-
src/sbbs3/websrvr.c
From
rswindell@VERT to
CVS commit on Saturday, January 04, 2014 01:49:30
src/sbbs3 websrvr.c 1.569 1.570
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv4895
Modified Files:
websrvr.c
Log Message:
Fix MSVC warning:
warning C4133: 'function' : incompatible types - from 'int *' to 'char *'
with typecast.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Saturday, January 25, 2014 19:13:55
src/sbbs3 websrvr.c 1.571 1.572
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv29902
Modified Files:
websrvr.c
Log Message:
Fix observed NULL pointer deference (pass to sub_mkgmt(), from time_gm()). Added comment about usage of gmtime() vs. gmtime_r().
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Thursday, October 30, 2014 01:46:41
src/sbbs3 websrvr.c 1.573 1.574
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv1852
Modified Files:
websrvr.c
Log Message:
HTTP authentication failures actually use the failed login attempt logic for throttling, logging, and blocking/filtering brute-force user/password hackers. Failed HTTP digest authentication failures actually log the failure (including the detailed reason for the failure).
But for some reason, I've only been able to get IE, FF and Chrome to use
BASIC authentication (not digest), so presumably there is a bug somewhere in regards to support for digest auth.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Thursday, October 30, 2014 09:06:47
src/sbbs3 websrvr.c 1.574 1.575
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv13774
Modified Files:
websrvr.c
Log Message:
Added call to loginSuccess() upon successful (non-guest) user authentication via BASIC or DIGEST auth - this clears the client IP from the login attempt list (as is supposed to happen).
Currently, the JS "login" method does not do this (and a JS login failure does not get added to the login attempt list).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Sunday, November 02, 2014 17:48:22
src/sbbs3 websrvr.c 1.575 1.576
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv15274
Modified Files:
websrvr.c
Log Message:
badlogin() only delays if the number of failed login attempts from the client IP is greater than one (failed attempts are normal for digest auth).
Fix printf format problem ("(null)") in the digest-auth response due to 64-bit time() implementation.
Added new connection throttling from hacking clients (really only works for basic auth).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Wednesday, December 10, 2014 20:11:54
src/sbbs3 websrvr.c 1.577 1.578
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv13869
Modified Files:
websrvr.c
Log Message:
As theorized by Digital Man, the HTTP server did indeed have the same bug as the
FTP server.
Bug-fix: daily statistics and free-credits-per-day were not reset when the user logged in via HTTP. This affected: posts_today, emails_today, free_credits, timeon_today, and extra time values (e.g. posts_today would contnue to accumulate potentially affecting uh... hand-wavey stuff). getuserdat() does the necessary value resets, we just needed to write the entire user record back to disk upon successfull login, rather than just updating specific fields in the user record on disk.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Thursday, December 11, 2014 03:11:29
src/sbbs3 websrvr.c 1.578 1.579
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv28054
Modified Files:
websrvr.c
Log Message:
Fix compile error and warnings introduced in http_logon() in last commit.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, May 05, 2015 18:51:26
src/sbbs3 websrvr.c 1.580 1.581
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv29745
Modified Files:
websrvr.c
Log Message:
Do not use chunked mode for HEAD requests. This prevented returning the Content-Length header for static files.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, May 05, 2015 18:54:23
src/sbbs3 websrvr.c 1.581 1.582
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv29812
Modified Files:
websrvr.c
Log Message:
Even if there's a Connection: Close, still include the Content-Length header for HEAD requests.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, May 12, 2015 17:13:27
src/sbbs3 websrvr.c 1.582 1.583
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv31068
Modified Files:
websrvr.c
Log Message:
Log a warning upon failure to open a .ini file.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, August 20, 2015 02:48:13
src/sbbs3 websrvr.c 1.584 1.585
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17195
Modified Files:
websrvr.c
Log Message:
Fix stripping of port numbers from host values.
Was broken on IPv6 literals such as
http://[dead::beef]/ as well as any other URI containing a colon.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, August 20, 2015 02:51:33
src/sbbs3 websrvr.c 1.585 1.586
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17294
Modified Files:
websrvr.c
Log Message:
Fix bugs in last commit.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, August 20, 2015 02:53:39
src/sbbs3 websrvr.c 1.586 1.587
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17374
Modified Files:
websrvr.c
Log Message:
And another bug squashed...
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, August 20, 2015 02:59:45
src/sbbs3 websrvr.c 1.587 1.588
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17537
Modified Files:
websrvr.c
Log Message:
And the last bug...
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, August 20, 2015 03:01:35
src/sbbs3 websrvr.c 1.588 1.589
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17600
Modified Files:
websrvr.c
Log Message:
Back0out last change.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, August 20, 2015 03:05:32
src/sbbs3 websrvr.c 1.589 1.590
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17701
Modified Files:
websrvr.c
Log Message:
THAT is the last bug.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, August 20, 2015 03:24:05
src/sbbs3 websrvr.c 1.590 1.591
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv18240
Modified Files:
websrvr.c
Log Message:
Use getsockname() to read the server port since we don't know that it's
the same as startup->port anymore.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, August 22, 2015 00:25:28
src/sbbs3 websrvr.c 1.594 1.595
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv32344
Modified Files:
websrvr.c
Log Message:
Fix warnings.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, August 22, 2015 23:18:48
src/sbbs3 websrvr.c 1.596 1.597
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv15106
Modified Files:
websrvr.c
Log Message:
Use cryptGetAttributeString() to detect the "right" length for the call.
