14:40 florian usr.sbin/slowcgi/slowcgi.c 1.50
Add format attribute to logger functions. Fix format string while here. Input & OK benno@
08:23 reyk usr.sbin/slowcgi/slowcgi.c 1.49
As suggested by the FastCGI spec, zero-pad the response buffers to be aligned to 8 bytes. This matches what most other implementations are doing. While here, make sure that the allocated response buffers are zero'ed out.
OK florian@
09:04 tag OPENBSD_5_9_BASE added
09:04 tag OPENBSD_6_0_BASE added
09:04 tb usr.sbin/slowcgi/slowcgi.c 1.48
typo in error message: to -> too
ok florian@
19:15 florian usr.sbin/slowcgi/slowcgi.c 1.47
pledge(2) for slowcgi. After initialization slowcgi accepts from a AF_UNIX socket, forks and execs. After fork we only need to close(2), chdir(2) and exec. OK benno@
19:14 florian usr.sbin/slowcgi/slowcgi.c 1.46
re-shuffle slowcgi_listen to run less code as root. OK benno@
20:15 millert usr.sbin/slowcgi/slowcgi.c 1.45
Output the contents of the environment in debug mode which is most helpful in debugging interactions between httpd and slowcgi. OK florian@
18:22 tag OPENBSD_5_7_BASE added
18:22 tag OPENBSD_5_8_BASE added
18:22 florian usr.sbin/slowcgi/slowcgi.c 1.44
Clean up includes, while here fix a white space which lead to a false positive during grep'ing. OK reyk
21:18 guenther usr.sbin/slowcgi/slowcgi.c 1.43
The kernel doesn't actually care what a sockaddr's sa_len is on input, so don't waste code setting it
improvment and ok florian@
06:40 deraadt usr.sbin/slowcgi/slowcgi.c 1.42
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
12:12 blambert usr.sbin/slowcgi/slowcgi.c 1.41
read(2) returns ssize_t, not size_t
ok florian@
20:02 florian usr.sbin/slowcgi/Makefile 1.2
enable warnings
20:01 florian usr.sbin/slowcgi/slowcgi.c 1.40
Bail out if the buffer is too small to contain the length of a parameter value. Found while investigating a dead store pointed out by llvm scan-build.
19:59 florian usr.sbin/slowcgi/slowcgi.c 1.39
dead stores; pointed out by llvm scan-build; no binary change
19:58 florian usr.sbin/slowcgi/slowcgi.c 1.38
pause shadows global; pointed out by gcc; no binary change
19:57 florian usr.sbin/slowcgi/slowcgi.c 1.37
mode is unused; pointed out by gcc; no binary change
19:56 florian usr.sbin/slowcgi/slowcgi.c 1.36
declare lerr and lerrx __dead; unconfuses llvm scan-build
21:28 florian usr.sbin/slowcgi/slowcgi.c 1.35
Instead of doing the fcntl(2) and ioctl(2) song and dance just tell socket(2) and accept4(2) that we want non-blocking-close-on-exec sockets. OK benno@
08:09 jmc usr.sbin/slowcgi/slowcgi.8 1.11
fix previous, and add a SEE ALSO section for httpd;
20:03 robert usr.sbin/slowcgi/slowcgi.8 1.10
remove nginx references
21:46 tag OPENBSD_5_6_BASE added
21:46 claudio usr.sbin/slowcgi/slowcgi.c 1.34
Use lerrx instead of errx since the logging subsystem is already initialized. OK florian@
14:38 florian usr.sbin/slowcgi/slowcgi.8 1.9
usr.sbin/slowcgi/slowcgi.c 1.33
Implement -u (user to drop privs to) and -p flag (path to chroot to). This allows to run slowcgi non-chrooted with -p /, requested by at least ratchov@ and henning@. Input by many, OK ratchov@ on a previous diff, "looks good" millert@, man page bits tweak and OK schwarze@ (all some time ago); OK henning@
14:33 florian usr.sbin/slowcgi/slowcgi.8 1.8
usr.sbin/slowcgi/slowcgi.c 1.32
Cleanup socket creation. Input ajacoutot some time ago; OK henning@
14:43 florian usr.sbin/slowcgi/slowcgi.c 1.31
My previous attempt to chdir(2) to the directory containing the cgi script was not quite right. slowcgi would try to chdir("") with a SCRIPT_NAME of /foo.cgi; chdir("/") in that case. I'm not sure how one would configure nginx/slowcgi to get to that point though. OK benno@
19:25 florian usr.sbin/slowcgi/slowcgi.c 1.30
Calculate the length of name and value for parameters the right way around for the 4 byte encoding. With this QUERY_STRING can be longer than 127 bytes. Found the hard way while playing with smokeping. OK benno@
08:46 florian usr.sbin/slowcgi/slowcgi.c 1.29
httpd(8) did a chdir(2) to the directory containing the cgi script. As there might be scripts depending on this do the same in slowcgi(8).
