1
0
mirror of https://git.sr.ht/~sircmpwn/gmnisrv synced 2024-11-03 06:07:17 -05:00
Commit Graph

107 Commits

Author SHA1 Message Date
Drew DeVault
41c4bfecc7 README.md: add maintenance notice 2023-01-16 13:33:40 +01:00
Remy Noulin
95138564ac Close some files when too many are open 2022-12-19 12:02:08 +01:00
Julian Maingot
132f2ececc notify clients about malformed requests
I think this has been broken for a while and I came across it while
implementing my own client. The server should notify the client that the
request is malformed but wasn't sending the response when SSL_read
returned SSL_ERROR_WANT_READ.
2022-08-15 15:50:27 +02:00
William Casarin
1925bc3e7a serve: make hostname matching case-insensitive
Reported-by: James Tomasino <james@tomasino.org>
Signed-off-by: William Casarin <jb55@jb55.com>
2021-11-15 21:07:23 +01:00
mbays
5783501752 set session id context
This is necessary now client certificates are supported.
Without it, an attempt to resume a session fails with
"ssl_get_prev_session:session id context uninitialized".
2021-08-27 09:48:07 +02:00
Karmanyaah Malhotra
32854b79c7 Check index before serving autoindex
if a directory is being served.
2021-06-21 08:42:29 -04:00
dece
9f2481dcdf Support REMOTE_USER in CGI 2021-06-17 09:52:50 -04:00
dece
d7bd3c6a0d Support TLS_CLIENT_SERIAL_NUMBER in CGI 2021-06-17 09:52:50 -04:00
dece
0bf3cde2a0 Use strncpy to build TLS_CLIENT_HASH
strncat on an uninitialized array leads to issues.
2021-06-17 09:52:49 -04:00
Eyal Sawady
b9a92193e9 disconnect_client: fix index calculation
This was sometimes causing a gmnisrv_client to be overwritten by the
deinitialized client, which occasionally lead to a segfault when we
later tried to use it.
2021-05-16 15:54:16 -04:00
Thomas Karpiniec
53e4ce4abd Create certificates which last 68 years (INT32_MAX seconds)
This avoids integer overflow on 32-bit architectures.
2021-05-16 14:10:57 -04:00
Drew DeVault
0dc0e4432a Revert "Routing: Fix non-ascii paths"
This causes a security issue (path traversal)

This reverts commit ea360fa4c1.
2021-05-04 09:43:23 -04:00
bacardi55
8b65e303b0 Fix integer overflow error in tls.c 2021-03-24 08:02:48 -04:00
Drew DeVault
f23ec10a6d Move certificate expiration into the far future 2021-03-04 11:04:46 -05:00
nytpu
ae7ca3db39 Send client certificate hash for CGI scripts.
Set SSL_VERIFY_PEER to request a client certificate from the server,
when available.  Have to shim the certificate verification function or
else it will fail on self-signed client certs.

In serve_cgi retrieve client certificate, create a fingerprint, and set
proper environment variables.  It's pretty barebones, it doesn't parse
the certificate to give any other useful info like the common name, but
it's acceptable IMO.  For most CGI uses the fingerprint is the only
thing that is needed anyways.
2021-02-11 09:19:16 -05:00
Nolan Prescott
6d9dd838e4 ignore SIGCHLD to prevent CGI zombies
with nothing waiting on the forked processes there is no reason not to
reap the CGI process on exit

intended to address issue from mailing list "gmnisrv uses too many
tasks" <163806E8-A16A-463E-8C62-43E903EF1E35@librem.one>
2021-02-07 08:07:05 -05:00
Matt Keeter
d1ccb60a52 Use v3 X509 certificate
This fixes an issue where rustls failed to validate the X509v1 certificate.

Tested with Amfora, av-98, and titan (https://github.com/mkeeter/titan)

This requires fresh certificates, which could break clients with strict
trust-on-first-use policies; unfortunately, it doesn't appear to be possible
to migrate v1 certificates to v3.
2021-02-05 10:39:21 -05:00
René Wagner
32913c35cd implement handling of ROUTE_EXACT definitions
This patchset implements the handling of exact routes
as described in gmnisrvini(5).
2021-01-29 08:55:43 -05:00
Zach DeCook
ea360fa4c1 Routing: Fix non-ascii paths 2021-01-22 08:15:03 -05:00
Zach DeCook
fbef1d34a1 autoindex: fix off-by-one buffer size 2020-12-27 08:13:09 -05:00
Zach DeCook
eac874b925 autoindex: end directories with trailing slash 2020-12-24 09:05:28 -05:00
Nolan Prescott
61bf4c53aa Fix IP address logging
Cast generic sockaddr to the appropriate sockaddr_ AF and switch
inet_ntop argument accordingly.

