-/* $Id: cgi.c,v 1.85 2014/07/25 16:56:06 schwarze Exp $ */
+/* $Id: cgi.c,v 1.103 2015/01/15 04:26:39 schwarze Exp $ */
/*
* Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
* Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifdef HAVE_CONFIG_H
#include "config.h"
-#endif
+
+#include <sys/types.h>
+#include <sys/time.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
+#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static void catman(const struct req *, const char *);
static void format(const struct req *, const char *);
static void html_print(const char *);
-static void html_printquery(const struct req *);
static void html_putchar(char);
static int http_decode(char *);
static void http_parse(struct req *, const char *);
static void http_print(const char *);
static void http_putchar(char);
-static void http_printquery(const struct req *);
+static void http_printquery(const struct req *, const char *);
static void pathgen(struct req *);
static void pg_error_badrequest(const char *);
static void pg_error_internal(void);
"All Sections",
"1 - General Commands",
"2 - System Calls",
- "3 - Subroutines",
- "3p - Perl Subroutines",
- "4 - Special Files",
+ "3 - Library Functions",
+ "3p - Perl Library",
+ "4 - Device Drivers",
"5 - File Formats",
"6 - Games",
- "7 - Macros and Conventions",
- "8 - Maintenance Commands",
- "9 - Kernel Interface"
+ "7 - Miscellaneous Information",
+ "8 - System Manager\'s Manual",
+ "9 - Kernel Developer\'s Manual"
};
static const int sec_MAX = sizeof(sec_names) / sizeof(char *);
}
static void
-http_printquery(const struct req *req)
+http_printquery(const struct req *req, const char *sep)
{
- if (NULL != req->q.manpath) {
- printf("&manpath=");
- http_print(req->q.manpath);
- }
- if (NULL != req->q.sec) {
- printf("&sec=");
- http_print(req->q.sec);
- }
- if (NULL != req->q.arch) {
- printf("&arch=");
- http_print(req->q.arch);
- }
if (NULL != req->q.query) {
- printf("&query=");
+ printf("query=");
http_print(req->q.query);
}
if (0 == req->q.equal)
- printf("&apropos=1");
-}
-
-static void
-html_printquery(const struct req *req)
-{
-
- if (NULL != req->q.manpath) {
- printf("&manpath=");
- html_print(req->q.manpath);
- }
+ printf("%sapropos=1", sep);
if (NULL != req->q.sec) {
- printf("&sec=");
- html_print(req->q.sec);
+ printf("%ssec=", sep);
+ http_print(req->q.sec);
}
if (NULL != req->q.arch) {
- printf("&arch=");
- html_print(req->q.arch);
+ printf("%sarch=", sep);
+ http_print(req->q.arch);
}
- if (NULL != req->q.query) {
- printf("&query=");
- html_print(req->q.query);
+ if (strcmp(req->q.manpath, req->p[0])) {
+ printf("%smanpath=", sep);
+ http_print(req->q.manpath);
}
- if (0 == req->q.equal)
- printf("&apropos=1");
}
static void
if (*qs != '\0')
qs++;
}
-
- /* Fall back to the default manpath. */
-
- if (req->q.manpath == NULL)
- req->q.manpath = mandoc_strdup(req->p[0]);
}
static void
resp_begin_http(code, msg);
- printf("<!DOCTYPE HTML PUBLIC "
- " \"-//W3C//DTD HTML 4.01//EN\""
- " \"http://www.w3.org/TR/html4/strict.dtd\">\n"
+ printf("<!DOCTYPE html>\n"
"<HTML>\n"
"<HEAD>\n"
- "<META HTTP-EQUIV=\"Content-Type\""
- " CONTENT=\"text/html; charset=utf-8\">\n"
+ "<META CHARSET=\"UTF-8\" />\n"
"<LINK REL=\"stylesheet\" HREF=\"%s/man-cgi.css\""
" TYPE=\"text/css\" media=\"all\">\n"
"<LINK REL=\"stylesheet\" HREF=\"%s/man.css\""
printf( "</TD><TD>\n"
"<INPUT TYPE=\"radio\" ");
