Documentation Source Text

Check-in [c34e8da80a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:In althttpd.c: Fix a bug such that HTTPS requests are correctly logged as such. If the "--https 1" command-line option is used, then try to read the remote IP address from the REMOTE_HOST environment variable, under the assumption that althttpd is being called from stunnel.
Downloads: Tarball | ZIP archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: c34e8da80aaf0cf728580f67bd9c1de47b33e8cf
User & Date: drh 2014-10-06 03:07:31.778
Context
2014-10-06
15:08
Add to the file-format documentation the constraint that stat3 and stat4 samples must be ordered. (check-in: fad8e07e26 user: drh tags: trunk)
03:07
In althttpd.c: Fix a bug such that HTTPS requests are correctly logged as such. If the "--https 1" command-line option is used, then try to read the remote IP address from the REMOTE_HOST environment variable, under the assumption that althttpd is being called from stunnel. (check-in: c34e8da80a user: drh tags: trunk)
00:35
Detect and disable a "bashdoor" attack against althttpd.c. (check-in: 389e06d34a user: drh tags: trunk)
Changes
Unified Diff Ignore Whitespace Patch
Changes to misc/althttpd.c. 
1808
1809
1810
1811
1812
1813
1814
1815

1816
1817
1818
1819
1820
1821
1822

      zPermUser = zArg;
    }else if( strcmp(z,"-root")==0 ){
      zRoot = zArg;
    }else if( strcmp(z,"-logfile")==0 ){
      zLogFile = zArg;
    }else if( strcmp(z,"-https")==0 ){
      useHttps = atoi(zArg);
      zHttp = useHttps ? "http" : "https";

    }else if( strcmp(z, "-port")==0 ){
      zPort = zArg;
      standalone = 1;
    }else if( strcmp(z, "-family")==0 ){
      if( strcmp(zArg, "ipv4")==0 ){
        ipv4Only = 1;
      }else if( strcmp(zArg, "ipv6")==0 ){








|
>








1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823

      zPermUser = zArg;
    }else if( strcmp(z,"-root")==0 ){
      zRoot = zArg;
    }else if( strcmp(z,"-logfile")==0 ){
      zLogFile = zArg;
    }else if( strcmp(z,"-https")==0 ){
      useHttps = atoi(zArg);
      zHttp = useHttps ? "https" : "http";
      if( useHttps ) zRemoteAddr = getenv("REMOTE_HOST");
    }else if( strcmp(z, "-port")==0 ){
      zPort = zArg;
      standalone = 1;
    }else if( strcmp(z, "-family")==0 ){
      if( strcmp(zArg, "ipv4")==0 ){
        ipv4Only = 1;
      }else if( strcmp(zArg, "ipv6")==0 ){

1882
1883
1884
1885
1886
1887
1888
1889

1890
1891
1892
1893
1894
1895
1896

  }
  if( getuid()==0 ){
    Malfunction(__LINE__, "cannot run as root");
  }

  /* Get the IP address from whence the request originates
  */
  {

    address remoteAddr;
    unsigned int size = sizeof(remoteAddr);
    char zHost[NI_MAXHOST];
    if( getpeername(0, &remoteAddr.sa, &size)>=0 ){
      getnameinfo(&remoteAddr.sa, size, zHost, sizeof(zHost), 0, 0,
                  NI_NUMERICHOST);
      zRemoteAddr = StrDup(zHost);








<
>








1883
1884
1885
1886
1887
1888
1889

1890
1891
1892
1893
1894
1895
1896
1897

  }
  if( getuid()==0 ){
    Malfunction(__LINE__, "cannot run as root");
  }

  /* Get the IP address from whence the request originates
  */

  if( zRemoteAddr==0 ){
    address remoteAddr;
    unsigned int size = sizeof(remoteAddr);
    char zHost[NI_MAXHOST];
    if( getpeername(0, &remoteAddr.sa, &size)>=0 ){
      getnameinfo(&remoteAddr.sa, size, zHost, sizeof(zHost), 0, 0,
                  NI_NUMERICHOST);
      zRemoteAddr = StrDup(zHost);