aboutsummaryrefslogtreecommitdiffstats
path: root/slowcgi.c (unfollow)
Commit message (Collapse)AuthorLines
2020-05-24read(2) returns ssize_t, not size_tblambert-2/+3
ok florian@
2020-05-24Bail out if the buffer is too small to contain the length of a parameter ↵florian-4/+4
value. Found while investigating a dead store pointed out by llvm scan-build.
2020-05-24dead stores; pointed out by llvm scan-build; no binary changeflorian-5/+1
2020-05-24pause shadows global; pointed out by gcc; no binary changeflorian-5/+5
2020-05-24mode is unused; pointed out by gcc; no binary changeflorian-2/+2
2020-05-24declare lerr and lerrx __dead; unconfuses llvm scan-buildflorian-12/+12
2020-05-24Instead of doing the fcntl(2) and ioctl(2) song and dance just tell ↵florian-11/+5
socket(2) and accept4(2) that we want non-blocking-close-on-exec sockets. OK benno@
2020-05-24Use lerrx instead of errx since the logging subsystem is already ↵claudio-3/+3
initialized. OK florian@
2020-05-24Implement -u (user to drop privs to) and -p flag (path to chroot to). This ↵florian-12/+29
allows to run slowcgi non-chrooted with -p /, requested by at least ratchov@ and henning@. Input by many, OK ratchov@ on a previous diff, "looks good" millert@, man page bits tweak and OK schwarze@ (all some time ago); OK henning@
2020-05-24Cleanup socket creation. Input ajacoutot some time ago; OK henning@florian-10/+7
2020-05-24My previous attempt to chdir(2) to the directory containing the cgi script ↵florian-5/+10
was not quite right. slowcgi would try to chdir("") with a SCRIPT_NAME of /foo.cgi; chdir("/") in that case. I'm not sure how one would configure nginx/slowcgi to get to that point though. OK benno@
2020-05-24Calculate the length of name and value for parameters the right way around ↵florian-6/+6
for the 4 byte encoding. With this QUERY_STRING can be longer than 127 bytes. Found the hard way while playing with smokeping. OK benno@
2020-05-24httpd(8) did a chdir(2) to the directory containing the cgi script. As there ↵florian-1/+10
might be scripts depending on this do the same in slowcgi(8). pointed out and OK ratchov@
2020-05-24jturner pointed out that if one wants to run cgi scripts outside /cgi-bin ↵florian-2/+6
SCRIPT_NAME doesn't cut it. The spec says: "The SCRIPT_NAME variable MUST be set to a URL path". Use SCRIPT_FILENAME which can be an absolute filesystem path for these cases and fall back to using SCRIPT_NAME if SCRIPT_FILENAME is not present. Details how to handle this worked out by jturner and sthen. Based on an erlier diff by jturner. Tested by jturner OK jturner, sthen
2020-05-24fix reaper loop that could run indefinitelydjm-2/+5
log execve() failures to syslog (very useful for debugging SCRIPT_NAME problems) ok florian@
2020-05-24Initialize sun_len, pointed out by deraadt@. While there also check length ↵florian-2/+6
of socket path, more relevant now since an alternative socket can be specified. OK benno@
2020-05-24Fix a potential file descriptor overlap in exec_cgi() by making sure that ↵florian-2/+26
file descriptors zero to two are always open when starting slowcgi. pointed out, with and looks good to deraadt@
2020-05-24We need to loop around waitpid to catch all exited children as we are not ↵florian-19/+20
guaranteed to get one signal per child. pointed out by deraadt OK benno, blambert
2020-05-24Do not leak fds in fork(2) error path. pointed out by deraadt@florian-1/+17
2020-05-24Check for EINTR, too. pointed out by deraadt@florian-3/+3
2020-05-24No need for volatile here. pointed out by deraadt@florian-2/+2
2020-05-24spelling, spacing, etcderaadt-18/+20
2020-05-24reserve file descriptors for incoming connections so we will be able to ↵benno-3/+35
actually run the cgi for them later on. mirrored on relayd. ok florian@ blambert@
2020-05-24Keep track of which fds were closed before and only close those still open. ↵florian-4/+16
Otherwise if there are parallel requests and the timing is just right we were closing random fds from other connections. OK blambert
2020-05-24Do not fiddle with the response queue directly but go through a new ↵florian-9/+12
slowcgi_add_response() function. This ensures that we always do an event_add. OK blambert
2020-05-24Logging to syslog works better with openlog(3). OK blambertflorian-1/+7
2020-05-24Use a dedicated socketpair for stdin, makes the code more symetric and gets ↵florian-15/+25
rid of shutdown(2) which might cause problems. OK blambert
2020-05-24Calculate correct pointer for fcgi_{begin,end}_request_body. input / OK blambertflorian-3/+3
2020-05-24Calculate correct pointer for end_request; while there initialize reserved ↵florian-3/+6
to zero. OK blambert
2020-05-24set FD_CLOEXEC OK blambertflorian-1/+8
2020-05-24adjust the names to more accurately reflect the names of structs and ↵blambert-65/+65
functions as they relate to the FastCGI protocol style(9)ize some function declarations while here ok florian@
2020-05-24Sprinkle some comments which clarify the protocol/process flow.blambert-1/+18
ok florian@
2020-05-24When dumping FastCGI protocol headers during debug, dump the "request begin" ↵blambert-8/+43
and "request end" protocol entries in addition While here, make the "FastCGI request body" struct's name more precise (fcgi_end_request -> fcgi_end_request_body). okay florian@
2020-05-24Use the correct buffer size for memory allocation and reads.blambert-5/+9
okay florian@
2020-05-24If the CGI script died due to receipt of signal, pass that back to the HTTP ↵blambert-6/+20
frontend as the "application return status". While here, add a pair of informative debugging statements. ok florian@
2020-05-24slowcgi grows an option to specify an alternate FastCGI socket on which to ↵blambert-6/+11
listen. okay dcoppa@, henning@, florian@ manpage okay from jmc@
2020-05-24Give slowcgi a style(9) scrubbing. No functional change.blambert-41/+47
ok florian@
2020-05-24move bgplg and slowcgi sockets to /var/www/run input reyk@, guenther@ "move ↵florian-2/+2
fast" deraadt@ OK naddy@
2020-05-24off by one, from Henri Kemppainen <duclare-at-guu.fi>, thanks!florian-2/+2
2020-05-24Fix pasto where 'c' instead of 'clients' is checked for NULL and add missing ↵jasper-2/+3
free for the fcgi_response. ok florian@