aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDenys Vlasenko <vda.linux@googlemail.com>2019-04-14 19:57:13 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2019-04-14 19:57:13 +0200
commit51792e126bddaabf572132f1e0d4ed9bfd324c58 (patch)
treec73fabbd6ad051a3a8d257c33ecb756a392932b4
parent60bf77f7e7c4513a781e9acc1b9bca64c4051140 (diff)
downloadbusybox-w32-51792e126bddaabf572132f1e0d4ed9bfd324c58.tar.gz
busybox-w32-51792e126bddaabf572132f1e0d4ed9bfd324c58.tar.bz2
busybox-w32-51792e126bddaabf572132f1e0d4ed9bfd324c58.zip
httpd: if remote IP is denied, send FORBIDDEN reply earlier
While at it, fix sighup_handler to not clobber errno. function old new delta send_HTTP_FORBIDDEN_and_exit_if_denied_ip - 47 +47 sighup_handler 15 30 +15 handle_incoming_and_exit 2791 2763 -28 checkPermIP 48 - -48 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 1/1 up/down: 62/-76) Total: -14 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat
-rw-r--r--networking/httpd.c24
1 files changed, 14 insertions, 10 deletions
diff --git a/networking/httpd.c b/networking/httpd.c
index b52526a78..f713f6929 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -95,9 +95,7 @@
95 * If -c is not set, an attempt will be made to open the default 95 * If -c is not set, an attempt will be made to open the default
96 * root configuration file. If -c is set and the file is not found, the 96 * root configuration file. If -c is set and the file is not found, the
97 * server exits with an error. 97 * server exits with an error.
98 *
99 */ 98 */
100 /* TODO: use TCP_CORK, parse_config() */
101//config:config HTTPD 99//config:config HTTPD
102//config: bool "httpd (32 kb)" 100//config: bool "httpd (32 kb)"
103//config: default y 101//config: default y
@@ -246,6 +244,8 @@
246//usage: "\n -e STRING HTML encode STRING" 244//usage: "\n -e STRING HTML encode STRING"
247//usage: "\n -d STRING URL decode STRING" 245//usage: "\n -d STRING URL decode STRING"
248 246
247/* TODO: use TCP_CORK, parse_config() */
248
249#include "libbb.h" 249#include "libbb.h"
250#include "common_bufsiz.h" 250#include "common_bufsiz.h"
251#if ENABLE_PAM 251#if ENABLE_PAM
@@ -1817,7 +1817,7 @@ static NOINLINE void send_file_and_exit(const char *url, int what)
1817 log_and_exit(); 1817 log_and_exit();
1818} 1818}
1819 1819
1820static int checkPermIP(void) 1820static void send_HTTP_FORBIDDEN_and_exit_if_denied_ip(void)
1821{ 1821{
1822 Htaccess_IP *cur; 1822 Htaccess_IP *cur;
1823 1823
@@ -1837,10 +1837,13 @@ static int checkPermIP(void)
1837 ); 1837 );
1838#endif 1838#endif
1839 if ((rmt_ip & cur->mask) == cur->ip) 1839 if ((rmt_ip & cur->mask) == cur->ip)
1840 return (cur->allow_deny == 'A'); /* A -> 1 */ 1840 if (cur->allow_deny == 'A')
1841 return;
1842 send_headers_and_exit(HTTP_FORBIDDEN);
1841 } 1843 }
1842 1844
1843 return !flg_deny_all; /* depends on whether we saw "D:*" */ 1845 if (flg_deny_all) /* depends on whether we saw "D:*" */
1846 send_headers_and_exit(HTTP_FORBIDDEN);
1844} 1847}
1845 1848
1846#if ENABLE_FEATURE_HTTPD_BASIC_AUTH 1849#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
@@ -2090,7 +2093,6 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
2090#if ENABLE_FEATURE_HTTPD_BASIC_AUTH 2093#if ENABLE_FEATURE_HTTPD_BASIC_AUTH
2091 smallint authorized = -1; 2094 smallint authorized = -1;
2092#endif 2095#endif
2093 smallint ip_allowed;
2094 char http_major_version; 2096 char http_major_version;
2095#if ENABLE_FEATURE_HTTPD_PROXY 2097#if ENABLE_FEATURE_HTTPD_PROXY
2096 char http_minor_version; 2098 char http_minor_version;
@@ -2240,14 +2242,14 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
2240 bb_error_msg("url:%s", urlcopy); 2242 bb_error_msg("url:%s", urlcopy);
2241 2243
2242 tptr = urlcopy; 2244 tptr = urlcopy;
2243 ip_allowed = checkPermIP(); 2245 send_HTTP_FORBIDDEN_and_exit_if_denied_ip();
2244 while (ip_allowed && (tptr = strchr(tptr + 1, '/')) != NULL) { 2246 while ((tptr = strchr(tptr + 1, '/')) != NULL) {
2245 /* have path1/path2 */ 2247 /* have path1/path2 */
2246 *tptr = '\0'; 2248 *tptr = '\0';
2247 if (is_directory(urlcopy + 1, /*followlinks:*/ 1)) { 2249 if (is_directory(urlcopy + 1, /*followlinks:*/ 1)) {
2248 /* may have subdir config */ 2250 /* may have subdir config */
2249 parse_conf(urlcopy + 1, SUBDIR_PARSE); 2251 parse_conf(urlcopy + 1, SUBDIR_PARSE);
2250 ip_allowed = checkPermIP(); 2252 send_HTTP_FORBIDDEN_and_exit_if_denied_ip();
2251 } 2253 }
2252 *tptr = '/'; 2254 *tptr = '/';
2253 } 2255 }
@@ -2380,7 +2382,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
2380 /* We are done reading headers, disable peer timeout */ 2382 /* We are done reading headers, disable peer timeout */
2381 alarm(0); 2383 alarm(0);
2382 2384
2383 if (strcmp(bb_basename(urlcopy), HTTPD_CONF) == 0 || !ip_allowed) { 2385 if (strcmp(bb_basename(urlcopy), HTTPD_CONF) == 0) {
2384 /* protect listing [/path]/httpd.conf or IP deny */ 2386 /* protect listing [/path]/httpd.conf or IP deny */
2385 send_headers_and_exit(HTTP_FORBIDDEN); 2387 send_headers_and_exit(HTTP_FORBIDDEN);
2386 } 2388 }
@@ -2593,7 +2595,9 @@ static void mini_httpd_inetd(void)
2593 2595
2594static void sighup_handler(int sig UNUSED_PARAM) 2596static void sighup_handler(int sig UNUSED_PARAM)
2595{ 2597{
2598 int sv = errno;
2596 parse_conf(DEFAULT_PATH_HTTPD_CONF, SIGNALED_PARSE); 2599 parse_conf(DEFAULT_PATH_HTTPD_CONF, SIGNALED_PARSE);
2600 errno = sv;
2597} 2601}
2598 2602
2599enum { 2603enum {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-22 09:11:12 +0000