This needs to be moved elsewhere and used everywhere an attribute is read.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, August 22, 2015 23:20:04
src/sbbs3 websrvr.c 1.597 1.598
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv15163
Modified Files:
websrvr.c
Log Message:
Fix bug and warning from last commit.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, August 22, 2015 23:25:36
src/sbbs3 websrvr.c 1.598 1.599
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv15335
Modified Files:
websrvr.c
Log Message:
free() temp error string.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Monday, August 24, 2015 18:44:38
src/sbbs3 websrvr.c 1.601 1.602
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv24068
Modified Files:
websrvr.c
Log Message:
Fix warning.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, August 25, 2015 04:01:10
src/sbbs3 websrvr.c 1.602 1.603
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv839
Modified Files:
websrvr.c
Log Message:
We can't close a session socket until there's an allocated ringbuffer.
Create a new function to close without one and use it instead until the
ring buffer is created.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, August 25, 2015 23:04:10
src/sbbs3 websrvr.c 1.603 1.604
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv27958
Modified Files:
websrvr.c
Log Message:
Don't use the client-supplied "Host" header value for the http access log filename if it contains any path delimiters.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Wednesday, August 26, 2015 03:02:36
src/sbbs3 websrvr.c 1.604 1.605
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv32644
Modified Files:
websrvr.c
Log Message:
Ensure the host and vhost are valid hostnames (which can't contain path seperators) and return a 400 error otherwise. With this check before the
vhost is set, eliminates the need to check when setting the log file name.
Also, lower-case hostnames for consistency and simpler validity checking.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Friday, August 28, 2015 23:57:45
src/sbbs3 websrvr.c 1.606 1.607
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv24915
Modified Files:
websrvr.c
Log Message:
Fix typos in the protocol designator (TLS = HTTPS, not HTTP).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, August 29, 2015 03:04:31
src/sbbs3 websrvr.c 1.607 1.608
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv30047
Modified Files:
websrvr.c
Log Message:
Don't create the TLS context/certificate when TLS is disabled.
If the TLS context couldn't be created, don't listen on the TLS interfaces.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, September 01, 2015 13:46:31
src/sbbs3 websrvr.c 1.608 1.609
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv28611
Modified Files:
websrvr.c
Log Message:
Add a "strip port" parameter to is_legal_hostname and set it to TRUE when testing the Host value (vhost value already has port stripped).
Zero-length host names are not legal either.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Friday, September 04, 2015 02:11:18
src/sbbs3 websrvr.c 1.609 1.610
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23192
Modified Files:
websrvr.c
Log Message:
Add line number to logged HTTP error responses to get a better idea of the cause of Robb Starr's reported "ERROR: 400 Bad Request" problem.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, November 01, 2015 19:47:49
src/sbbs3 websrvr.c 1.612 1.613
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv867
Modified Files:
websrvr.c
Log Message:
Fix Win32 errors and warnings in the FastCGI patch.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, November 01, 2015 23:16:14
src/sbbs3 websrvr.c 1.613 1.614
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv3609
Modified Files:
websrvr.c
Log Message:
Fixes for FastCGI support.
Now tested on FreeBSD (should work for any *nix).
CGI and FastCGI still needs testing on Win32.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, November 01, 2015 23:58:50
src/sbbs3 websrvr.c 1.614 1.615
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv5373
Modified Files:
websrvr.c
Log Message:
Support POST in FastCGI scripts by using read_post_data(). This will delay
the script until the entire POST data is read, so is sub-optimal, but it
works.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Monday, November 02, 2015 00:31:13
src/sbbs3 websrvr.c 1.615 1.616
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv10103
Modified Files:
websrvr.c
Log Message:
Set the high-order bit of the high order byte when parameter values are
longer than 127 bytes.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Monday, November 02, 2015 00:54:34
src/sbbs3 websrvr.c 1.616 1.617
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv10359
Modified Files:
websrvr.c
Log Message:
Use MSG_WAITALL in recv() calls to ensure we get what we ask for.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Monday, November 02, 2015 18:46:15
src/sbbs3 websrvr.c 1.617 1.618
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv14255
Modified Files:
websrvr.c
Log Message:
If the PathInfoIndex value is changed while parsing webctrl.ini files,
update the path info data and re-extract the filename so that widcards in section names can match path info index files.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Monday, November 02, 2015 20:15:58
src/sbbs3 websrvr.c 1.618 1.619
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv16710
Modified Files:
websrvr.c
Log Message:
Ensure that get_extra_path() is only executed once to prevent doubleing up
the extra path.
Set the SCRIPT_NAME to include the index filename... this was apparently changed to emulator a specific mod_rewrite rule for a specific package and
is wrong.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Monday, November 02, 2015 23:21:03
src/sbbs3 websrvr.c 1.619 1.620
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv19739
Modified Files:
websrvr.c
Log Message:
Add support for Rewrite JS Scripts in webctrl.ini.
Added by keys beginning with "Rewrite", ie:
RewriteDetail=var n=http_request.request_string.replace(/_detail\/(.*)/,"lib/exe/detail.php?media=$1"); if(n != http_request.request_string) { http_request.request_string=n; true }
If the expression returns "true", reparses http_request.request_string as
an internal redirect.
I plan to have another key that will pre-execute a script from a file so that these don't need to be an entire script on one line in the INI file.
This API is subject to change.
May contain peanuts.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Monday, November 02, 2015 23:57:01
src/sbbs3 websrvr.c 1.620 1.621
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv20317
Modified Files:
websrvr.c
Log Message:
Set the context private pointer in js_setup_cx so the error reporter will
work for rewrite scripts.
Fix up the rewrite logging to be more helpful and a bit less verbose.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, November 03, 2015 01:08:48
src/sbbs3 websrvr.c 1.621 1.622
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv26628
Modified Files:
websrvr.c
Log Message:
Add a JSPreExec key to the webctrl.ini.
If present, this JS code will be executed before any SSJS or Rewrite code
for this request.
Also, populate js.startup_dir and js.exec_dir as the directory the webctrl.ini is in so that you cna do something like: JSPreExec=load(js.exec_dir+'/coolstuff.js');
This now allows super-cool rewrite thingies.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, November 03, 2015 01:41:20
src/sbbs3 websrvr.c 1.622 1.623
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv28293
Modified Files:
websrvr.c
Log Message:
Get the extra path info as soon as we find that PathInfoIndex has been set
by a webctrl.ini... this allows redirect scripts to notice.