Intended to fix issue reported on ~sircmpwn/gmni-discuss: "Logged IPv4
addresses are wrong"
2020-12-19 09:29:39 -05:00
Mark Dain
cb2c84b0ad Switch to using ECDSA (secp384r1) keys 2020-11-21 09:12:16 -05:00
William Casarin
10662cac46 serve: handle return value from chdir
Fixes a compile error on gcc 9.3.0:

src/serve.c: In function 'serve_cgi':
src/serve.c:150:3: error: ignoring return value of 'chdir', declared
with attribute warn_unused_result [-Werror=unused-result]
  150 |   chdir(dirname(cwd));
      |   ^~~~~~~~~~~~~~~~~~~

Signed-off-by: William Casarin <jb55@jb55.com>
2020-11-20 11:17:43 -05:00
Eyal Sawady
c538c2aae9 gitignore: add *.5 2020-11-15 12:00:48 -05:00
Eyal Sawady
cb042d6263 CGI: Don't hang on directory with no index 2020-11-15 11:33:16 -05:00
Eyal Sawady
0646fd020c CGI: Fix paths which end in '/' 2020-11-15 10:55:48 -05:00
Eyal Sawady
05a71905f9 Fix typo in documentation for $GATEWAY_INTERFACE 2020-11-11 10:30:03 -05:00
Kenny Levinsen
9fd9eef9d7 Fix use of wrong index during pollfd refresh
The right side of the refresh ended up using the index of the deleted
client instead of the index from the loop, which happens to work when
the destroyed client is either last or second-last.
2020-11-10 08:06:37 -05:00
Kenny Levinsen
fdd27bb4c1 Update pollfd pointers when destroying a client
The client pollfd pointer would go stale when the server pollfd array
was moved to compensate for a destroyed client, which in turn led to
poll breakage.

Refresh the pollfd pointers after memmove.
2020-11-08 21:34:34 -05:00
Drew DeVault
74077b6f95 Prevent double free of client resources 2020-11-08 16:37:53 -05:00
Drew DeVault
ea2914efff Set CWD to cgi-bin when executing scripts 2020-11-08 12:16:59 -05:00
Drew DeVault
57f4fcdc41 Fix double free 2020-11-08 12:12:43 -05:00
René Wagner
02a386b568 check if file served as cgi is executable
if not, send a response 50 to the client
fixes ~sircmpwn/gmni#47
2020-11-08 10:59:35 -05:00
dbandstra
c145ac6a65 fix typo in GATEWAY_INTERFACE value 2020-11-08 09:38:52 -05:00
mbays
4b2c3afdb0 Set POLLOUT only when there's something to write 2020-11-08 09:38:17 -05:00
William Casarin
ea40fb5a53 tls: fix crash when opening priv key for writing
The open syscall will return a negative value if the call fails. Switch
the check to look for this instead of 0.

before:

[gmnisrv] generating certificate for localhost
gmnisrv: src/tls.c:68: tls_host_gencert: Assertion `pf' failed.
abort (core dumped)  ./gmnisrv -C config.ini

after:

[gmnisrv] generating certificate for localhost
[gmnisrv] opening private key for writing failed: No such file or directory
[gmnisrv] TLS initialization failed

Signed-off-by: William Casarin <jb55@jb55.com>
2020-11-08 09:38:04 -05:00
Tom Lebreux
7aedbed774 Don't memmove one past clients 2020-11-08 09:37:59 -05:00
Tom Lebreux
d20caf389b Fix not moving all fds 2020-11-08 09:37:55 -05:00
Tom Lebreux
4f12abfbc2 Fix memory leaks 2020-11-08 09:37:55 -05:00
William Casarin
d484ba0ab0 config/routing: fix maybe-uninitialized errors
Trivial fix to silence compilation errors on gcc 9.3.0:

  src/config.c: In function ‘conf_ini_handler’:
  src/config.c:154:23: error: ‘routing’ may be used uninitialized in this
  function [-Werror=maybe-uninitialized]
    154 |  enum gmnisrv_routing routing;
        |                       ^~~~~~~

  src/config.c:197:18: error: ‘spec’ may be used uninitialized in this
  function [-Werror=maybe-uninitialized]
    197 |    route->path = strdup(spec);
        |                  ^~~~~~~~~~~~

Signed-off-by: William Casarin <jb55@jb55.com>
2020-11-02 12:29:19 -05:00
Drew DeVault
b45ddd813b Add mailcap to dependencies 2020-11-01 14:24:31 -05:00
Drew DeVault
dc6e4e80c0 Implement URL rewrites with regex capture groups 2020-11-01 11:19:51 -05:00
Drew DeVault
953039e0b1 gmnisrv.ini(5): clarify tokens in route config 2020-11-01 10:34:41 -05:00
Drew DeVault
16e55c6262 Change meaning of root (backwards incompatible!)
This takes the nginx approach to the "root" directive, which is simpler
to implement and more consistent with more complex routing behaviors
like regexp.

The path component of the URL is now simply appended to the root to form
the path to the file which should be served to the client.
2020-11-01 10:32:44 -05:00
Drew DeVault
36e53f1f7f It's actually ECMAScript 2018 compatible 2020-11-01 10:21:45 -05:00
Drew DeVault
0ba984b841 regexp.c: ditch unused test code 2020-11-01 09:51:14 -05:00
Drew DeVault
4b6f5a1c61 Clarify regex details in gmnisrv.ini(5) 2020-11-01 09:48:10 -05:00
Drew DeVault
f15bea6583 Implement regex route matching 2020-11-01 09:43:46 -05:00
Drew DeVault
70fadc21b9 Drop most of the unicode tables 2020-10-29 23:30:49 -04:00