diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-06-02 23:15:02 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2015-06-02 23:15:02 +0200 |
| commit | 7b8bada6b471f4ab2ee12f5a2721ca488fac462f (patch) | |
| tree | 4760caf25a89152ef2da63976ac57096a0c09c0d | |
| parent | 5c6357de8bda7c5fe0a7fa4ab31b365a9ae8e6fb (diff) | |
| download | plan9front-7b8bada6b471f4ab2ee12f5a2721ca488fac462f.tar.xz | |
rc-httpd: various fixes
care has to be taken when splitting the host into SERVER_NAME and SERVER_PORT,
as ipv6 uses : in the host part. also do it consistently, the host can be set
thru the request uri and the host header.
set REMOTE_USER to empty string to prevent accidents.
we do not handle chunked transfer encoding, just assuming the client doesnt
do keep alive is wrong. we have to reject the post when the client tries
chunked post with 411 "Length required" error.
| -rwxr-xr-x | rc/bin/rc-httpd/rc-httpd | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/rc/bin/rc-httpd/rc-httpd b/rc/bin/rc-httpd/rc-httpd index bb3fac94f..bd9dc7808 100755 --- a/rc/bin/rc-httpd/rc-httpd +++ b/rc/bin/rc-httpd/rc-httpd @@ -32,7 +32,9 @@ REQUEST_METHOD=$request(1) REQUEST_URI=$request(2) reqlines='' HTTP_COOKIE='' +REMOTE_USER='' done=false +chunked=no while(~ $"done false){ line=`{getline} if(~ $#line 0) @@ -44,10 +46,7 @@ while(~ $"done false){ case '' done=true case host: - tmp=`{echo $line(2) | sed 's/:/ /'} - SERVER_NAME=$tmp(1) - if(! ~ $#tmp 1) - SERVER_PORT=$tmp(2) + SERVER_NAME=$line(2) case referer: HTTP_REFERER=$line(2) case user-agent: @@ -61,14 +60,17 @@ while(~ $"done false){ HTTP_COOKIE=$"HTTP_COOKIE^$"cookie^'; ' case authorization: REMOTE_USER=`{auth/httpauth $line(3)} + case transfer-encoding: + ~ $line(2) chunked && chunked=yes } } -if(~ $REQUEST_URI http://*){ +if(~ $REQUEST_URI *://* //*){ SERVER_NAME=`{echo $REQUEST_URI | sed ' - s;^http://;; - s;/.*;; - '} - REQUEST_URI=`{echo $REQUEST_URI | sed 's;^http://[^/]+/?;/;'} + s;^[^:]+:;; + s;^//([^/]+).*;\1;'} + REQUEST_URI=`{echo $REQUEST_URI | sed ' + s;^[^:]+:;; + s;^//[^/]+/?;/;'} } QUERY_STRING=`{echo $REQUEST_URI | sed 's;[^?]*\??;;'} params=`{echo $QUERY_STRING | sed 's;\+; ;g'} @@ -78,11 +80,20 @@ location=`{echo $location | sed ' s;/\./;/;g s;//+;/;g '} -if(~ $REQUEST_METHOD POST){ +SERVER_NAME=`{echo $SERVER_NAME | sed 's;^(\[[^\]]+\]|[^:]+)\:([0-9]+)$;\1 \2;'} +if(~ $#SERVER_NAME 2){ + SERVER_PORT=$SERVER_NAME(2) + SERVER_NAME=$SERVER_NAME(1) +} +if(~ $REQUEST_METHOD (PUT POST)){ if(! ~ $"CONTENT_LENGTH '') trim_input | exec $rc_httpd_dir/select-handler if not{ - echo 'POST without content-length, assuming no keep-alive.' >[1=2] + if(~ $chunked yes){ + echo 'HTTP/1.1 411 Length required'^$cr + echo $cr + exit + } exec $rc_httpd_dir/select-handler } } |