Also, clear extra_path_info when we handle an internal redirect so it doesn't use stale data.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, November 03, 2015 10:07:20
src/sbbs3 websrvr.c 1.623 1.624
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv18738
Modified Files:
websrvr.c
Log Message:
Suppress warning and remove a bunch of useless logging.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Monday, November 16, 2015 02:03:01
src/sbbs3 websrvr.c 1.624 1.625
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv14994
Modified Files:
websrvr.c
Log Message:
Resolve new MSVC2013 warning in fastCGI stuff.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Friday, November 20, 2015 02:32:00
src/sbbs3 websrvr.c 1.625 1.626
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv26772
Modified Files:
websrvr.c
Log Message:
Use the original request line, not the internal redirected request line
for the CGI REQUEST_URI variable.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, December 01, 2015 20:38:19
src/sbbs3 websrvr.c 1.628 1.629
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23444
Modified Files:
websrvr.c
Log Message:
When shutting down, recv() on the socket until recv() returns 0 or -1.
This ensures that all data that has been send()ed is transmitted. Timeout after max_inactivity (max delay is max_inactivity*2).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, December 01, 2015 20:50:04
src/sbbs3 websrvr.c 1.629 1.630
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv24551
Modified Files:
websrvr.c
Log Message:
Fix bug in last commit.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, December 01, 2015 21:11:24
src/sbbs3 websrvr.c 1.630 1.631
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv26248
Modified Files:
websrvr.c
Log Message:
Hold the outpub_write mutex until the data is send, not just until it is removed from the ring buffer. This prevents the session thread from closing the socket before send() is called with the data.
Fixed issue seen on techdorks.net with the 404.ssjs file (and likely others where static files were truncated on send).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Thursday, June 15, 2017 12:12:50
src/sbbs3 websrvr.c 1.644 1.645
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv14728
Modified Files:
websrvr.c
Log Message:
Fix web server startup crash when run as an NT service, as reported by
Deepthaw (DS94):
This was broken in revision 1.584 by deuce, Thu Aug 20 05:19:45 2015 UTC:
The startup->socket_open callback is optional (may be NULL), and in the case
of sbbsNTsvcs.exe, it is NULL, thus the crash when it was called unconditionally during socket creation. I guess not many people are running sbbsNTsvcs these days. :-/
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, February 15, 2018 00:55:22
src/sbbs3 websrvr.c 1.647 1.648
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17828
Modified Files:
websrvr.c
Log Message:
Ignore "normal" errors from cryptlib (TIMEOUT, COMPLETE), and supress some cause by Chromiums love of dropping a connection rather than an orderly shutdown.
Since we're dealing with that fallout, lower the read timeout to 1 second
since we select() first anyway.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, February 15, 2018 10:17:54
src/sbbs3 websrvr.c 1.648 1.649
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv30929
Modified Files:
websrvr.c
Log Message:
Don't fail when popdata returns an error in the TX path.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Saturday, February 24, 2018 13:02:58
src/sbbs3 websrvr.c 1.651 1.652
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv29321
Modified Files:
websrvr.c
Log Message:
Allow overriding AccessRequirements to a zero-length string.
This allows disabling authentication after a higher level specifies an AccessRequirements value, eliminating the last reason to keep access.ars around.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, March 01, 2018 11:09:07
src/sbbs3 websrvr.c 1.652 1.653
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv9664
Modified Files:
websrvr.c
Log Message:
Down't lower the recv timeout until after the session is established.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, March 06, 2018 00:05:12
src/sbbs3 websrvr.c 1.654 1.655
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv2875
Modified Files:
websrvr.c
Log Message:
Lower the log level in the "JavaScript FAILED to compile rewrite" log
entry - if there's an actual compile error, it should already be logged
via the exception/error-reporter callback. This should eliminate a lot of
the dokuwiki-related error chatter in my error.log.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, March 06, 2018 23:50:27
src/sbbs3 websrvr.c 1.655 1.656
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv21107
Modified Files:
websrvr.c
Log Message:
Fix bug introduced in 1.649 for non-TLS sessions. That fix was only supposed to be for TLS sessions.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, March 09, 2018 17:57:47
src/sbbs3 websrvr.c 1.657 1.658
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17740
Modified Files:
websrvr.c
Log Message:
Resolve (?) clang crash on FreeBSD-CURRENT (!)
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, March 12, 2018 22:55:19
src/sbbs3 websrvr.c 1.662 1.663
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv18955
Modified Files:
websrvr.c
Log Message:
Fix handling of cryptPushData() and cryptFlushData() success correctly.
Also, change READTIMEOUT back to zero since that issue is fixed now.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Thursday, April 05, 2018 19:23:28
src/sbbs3 websrvr.c 1.665 1.666
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
websrvr.c
Log Message:
Enabled GCC-assisted printf-style format/arg checking for lprintf() and
fix the resulting warnings.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Monday, April 30, 2018 23:00:23
src/sbbs3 websrvr.c 1.667 1.668
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv20001
Modified Files:
websrvr.c
Log Message:
Break the loop when failed is set to true.
Also, use a stack pointer if the passed failed pointer is NULL.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Saturday, October 06, 2018 15:34:11
src/sbbs3 websrvr.c 1.668 1.669
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv14230
Modified Files:
websrvr.c
Log Message:
zero-initialize the msg-scan (subscan) allocated array, so if an uninitialized is ever written to disk, it'll be zeroes not garbage.
