• src/sbbs3/websrvr.c

    From Rob Swindell@VERT to Git commit to main/sbbs/master on Fri Jun 4 20:42:05 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/9f7894575eed369cfd56ad40
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Remove incorrect and unnecessary comment.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Fri Jun 4 20:42:05 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/a487e0c681d380e01a76deeb
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Don't allow colons in web-requested path names on Windows

    This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other potential pathname issues on Windows involving colons.

    There are other illegal filename characters on Windows (e.g. <>|"?*), but filenames with these characters aren't expected to pass the later stat() test, so should fail with a 404 error.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Thu Jul 1 13:41:24 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/f38adc13f4b5169a0d59cbce
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix NULL pointer dereference in read_post_data()

    What took down cvs/sbbs yesterday:
    Program terminated with signal SIGSEGV, Segmentation fault.
    6203 session->req.post_data[session->req.post_len]=0; [Current thread is 1 (Thread 0x7f2b989ff700 (LWP 17031))]
    (gdb) print post_len
    No symbol "post_len" in current context.
    (gdb) print session->req.post_len
    $1 = 0
    (gdb) print session->req.post_data
    $2 = 0x0

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jan 15 18:09:53 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/f2858ee600525704d27011e0
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add support for web request path aliases (defined in web_alias.ini)

    Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
    /Synchronet/ = /files/main/sbbs/
    for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Jan 16 22:23:06 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/005633b1fffb7b6df70cb13b
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Log requests that resolve outside of the web root as hack attempts

    "Request for x is outside of the web root" was already logged (with a "NOTICE" log level), but would not sound the hack attempt alarm (on Windows) or log to the hack.log. Now it does.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Ragnarok@VERT/DOCKSUD to Rob Swindell on Mon Jan 17 11:57:21 2022
    El 15/1/22 a las 23:09, Rob Swindell escribió:
    https://gitlab.synchro.net/main/sbbs/-/commit/f2858ee600525704d27011e0 Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add support for web request path aliases (defined in web_alias.ini)

    Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
    /Synchronet/ = /files/main/sbbs/
    for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).
    ---
    Ę Synchronet Ę Vertrauen Ę Home of Synchronet Ę [vert/cvs/bbs].synchro.net

    alias portion (webrequest) can support multiple levels? like:

    /ftp/main/ansis = /sbbs/data/main/ansis
    /ftp/other/upload = /home/pepe/uploads

    ??

    ---
    ■ Synchronet ■ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
  • From Digital Man@VERT to Ragnarok on Mon Jan 17 13:05:44 2022
    Re: Re: src/sbbs3/websrvr.c
    By: Ragnarok to Rob Swindell on Mon Jan 17 2022 11:57 am

    alias portion (webrequest) can support multiple levels? like:

    /ftp/main/ansis = /sbbs/data/main/ansis
    /ftp/other/upload = /home/pepe/uploads

    Yes. But they likely should end in a '/' too.
    --
    digital man (rob)

    This Is Spinal Tap quote #25:
    Viv Savage: Have... a good... time... all the time. That's my philosophy. Norco, CA WX: 58.0°F, 80.0% humidity, 3 mph NW wind, 0.00 inches rain/24hrs
    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Jan 30 14:35:53 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/d8c099dbc962727df2723650
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix HTTP-requests for files >= 2GB in size

    An int is 32-bits on all supported platforms, so this has always been broken. The actual file size/request-length sent would depend on fun 2's complement math (a 32GB file was being truncated to 433MB).

    Also fixed some wrong uses of PRIuOFF: off_t is a signed integer, so technically the maximum file size you can request now is 2^63 bytes, which is "big enough".

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deuc┬┐@VERT to Git commit to main/sbbs/master on Mon Feb 28 22:33:31 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/c0f42027dded92626251d686
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    I don't know what I was smoking when I did this, but it's fixed now.

    Weird early failure return on TLS sends. Most noticible on local
    (ie: fast) connections, but clearly stupid all around when you
    look at the code.

    Fixed, but some day, I should go back and look how we eneded up in
    this mess.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Mar 20 16:26:47 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/cd4066a287da2b52e7aec775
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Resolve warning about enum value not handled in switch() statement

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Mon Apr 4 19:54:27 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/a7f6b8549d24feb43c83ee44
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Include client IP address in HTTP-level error log messages

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jun 4 20:36:14 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/a82559e327b74c4513751593
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Use safe string formatting to squelch warnings

    Attempt to address 2 GCC version 11.2.0 2 warnings reported by Nelgin
    `%s' directive writing up to 3 bytes into a region of size between 1 and 4097

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Mon Jun 6 15:23:48 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/2e67162225de28219d747ed1
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Perform a JS garbage collection for each new request in a reused session

    A reused HTTP session would never (apparently) perform garbage collection.
    The evidence of this was the collection of concurrent user.dat file opens
    that would never close until the HTTP sessions were closed. Hundreds or
    even thousands of open user.dat's have been seen. After this change,
    active web server (webv4 UI) users have not caused these spikes in open user.dat files, at least in my testing.

