%s

=================================================================== RCS file: /cvs/mandoc/cgi.c,v retrieving revision 1.142 retrieving revision 1.148 diff -u -p -r1.142 -r1.148 --- mandoc/cgi.c 2017/01/19 13:35:02 1.142 +++ mandoc/cgi.c 2017/02/22 16:20:01 1.148 @@ -1,4 +1,4 @@ -/* $Id: cgi.c,v 1.142 2017/01/19 13:35:02 schwarze Exp $ */ +/* $Id: cgi.c,v 1.148 2017/02/22 16:20:01 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons * Copyright (c) 2014, 2015, 2016, 2017 Ingo Schwarze @@ -21,7 +21,9 @@ #include #include +#if HAVE_ERR #include +#endif #include #include #include @@ -113,7 +115,7 @@ static const char *const sec_names[] = { static const int sec_MAX = sizeof(sec_names) / sizeof(char *); static const char *const arch_names[] = { - "amd64", "alpha", "armv7", + "amd64", "alpha", "armv7", "arm64", "hppa", "i386", "landisk", "loongson", "luna88k", "macppc", "mips64", "octeon", "sgi", "socppc", "sparc64", @@ -351,10 +353,10 @@ resp_begin_html(int code, const char *msg) printf("\n" "\n" "\n" - "\n" - "\n" + " \n" - "%s\n" + " %s\n" "\n" "\n", CSS_DIR, CUSTOMIZE_TITLE); @@ -378,13 +380,13 @@ resp_searchform(const struct req *req, enum focus focu int i; printf("

\n" - "

\n" - "Manual Page Search Parameters\n", + "

\n" + " Manual Page Search Parameters\n", scriptname); /* Write query input box. */ - printf("q.query != NULL) html_print(req->q.query); printf( "\" size=\"40\""); @@ -394,45 +396,46 @@ resp_searchform(const struct req *req, enum focus focu /* Write submission buttons. */ - printf( "\n" - "\n
\n"); + " \n" + "
\n"); /* Write section selector. */ - puts(""); for (i = 0; i < sec_MAX; i++) { - printf("\n", sec_names[i]); } - puts(""); + puts(" "); /* Write architecture selector. */ - printf( ""); + puts(" "); /* Write manpath selector. */ if (req->psz > 1) { - puts(""); for (i = 0; i < (int)req->psz; i++) { - printf(""); } - puts(""); + puts(" "); } - puts("

\n" + puts("

\n" "

"); } @@ -493,9 +496,9 @@ pg_index(const struct req *req) resp_searchform(req, FOCUS_QUERY); printf("

\n" "This web interface is documented in the\n" - "man.cgi(8)\n" + "man.cgi(8)\n" "manual, and the\n" - "apropos(1)\n" + "apropos(1)\n" "manual explains the query syntax.\n" "

\n", scriptname, *scriptname == '\0' ? "" : "/", @@ -575,27 +578,21 @@ pg_searchres(const struct req *req, struct manpage *r, req->q.equal || sz == 1 ? FOCUS_NONE : FOCUS_QUERY); if (sz > 1) { - puts("

"); - puts(""); - + puts("

"); for (i = 0; i < sz; i++) { - printf("\n" - "\n" - "\n" + " \n" - ""); + puts("\n" + " "); } - - puts("

\n" - "\n" + "	" + "", scriptname, *scriptname == '\0' ? "" : "/", req->q.manpath, r[i].file); - printf("\">"); html_print(r[i].names); - printf("\n" - "	"); + printf("	"); html_print(r[i].output); - puts("

\n" - "

"); + puts(""); } /* @@ -804,6 +801,7 @@ resp_format(const struct req *req, const char *file) memset(&conf, 0, sizeof(conf)); conf.fragment = 1; + conf.style = mandoc_strdup(CSS_DIR "/mandoc.css"); usepath = strcmp(req->q.manpath, req->p[0]); mandoc_asprintf(&conf.man, "/%s%s%%N.%%S", usepath ? req->q.manpath : "", usepath ? "/" : ""); @@ -831,6 +829,7 @@ resp_format(const struct req *req, const char *file) mparse_free(mp); mchars_free(); free(conf.man); + free(conf.style); } static void @@ -978,6 +977,22 @@ main(void) const char *path; const char *querystring; int i; + +#if HAVE_PLEDGE + /* + * The "rpath" pledge could be revoked after mparse_readfd() + * if the file desciptor to "/footer.html" would be opened + * up front, but it's probably not worth the complication + * of the code it would cause: it would require scattering + * pledge() calls in multiple low-level resp_*() functions. + */ + + if (pledge("stdio rpath", NULL) == -1) { + warn("pledge"); + pg_error_internal(); + return EXIT_FAILURE; + } +#endif /* Poor man's ReDoS mitigation. */