From 2b522069cdfc5e52846b40f578de6590a63d7951 Mon Sep 17 00:00:00 2001 From: Kim Holviala Date: Sun, 28 Jan 2018 17:43:35 +0200 Subject: [PATCH] Selector /server-status can now be disabled and no longer leaks IP addresses by default --- README | 3 ++- file.c | 22 ++++++++++++---------- gophernicus.c | 3 ++- gophernicus.h | 1 + options.c | 1 + 5 files changed, 18 insertions(+), 12 deletions(-) diff --git a/README b/README index d79bfff..bfc2033 100644 --- a/README +++ b/README @@ -40,11 +40,12 @@ Command line options: -nq Disable HTTP-style query strings (?query) -ns Disable logging to syslog -na Disable autogenerated caps.txt + -nt Disable /server-status -nm Disable shared memory use (for debugging) -nr Disable root user checking (for debugging) -np Disable HAproxy proxy protocol - -d Debug to syslog (not for production use) + -d Debug output in syslog and /server-status -v Display version number and build date -b Display the BSD license -? Display this help diff --git a/file.c b/file.c index 7ddd45a..666619a 100644 --- a/file.c +++ b/file.c @@ -204,16 +204,18 @@ void server_status(state *st, shm_state *shm, int shmid) if ((now - shm->session[i].req_atime) < st->session_timeout) { sessions++; - printf("Session: %-4i %-40s %-4li %-7li gopher%s://%s:%i/%c%s" CRLF, - (int) (now - shm->session[i].req_atime), - shm->session[i].req_remote_addr, - shm->session[i].hits, - shm->session[i].kbytes, - (shm->session[i].server_port == st->server_tls_port ? "s" : ""), - shm->session[i].server_host, - shm->session[i].server_port, - shm->session[i].req_filetype, - shm->session[i].req_selector); + if (st->debug) { + printf("Session: %-4i %-40s %-4li %-7li gopher%s://%s:%i/%c%s" CRLF, + (int) (now - shm->session[i].req_atime), + shm->session[i].req_remote_addr, + shm->session[i].hits, + shm->session[i].kbytes, + (shm->session[i].server_port == st->server_tls_port ? "s" : ""), + shm->session[i].server_host, + shm->session[i].server_port, + shm->session[i].req_filetype, + shm->session[i].req_selector); + } } } diff --git a/gophernicus.c b/gophernicus.c index 22c2a39..3c7220e 100644 --- a/gophernicus.c +++ b/gophernicus.c @@ -450,6 +450,7 @@ void init_state(state *st) st->opt_iconv = TRUE; st->opt_query = TRUE; st->opt_caps = TRUE; + st->opt_status = TRUE; st->opt_shm = TRUE; st->opt_root = TRUE; st->opt_proxy = TRUE; @@ -676,7 +677,7 @@ get_selector: /* Handle /server-status requests */ #ifdef HAVE_SHMEM - if (sstrncmp(st.req_selector, SERVER_STATUS) == MATCH) { + if (st.opt_status && sstrncmp(st.req_selector, SERVER_STATUS) == MATCH) { if (shm) server_status(&st, shm, shmid); return OK; } diff --git a/gophernicus.h b/gophernicus.h index 3cb44b4..271e878 100644 --- a/gophernicus.h +++ b/gophernicus.h @@ -348,6 +348,7 @@ typedef struct { char opt_vhost; char opt_query; char opt_caps; + char opt_status; char opt_shm; char opt_root; char opt_proxy; diff --git a/options.c b/options.c index dfce700..bd49f1a 100644 --- a/options.c +++ b/options.c @@ -140,6 +140,7 @@ void parse_args(state *st, int argc, char *argv[]) if (*optarg == 'q') { st->opt_query = FALSE; break; } if (*optarg == 's') { st->opt_syslog = FALSE; break; } if (*optarg == 'a') { st->opt_caps = FALSE; break; } + if (*optarg == 't') { st->opt_status = FALSE; break; } if (*optarg == 'm') { st->opt_shm = FALSE; break; } if (*optarg == 'r') { st->opt_root = FALSE; break; } if (*optarg == 'p') { st->opt_proxy = FALSE; break; }