===================================================================
RCS file: /cvs/mandoc/cgi.c,v
retrieving revision 1.92
retrieving revision 1.96
diff -u -p -r1.92 -r1.96
--- mandoc/cgi.c	2014/08/05 15:29:30	1.92
+++ mandoc/cgi.c	2014/08/26 11:21:40	1.96
@@ -1,4 +1,4 @@
-/*	$Id: cgi.c,v 1.92 2014/08/05 15:29:30 schwarze Exp $ */
+/*	$Id: cgi.c,v 1.96 2014/08/26 11:21:40 schwarze Exp $ */
 /*
  * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
  * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
@@ -15,10 +15,11 @@
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
-#ifdef HAVE_CONFIG_H
 #include "config.h"
-#endif
 
+#include <sys/types.h>
+#include <sys/time.h>
+
 #include <ctype.h>
 #include <errno.h>
 #include <fcntl.h>
@@ -91,14 +92,14 @@ static	const char *const sec_names[] = {
     "All Sections",
     "1 - General Commands",
     "2 - System Calls",
-    "3 - Subroutines",
-    "3p - Perl Subroutines",
-    "4 - Special Files",
+    "3 - Library Functions",
+    "3p - Perl Library",
+    "4 - Device Drivers",
     "5 - File Formats",
     "6 - Games",
-    "7 - Macros and Conventions",
-    "8 - Maintenance Commands",
-    "9 - Kernel Interface"
+    "7 - Miscellaneous Information",
+    "8 - System Manager\'s Manual",
+    "9 - Kernel Developer\'s Manual"
 };
 static	const int sec_MAX = sizeof(sec_names) / sizeof(char *);
 
@@ -973,8 +974,8 @@ pg_search(const struct req *req)
 
 	search.arch = req->q.arch;
 	search.sec = req->q.sec;
-	search.deftype = req->q.equal ? TYPE_Nm : (TYPE_Nm | TYPE_Nd);
-	search.flags = req->q.equal ? MANSEARCH_MAN : 0;
+	search.outkey = "Nd";
+	search.argmode = req->q.equal ? ARG_NAME : ARG_EXPR;
 
 	paths.sz = 1;
 	paths.paths = mandoc_malloc(sizeof(char *));
@@ -1003,7 +1004,7 @@ pg_search(const struct req *req)
 			ep++;
 	}
 
-	if (0 == mansearch(&search, &paths, sz, cp, "Nd", &res, &ressz))
+	if (0 == mansearch(&search, &paths, sz, cp, &res, &ressz))
 		pg_noresult(req, "You entered an invalid query.");
 	else if (0 == ressz)
 		pg_noresult(req, "No results found.");
@@ -1029,9 +1030,22 @@ int
 main(void)
 {
 	struct req	 req;
+	struct itimerval itimer;
 	const char	*path;
 	const char	*querystring;
 	int		 i;
+
+	/* Poor man's ReDoS mitigation. */
+
+	itimer.it_value.tv_sec = 1;
+	itimer.it_value.tv_usec = 0;
+	itimer.it_interval.tv_sec = 1;
+	itimer.it_interval.tv_usec = 0;
+	if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) {
+		fprintf(stderr, "setitimer: %s\n", strerror(errno));
+		pg_error_internal();
+		return(EXIT_FAILURE);
+	}
 
 	/* Scan our run-time environment. */