Also, NULL the subscan pointer after freeing (and don't free if it's NULL).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Wednesday, December 05, 2018 18:17:29
src/sbbs3 websrvr.c 1.670 1.671
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv2663
Modified Files:
websrvr.c
Log Message:
Added TODO comment regarding apparent RFC 2145 violation in the Status-Line HTTP-Version value we send (no functional change). My intepretation is we should be sending either nothing or "HTTP/1.1" here, never "HTTP/1.0". This interpretation appears to match the behavior of other web servers
(e.g. Apache httpd).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Thursday, December 06, 2018 15:29:38
src/sbbs3 websrvr.c 1.671 1.672
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23667
Modified Files:
websrvr.c
Log Message:
Added TODO comment regarding the lack of a Content-Length header field
in GET responses when Connection: Keep-Alive is not enabled.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, December 18, 2018 10:25:53
src/sbbs3 websrvr.c 1.672 1.673
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv9577
Modified Files:
websrvr.c
Log Message:
1xx, 204, and 304 responses don't include an entity.
If we get one of these statuses from via a CGI, assume we have good headers.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, December 18, 2018 12:53:35
src/sbbs3 websrvr.c 1.673 1.674
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv1995
Modified Files:
websrvr.c
Log Message:
Header field values may (usually do) have leading linear white-space, so
skip any spaces before parsing the value (for CGI supplied headers).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Monday, December 31, 2018 20:38:32
src/sbbs3 websrvr.c 1.674 1.675
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv25689
Modified Files:
websrvr.c
Log Message:
Fixed typo: deprecated, not depreciated.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Friday, January 04, 2019 15:18:54
src/sbbs3 websrvr.c 1.675 1.676
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv29102
Modified Files:
websrvr.c
Log Message:
Fixed typo in error message.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Wednesday, May 22, 2019 15:39:25
src/sbbs3 websrvr.c 1.680 1.681
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23025
Modified Files:
websrvr.c
Log Message:
open_post_file(): if post_data is NULL, just log an error and return NULL (don't pass a NULL pointer to fwrite() which can assert or crash).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Wednesday, May 22, 2019 17:40:03
src/sbbs3 websrvr.c 1.681 1.682
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv8139
Modified Files:
websrvr.c
Log Message:
Increase MAX_POST_LEN from 1MB to 4MB (QWK REP packets can be > 1MB) -
I think that > 1MB post data is supported, but the http_request.post_data
property won't be created if the length > MAX_POST_LEN. Perhaps would just
store the post data in a file (uh, it already is?) and expose the filename to
JS scripts? It'd be a lot cleaner than storing the data in a file and then
reading (or mem-mapping) the file and then copying the contents into a JS
property.
Allow the JS http_request.post_data property to contain NULs.
open_post_file() will now open the post file (and return the FILE*) even if
session->req.post_data is NULL, it just won't try to write to the file if the
post_data is NULL.
mem-map the large post data files using XPMAP_WRITE (read/write) rather than
XPMAP_READ (read-only) - without this change, this line in read_post_data()
would cause an exception:
session->req.post_data[session->req.post_len]=0;
Now, we seem to have the potential of an off-by-one here (if the length
mem-mapped is not post_len + 1), but that isn't happening. <shrug>
Fixed a couple of FILE pointer/descriptor leaks if post_to_file() failed.
Changed name of post data file to SBBS_POST.*.*.data (it's not necessarily html).
So now, uploads > 1MB work, but questions remain:
- wouldn't PUT be a more appropriate method (than POST) for file uploads?
- how can we support post_data > MAX_POST_LEN (now 4MB) in JS?
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Friday, June 07, 2019 12:46:47
src/sbbs3 websrvr.c 1.682 1.683
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
websrvr.c
Log Message:
Fix observed segfault (NULL pointer dereference) in parse_headers
(strtok can return NULL).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, June 21, 2019 11:54:31
src/sbbs3 websrvr.c 1.684 1.685
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv8336
Modified Files:
websrvr.c
Log Message:
Some RFC nits.
1) Send Content-Length even if we will be closing the connection.
2) Send the highest HTTP version in the status line that has the same major version.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, July 02, 2019 22:17:49
src/sbbs3 websrvr.c 1.686 1.687
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv27170
Modified Files:
websrvr.c
Log Message:
send_headers() is called twice for chunked data. The second time is required for additional headers and the final terminating CRLF.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Wednesday, July 03, 2019 18:53:30
src/sbbs3 websrvr.c 1.687 1.688
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv4323
Modified Files:
websrvr.c
Log Message:
As with CGI, if a script specifies a Content-Length or Transfer-Encoding header, don't calculate either one and let the script shoot itself in the
foot.
Also, if a Location header is set, try an internal redirect rather than
forcing the client to handle it.
Now scripts can avoid chunked mode by specifying a correct content-length
if the content-length is wrong though, Bad Things will happen.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Wednesday, July 03, 2019 18:57:42
src/sbbs3 websrvr.c 1.688 1.689
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv4962
Modified Files:
websrvr.c
Log Message:
Update to last commit... only allow fiddling with things if the initial
headers haven't been sent yet.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Wednesday, July 24, 2019 01:52:19
src/sbbs3 websrvr.c 1.690 1.691
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv15156
Modified Files:
websrvr.c
Log Message:
Store the configured temp directory for the web server in scfg.temp_dir so that JS scripts using system.temp_dir to store files get a sensible value (and not the hard-coded default of just "temp").
This should fix the creation of ctrl/tempftelnet.url files.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, August 02, 2019 10:10:08
src/sbbs3 websrvr.c 1.691 1.692
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv18463
Modified Files:
websrvr.c
Log Message:
Fix an error nobody has ever seen.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, August 02, 2019 10:26:09
src/sbbs3 websrvr.c 1.692 1.693
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv20335
Modified Files:
websrvr.c
Log Message:
Add a terrible hack to see if the TLS POST issue is what I think it is.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, August 02, 2019 10:47:07
src/sbbs3 websrvr.c 1.693 1.694
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23121
Modified Files:
websrvr.c
Log Message:
De-hack and maybe fix?
