git: 9front

Download patch

ref: 2c9193cda52f47d711e460d9763ed74894509881
parent: 5a1acb4e7cb6c9898db9cf15ad3f8093ebea98f5
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Tue Jun 2 19:15:02 EDT 2015 

rc-httpd: various fixes

care has to be taken when splitting the host into SERVER_NAME and SERVER_PORT,
as ipv6 uses : in the host part. also do it consistently, the host can be set
thru the request uri and the host header.

set REMOTE_USER to empty string to prevent accidents.

we do not handle chunked transfer encoding, just assuming the client doesnt
do keep alive is wrong. we have to reject the post when the client tries
chunked post with 411 "Length required" error.


--- a/rc/bin/rc-httpd/rc-httpd
+++ b/rc/bin/rc-httpd/rc-httpd
@@ -32,7 +32,9 @@
 REQUEST_URI=$request(2)
 reqlines=''
 HTTP_COOKIE=''
+REMOTE_USER=''
 done=false
+chunked=no
 while(~ $"done false){
 	line=`{getline}
 	if(~ $#line 0)
@@ -44,10 +46,7 @@
 	case ''
 		done=true
 	case host:
-		tmp=`{echo $line(2) | sed 's/:/ /'}
-		SERVER_NAME=$tmp(1)
-		if(! ~ $#tmp 1)
-			SERVER_PORT=$tmp(2)
+		SERVER_NAME=$line(2)
 	case referer:
 		HTTP_REFERER=$line(2)
 	case user-agent:
@@ -61,14 +60,17 @@
 		HTTP_COOKIE=$"HTTP_COOKIE^$"cookie^'; '
 	case authorization:
 		REMOTE_USER=`{auth/httpauth $line(3)}
+	case transfer-encoding:
+		~ $line(2) chunked && chunked=yes
 	}
 }
-if(~ $REQUEST_URI http://*){
+if(~ $REQUEST_URI *://* //*){
 	SERVER_NAME=`{echo $REQUEST_URI | sed '
-		s;^http://;;
-		s;/.*;;
-	'}
-	REQUEST_URI=`{echo $REQUEST_URI | sed 's;^http://[^/]+/?;/;'}
+		s;^[^:]+:;;
+		s;^//([^/]+).*;\1;'}
+	REQUEST_URI=`{echo $REQUEST_URI | sed '
+		s;^[^:]+:;;
+		s;^//[^/]+/?;/;'}
 }
 QUERY_STRING=`{echo $REQUEST_URI | sed 's;[^?]*\??;;'}
 params=`{echo $QUERY_STRING | sed 's;\+; ;g'}
@@ -78,11 +80,20 @@
 	s;/\./;/;g
 	s;//+;/;g
 '}
-if(~ $REQUEST_METHOD POST){
+SERVER_NAME=`{echo $SERVER_NAME | sed 's;^(\[[^\]]+\]|[^:]+)\:([0-9]+)$;\1 \2;'}
+if(~ $#SERVER_NAME 2){
+	SERVER_PORT=$SERVER_NAME(2)
+	SERVER_NAME=$SERVER_NAME(1)
+}
+if(~ $REQUEST_METHOD (PUT POST)){
 	if(! ~ $"CONTENT_LENGTH '')
 		trim_input | exec $rc_httpd_dir/select-handler
 	if not{
-		echo 'POST without content-length, assuming no keep-alive.' >[1=2]
+		if(~ $chunked yes){
+			echo 'HTTP/1.1 411 Length required'^$cr
+			echo $cr
+			exit
+		}
 		exec $rc_httpd_dir/select-handler
 	}
 }
--