summaryrefslogtreecommitdiff
path: root/usr.sbin/slowcgi
AgeCommit message (Collapse)Author
2016-08-16As suggested by the FastCGI spec, zero-pad the response buffers to beReyk Floeter
aligned to 8 bytes. This matches what most other implementations are doing. While here, make sure that the allocated response buffers are zero'ed out. OK florian@
2015-11-20typo in error message: to -> tootb
ok florian@
2015-11-05pledge(2) for slowcgi.Florian Obser
After initialization slowcgi accepts from a AF_UNIX socket, forks and execs. After fork we only need to close(2), chdir(2) and exec. OK benno@
2015-11-05re-shuffle slowcgi_listen to run less code as root.Florian Obser
OK benno@
2015-09-25Output the contents of the environment in debug mode which isTodd C. Miller
most helpful in debugging interactions between httpd and slowcgi. OK florian@
2015-01-22Clean up includes, while here fix a white space which lead to a falseFlorian Obser
positive during grep'ing. OK reyk
2015-01-19The kernel doesn't actually care what a sockaddr's sa_len is on input,Philip Guenther
so don't waste code setting it improvment and ok florian@
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
2014-12-08read(2) returns ssize_t, not size_tBret Lambert
ok florian@
2014-12-05enable warningsFlorian Obser
2014-12-05Bail out if the buffer is too small to contain the length of aFlorian Obser
parameter value. Found while investigating a dead store pointed out by llvm scan-build.
2014-12-05dead stores; pointed out by llvm scan-build; no binary changeFlorian Obser
2014-12-05pause shadows global; pointed out by gcc; no binary changeFlorian Obser
2014-12-05mode is unused; pointed out by gcc; no binary changeFlorian Obser
2014-12-05declare lerr and lerrx __dead; unconfuses llvm scan-buildFlorian Obser
2014-09-19Instead of doing the fcntl(2) and ioctl(2) song and dance just tellFlorian Obser
socket(2) and accept4(2) that we want non-blocking-close-on-exec sockets. OK benno@
2014-08-28fix previous, and add a SEE ALSO section for httpd;Jason McIntyre
2014-08-26remove nginx referencesRobert Nagy
2014-07-13Use lerrx instead of errx since the logging subsystem is already initialized.Claudio Jeker
OK florian@
2014-06-10Implement -u (user to drop privs to) and -p flag (path to chroot to).Florian Obser
This allows to run slowcgi non-chrooted with -p /, requested by at least ratchov@ and henning@. Input by many, OK ratchov@ on a previous diff, "looks good" millert@, man page bits tweak and OK schwarze@ (all some time ago); OK henning@
2014-06-10Cleanup socket creation.Florian Obser
Input ajacoutot some time ago; OK henning@
2014-04-16My previous attempt to chdir(2) to the directory containing the cgiFlorian Obser
script was not quite right. slowcgi would try to chdir("") with a SCRIPT_NAME of /foo.cgi; chdir("/") in that case. I'm not sure how one would configure nginx/slowcgi to get to that point though. OK benno@
2014-04-14Calculate the length of name and value for parameters the right wayFlorian Obser
around for the 4 byte encoding. With this QUERY_STRING can be longer than 127 bytes. Found the hard way while playing with smokeping. OK benno@
2014-04-13httpd(8) did a chdir(2) to the directory containing the cgi script. AsFlorian Obser
there might be scripts depending on this do the same in slowcgi(8). pointed out and OK ratchov@
2014-03-17jturner pointed out that if one wants to run cgi scripts outsideFlorian Obser
/cgi-bin SCRIPT_NAME doesn't cut it. The spec says: "The SCRIPT_NAME variable MUST be set to a URL path". Use SCRIPT_FILENAME which can be an absolute filesystem path for these cases and fall back to using SCRIPT_NAME if SCRIPT_FILENAME is not present. Details how to handle this worked out by jturner and sthen. Based on an erlier diff by jturner. Tested by jturner OK jturner, sthen
2014-01-20Better explanation what slowcgi(8) is for.Florian Obser
Room for improvements pointed out by deraadt@ Tweaks/OK jmc@ OK deraadt@
2014-01-19Wording improvements from Patrik LundinTheo de Raadt
2014-01-19fix reaper loop that could run indefinitelyDamien Miller
log execve() failures to syslog (very useful for debugging SCRIPT_NAME problems) ok florian@
2013-12-12Make it clear that slowcgi(8) drops privileges to user www.Florian Obser
Pointed out some time ago by blambert. OK jmc, blambert
2013-10-31Initialize sun_len, pointed out by deraadt@.Florian Obser
While there also check length of socket path, more relevant now since an alternative socket can be specified. OK benno@
2013-10-29Fix a potential file descriptor overlap in exec_cgi() by making sureFlorian Obser
that file descriptors zero to two are always open when starting slowcgi. pointed out, with and looks good to deraadt@
2013-10-23We need to loop around waitpid to catch all exited children as we areFlorian Obser
not guaranteed to get one signal per child. pointed out by deraadt OK benno, blambert
2013-10-21Do not leak fds in fork(2) error path.Florian Obser
pointed out by deraadt@
2013-10-21Check for EINTR, too.Florian Obser
pointed out by deraadt@
2013-10-21No need for volatile here.Florian Obser
pointed out by deraadt@
2013-10-20spelling, spacing, etcTheo de Raadt
2013-10-20reserve file descriptors for incoming connections so weSebastian Benoit
will be able to actually run the cgi for them later on. mirrored on relayd. ok florian@ blambert@
2013-10-19Keep track of which fds were closed before and only close those stillFlorian Obser
open. Otherwise if there are parallel requests and the timing is just right we were closing random fds from other connections. OK blambert
2013-10-18Do not fiddle with the response queue directly but go throughFlorian Obser
a new slowcgi_add_response() function. This ensures that we always do an event_add. OK blambert
2013-10-18Logging to syslog works better with openlog(3).Florian Obser
OK blambert
2013-10-18Use a dedicated socketpair for stdin, makes the code more symetric andFlorian Obser
gets rid of shutdown(2) which might cause problems. OK blambert
2013-10-18Calculate correct pointer for fcgi_{begin,end}_request_body.Florian Obser
input / OK blambert
2013-10-18Calculate correct pointer for end_request; while there initializeFlorian Obser
reserved to zero. OK blambert
2013-10-18set FD_CLOEXECFlorian Obser
OK blambert
2013-09-19adjust the names to more accurately reflect the names of structsBret Lambert
and functions as they relate to the FastCGI protocol style(9)ize some function declarations while here ok florian@
2013-09-11Sprinkle some comments which clarify the protocol/process flow.Bret Lambert
ok florian@
2013-09-06When dumping FastCGI protocol headers during debug, dump theBret Lambert
"request begin" and "request end" protocol entries in addition While here, make the "FastCGI request body" struct's name more precise (fcgi_end_request -> fcgi_end_request_body). okay florian@
2013-09-06Use the correct buffer size for memory allocation and reads.Bret Lambert
okay florian@
2013-08-30If the CGI script died due to receipt of signal, pass that backBret Lambert
to the HTTP frontend as the "application return status". While here, add a pair of informative debugging statements. ok florian@
2013-08-26slowcgi grows an option to specify an alternate FastCGI socketBret Lambert
on which to listen. okay dcoppa@, henning@, florian@ manpage okay from jmc@
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 10:00:37 +0000