Why does 'cvs diff -D...' on the OPENBSD_7_2 branch
include changes from before the given date?
# cvs -qd anon...@anoncvs.spacehopper.org:/cvs checkout -rOPENBSD_7_2 -P
src/usr.sbin/httpd
U src/usr.sbin/httpd/Makefile
U src/usr.sbin/httpd/config.c
U src/usr.sbin/httpd/control.c
U src/usr.sbin/httpd/http.h
U src/usr.sbin/httpd/httpd.8
U src/usr.sbin/httpd/httpd.c
U src/usr.sbin/httpd/httpd.conf.5
U src/usr.sbin/httpd/httpd.h
U src/usr.sbin/httpd/log.c
U src/usr.sbin/httpd/logger.c
U src/usr.sbin/httpd/parse.y
U src/usr.sbin/httpd/patterns.7
U src/usr.sbin/httpd/patterns.c
U src/usr.sbin/httpd/patterns.h
U src/usr.sbin/httpd/proc.c
U src/usr.sbin/httpd/server.c
U src/usr.sbin/httpd/server_fcgi.c
U src/usr.sbin/httpd/server_file.c
U src/usr.sbin/httpd/server_http.c
# cd src
# cvs diff -uNp -D2023-07-11 usr.sbin/httpd/*
Index: usr.sbin/httpd/config.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/config.c,v
retrieving revision 1.63
retrieving revision 1.62
diff -u -p -u -p -r1.63 -r1.62
--- usr.sbin/httpd/config.c 28 Dec 2022 21:30:16 -0000 1.63
+++ usr.sbin/httpd/config.c 24 Oct 2021 16:01:04 -0000 1.62
@@ -1,4 +1,4 @@
-/* $OpenBSD: config.c,v 1.63 2022/12/28 21:30:16 jmc Exp $ */
+/* $OpenBSD: config.c,v 1.62 2021/10/24 16:01:04 ian Exp $ */
/*
* Copyright (c) 2011 - 2015 Reyk Floeter <r...@openbsd.org>
@@ -233,7 +233,7 @@ config_setserver(struct httpd *env, stru
return (-1);
}
- /* Configure FCGI parameters if necessary. */
+ /* Configure FCGI parmeters if necessary. */
config_setserver_fcgiparams(env, srv);
}
}
Index: usr.sbin/httpd/control.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/control.c,v
retrieving revision 1.15
retrieving revision 1.14
diff -u -p -u -p -r1.15 -r1.14
--- usr.sbin/httpd/control.c 8 Mar 2023 04:43:13 -0000 1.15
+++ usr.sbin/httpd/control.c 20 Apr 2021 21:11:56 -0000 1.14
@@ -1,4 +1,4 @@
-/* $OpenBSD: control.c,v 1.15 2023/03/08 04:43:13 guenther Exp $ */
+/* $OpenBSD: control.c,v 1.14 2021/04/20 21:11:56 dv Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henn...@openbsd.org>
@@ -127,6 +127,7 @@ control_cleanup(struct control_sock *cs)
event_del(&cs->cs_evt);
}
+/* ARGSUSED */
void
control_accept(int listenfd, short event, void *arg)
{
@@ -213,6 +214,7 @@ control_close(int fd, struct control_soc
free(c);
}
+/* ARGSUSED */
void
control_dispatch_imsg(int fd, short event, void *arg)
{
Index: usr.sbin/httpd/httpd.8
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/httpd.8,v
retrieving revision 1.54
retrieving revision 1.53
diff -u -p -u -p -r1.54 -r1.53
--- usr.sbin/httpd/httpd.8 24 Oct 2022 15:02:01 -0000 1.54
+++ usr.sbin/httpd/httpd.8 15 Sep 2016 20:57:07 -0000 1.53
@@ -1,4 +1,4 @@
-.\" $OpenBSD: httpd.8,v 1.54 2022/10/24 15:02:01 jmc Exp $
+.\" $OpenBSD: httpd.8,v 1.53 2016/09/15 20:57:07 jmc Exp $
.\"
.\" Copyright (c) 2014 Reyk Floeter <r...@openbsd.org>
.\"
@@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: October 24 2022 $
+.Dd $Mdocdate: September 15 2016 $
.Dt HTTPD 8
.Os
.Sh NAME
@@ -75,6 +75,10 @@ Default configuration file.
Default SSL/TLS server key.
.It Pa /etc/ssl/server.crt
Default SSL/TLS server certificate.
+.It Pa /var/run/httpd.sock
+.Ux Ns -domain
+socket used for communication with
+.Nm .
.It Pa /var/www/logs/access.log
Default access log file.