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, August 02, 2019 10:50:36
src/sbbs3 websrvr.c 1.694 1.695
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23687
Modified Files:
websrvr.c
Log Message:
Don't crash of rd is NULL.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, August 02, 2019 10:52:02
src/sbbs3 websrvr.c 1.695 1.696
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23917
Modified Files:
websrvr.c
Log Message:
Better anti-crash behaviour.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Nightfox@VERT/DIGDIST to
deuce on Friday, August 02, 2019 12:56:33
Re: src/sbbs3/websrvr.c
By: deuce to CVS commit on Fri Aug 02 2019 10:10 am
websrvr.c
Log Message:
Fix an error nobody has ever seen.
Thanks for fixing that. I was waiting for that fix. ;)
Nightfox
---
þ Synchronet þ Digital Distortion: digitaldistortionbbs.com
-
From
rswindell@VERT to
CVS commit on Friday, August 02, 2019 15:20:38
src/sbbs3 websrvr.c 1.696 1.697
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
websrvr.c
Log Message:
Remove unused variable in session_check()
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Friday, August 23, 2019 14:08:22
src/sbbs3 websrvr.c 1.697 1.698
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv13821
Modified Files:
websrvr.c
Log Message:
login() naw calls badlogin() upon login failure.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Monday, September 02, 2019 19:19:01
src/sbbs3 websrvr.c 1.698 1.699
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv18232
Modified Files:
websrvr.c
Log Message:
Alterego reported a scenario where the web server's cleanup() would wait forever for 1 child thread (presumably the http_logging_thread) to terminate:
8/27 02:39:43p Waiting for HTTP logging thread to terminate...
8/27 02:39:43p HTTP logging thread started
8/27 02:39:43p HTTP logging thread received NULL linked list log entry
8/27 02:40:44p !TIMEOUT waiting for HTTP logging thread to terminate
8/27 02:40:44p Done waiting for HTTP logging thread to terminate
8/27 02:40:44p 0000 Waiting for 1 child threads to terminate
<infinite wait loop here>
- Add an extra terminate_http_logging_thread check to the top of the loop in
http_logging_thread().
- Signal the log_list semaphore in the "Waiting for HTTP logging thread" and
"Waiting for x child threads" loops.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Sunday, October 20, 2019 23:32:30
src/sbbs3 websrvr.c 1.699 1.700
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
websrvr.c
Log Message:
Fix buffer (stack memory) overflow observed in parse_headers(). This is what brought down [cvs.]synchro.net this weekend. It's hard to believe we still
have unchecked calls sprintf() around, but we do.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, January 03, 2020 12:35:42
src/sbbs3 websrvr.c 1.700 1.701
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23416
Modified Files:
websrvr.c
Log Message:
Allow redirects from non-existant URLs.
This allows redirect targets from paths that don't exist. Required to implement hard-coded API endpoints via ssjs.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Thursday, January 23, 2020 09:27:47
src/sbbs3 websrvr.c 1.701 1.702
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv16639
Modified Files:
websrvr.c
Log Message:
While we're making ssllabs happy, disable TLS 1.0 and 1.1 in the web server only (you can still use them from JS etc).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Friday, January 24, 2020 10:38:37
src/sbbs3 websrvr.c 1.702 1.703
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv13539
Modified Files:
websrvr.c
Log Message:
Comment out TLS 1.2 minver. Too many existing things don't support 1.2.
We don't need PCI DSS compliance I hope, we just want people doing things.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Tracker1@VERT/TRN to
deuce on Sunday, January 26, 2020 08:10:02
Re: src/sbbs3/websrvr.c
By: deuce to CVS commit on Thu Jan 23 2020 09:27:47
For what it's worth, we've been using the following list of ciphers where I work... seems to have decent security/compatibility currently.
ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE-RSA-AES128-GCM-SHA256
DHE-RSA-AES256-GCM-SHA384
--
Michael J. Ryan
+o roughneckbbs.com
bbs@tracker1.dev
---
þ Synchronet þ Roughneck BBS - coming back 2/2/20
-
From
rswindell@VERT to
CVS commit on Thursday, March 05, 2020 12:22:46
src/sbbs3 websrvr.c 1.703 1.704
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
websrvr.c
Log Message:
Fix NULL pointer dereference in CGI handling:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fb3be8ce071 in do_cgi_stuff (session=0x7fb2fbfaac40, cgi=0x7fb2fbfaa850, orig_keep=1) at websrvr.c:4376
4376 SKIP_WHITESPACE(value);
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, March 10, 2020 18:07:32
src/sbbs3 websrvr.c 1.705 1.706
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv12695
Modified Files:
websrvr.c
Log Message:
Since lprintf() sends to stdout in sbbscon foreground mode, we must call
it before redirecting stdout to the pipe.
Likely fixes CGI errors seen by alterego (and has been broken for almost fifteen years).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Tuesday, March 10, 2020 18:51:06
src/sbbs3 websrvr.c 1.706 1.707
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv19117
Modified Files:
websrvr.c
Log Message:
Move lprintf() out of fork() child... it uses a mutex and the state of
mutexes are undefined in children.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, April 05, 2020 01:04:47
src/sbbs3 websrvr.c 1.708 1.709
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv2052
Modified Files:
websrvr.c
Log Message:
Support CGI over TLS on *nix.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, April 05, 2020 03:01:24
src/sbbs3 websrvr.c 1.709 1.710
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv24259
Modified Files:
websrvr.c
Log Message:
Don't attempt to read a FastCGI body if the header type is zero.
Should fix the POST/GET hangs on the wiki once DigitalMan updates.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, April 05, 2020 13:29:09
src/sbbs3 websrvr.c 1.710 1.711
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv22341
Modified Files:
websrvr.c
Log Message:
Add some paranoia for handling FCGI_END_REQUEST.
While the FastCGI read_wait_timeout function should never return
CGI_*_READY with CGI_PROCESS_TERMINATED, it looks like somehow on some
systems, there's an additional select() happening after the process is
done.
