| 1 |
786 |
skrzyp |
2008-06-18 Oyvind Harboe
|
| 2 |
|
|
|
| 3 |
|
|
* src/jim-aio.c (JimAioHandlerCommand): GCC 4.3.1 pointed out a
|
| 4 |
|
|
buffer overrun.
|
| 5 |
|
|
|
| 6 |
|
|
2008-06-17 Anthony Tonizzo
|
| 7 |
|
|
|
| 8 |
|
|
Jumbo patch containing many individual patches from a number of
|
| 9 |
|
|
different contributors on different days. The ChangeLog entries
|
| 10 |
|
|
for all these individual patches are:
|
| 11 |
|
|
|
| 12 |
|
|
2007-12-02 Anthony Tonizzo
|
| 13 |
|
|
|
| 14 |
|
|
* src/socket.c src/httpd.c: Corrected a bug in
|
| 15 |
|
|
cyg_httpd_write_chunked(): Now the CRLF that terminates a chunk is
|
| 16 |
|
|
added by the function and not expected to be there already in the
|
| 17 |
|
|
data supplied by the user. Modified the function
|
| 18 |
|
|
cyg_httpd_end_chunked() so that the flag
|
| 19 |
|
|
CYG_HTTPD_MODE_TRANSFER_CHUNKED is always cleared after it
|
| 20 |
|
|
terminates. The cyg_httpd_process_request() now loops as many
|
| 21 |
|
|
times as the number of full requests received. Renamed header_end
|
| 22 |
|
|
to request_end to better reflect its real use, and the fact that
|
| 23 |
|
|
the former name was misleading for POST requests (Danny
|
| 24 |
|
|
Sade). Changed the function that collects a request: Now the
|
| 25 |
|
|
remaining part of an incomplete request is copied back to the
|
| 26 |
|
|
beginning of the buffer. This avoids that multiple split headers
|
| 27 |
|
|
might creep towards the end of the buffer.
|
| 28 |
|
|
|
| 29 |
|
|
2007-11-28 Rene' Nielsen and
|
| 30 |
|
|
Anthony Tonizzo
|
| 31 |
|
|
|
| 32 |
|
|
* doc/athttpd.sgml: Included Digest (MD5) authentication as fully
|
| 33 |
|
|
supported.
|
| 34 |
|
|
* cdl/httpd.cdl: Updated the cdl to reflect the fact that MD5
|
| 35 |
|
|
authentication is now a fully tested feature, at least on some
|
| 36 |
|
|
clients (Thanks to Tad for testing this!)
|
| 37 |
|
|
* src/httpd.c: Added the initialization of the global variable
|
| 38 |
|
|
cyg_httpd_md5_response. This corrects a security hole that could
|
| 39 |
|
|
allow unauthenticated browsers to access pages that require
|
| 40 |
|
|
authentication. This required a minor change (switch of variables
|
| 41 |
|
|
used) in the authentication code. Added code to avoid a buffer
|
| 42 |
|
|
overflow during the parsing of headers for authenticated
|
| 43 |
|
|
pages. Clear the CYG_HTTPD_MODE_SEND_HEADER_ONLY at the beginning
|
| 44 |
|
|
of any request.
|
| 45 |
|
|
* src/auth.c: Removed dead code and made static a bunch of
|
| 46 |
|
|
functions and variables.
|
| 47 |
|
|
* src/auth.h: The AUTH_STORAGE_BUFFER_LENGTH value is now split
|
| 48 |
|
|
into two numbers, one that gives the maximum length of the login
|
| 49 |
|
|
phrase and one for the password.
|
| 50 |
|
|
* src/socket.c: Added a NULL terminator after each header packet
|
| 51 |
|
|
that is received. Now the strstr() is guaranteed to find
|
| 52 |
|
|
terminated string.