if (req->q.equal)
- printf("CHECKED ");
+ printf("CHECKED=\"checked\" ");
printf( "NAME=\"apropos\" ID=\"show\" VALUE=\"0\">\n"
"<LABEL FOR=\"show\">Show named manual page</LABEL>\n");
/* Write section selector. */
- printf( "</TD></TR><TR><TD>\n"
+ puts( "</TD></TR><TR><TD>\n"
"<SELECT NAME=\"sec\">");
for (i = 0; i < sec_MAX; i++) {
printf("<OPTION VALUE=\"%s\"", sec_numbers[i]);
if (NULL != req->q.sec &&
0 == strcmp(sec_numbers[i], req->q.sec))
- printf(" SELECTED");
+ printf(" SELECTED=\"selected\"");
printf(">%s</OPTION>\n", sec_names[i]);
}
puts("</SELECT>");
printf( "<SELECT NAME=\"arch\">\n"
"<OPTION VALUE=\"default\"");
if (NULL == req->q.arch)
- printf(" SELECTED");
+ printf(" SELECTED=\"selected\"");
puts(">All Architectures</OPTION>");
for (i = 0; i < arch_MAX; i++) {
printf("<OPTION VALUE=\"%s\"", arch_names[i]);
if (NULL != req->q.arch &&
0 == strcmp(arch_names[i], req->q.arch))
- printf(" SELECTED");
+ printf(" SELECTED=\"selected\"");
printf(">%s</OPTION>\n", arch_names[i]);
}
puts("</SELECT>");
puts("<SELECT NAME=\"manpath\">");
for (i = 0; i < (int)req->psz; i++) {
printf("<OPTION ");
- if (NULL == req->q.manpath ? 0 == i :
- 0 == strcmp(req->q.manpath, req->p[i]))
- printf("SELECTED ");
+ if (strcmp(req->q.manpath, req->p[i]) == 0)
+ printf("SELECTED=\"selected\" ");
printf("VALUE=\"");
html_print(req->p[i]);
printf("\">");
printf( "</TD><TD>\n"
"<INPUT TYPE=\"radio\" ");
if (0 == req->q.equal)
- printf("CHECKED ");
+ printf("CHECKED=\"checked\" ");
printf( "NAME=\"apropos\" ID=\"search\" VALUE=\"1\">\n"
"<LABEL FOR=\"search\">Search with apropos query</LABEL>\n");
resp_begin_html(200, NULL);
resp_searchform(req);
printf("<P>\n"
- "This web interface is documented in the "
- "<A HREF=\"%s/mandoc/man8/man.cgi.8\">man.cgi</A> "
- "manual, and the "
- "<A HREF=\"%s/mandoc/man1/apropos.1\">apropos</A> "
+ "This web interface is documented in the\n"
+ "<A HREF=\"%s/mandoc/man8/man.cgi.8\">man.cgi</A>\n"
+ "manual, and the\n"
+ "<A HREF=\"%s/mandoc/man1/apropos.1\">apropos</A>\n"
"manual explains the query syntax.\n"
"</P>\n",
scriptname, scriptname);
printf("Status: 303 See Other\r\n");
printf("Location: http://%s%s/%s/%s?",
HTTP_HOST, scriptname, req->q.manpath, r[0].file);
- http_printquery(req);
+ http_printquery(req, "&");
printf("\r\n"
"Content-Type: text/html; charset=utf-8\r\n"
"\r\n");
"<TD CLASS=\"title\">\n"
"<A HREF=\"%s/%s/%s?",
scriptname, req->q.manpath, r[i].file);
- html_printquery(req);
+ http_printquery(req, "&");
printf("\">");
html_print(r[i].names);
printf("</A>\n"
format(const struct req *req, const char *file)
{
struct mparse *mp;
- int fd;
+ struct mchars *mchars;
struct mdoc *mdoc;
struct man *man;
void *vp;
- enum mandoclevel rc;
- char opts[PATH_MAX + 128];
+ char *opts;
+ int fd;
+ int usepath;
if (-1 == (fd = open(file, O_RDONLY, 0))) {
puts("<P>You specified an invalid manual file.</P>");
return;
}
- mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_FATAL, NULL,
- req->q.manpath);
- rc = mparse_readfd(mp, fd, file);
+ mchars = mchars_alloc();
+ mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_BADARG, NULL,
+ mchars, req->q.manpath);
+ mparse_readfd(mp, fd, file);
close(fd);
- if (rc >= MANDOCLEVEL_FATAL) {
- fprintf(stderr, "fatal mandoc error: %s/%s\n",
- req->q.manpath, file);
- pg_error_internal();
- return;
- }
-
- snprintf(opts, sizeof(opts), "fragment,man=%s?"