pointed out and OK ratchov@
13:39 florian usr.sbin/slowcgi/slowcgi.c 1.28
jturner pointed out that if one wants to run cgi scripts outside /cgi-bin SCRIPT_NAME doesn't cut it. The spec says: "The SCRIPT_NAME variable MUST be set to a URL path". Use SCRIPT_FILENAME which can be an absolute filesystem path for these cases and fall back to using SCRIPT_NAME if SCRIPT_FILENAME is not present. Details how to handle this worked out by jturner and sthen. Based on an erlier diff by jturner. Tested by jturner OK jturner, sthen
13:00 tag OPENBSD_5_5_BASE added
13:00 florian usr.sbin/slowcgi/slowcgi.8 1.7
Better explanation what slowcgi(8) is for. Room for improvements pointed out by deraadt@ Tweaks/OK jmc@ OK deraadt@
12:47 deraadt usr.sbin/slowcgi/slowcgi.8 1.6
Wording improvements from Patrik Lundin
00:01 djm usr.sbin/slowcgi/slowcgi.c 1.27
fix reaper loop that could run indefinitely
log execve() failures to syslog (very useful for debugging SCRIPT_NAME problems)
ok florian@
10:48 florian usr.sbin/slowcgi/slowcgi.8 1.5
Make it clear that slowcgi(8) drops privileges to user www. Pointed out some time ago by blambert. OK jmc, blambert
21:53 florian usr.sbin/slowcgi/slowcgi.c 1.26
Initialize sun_len, pointed out by deraadt@. While there also check length of socket path, more relevant now since an alternative socket can be specified. OK benno@
17:59 florian usr.sbin/slowcgi/slowcgi.c 1.25
Fix a potential file descriptor overlap in exec_cgi() by making sure that file descriptors zero to two are always open when starting slowcgi. pointed out, with and looks good to deraadt@
15:29 florian usr.sbin/slowcgi/slowcgi.c 1.24
We need to loop around waitpid to catch all exited children as we are not guaranteed to get one signal per child. pointed out by deraadt OK benno, blambert
18:19 florian usr.sbin/slowcgi/slowcgi.c 1.23
Do not leak fds in fork(2) error path. pointed out by deraadt@
18:17 florian usr.sbin/slowcgi/slowcgi.c 1.22
Check for EINTR, too. pointed out by deraadt@
18:16 florian usr.sbin/slowcgi/slowcgi.c 1.21
No need for volatile here. pointed out by deraadt@
16:47 deraadt usr.sbin/slowcgi/slowcgi.c 1.20
spelling, spacing, etc
09:36 benno usr.sbin/slowcgi/slowcgi.c 1.19
reserve file descriptors for incoming connections so we will be able to actually run the cgi for them later on. mirrored on relayd. ok florian@ blambert@
14:18 florian usr.sbin/slowcgi/slowcgi.c 1.18
Keep track of which fds were closed before and only close those still open. Otherwise if there are parallel requests and the timing is just right we were closing random fds from other connections. OK blambert
14:48 florian usr.sbin/slowcgi/slowcgi.c 1.17
Do not fiddle with the response queue directly but go through a new slowcgi_add_response() function. This ensures that we always do an event_add. OK blambert
