version 1.104, 2015/02/10 08:05:30 |
version 1.111, 2015/10/20 02:01:31 |
|
|
/* $Id$ */ |
/* $Id$ */ |
/* |
/* |
* Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv> |
* Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv> |
* Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de> |
* Copyright (c) 2014, 2015 Ingo Schwarze <schwarze@usta.de> |
* |
* |
* Permission to use, copy, modify, and distribute this software for any |
* Permission to use, copy, modify, and distribute this software for any |
* purpose with or without fee is hereby granted, provided that the above |
* purpose with or without fee is hereby granted, provided that the above |
* copyright notice and this permission notice appear in all copies. |
* copyright notice and this permission notice appear in all copies. |
* |
* |
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES |
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR |
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR |
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN |
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF |
|
|
#include <string.h> |
#include <string.h> |
#include <unistd.h> |
#include <unistd.h> |
|
|
#include "mandoc.h" |
|
#include "mandoc_aux.h" |
#include "mandoc_aux.h" |
|
#include "mandoc.h" |
|
#include "roff.h" |
|
#include "mdoc.h" |
#include "main.h" |
#include "main.h" |
#include "manpath.h" |
#include "manconf.h" |
#include "mansearch.h" |
#include "mansearch.h" |
#include "cgi.h" |
#include "cgi.h" |
|
|
Line 331 http_decode(char *p) |
|
Line 333 http_decode(char *p) |
|
for ( ; '\0' != *p; p++, q++) { |
for ( ; '\0' != *p; p++, q++) { |
if ('%' == *p) { |
if ('%' == *p) { |
if ('\0' == (hex[0] = *(p + 1))) |
if ('\0' == (hex[0] = *(p + 1))) |
return(0); |
return 0; |
if ('\0' == (hex[1] = *(p + 2))) |
if ('\0' == (hex[1] = *(p + 2))) |
return(0); |
return 0; |
if (1 != sscanf(hex, "%x", &c)) |
if (1 != sscanf(hex, "%x", &c)) |
return(0); |
return 0; |
if ('\0' == c) |
if ('\0' == c) |
return(0); |
return 0; |
|
|
*q = (char)c; |
*q = (char)c; |
p += 2; |
p += 2; |
Line 346 http_decode(char *p) |
|
Line 348 http_decode(char *p) |
|
} |
} |
|
|
*q = '\0'; |
*q = '\0'; |
return(1); |
return 1; |
} |
} |
|
|
static void |
static void |
Line 498 validate_urifrag(const char *frag) |
|
Line 500 validate_urifrag(const char *frag) |
|
if ( ! (isalnum((unsigned char)*frag) || |
if ( ! (isalnum((unsigned char)*frag) || |
'-' == *frag || '.' == *frag || |
'-' == *frag || '.' == *frag || |
'/' == *frag || '_' == *frag)) |
'/' == *frag || '_' == *frag)) |
return(0); |
return 0; |
frag++; |
frag++; |
} |
} |
return(1); |
return 1; |
} |
} |
|
|
static int |
static int |
Line 510 validate_manpath(const struct req *req, const char* ma |
|
Line 512 validate_manpath(const struct req *req, const char* ma |
|
size_t i; |
size_t i; |
|
|
if ( ! strcmp(manpath, "mandoc")) |
if ( ! strcmp(manpath, "mandoc")) |
return(1); |
return 1; |
|
|
for (i = 0; i < req->psz; i++) |
for (i = 0; i < req->psz; i++) |
if ( ! strcmp(manpath, req->p[i])) |
if ( ! strcmp(manpath, req->p[i])) |
return(1); |
return 1; |
|
|
return(0); |
return 0; |
} |
} |
|
|
static int |
static int |
Line 526 validate_filename(const char *file) |
|
Line 528 validate_filename(const char *file) |
|
if ('.' == file[0] && '/' == file[1]) |
if ('.' == file[0] && '/' == file[1]) |
file += 2; |
file += 2; |
|
|
return ( ! (strstr(file, "../") || strstr(file, "/..") || |
return ! (strstr(file, "../") || strstr(file, "/..") || |
(strncmp(file, "man", 3) && strncmp(file, "cat", 3)))); |
(strncmp(file, "man", 3) && strncmp(file, "cat", 3))); |
} |
} |
|
|
static void |
static void |
Line 816 catman(const struct req *req, const char *file) |
|
Line 818 catman(const struct req *req, const char *file) |
|
static void |
static void |
format(const struct req *req, const char *file) |
format(const struct req *req, const char *file) |
{ |
{ |
|
struct manoutput conf; |
struct mparse *mp; |
struct mparse *mp; |
struct mchars *mchars; |