    If no garbage collection was being performed, then likely a lot of JS
    heap was being needlessly wasted, which could eventually result in a JS
    "out of memory" error. But that's just a theory.

    Investigation is needed into why the js_CommonOperationCallback()'s calls to JS_MaybeGC() were not sufficient to actually perform garbage collection
    in this case.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Wed Aug 3 18:10:22 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/639460420c349337f3d3ceef
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Update log messages for execle() or fork() failures

    To be more consistent in syntax and include more details (e.g. the command being invoked).

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Tue Aug 9 19:38:25 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/b6cdc4730e6ca52fc0fc093b
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Log message improvements: include protocol (HTTP vs HTTPS) and IP address

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Aug 21 18:35:34 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/2458bfc3e336939c4893a360
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Improve JavaScript-related error messages

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Deuc┬┐@VERT to Git commit to main/sbbs/master on Fri Jan 6 14:21:41 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/650abd10bff9293db51f22fd
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add a "scheme" property to http_request object

    Value is "http" or "https" depending on if TLS is in use.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Mon Jan 30 17:13:57 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/94f85d5f1c8d8792975b5b03
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix MQTT-published action/login message for web server users

    e.g. 20230130T171211-480 0 <unknown user> 76.89.231.66 <no name>

    the user number name actually *are* known at this stage

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sat Feb 4 21:30:51 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/fe30acd5338cf267c284f0c0
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    More details in "Failure to send header/request to FastCGI socket" log msg

    Elevate the log level back to ERROR (from WARNING), as this is not an expected condition and the sysop (me) should be alerted right away. This had previously be lowered (along with some other log messages) from ERROR to WARNING.

    When php-fpm is updated (on Debian, anyway), e.g. from 8.1 to 8.2, a new etc/php configuration (pool.d) directory was used which set me back to a default www.conf file that uses Unix domain sockets instead of TCP sockets.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sat Feb 4 23:23:26 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/38b9bc8a15b819c87235b2c6
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add UNIX domain FastCGI support

    Resolves a long-standing todo comment and has made wiki.synchro.net page rendering even faster.

    PHP-FPM defaults to creating/listening on UNIX domain sockets.

    This resolves gitlab issue #507

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Sun Feb 5 13:12:23 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/d2ef0fe2ccfacd2b5805b6c4
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix webserver build on Windows - no UNIX domain socket support

    According to https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
    it is possible, but I think I'm using an WinSDK that's too old, so let's just not support this feature on Windows just yet. Define UDS_SUPPORT when supported.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Mon Feb 6 11:57:23 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/6049bc00c20620b31d6f2d41
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    If the FastCGI address starts with a '/', it's obviously a UNIX domain socket

    We don't really need the "unix:" prefix now, but just leave that support in
    for backward compatibility.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Mon Feb 6 12:37:21 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/73a821b70820580fcf3bba9a
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    If the FastCGI address begins with a '.', treat as UNIX Domain Socket as well

    <Deuce> So the [previous] change doesn't work with relative paths?

    So... support relative UDS paths in this manner (without the "unix:" prefix)

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Mon Mar 13 19:41:29 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/db6e54740d51622cfdda6ccc
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Include protocol and client IP address in FastCGI send error log msg

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on ChromeOS)@VERT to Git commit to main/sbbs/master on Sun Mar 26 19:58:09 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/2dc32fab0bda70f194ecd6cf
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Don't query the active_clients count twice in a row

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Tue Nov 21 20:45:25 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/6697e52d90e024eb602aa2ac
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Don't try to send 0-byte files

    Saves some opening, reading, and logging, but otherwise was harmeless.

    Fix issue #422

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Wed Nov 22 23:00:36 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/5546278f0146522c886cca18
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Open SBBS_SSJS.*.html response file(s) only when actually writing data

    The first write to a the temporary SBBS_SSJS.*.html file will open the file. This should reduce the number of 0-byte files left laying around in the the temp directory, which shouldn't be happening in the first place.

    Also:
    Fixed bug noticed in temp file clean up loop: POST data files would *also*
    be retained when the DEBUG_SSJS option flag is set.

    Also:
    Replace some unsafe string operations with safe equivalents.

    Happy Thanksgiving Nelgin!

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thu Nov 23 17:49:22 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/274efc589d79d20711f04da2
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    A little clean-up around FILE* opening/closing, error handling

    "HTTP Logging" replaced in log messages with "Web Server access-logging".

    Using new FCLOSE_OPEN_FILE macro to close and NULify open FILE*'s.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Sat Nov 25 20:27:48 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/786add2421406f8f9ed9e113
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Replace IPv6 colons in access-log filenames with exclaimation marks on Windows

    Colons are not legal filename characters on Windows and when virtual hosts are enabled, the IPv6 address of the server may be used in the access-log filename so we need to clean that up or errors opening/creating the access-log files occur.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net