14:47 florian usr.sbin/slowcgi/slowcgi.c 1.16
Logging to syslog works better with openlog(3). OK blambert
14:46 florian usr.sbin/slowcgi/slowcgi.c 1.15
Use a dedicated socketpair for stdin, makes the code more symetric and gets rid of shutdown(2) which might cause problems. OK blambert
14:44 florian usr.sbin/slowcgi/slowcgi.c 1.14
Calculate correct pointer for fcgi_{begin,end}_request_body. input / OK blambert
14:43 florian usr.sbin/slowcgi/slowcgi.c 1.13
Calculate correct pointer for end_request; while there initialize reserved to zero. OK blambert
14:42 florian usr.sbin/slowcgi/slowcgi.c 1.12
set FD_CLOEXEC OK blambert
09:21 blambert usr.sbin/slowcgi/slowcgi.c 1.11
adjust the names to more accurately reflect the names of structs and functions as they relate to the FastCGI protocol
style(9)ize some function declarations while here
ok florian@
09:31 blambert usr.sbin/slowcgi/slowcgi.c 1.10
Sprinkle some comments which clarify the protocol/process flow.
ok florian@
12:17 blambert usr.sbin/slowcgi/slowcgi.c 1.9
When dumping FastCGI protocol headers during debug, dump the "request begin" and "request end" protocol entries in addition
While here, make the "FastCGI request body" struct's name more precise (fcgi_end_request -> fcgi_end_request_body).
okay florian@
07:36 blambert usr.sbin/slowcgi/slowcgi.c 1.8
Use the correct buffer size for memory allocation and reads.
okay florian@
07:10 blambert usr.sbin/slowcgi/slowcgi.c 1.7
If the CGI script died due to receipt of signal, pass that back to the HTTP frontend as the "application return status".
While here, add a pair of informative debugging statements.
ok florian@
08:02 blambert usr.sbin/slowcgi/slowcgi.8 1.4
usr.sbin/slowcgi/slowcgi.c 1.6
slowcgi grows an option to specify an alternate FastCGI socket on which to listen.
okay dcoppa@, henning@, florian@
manpage okay from jmc@
07:12 blambert usr.sbin/slowcgi/slowcgi.c 1.5
Give slowcgi a style(9) scrubbing. No functional change.
ok florian@
14:11 tag OPENBSD_5_4_BASE added
14:11 florian usr.sbin/slowcgi/slowcgi.8 1.3
usr.sbin/slowcgi/slowcgi.c 1.4
move bgplg and slowcgi sockets to /var/www/run input reyk@, guenther@ "move fast" deraadt@ OK naddy@
16:23 jmc usr.sbin/slowcgi/slowcgi.8 1.2
tweaks; ok florian
16:13 florian usr.sbin/slowcgi/slowcgi.c 1.3
off by one, from Henri Kemppainen <duclare-at-guu.fi>, thanks!
13:03 jasper usr.sbin/slowcgi/slowcgi.c 1.2
Fix pasto where 'c' instead of 'clients' is checked for NULL and add missing free for the fcgi_response.
ok florian@
12:03 florian usr.sbin/slowcgi/Makefile 1.1
usr.sbin/slowcgi/slowcgi.8 1.1
usr.sbin/slowcgi/slowcgi.c 1.1
Put slowcgi(8) a FastCGI to CGI wrapper in to work on it in tree. Not hooked up to the build yet. OK sthen@, deraadt@ agrees

This page was created on Fri Feb 10 10:56:36 2017 using cl2html written by Simon Josefsson.