++ pserv/files/patch-mime.c Thu Jan 8 11:38:08 2004 @@ -1,5 +1,5 @@ ---- mime.c.orig Thu Sep 18 15:26:55 2003 -+++ mime.c Wed Oct 15 18:38:42 2003 +--- sources/mime.c.orig Thu Sep 18 15:26:55 2003 ++++ sources/mime.c Wed Oct 15 18:38:42 2003 @@ -43,8 +43,8 @@ f = fopen(mimeTypesFileName, "r"); if (f == NULL) diff -ruN pserv.orig/files/patch-mime_types.dat pserv/files/patch-mime_types.dat --- pserv.orig/files/patch-mime_types.dat Thu Jan 8 11:29:18 2004 +++ pserv/files/patch-mime_types.dat Thu Jan 8 11:38:24 2004 @@ -1,5 +1,5 @@ ---- mime_types.dat.orig Wed Oct 15 15:57:08 2003 -+++ mime_types.dat Wed Oct 15 15:57:22 2003 +--- defaults/mime_types.dat.orig Wed Oct 15 15:57:08 2003 ++++ defaults/mime_types.dat Wed Oct 15 15:57:22 2003 @@ -14,3 +14,4 @@ tar application/x-tar lha application/octet-stream diff -ruN pserv.orig/files/patch-pserv.conf pserv/files/patch-pserv.conf --- pserv.orig/files/patch-pserv.conf Thu Jan 8 11:29:18 2004 +++ pserv/files/patch-pserv.conf Thu Jan 8 12:34:01 2004 @@ -1,8 +1,8 @@ ---- pserv.conf.orig Sun Oct 19 16:51:27 2003 -+++ pserv.conf Tue Oct 21 00:22:07 2003 +--- defaults/pserv.conf.orig Sat Dec 20 01:22:10 2003 ++++ defaults/pserv.conf Thu Jan 8 12:33:51 2004 @@ -1,9 +1,10 @@ --port 80 -+port 80 +-port 8080 ++port 80 maxChildren 4 -documentsPath /home/multix/public_html +documentsPath %%PREFIX%%/www/data @@ -10,7 +10,7 @@ secTimeout 1 uSecTimeout 100000 -logFile /home/multix/pserv/pserv.log --mimeTypesFile /home/multix/pserv/mime_types.dat +-mimeTypesFile /home/multix/pserv/defaults/mime_types.dat -cgiRoot /home/multix/public_html/cgi-bin +logFile /var/log/pserv.log +mimeTypesFile %%PREFIX%%/etc/mime.types