Explicitly track this, and try to prevent it.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, April 05, 2020 14:15:21
src/sbbs3 websrvr.c 1.711 1.712
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv757
Modified Files:
websrvr.c
Log Message:
Fix bug in last commit... !
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
deuce@VERT to
CVS commit on Sunday, April 05, 2020 15:12:21
src/sbbs3 websrvr.c 1.712 1.713
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv4082
Modified Files:
websrvr.c
Log Message:
Just because there is a Location: header does not mean we should not send
a body. Broken by HSTS enhancement.
There's a (small) possibility that the HSTS enhancement is now broken.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Monday, May 25, 2020 14:59:16
src/sbbs3 websrvr.c 1.716 1.717
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
websrvr.c
Log Message:
Fix transmission of files >= 2GB in size on systems that support large file offsets
(64-bit off_t), e.g. 64-bit Linux. Issue reported by plt via irc.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Monday, May 25, 2020 18:38:55
src/sbbs3 websrvr.c 1.717 1.718
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23357
Modified Files:
websrvr.c
Log Message:
Improve send-file performance on Windows (over Gb Ethernet LAN) from about 1 MBytes/second to 25+ MBytes/second by increasing the size of the ringbuffer (from 20 -> 256 KBytes) and the size of the file-read buffer in sock_sendfile().
Also log the through-put (in cps) when a file is sent.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Monday, May 25, 2020 19:05:57
src/sbbs3 websrvr.c 1.718 1.719
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
websrvr.c
Log Message:
Address gcc warning: format '%d' expects argument of type 'int', but arg
has type 'long int'
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Saturday, August 08, 2020 12:04:58
src/sbbs3 websrvr.c 1.719 1.720
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17800
Modified Files:
websrvr.c
Log Message:
The problem: the sysop (me) is not notified of critical errors (e.g. synchro.net zone file problems) in a timely manner.
Part of the solution: notify a configured user (e.g. user #1) via short-message/telegram and email/netmail logged-errors when messages of a configured severity (e.g. "Critical") are logged.
The second part of the solution (coming next) will be allowing timed events to log a message of a configurable severity logged when the event fails (returns a non-zero error level to sbbs).
I'm saving the error-notification-user-number and log-severity as part of the node.cnf file because:
- that's where the validation user number is already set
- I can conceive of a large system were certain node ranges (different instances of sbbs) might want different operators to be notified of logged-errors
This also means I eliminated all the legacy com port/modem stuff from the end of the node.cnf file. None of that is used in sbbs v3.
Also included in this commit are improvements around logging:
- reduce the severity of UDP recvfrom failures in services
- a more detailed log message when the mail server successfully delivers an email (via SMTP) - easier to answer the question: was that email you/they sent delivered successfully?
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to sbbs/master on Monday, October 12, 2020 11:31:22
https://gitlab.synchro.net/sbbs/sbbs/-/commit/c9db48cec8efd56f8291443d
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix requests to the webserver using IPv6 address
http://[1234:1234::] requests. The host portion contains ":" after split_port_part(), resulting in a 400 error.
Renaming is_legal_hostname() to is_legal_host(), since requests to webservers are to
"hosts" not "hostnames".
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to sbbs/master on Monday, October 12, 2020 11:31:22
-
From
Rob Swindell@VERT to
Git commit to sbbs/master on Friday, October 16, 2020 20:53:45
https://gitlab.synchro.net/sbbs/sbbs/-/commit/37a23fea45bbdb3589e7d909
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix heap corruption that could occur when HSTS feature is enabled
At least on Windows, when realloc() is used to allocate a new buffer,
guess what's in that buffer initially? undefined values. So you can't
strcat() onto the end of that! Ouch. This was a fun one to track down.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to sbbs/master on Wednesday, November 04, 2020 23:28:33
-
From
Stephen Hurd@VERT to
Git commit to sbbs/master on Monday, November 16, 2020 23:25:24
-
From
Rob Swindell@VERT to
Git commit to sbbs/master on Monday, November 16, 2020 23:39:04
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Wednesday, February 17, 2021 10:55:55
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Wednesday, February 17, 2021 10:59:17
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Friday, February 19, 2021 22:31:58
https://gitlab.synchro.net/main/sbbs/-/commit/5d3de1eea3288155bc7a630e
Modified Files:
src/sbbs3/websrvr.c
Log Message:
For the cases we'll send a Content-Length of zero, do not send content.
Should fix #223
Introduced in d56ba01f which likely fixed some stuff on the wiki.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Friday, February 19, 2021 23:03:13
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Friday, March 19, 2021 21:25:53
https://gitlab.synchro.net/main/sbbs/-/commit/b881935a0f28b65f66d6218c
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Track the active client "highwater mark" (highest number of concurrent clients)
Could be useful for knowing if you need to increase MaxClients for typical usage.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Monday, March 22, 2021 22:37:38
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Tuesday, March 30, 2021 21:12:56
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Sunday, April 04, 2021 13:15:46
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Sunday, April 04, 2021 13:29:04
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Saturday, June 05, 2021 00:42:05
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Saturday, June 05, 2021 00:42:05
https://gitlab.synchro.net/main/sbbs/-/commit/a487e0c681d380e01a76deeb
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Don't allow colons in web-requested path names on Windows
This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other potential pathname issues on Windows involving colons.
There are other illegal filename characters on Windows (e.g. <>|"?*), but filenames with these characters aren't expected to pass the later stat() test, so should fail with a 404 error.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Thursday, July 01, 2021 13:41:24
https://gitlab.synchro.net/main/sbbs/-/commit/f38adc13f4b5169a0d59cbce
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix NULL pointer dereference in read_post_data()
What took down cvs/sbbs yesterday:
Program terminated with signal SIGSEGV, Segmentation fault.
