rc-httpd: various fixes

care has to be taken when splitting the host into SERVER_NAME and SERVER_PORT,
as ipv6 uses : in the host part. also do it consistently, the host can be set
thru the request uri and the host header.

set REMOTE_USER to empty string to prevent accidents.

we do not handle chunked transfer encoding, just assuming the client doesnt
do keep alive is wrong. we have to reject the post when the client tries
chunked post with 411 "Length required" error.
This commit is contained in:
cinap_lenrek 2015-06-02 23:15:02 +02:00
parent 5c6357de8b
commit 7b8bada6b4

View file

@ -32,7 +32,9 @@ REQUEST_METHOD=$request(1)
REQUEST_URI=$request(2) REQUEST_URI=$request(2)
reqlines='' reqlines=''
HTTP_COOKIE='' HTTP_COOKIE=''
REMOTE_USER=''
done=false done=false
chunked=no
while(~ $"done false){ while(~ $"done false){
line=`{getline} line=`{getline}
if(~ $#line 0) if(~ $#line 0)
@ -44,10 +46,7 @@ while(~ $"done false){
case '' case ''
done=true done=true
case host: case host:
tmp=`{echo $line(2) | sed 's/:/ /'} SERVER_NAME=$line(2)
SERVER_NAME=$tmp(1)
if(! ~ $#tmp 1)
SERVER_PORT=$tmp(2)
case referer: case referer:
HTTP_REFERER=$line(2) HTTP_REFERER=$line(2)
case user-agent: case user-agent:
@ -61,14 +60,17 @@ while(~ $"done false){
HTTP_COOKIE=$"HTTP_COOKIE^$"cookie^'; ' HTTP_COOKIE=$"HTTP_COOKIE^$"cookie^'; '
case authorization: case authorization:
REMOTE_USER=`{auth/httpauth $line(3)} REMOTE_USER=`{auth/httpauth $line(3)}
case transfer-encoding:
~ $line(2) chunked && chunked=yes
} }
} }
if(~ $REQUEST_URI http://*){ if(~ $REQUEST_URI *://* //*){
SERVER_NAME=`{echo $REQUEST_URI | sed ' SERVER_NAME=`{echo $REQUEST_URI | sed '
s;^http://;; s;^[^:]+:;;
s;/.*;; s;^//([^/]+).*;\1;'}
'} REQUEST_URI=`{echo $REQUEST_URI | sed '
REQUEST_URI=`{echo $REQUEST_URI | sed 's;^http://[^/]+/?;/;'} s;^[^:]+:;;
s;^//[^/]+/?;/;'}
} }
QUERY_STRING=`{echo $REQUEST_URI | sed 's;[^?]*\??;;'} QUERY_STRING=`{echo $REQUEST_URI | sed 's;[^?]*\??;;'}
params=`{echo $QUERY_STRING | sed 's;\+; ;g'} params=`{echo $QUERY_STRING | sed 's;\+; ;g'}
@ -78,11 +80,20 @@ location=`{echo $location | sed '
s;/\./;/;g s;/\./;/;g
s;//+;/;g s;//+;/;g
'} '}
if(~ $REQUEST_METHOD POST){ SERVER_NAME=`{echo $SERVER_NAME | sed 's;^(\[[^\]]+\]|[^:]+)\:([0-9]+)$;\1 \2;'}
if(~ $#SERVER_NAME 2){
SERVER_PORT=$SERVER_NAME(2)
SERVER_NAME=$SERVER_NAME(1)
}
if(~ $REQUEST_METHOD (PUT POST)){
if(! ~ $"CONTENT_LENGTH '') if(! ~ $"CONTENT_LENGTH '')
trim_input | exec $rc_httpd_dir/select-handler trim_input | exec $rc_httpd_dir/select-handler
if not{ if not{
echo 'POST without content-length, assuming no keep-alive.' >[1=2] if(~ $chunked yes){
echo 'HTTP/1.1 411 Length required'^$cr
echo $cr
exit
}
exec $rc_httpd_dir/select-handler exec $rc_httpd_dir/select-handler
} }
} }