X-Git-Url: https://git.cameronkatri.com/mandoc.git/blobdiff_plain/1ec67c1af1b363b2138d23adb47cf9a20831b5d1..1bcee936fd224aaaa41b2710414512ea400c79f0:/cgi.c

diff --git a/cgi.c b/cgi.c
index af669187..af56da27 100644
--- a/cgi.c
+++ b/cgi.c
@@ -1,4 +1,4 @@
-/*	$Id: cgi.c,v 1.145 2017/01/25 02:14:43 schwarze Exp $ */
+/*	$Id: cgi.c,v 1.148 2017/02/22 16:20:01 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze <schwarze@usta.de>
@@ -21,7 +21,9 @@
 #include <sys/time.h>
 
 #include <ctype.h>
+#if HAVE_ERR
 #include <err.h>
+#endif
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
@@ -113,7 +115,7 @@ static	const char *const sec_names[] = {
 static	const int sec_MAX = sizeof(sec_names) / sizeof(char *);
 
 static	const char *const arch_names[] = {
-    "amd64",       "alpha",       "armv7",
+    "amd64",       "alpha",       "armv7",	"arm64",
     "hppa",        "i386",        "landisk",
     "loongson",    "luna88k",     "macppc",      "mips64",
     "octeon",      "sgi",         "socppc",      "sparc64",
@@ -976,6 +978,22 @@ main(void)
 	const char	*querystring;
 	int		 i;
 
+#if HAVE_PLEDGE
+	/*
+	 * The "rpath" pledge could be revoked after mparse_readfd()
+	 * if the file desciptor to "/footer.html" would be opened
+	 * up front, but it's probably not worth the complication
+	 * of the code it would cause: it would require scattering
+	 * pledge() calls in multiple low-level resp_*() functions.
+	 */
+
+	if (pledge("stdio rpath", NULL) == -1) {
+		warn("pledge");
+		pg_error_internal();
+		return EXIT_FAILURE;
+	}
+#endif
+
 	/* Poor man's ReDoS mitigation. */
 
 	itimer.it_value.tv_sec = 2;