|
| 53 |
|
|
|
| 54 |
|
|
2007-11-27 Tad Artis
|
| 55 |
|
|
|
| 56 |
|
|
* src/auth.c: Modified the cyg_httpd_digest_data() and
|
| 57 |
|
|
cyg_httpd_digest_skip() functions to support IE7. A careful read
|
| 58 |
|
|
of the augmented BNF in RFC2616 indicates that spaces within the
|
| 59 |
|
|
elements of the authentication header are optional. The original
|
| 60 |
|
|
atHTTPD code incorrectly relied on a space after the comma. Moved
|
| 61 |
|
|
the authentication check inside cyg_httpd_process_method() so that
|
| 62 |
|
|
each request, regardless of the type, will have to go through
|
| 63 |
|
|
authentication.
|
| 64 |
|
|
|
| 65 |
|
|
2007-11-26 Tad Artis and
|
| 66 |
|
|
Anthony Tonizzo
|
| 67 |
|
|
|
| 68 |
|
|
* src/forms.c: Checked for a null terminator inside
|
| 69 |
|
|
cyg_httpd_store_form_variable, so that we do not scan past the end
|
| 70 |
|
|
of the packet. Check the form variables for both length and
|
| 71 |
|
|
content, to avoid false positives. Modified cyg_httpd_from_hex()
|
| 72 |
|
|
to return -1 in case of error.
|
| 73 |
|
|
* src/httpd.c: Corrected the strings sent back by the server to
|
| 74 |
|
|
challenge the client to an MD5 authentication. Adds a couple of
|
| 75 |
|
|
commas to separate the items in the string.
|
| 76 |
|
|
* src/http.h:
|
| 77 |
|
|
* src/socket.h: Corrected a number of indexes where
|
| 78 |
|
|
CYGNUM_FILEIO_NFILE was used instead of the correct
|
| 79 |
|
|
CYGPKG_NET_MAXSOCKETS.
|
| 80 |
|
|
|
| 81 |
|
|
2008-03-04 Danny Sade
|
| 82 |
|
|
|
| 83 |
|
|
* src/socket.c: put NULL at the end of inbuff on each iteration,
|
| 84 |
|
|
preventing strstr from looking at old data beyond inbuffer_len
|
| 85 |
|
|
|
| 86 |
|
|
2007-11-12 Oyvind Harboe
|
| 87 |
|
|
2007-11-12 Jonathan Larmour
|
| 88 |
|
|
|
| 89 |
|
|
* doc/athttpd.sgml: added an example of a tcl script.
|
| 90 |
|
|
* src/http.c, forms.c: serve cgi requests before file system requests,
|
| 91 |
|
|
that way it isn't possible to download the actual cgi/.o script and
|
| 92 |
|
|
cgi works even if the http root directory is above the cgi directory.
|
| 93 |
|
|
* src/http.c: if only tcl cgi is enabled, cgi requests are now
|
| 94 |
|
|
forwarded to tcl
|
| 95 |
|
|
* include/jim.h: include file order fix; now compiles again.
|
| 96 |
|
|
* doc/athttpd.sgml: Fixed typos in doc. Return value from handler is
|
| 97 |
|
|
not used, recommend returning 0 in doc.
|
| 98 |
|
|
|
| 99 |
|
|
2006-12-03 Anthony Tonizzo
|
| 100 |
|
|
|
| 101 |
|
|
* cdl/httpd.cdl: Corrected a CDL error in the requirements of
|
| 102 |
|
|
CYGOPT_NET_ATHTTPD_USE_FS
|
| 103 |
|
|
|
| 104 |
|
|
2006-11-27 Jonathan Larmour
|
| 105 |
|
|
|
| 106 |
|
|
* cdl/httpd.cdl: Improve CDL dependencies.
|
| 107 |
|
|
|
| 108 |
|
|
2006-11-08 Anthony Tonizzo
|
| 109 |
|
|
|
| 110 |
|
|
* doc/athttpd.sgml: Updated to describe lasted changes and corrected
|
| 111 |
|
|
minor typos.
|
| 112 |
|
|
* src/http.c: Check for "Content-Type" header. This is needed if we
|
| 113 |
|
|
want to support parsing form variables in POST requests.
|
| 114 |
|
|
* src/jim.c: Updated with latest release from Jim CVS.
|
| 115 |
|
|
* src/cgi.c: streamlined cyg_httpd_exec_cgi_tcl(), now uses the 'source'
|
| 116 |
|
|
command of tcl to execute a tcl script.