- "manpath=%s&query=%%N&sec=%%S&arch=%s",
- scriptname, req->q.manpath,
- req->q.arch ? req->q.arch : "");
+ usepath = strcmp(req->q.manpath, req->p[0]);
+ mandoc_asprintf(&opts,
+ "fragment,man=%s?query=%%N&sec=%%S%s%s%s%s",
+ scriptname,
+ req->q.arch ? "&arch=" : "",
+ req->q.arch ? req->q.arch : "",
+ usepath ? "&manpath=" : "",
+ usepath ? req->q.manpath : "");
mparse_result(mp, &mdoc, &man, NULL);
if (NULL == man && NULL == mdoc) {
req->q.manpath, file);
pg_error_internal();
mparse_free(mp);
+ mchars_free(mchars);
return;
}
- vp = html_alloc(opts);
+ vp = html_alloc(mchars, opts);
if (NULL != mdoc)
html_mdoc(vp, mdoc);
html_free(vp);
mparse_free(mp);
+ mchars_free(mchars);
+ free(opts);
}
static void
struct mansearch search;
struct manpaths paths;
struct manpage *res;
- char **cp;
- const char *ep, *start;
+ char **argv;
+ char *query, *rp, *wp;
size_t ressz;
- int i, sz;
+ int argc;
/*
* Begin by chdir()ing into the root of the manpath.
search.arch = req->q.arch;
search.sec = req->q.sec;
- search.deftype = req->q.equal ? TYPE_Nm : (TYPE_Nm | TYPE_Nd);
- search.flags = req->q.equal ? MANSEARCH_MAN : 0;
+ search.outkey = "Nd";
+ search.argmode = req->q.equal ? ARG_NAME : ARG_EXPR;
+ search.firstmatch = 1;
paths.sz = 1;
paths.paths = mandoc_malloc(sizeof(char *));
paths.paths[0] = mandoc_strdup(".");
/*
- * Poor man's tokenisation: just break apart by spaces.
- * Yes, this is half-ass. But it works for now.
+ * Break apart at spaces with backslash-escaping.
*/
- ep = req->q.query;
- while (ep && isspace((unsigned char)*ep))
- ep++;
-
- sz = 0;
- cp = NULL;
- while (ep && '\0' != *ep) {
- cp = mandoc_reallocarray(cp, sz + 1, sizeof(char *));
- start = ep;
- while ('\0' != *ep && ! isspace((unsigned char)*ep))
- ep++;
- cp[sz] = mandoc_malloc((ep - start) + 1);
- memcpy(cp[sz], start, ep - start);
- cp[sz++][ep - start] = '\0';
- while (isspace((unsigned char)*ep))
- ep++;
+ argc = 0;
+ argv = NULL;
+ rp = query = mandoc_strdup(req->q.query);
+ for (;;) {
+ while (isspace((unsigned char)*rp))
+ rp++;
+ if (*rp == '\0')
+ break;
+ argv = mandoc_reallocarray(argv, argc + 1, sizeof(char *));
+ argv[argc++] = wp = rp;
+ for (;;) {
+ if (isspace((unsigned char)*rp)) {
+ *wp = '\0';
+ rp++;
+ break;
+ }
+ if (rp[0] == '\\' && rp[1] != '\0')
+ rp++;
+ if (wp != rp)
+ *wp = *rp;
+ if (*rp == '\0')
+ break;
+ wp++;
+ rp++;
+ }
}
- if (0 == mansearch(&search, &paths, sz, cp, "Nd", &res, &ressz))
+ if (0 == mansearch(&search, &paths, argc, argv, &res, &ressz))
pg_noresult(req, "You entered an invalid query.");
else if (0 == ressz)
pg_noresult(req, "No results found.");
else
pg_searchres(req, res, ressz);
- for (i = 0; i < sz; i++)
- free(cp[i]);
- free(cp);
-
- for (i = 0; i < (int)ressz; i++) {
- free(res[i].file);
- free(res[i].names);
- free(res[i].output);
- }
- free(res);
-
+ free(query);
+ mansearch_free(res, ressz);
free(paths.paths[0]);
free(paths.paths);
}
main(void)
{
struct req req;
+ struct itimerval itimer;
const char *path;
const char *querystring;
int i;
+ /* Poor man's ReDoS mitigation. */
+
+ itimer.it_value.tv_sec = 2;
+ itimer.it_value.tv_usec = 0;
+ itimer.it_interval.tv_sec = 2;
+ itimer.it_interval.tv_usec = 0;
+ if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) {
+ fprintf(stderr, "setitimer: %s\n", strerror(errno));
+ pg_error_internal();
+ return(EXIT_FAILURE);
+ }
+
/* Scan our run-time environment. */
if (NULL == (scriptname = getenv("SCRIPT_NAME")))
if (NULL != (querystring = getenv("QUERY_STRING")))
http_parse(&req, querystring);
- if ( ! validate_manpath(&req, req.q.manpath)) {
+ if (req.q.manpath == NULL)
+ req.q.manpath = mandoc_strdup(req.p[0]);
+ else if ( ! validate_manpath(&req, req.q.manpath)) {
pg_error_badrequest(
"You specified an invalid manpath.");
return(EXIT_FAILURE);