6203 session->req.post_data[session->req.post_len]=0; [Current thread is 1 (Thread 0x7f2b989ff700 (LWP 17031))]
(gdb) print post_len
No symbol "post_len" in current context.
(gdb) print session->req.post_len
$1 = 0
(gdb) print session->req.post_data
$2 = 0x0
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Saturday, January 15, 2022 18:09:53
https://gitlab.synchro.net/main/sbbs/-/commit/f2858ee600525704d27011e0
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Add support for web request path aliases (defined in web_alias.ini)
Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
/Synchronet/ = /files/main/sbbs/
for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Sunday, January 16, 2022 22:23:06
https://gitlab.synchro.net/main/sbbs/-/commit/005633b1fffb7b6df70cb13b
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Log requests that resolve outside of the web root as hack attempts
"Request for x is outside of the web root" was already logged (with a "NOTICE" log level), but would not sound the hack attempt alarm (on Windows) or log to the hack.log. Now it does.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Ragnarok@VERT/DOCKSUD to
Rob Swindell on Monday, January 17, 2022 11:57:21
El 15/1/22 a las 23:09, Rob Swindell escribi¢:
https://gitlab.synchro.net/main/sbbs/-/commit/f2858ee600525704d27011e0 Modified Files:
src/sbbs3/websrvr.c
Log Message:
Add support for web request path aliases (defined in web_alias.ini)
Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
/Synchronet/ = /files/main/sbbs/
for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).
---
¨ Synchronet ¨ Vertrauen ¨ Home of Synchronet ¨ [vert/cvs/bbs].synchro.net
alias portion (webrequest) can support multiple levels? like:
/ftp/main/ansis = /sbbs/data/main/ansis
/ftp/other/upload = /home/pepe/uploads
??
---
þ Synchronet þ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
-
From
Digital Man@VERT to
Ragnarok on Monday, January 17, 2022 13:05:44
Re: Re: src/sbbs3/websrvr.c
By: Ragnarok to Rob Swindell on Mon Jan 17 2022 11:57 am
alias portion (webrequest) can support multiple levels? like:
/ftp/main/ansis = /sbbs/data/main/ansis
/ftp/other/upload = /home/pepe/uploads
Yes. But they likely should end in a '/' too.
--
digital man (rob)
This Is Spinal Tap quote #25:
Viv Savage: Have... a good... time... all the time. That's my philosophy. Norco, CA WX: 58.0øF, 80.0% humidity, 3 mph NW wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Sunday, January 30, 2022 14:35:53
https://gitlab.synchro.net/main/sbbs/-/commit/d8c099dbc962727df2723650
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix HTTP-requests for files >= 2GB in size
An int is 32-bits on all supported platforms, so this has always been broken. The actual file size/request-length sent would depend on fun 2's complement math (a 32GB file was being truncated to 433MB).
Also fixed some wrong uses of PRIuOFF: off_t is a signed integer, so technically the maximum file size you can request now is 2^63 bytes, which is "big enough".
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Monday, February 28, 2022 22:33:31
https://gitlab.synchro.net/main/sbbs/-/commit/c0f42027dded92626251d686
Modified Files:
src/sbbs3/websrvr.c
Log Message:
I don't know what I was smoking when I did this, but it's fixed now.
Weird early failure return on TLS sends. Most noticible on local
(ie: fast) connections, but clearly stupid all around when you
look at the code.
Fixed, but some day, I should go back and look how we eneded up in
this mess.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Sunday, March 20, 2022 16:26:47
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Monday, April 04, 2022 19:54:27
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Saturday, June 04, 2022 20:36:14
https://gitlab.synchro.net/main/sbbs/-/commit/a82559e327b74c4513751593
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Use safe string formatting to squelch warnings
Attempt to address 2 GCC version 11.2.0 2 warnings reported by Nelgin
`%s' directive writing up to 3 bytes into a region of size between 1 and 4097
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Monday, June 06, 2022 15:23:48
https://gitlab.synchro.net/main/sbbs/-/commit/2e67162225de28219d747ed1
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Perform a JS garbage collection for each new request in a reused session
A reused HTTP session would never (apparently) perform garbage collection.
The evidence of this was the collection of concurrent user.dat file opens
that would never close until the HTTP sessions were closed. Hundreds or
even thousands of open user.dat's have been seen. After this change,
active web server (webv4 UI) users have not caused these spikes in open user.dat files, at least in my testing.
If no garbage collection was being performed, then likely a lot of JS
heap was being needlessly wasted, which could eventually result in a JS
"out of memory" error. But that's just a theory.
Investigation is needed into why the js_CommonOperationCallback()'s calls to JS_MaybeGC() were not sufficient to actually perform garbage collection
in this case.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Wednesday, August 03, 2022 18:10:22
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Tuesday, August 09, 2022 19:38:25
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Sunday, August 21, 2022 18:35:34
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Friday, January 06, 2023 14:21:41
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Monday, January 30, 2023 17:13:57
https://gitlab.synchro.net/main/sbbs/-/commit/94f85d5f1c8d8792975b5b03
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix MQTT-published action/login message for web server users
e.g. 20230130T171211-480 0 <unknown user> 76.89.231.66 <no name>
the user number name actually *are* known at this stage
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Debian Linux)@VERT to
Git commit to main/sbbs/master on Saturday, February 04, 2023 21:30:51
https://gitlab.synchro.net/main/sbbs/-/commit/fe30acd5338cf267c284f0c0
Modified Files:
src/sbbs3/websrvr.c
Log Message:
More details in "Failure to send header/request to FastCGI socket" log msg
Elevate the log level back to ERROR (from WARNING), as this is not an expected condition and the sysop (me) should be alerted right away. This had previously be lowered (along with some other log messages) from ERROR to WARNING.
