1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/websrvr.c

    From Deucе@VERT to Git commit to main/sbbs/master on Wed Feb 17 10:55:55 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/22c6721d6f926ba5fce85a54
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Remove unused assignment.

    No need to get time() here since it's never checked.

    Resolves CID 174292

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Wed Feb 17 10:59:17 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/6623cff0e3516937e38ae76a
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Always return 403 to requests for access.ars or webctrl.ini

    Previously, 403 was only returned if they existed, and 404 if they
    didn't.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Fri Feb 19 22:31:58 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/5d3de1eea3288155bc7a630e
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    For the cases we'll send a Content-Length of zero, do not send content.

    Should fix #223
    Introduced in d56ba01f which likely fixed some stuff on the wiki.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Fri Feb 19 23:03:13 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/bc5bfa5f6f9fb7208ed7bbe1
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    We still want the zero-length entity, just not any content.

    Fixes last commit, which could cause infinite hangs on certain requests.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Fri Mar 19 21:25:53 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/b881935a0f28b65f66d6218c
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Track the active client "highwater mark" (highest number of concurrent clients)

    Could be useful for knowing if you need to increase MaxClients for typical usage.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Mon Mar 22 22:37:38 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/9048b3d231b7ceeb823c2220
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    post_to_file() shouldn't close the file since it didn't open it.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Tue Mar 30 21:12:56 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/e2f3407c8cd1379184da9668
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Remove some unused variables.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Apr 4 13:15:46 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/03b7b2f9443db9fa02989aec
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix socket descriptor leak in fastcgi_connect()

    Found by Coverity-scan (CID 330051)

    @Deuce should review this.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Apr 4 13:29:04 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/22f130cad457cd21747dd6bc
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix resource leak in ssjs_send_headers()

    IdArray returned by JS_Enumerate() was never freed.

    Caught by Coverity-scan, CID 319627.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jun 5 00:42:05 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/9f7894575eed369cfd56ad40
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Remove incorrect and unnecessary comment.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jun 5 00:42:05 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/a487e0c681d380e01a76deeb
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Don't allow colons in web-requested path names on Windows

    This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other potential pathname issues on Windows involving colons.

    There are other illegal filename characters on Windows (e.g. <>|"?*), but filenames with these characters aren't expected to pass the later stat() test, so should fail with a 404 error.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Thu Jul 1 13:41:24 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/f38adc13f4b5169a0d59cbce
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix NULL pointer dereference in read_post_data()

    What took down cvs/sbbs yesterday:
    Program terminated with signal SIGSEGV, Segmentation fault.
    6203 session->req.post_data[session->req.post_len]=0; [Current thread is 1 (Thread 0x7f2b989ff700 (LWP 17031))]
    (gdb) print post_len
    No symbol "post_len" in current context.
    (gdb) print session->req.post_len
    $1 = 0
    (gdb) print session->req.post_data
    $2 = 0x0

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jan 15 18:09:53 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/f2858ee600525704d27011e0
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add support for web request path aliases (defined in web_alias.ini)

    Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
    /Synchronet/ = /files/main/sbbs/
    for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Jan 16 22:23:06 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/005633b1fffb7b6df70cb13b
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Log requests that resolve outside of the web root as hack attempts

    "Request for x is outside of the web root" was already logged (with a "NOTICE" log level), but would not sound the hack attempt alarm (on Windows) or log to the hack.log. Now it does.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Ragnarok@VERT/DOCKSUD to Rob Swindell on Mon Jan 17 11:57:21 2022
    El 15/1/22 a las 23:09, Rob Swindell escribió:
    https://gitlab.synchro.net/main/sbbs/-/commit/f2858ee600525704d27011e0 Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add support for web request path aliases (defined in web_alias.ini)

    Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
    /Synchronet/ = /files/main/sbbs/
    for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).
    ---
    � Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

    alias portion (webrequest) can support multiple levels? like:

    /ftp/main/ansis = /sbbs/data/main/ansis
    /ftp/other/upload = /home/pepe/uploads

    ??

    ---
    ï¿­ Synchronet ï¿­ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar
  • From Digital Man@VERT to Ragnarok on Mon Jan 17 13:05:44 2022
    Re: Re: src/sbbs3/websrvr.c
    By: Ragnarok to Rob Swindell on Mon Jan 17 2022 11:57 am

    alias portion (webrequest) can support multiple levels? like:

    /ftp/main/ansis = /sbbs/data/main/ansis
    /ftp/other/upload = /home/pepe/uploads

    Yes. But they likely should end in a '/' too.
    --
    digital man (rob)

    This Is Spinal Tap quote #25:
    Viv Savage: Have... a good... time... all the time. That's my philosophy. Norco, CA WX: 58.0øF, 80.0% humidity, 3 mph NW wind, 0.00 inches rain/24hrs
    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Jan 30 14:35:53 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/d8c099dbc962727df2723650
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix HTTP-requests for files >= 2GB in size

    An int is 32-bits on all supported platforms, so this has always been broken. The actual file size/request-length sent would depend on fun 2's complement math (a 32GB file was being truncated to 433MB).

    Also fixed some wrong uses of PRIuOFF: off_t is a signed integer, so technically the maximum file size you can request now is 2^63 bytes, which is "big enough".

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Mon Feb 28 22:33:31 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/c0f42027dded92626251d686
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    I don't know what I was smoking when I did this, but it's fixed now.

    Weird early failure return on TLS sends. Most noticible on local
    (ie: fast) connections, but clearly stupid all around when you
    look at the code.