struct roff_man *man; |
struct mdoc *mdoc; |
|
struct man *man; |
|
void *vp; |
void *vp; |
char *opts; |
|
int fd; |
int fd; |
int usepath; |
int usepath; |
|
|
Line 830 format(const struct req *req, const char *file) |
|
Line 830 format(const struct req *req, const char *file) |
|
return; |
return; |
} |
} |
|
|
mchars = mchars_alloc(); |
mchars_alloc(); |
mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_BADARG, NULL, |
mp = mparse_alloc(MPARSE_SO, MANDOCLEVEL_BADARG, NULL, req->q.manpath); |
mchars, req->q.manpath); |
|
mparse_readfd(mp, fd, file); |
mparse_readfd(mp, fd, file); |
close(fd); |
close(fd); |
|
|
|
memset(&conf, 0, sizeof(conf)); |
|
conf.fragment = 1; |
usepath = strcmp(req->q.manpath, req->p[0]); |
usepath = strcmp(req->q.manpath, req->p[0]); |
mandoc_asprintf(&opts, |
mandoc_asprintf(&conf.man, "%s?query=%%N&sec=%%S%s%s%s%s", |
"fragment,man=%s?query=%%N&sec=%%S%s%s%s%s", |
|
scriptname, |
scriptname, |
req->q.arch ? "&arch=" : "", |
req->q.arch ? "&arch=" : "", |
req->q.arch ? req->q.arch : "", |
req->q.arch ? req->q.arch : "", |
usepath ? "&manpath=" : "", |
usepath ? "&manpath=" : "", |
usepath ? req->q.manpath : ""); |
usepath ? req->q.manpath : ""); |
|
|
mparse_result(mp, &mdoc, &man, NULL); |
mparse_result(mp, &man, NULL); |
if (NULL == man && NULL == mdoc) { |
if (man == NULL) { |
fprintf(stderr, "fatal mandoc error: %s/%s\n", |
fprintf(stderr, "fatal mandoc error: %s/%s\n", |
req->q.manpath, file); |
req->q.manpath, file); |
pg_error_internal(); |
pg_error_internal(); |
mparse_free(mp); |
mparse_free(mp); |
mchars_free(mchars); |
mchars_free(); |
return; |
return; |
} |
} |
|
|
vp = html_alloc(mchars, opts); |
vp = html_alloc(&conf); |
|
|
if (NULL != mdoc) |
if (man->macroset == MACROSET_MDOC) { |
html_mdoc(vp, mdoc); |
mdoc_validate(man); |
else |
html_mdoc(vp, man); |
|
} else |
html_man(vp, man); |
html_man(vp, man); |
|
|
html_free(vp); |
html_free(vp); |
mparse_free(mp); |
mparse_free(mp); |
mchars_free(mchars); |
mchars_free(); |
free(opts); |
free(conf.man); |
} |
} |
|
|
static void |
static void |
|
|
if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) { |
if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) { |
fprintf(stderr, "setitimer: %s\n", strerror(errno)); |
fprintf(stderr, "setitimer: %s\n", strerror(errno)); |
pg_error_internal(); |
pg_error_internal(); |
return(EXIT_FAILURE); |
return EXIT_FAILURE; |
} |
} |
|
|
/* Scan our run-time environment. */ |
/* Scan our run-time environment. */ |
|
|
fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n", |
fprintf(stderr, "unsafe SCRIPT_NAME \"%s\"\n", |
scriptname); |
scriptname); |
pg_error_internal(); |
pg_error_internal(); |
return(EXIT_FAILURE); |
return EXIT_FAILURE; |
} |
} |
|
|
/* |
/* |
|
|
fprintf(stderr, "MAN_DIR: %s: %s\n", |
fprintf(stderr, "MAN_DIR: %s: %s\n", |
MAN_DIR, strerror(errno)); |
MAN_DIR, strerror(errno)); |
pg_error_internal(); |
pg_error_internal(); |
return(EXIT_FAILURE); |
return EXIT_FAILURE; |
} |
} |
|
|
memset(&req, 0, sizeof(struct req)); |
memset(&req, 0, sizeof(struct req)); |
|
|
else if ( ! validate_manpath(&req, req.q.manpath)) { |
else if ( ! validate_manpath(&req, req.q.manpath)) { |
pg_error_badrequest( |
pg_error_badrequest( |
"You specified an invalid manpath."); |
"You specified an invalid manpath."); |
return(EXIT_FAILURE); |
return EXIT_FAILURE; |
} |
} |
|
|
if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) { |
if ( ! (NULL == req.q.arch || validate_urifrag(req.q.arch))) { |
pg_error_badrequest( |
pg_error_badrequest( |
"You specified an invalid architecture."); |
"You specified an invalid architecture."); |
return(EXIT_FAILURE); |
return EXIT_FAILURE; |
} |
} |
|
|
/* Dispatch to the three different pages. */ |
/* Dispatch to the three different pages. */ |
|
|
for (i = 0; i < (int)req.psz; i++) |
for (i = 0; i < (int)req.psz; i++) |
free(req.p[i]); |
free(req.p[i]); |
free(req.p); |
free(req.p); |
return(EXIT_SUCCESS); |
return EXIT_SUCCESS; |
} |
} |
|
|
/* |
/* |