|
| 117 |
|
|
* src/forms.c: Modified cyg_handle_method_POST so that the variables in the
|
| 118 |
|
|
payload are scanned only if the request has a Content-Type
|
| 119 |
|
|
of 'application/x-www-form-urlencoded'
|
| 120 |
|
|
* src/jim-aio.c: Added to package. Now tcl has IO functions to access a
|
| 121 |
|
|
file system.
|
| 122 |
|
|
* include/httpd.h: Added a new mode, CYG_HTTPD_MODE_FORM_DATA which is set
|
| 123 |
|
|
when a POST request has a Content-Type of
|
| 124 |
|
|
'application/x-www-form-urlencoded'
|
| 125 |
|
|
|
| 126 |
|
|
2006-10-16 Lars Povlsen and Anthony Tonizzo
|
| 127 |
|
|
|
| 128 |
|
|
* cdl/httpd.cdl: add CYGOPT_NET_ATHTTPD_CLOSE_CHUNKED_CONNECTIONS. Default
|
| 129 |
|
|
is set to CLOSE, so it is backward compatible with
|
| 130 |
|
|
previous versions of the browser.
|
| 131 |
|
|
* src/socket.c: cyg_httpd_process_request() uses a loop to collect at least
|
| 132 |
|
|
one full frame (til a header terminator is found),
|
| 133 |
|
|
cyg_httpd_start_chunked() only close if configured to do so.
|
| 134 |
|
|
* src/httpd.c: Overhaul of cyg_httpd_send_error to avoid the use of
|
| 135 |
|
|
inbuffer as temporary storage (conflicts with pipelined frames),
|
| 136 |
|
|
removed the option to send a page after calling a C language
|
| 137 |
|
|
handler
|
| 138 |
|
|
* include/httpd.h: Added a new mode, CYG_HTTPD_MODE_NO_CACHE
|
| 139 |
|
|
|
| 140 |
|
|
2006-10-12 Lars Povlsen and Anthony Tonizzo
|
| 141 |
|
|
|
| 142 |
|
|
* cdl/httpd.cdl: add CYGNUM_ATHTTPD_SERVER_MAX_POST to limit POST'ed data
|
| 143 |
|
|
* include/http.h: Added header_end, post_data fields to httpstate,
|
| 144 |
|
|
Added "302 Found" for POST handler redirect (CYG_HTTPD_STATUS_MOVED_TEMPORARILY)
|
| 145 |
|
|
* src/forms.c: Fixed variable decoding, fixed large POST processing
|
| 146 |
|
|
* src/http.c: Fixed some debug ouptuts, cleanup after POST processing,
|
| 147 |
|
|
overhaul of the pipelined requests code which can now
|
| 148 |
|
|
handle multiple requests per frame.
|
| 149 |
|
|
* src/socket.c: Removed assert for socket write failure, Accumulating receiving
|
| 150 |
|
|
of requests (Browsers (Firefox) may pass partial headers in separate
|
| 151 |
|
|
fragments). Fixed some diagnostics output.
|
| 152 |
|
|
|
| 153 |
|
|
2006-07-19 Anthony Tonizzo and Sergei Gavrikov
|
| 154 |
|
|
|
| 155 |
|
|
* cdl/httpd.cdl:
|
| 156 |
|
|
* doc/athttpd.sgml: Corrected some typos and rectified some omissions.
|
| 157 |
|
|
* include/jim.h: Added an inline to Jim_InitExtension()
|
| 158 |
|
|
* src/cgi.c: used malloc() instead of cyg_ldr_malloc();
|
| 159 |
|
|
* src/forms.c: Added a #define to be able tio use the TCL scripting
|
| 160 |
|
|
without OBJLOADER
|
| 161 |
|
|
* src/http.c:
|
| 162 |
|
|
* src/socket.c: Lots of typos stamped out, and some better comments too.
|
| 163 |
|
|
|
| 164 |
|
|
2006-07-19 Anthony Tonizzo
|
| 165 |
|
|
|
| 166 |
|
|
* src/socket.c: Corrected a typo that generated an assertion.