When php-fpm is updated (on Debian, anyway), e.g. from 8.1 to 8.2, a new etc/php configuration (pool.d) directory was used which set me back to a default www.conf file that uses Unix domain sockets instead of TCP sockets.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Debian Linux)@VERT to
Git commit to main/sbbs/master on Saturday, February 04, 2023 23:23:26
https://gitlab.synchro.net/main/sbbs/-/commit/38b9bc8a15b819c87235b2c6
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Add UNIX domain FastCGI support
Resolves a long-standing todo comment and has made wiki.synchro.net page rendering even faster.
PHP-FPM defaults to creating/listening on UNIX domain sockets.
This resolves gitlab issue #507
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Windows)@VERT to
Git commit to main/sbbs/master on Sunday, February 05, 2023 13:12:23
-
From
Rob Swindell (on Windows)@VERT to
Git commit to main/sbbs/master on Monday, February 06, 2023 11:57:23
https://gitlab.synchro.net/main/sbbs/-/commit/6049bc00c20620b31d6f2d41
Modified Files:
src/sbbs3/websrvr.c
Log Message:
If the FastCGI address starts with a '/', it's obviously a UNIX domain socket
We don't really need the "unix:" prefix now, but just leave that support in
for backward compatibility.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Windows)@VERT to
Git commit to main/sbbs/master on Monday, February 06, 2023 12:37:21
https://gitlab.synchro.net/main/sbbs/-/commit/73a821b70820580fcf3bba9a
Modified Files:
src/sbbs3/websrvr.c
Log Message:
If the FastCGI address begins with a '.', treat as UNIX Domain Socket as well
<Deuce> So the [previous] change doesn't work with relative paths?
So... support relative UDS paths in this manner (without the "unix:" prefix)
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Debian Linux)@VERT to
Git commit to main/sbbs/master on Monday, March 13, 2023 19:41:29
-
From
Rob Swindell (on ChromeOS)@VERT to
Git commit to main/sbbs/master on Sunday, March 26, 2023 19:58:09
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Sunday, December 17, 2023 17:53:23
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Monday, December 18, 2023 23:58:19
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Tuesday, December 19, 2023 20:20:18
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Thursday, January 04, 2024 19:17:35
https://gitlab.synchro.net/main/sbbs/-/commit/850a6595d70e78025c5a8f29
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Don't pass a TLS session ID of 0 js_CreateCommonObjects() for non-TLS sessions
The proper sentinel value here for "no TLS session" is -1, not 0.
This, at minimum, was causing a lot of extraneous calls to destroy_session() (from js_socket.c's do_js_close()) with an invalid (hopefully, not
otherwise used) cryptlib session ID of 0.
Nothing checks or logs the return value of destroy_session(), but I'd expect
it to be failing ... a lot.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Sunday, January 07, 2024 19:19:40
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Monday, January 15, 2024 21:14:44
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Wednesday, February 07, 2024 14:58:35
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Friday, February 09, 2024 09:07:36
https://gitlab.synchro.net/main/sbbs/-/commit/5bd8253c7c482272b9a4ea1f
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Temporary workaround for TLS issue.
It appears that if the timing is "just wrong", a large POST can
cause TLS to fail. This has shown up as an inability to edit
pages in the wiki.
This is not a fix however, but simple a workaround until this is
root-caused.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Tuesday, February 13, 2024 23:38:15
https://gitlab.synchro.net/main/sbbs/-/commit/6326f6d0d33019f5af7b31fb
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Set javascript callback "terminated" flag to true when recycling
(or terminating) the server.
This will allow background JS threads to terminate when recycling, so the server doesn't just hang indefinitelyi when recycling.
Add more logging in cleanup() when waiting for children threads to terminate.
Also, eliminate the global 'terminate' variable, answering the question:
Can this be changed to a if(ws_set!=NULL) check instead?
Yes, yes it can.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on ChromeOS)@VERT to
Git commit to main/sbbs/master on Wednesday, February 14, 2024 00:28:02
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Thursday, February 15, 2024 22:55:31
https://gitlab.synchro.net/main/sbbs/-/commit/8d7d9eb22fbabde369e6ab31
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Lower severity of "Response file path is NULL" log msg from CRIT to WARNING
This is not a completely unexpected thing to happen during ungraceful termination
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Wednesday, February 21, 2024 07:47:10
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Monday, March 18, 2024 21:22:06
https://gitlab.synchro.net/main/sbbs/-/commit/e9778331b2584afc731f45bc
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix a bunch of false "File sent" logs (and uploader-notifications)
Web browsers tend start a download and then immediately close the socket
(so now send_failed will be true), while on a secondary socket, do a range download of the same file.
So log the range requests/completions and don't log successful file sends
when the send was terminated due to a send failure.
We still count very small (e.g. 2 byte) ranges as successful file transfers
and notify the uploader (of a partial download), so we should fix those
issues still. But at least now, there's a whole lot less "noise" created
from HTTP[S} file downloads via browser.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Saturday, March 23, 2024 17:11:55
https://gitlab.synchro.net/main/sbbs/-/commit/3711e03ad615c3183aa401b4
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Use volatile keyword to (maybe) fix CID 488122: Data race condition
Ideally, I'd use atomic_bool instead, but we're using an older WinSDK for Win7 compatibility and so... can't.
Perhaps an xpdev 'protected_bool_t' should be created.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Sunday, March 24, 2024 15:46:02
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Sunday, April 21, 2024 21:44:14
https://gitlab.synchro.net/main/sbbs/-/commit/920902f3db4c4eac5ebcaf57
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix bug with error files (e.g. 404.html) introduced in commit 90de10cf
Deuce expanded the local 'error_code' buf to not trip the SAFECOPY macro destionation buffer length check. Only this buffer needed to be 4 chars
exactly to truncate the 'message' string at 3 chars (e.g. just "404" for an error message string that starts with "404 "). Switch from SAFECOPY to strlcpy to eliminate this bug.
As reported by Ragnarok as part of issue #748
The web error files should work again.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Monday, April 22, 2024 21:55:15