    Fixed, but some day, I should go back and look how we eneded up in
    this mess.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Mar 20 16:26:47 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/cd4066a287da2b52e7aec775
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Resolve warning about enum value not handled in switch() statement

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Mon Apr 4 19:54:27 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/a7f6b8549d24feb43c83ee44
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Include client IP address in HTTP-level error log messages

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sat Jun 4 20:36:14 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/a82559e327b74c4513751593
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Use safe string formatting to squelch warnings

    Attempt to address 2 GCC version 11.2.0 2 warnings reported by Nelgin
    ‘%s’ directive writing up to 3 bytes into a region of size between 1 and 4097

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Mon Jun 6 15:23:48 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/2e67162225de28219d747ed1
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Perform a JS garbage collection for each new request in a reused session

    A reused HTTP session would never (apparently) perform garbage collection.
    The evidence of this was the collection of concurrent user.dat file opens
    that would never close until the HTTP sessions were closed. Hundreds or
    even thousands of open user.dat's have been seen. After this change,
    active web server (webv4 UI) users have not caused these spikes in open user.dat files, at least in my testing.

    If no garbage collection was being performed, then likely a lot of JS
    heap was being needlessly wasted, which could eventually result in a JS
    "out of memory" error. But that's just a theory.

    Investigation is needed into why the js_CommonOperationCallback()'s calls to JS_MaybeGC() were not sufficient to actually perform garbage collection
    in this case.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Wed Aug 3 18:10:22 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/639460420c349337f3d3ceef
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Update log messages for execle() or fork() failures

    To be more consistent in syntax and include more details (e.g. the command being invoked).

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Tue Aug 9 19:38:25 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/b6cdc4730e6ca52fc0fc093b
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Log message improvements: include protocol (HTTP vs HTTPS) and IP address

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Sun Aug 21 18:35:34 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/2458bfc3e336939c4893a360
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Improve JavaScript-related error messages

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Deucе@VERT to Git commit to main/sbbs/master on Fri Jan 6 14:21:41 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/650abd10bff9293db51f22fd
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add a "scheme" property to http_request object

    Value is "http" or "https" depending on if TLS is in use.

    ---
    ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net
  • From Rob Swindell@VERT to Git commit to main/sbbs/master on Mon Jan 30 17:13:57 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/94f85d5f1c8d8792975b5b03
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix MQTT-published action/login message for web server users

    e.g. 20230130T171211-480 0 <unknown user> 76.89.231.66 <no name>

    the user number name actually *are* known at this stage

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sat Feb 4 21:30:51 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/fe30acd5338cf267c284f0c0
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    More details in "Failure to send header/request to FastCGI socket" log msg

    Elevate the log level back to ERROR (from WARNING), as this is not an expected condition and the sysop (me) should be alerted right away. This had previously be lowered (along with some other log messages) from ERROR to WARNING.

    When php-fpm is updated (on Debian, anyway), e.g. from 8.1 to 8.2, a new etc/php configuration (pool.d) directory was used which set me back to a default www.conf file that uses Unix domain sockets instead of TCP sockets.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Sat Feb 4 23:23:26 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/38b9bc8a15b819c87235b2c6
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add UNIX domain FastCGI support

    Resolves a long-standing todo comment and has made wiki.synchro.net page rendering even faster.

    PHP-FPM defaults to creating/listening on UNIX domain sockets.

    This resolves gitlab issue #507

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Sun Feb 5 13:12:23 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/d2ef0fe2ccfacd2b5805b6c4
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix webserver build on Windows - no UNIX domain socket support

    According to https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
    it is possible, but I think I'm using an WinSDK that's too old, so let's just not support this feature on Windows just yet. Define UDS_SUPPORT when supported.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Mon Feb 6 11:57:23 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/6049bc00c20620b31d6f2d41
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    If the FastCGI address starts with a '/', it's obviously a UNIX domain socket

    We don't really need the "unix:" prefix now, but just leave that support in
    for backward compatibility.

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows)@VERT to Git commit to main/sbbs/master on Mon Feb 6 12:37:21 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/73a821b70820580fcf3bba9a
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    If the FastCGI address begins with a '.', treat as UNIX Domain Socket as well

    <Deuce> So the [previous] change doesn't work with relative paths?

    So... support relative UDS paths in this manner (without the "unix:" prefix)

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian Linux)@VERT to Git commit to main/sbbs/master on Mon Mar 13 19:41:29 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/db6e54740d51622cfdda6ccc
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Include protocol and client IP address in FastCGI send error log msg

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on ChromeOS)@VERT to Git commit to main/sbbs/master on Sun Mar 26 19:58:09 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/2dc32fab0bda70f194ecd6cf
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Don't query the active_clients count twice in a row

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thu Jul 11 17:32:21 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/5004246d797799638b7d2db9
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Fix off-by-one reporting of "active client highwater mark"

    Only log the hightwater mark when it's > 1. :-)

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Thu Jul 11 17:32:21 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/75bb2cf6633fb51f56a23e53
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Publish client highwater mark (max concurrent client stat) to MQTT

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Windows 11)@VERT to Git commit to main/sbbs/master on Mon Nov 4 17:37:33 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/7fb6c7b4d8ec2150eefe55df
    Modified Files:
    src/sbbs3/websrvr.c
    Log Message:
    Add missing argument to new error log message upone putuserdat() failure

    Fixes a couple CIDs and a GCC warning

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net