|
| 167 |
|
|
Modified slightly the source of cyg_httpd_write and cyg_httpd_writev
|
| 168 |
|
|
to make the code more consistent as to when assertions are thrown.
|
| 169 |
|
|
|
| 170 |
|
|
2006-07-19 Sergei Gavrikov
|
| 171 |
|
|
|
| 172 |
|
|
* doc/athttpd.sgml: jade doesn't allow underscores in
|
| 173 |
|
|
id attributes, so fix.
|
| 174 |
|
|
|
| 175 |
|
|
2006-07-18 Jonathan Larmour
|
| 176 |
|
|
|
| 177 |
|
|
* cdl/httpd.cdl: Add -D __ECOS in compiler flags.
|
| 178 |
|
|
Change include_dir to cyg/athttpd.
|
| 179 |
|
|
Rename all CDL options from *_HTTPD_* to *_ATHTTPD_*.
|
| 180 |
|
|
* All files: Rename cyg/httpd include directory to cyg/athttpd.
|
| 181 |
|
|
Rename all CDL options from *_HTTPD_* to *_ATHTTPD_*.
|
| 182 |
|
|
* doc/athttpd.sgml: Document MD5 algorithm licensing.
|
| 183 |
|
|
* src/socket.c: Remove unused SNTP include.
|
| 184 |
|
|
|
| 185 |
|
|
2006-06-13 Anthony Tonizzo
|
| 186 |
|
|
|
| 187 |
|
|
* cdl/httpd.cdl:
|
| 188 |
|
|
* doc/athttpd.sgml:
|
| 189 |
|
|
* doc/mime_types.txt:
|
| 190 |
|
|
* include/auth.h:
|
| 191 |
|
|
* include/cgi.h:
|
| 192 |
|
|
* include/digcalc.h:
|
| 193 |
|
|
* include/forms.h:
|
| 194 |
|
|
* include/global.h:
|
| 195 |
|
|
* include/handler.h:
|
| 196 |
|
|
* include/http.h:
|
| 197 |
|
|
* include/jim.h:
|
| 198 |
|
|
* include/md5.h:
|
| 199 |
|
|
* include/socket.h:
|
| 200 |
|
|
* src/auth.c:
|
| 201 |
|
|
* src/cgi.c:
|
| 202 |
|
|
* src/forms.c:
|
| 203 |
|
|
* src/handler.c:
|
| 204 |
|
|
* src/http.c:
|
| 205 |
|
|
* src/jim.c:
|
| 206 |
|
|
* src/md5c.c:
|
| 207 |
|
|
* src/socket.c:
|
| 208 |
|
|
Created ATHTTPD package.
|
| 209 |
|
|
|
| 210 |
|
|
//===========================================================================
|
| 211 |
|
|
// ####GPLCOPYRIGHTBEGIN####
|
| 212 |
|
|
// -------------------------------------------
|
| 213 |
|
|
// This file is part of eCos, the Embedded Configurable Operating System.
|
| 214 |
|
|
// Copyright (C) 2005, 2006 Free Software Foundation, Inc.
|
| 215 |
|
|
//
|
| 216 |
|
|
// This program is free software; you can redistribute it and/or modify
|
| 217 |
|
|
// it under the terms of the GNU General Public License as published by
|
| 218 |
|
|
// the Free Software Foundation; either version 2 or (at your option) any
|
| 219 |
|
|
// later version.
|
| 220 |
|
|
//
|
| 221 |
|
|
// This program is distributed in the hope that it will be useful, but
|
| 222 |
|
|
// WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 223 |
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
| 224 |
|
|
// General Public License for more details.
|
| 225 |
|
|
//
|
| 226 |
|
|
// You should have received a copy of the GNU General Public License
|
| 227 |
|
|
// along with this program; if not, write to the
|
| 228 |
|
|
// Free Software Foundation, Inc., 51 Franklin Street,
|
| 229 |
|
|
// Fifth Floor, Boston, MA 02110-1301, USA.
|
| 230 |
|
|
// -------------------------------------------
|
| 231 |
|
|
// ####GPLCOPYRIGHTEND####
|
| 232 |
|
|
//===========================================================================
|