.It Pa /var/www/logs/error.log
Index: usr.sbin/httpd/httpd.h
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
retrieving revision 1.162
retrieving revision 1.161.2.1
diff -u -p -u -p -r1.162 -r1.161.2.1
--- usr.sbin/httpd/httpd.h 24 Oct 2022 15:02:01 -0000 1.162
+++ usr.sbin/httpd/httpd.h 12 Jul 2023 12:46:33 -0000 1.161.2.1
@@ -1,4 +1,4 @@
-/* $OpenBSD: httpd.h,v 1.162 2022/10/24 15:02:01 jmc Exp $ */
+/* $OpenBSD: httpd.h,v 1.161.2.1 2023/07/12 12:46:33 tb Exp $ */
/*
* Copyright (c) 2006 - 2015 Reyk Floeter <r...@openbsd.org>
@@ -44,6 +44,7 @@
#endif
#define CONF_FILE "/etc/httpd.conf"
+#define HTTPD_SOCKET "/var/run/httpd.sock"
#define HTTPD_USER "www"
#define HTTPD_SERVERNAME "OpenBSD httpd"
#define HTTPD_DOCROOT "/htdocs"
@@ -352,6 +353,7 @@ struct client {
int clt_inflight;
struct range_data clt_ranges;
struct fcgi_data clt_fcgi;
+ const char *clt_fcgi_error;
char *clt_remote_user;
struct evbuffer *clt_srvevb;
Index: usr.sbin/httpd/proc.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/proc.c,v
retrieving revision 1.42
retrieving revision 1.41
diff -u -p -u -p -r1.42 -r1.41
--- usr.sbin/httpd/proc.c 15 Feb 2023 20:44:01 -0000 1.42
+++ usr.sbin/httpd/proc.c 4 Dec 2021 06:52:58 -0000 1.41
@@ -1,4 +1,4 @@
-/* $OpenBSD: proc.c,v 1.42 2023/02/15 20:44:01 tobhe Exp $ */
+/* $OpenBSD: proc.c,v 1.41 2021/12/04 06:52:58 florian Exp $ */
/*
* Copyright (c) 2010 - 2016 Reyk Floeter <r...@openbsd.org>
@@ -43,10 +43,23 @@ void proc_open(struct privsep *, int, i
void proc_accept(struct privsep *, int, enum privsep_procid,
unsigned int);
void proc_close(struct privsep *);
+int proc_ispeer(struct privsep_proc *, unsigned int, enum privsep_procid);
void proc_shutdown(struct privsep_proc *);
void proc_sig_handler(int, short, void *);
void proc_range(struct privsep *, enum privsep_procid, int *, int *);
int proc_dispatch_null(int, struct privsep_proc *, struct imsg *);
+
+int
+proc_ispeer(struct privsep_proc *procs, unsigned int nproc,
+ enum privsep_procid type)
+{
+ unsigned int i;
+
+ for (i = 0; i < nproc; i++)
+ if (procs[i].p_id == type)
+ return (1);
+ return (0);
+}
enum privsep_procid
proc_getid(struct privsep_proc *procs, unsigned int nproc,
Index: usr.sbin/httpd/server.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server.c,v
retrieving revision 1.126
retrieving revision 1.126.6.1
diff -u -p -u -p -r1.126 -r1.126.6.1
--- usr.sbin/httpd/server.c 14 Jul 2021 13:33:57 -0000 1.126
+++ usr.sbin/httpd/server.c 12 Jul 2023 12:46:33 -0000 1.126.6.1
@@ -1,4 +1,4 @@
-/* $OpenBSD: server.c,v 1.126 2021/07/14 13:33:57 kn Exp $ */
+/* $OpenBSD: server.c,v 1.126.6.1 2023/07/12 12:46:33 tb Exp $ */
/*
* Copyright (c) 2006 - 2015 Reyk Floeter <r...@openbsd.org>
@@ -1299,6 +1299,11 @@ void
server_close(struct client *clt, const char *msg)
{
struct server *srv = clt->clt_srv;
+
+ if (clt->clt_fcgi_error != NULL) {
+ clt->clt_fcgi_error = msg;
+ return;
+ }
SPLAY_REMOVE(client_tree, &srv->srv_clients, clt);
Index: usr.sbin/httpd/server_fcgi.c
===================================================================
RCS file: /cvs/src/usr.sbin/httpd/server_fcgi.c,v
retrieving revision 1.95
retrieving revision 1.95.2.1
diff -u -p -u -p -r1.95 -r1.95.2.1
--- usr.sbin/httpd/server_fcgi.c 15 Aug 2022 12:29:17 -0000 1.95
+++ usr.sbin/httpd/server_fcgi.c 12 Jul 2023 12:46:33 -0000 1.95.2.1
@@ -1,4 +1,4 @@
-/* $OpenBSD: server_fcgi.c,v 1.95 2022/08/15 12:29:17 claudio Exp $
*/
+/* $OpenBSD: server_fcgi.c,v 1.95.2.1 2023/07/12 12:46:33 tb Exp $ */
/*
* Copyright (c) 2014 Florian Obser <flor...@openbsd.org>
@@ -372,7 +372,18 @@ server_fcgi(struct httpd *env, struct cl
srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec);
bufferevent_enable(clt->clt_srvbev, EV_READ|EV_WRITE);
if (clt->clt_toread != 0) {
+ /*
+ * XXX - Work around UAF: server_read_httpcontent() can call
+ * server_close(), normally freeing clt. If clt->clt_fcgi_error
+ * changed, call server_close() via server_abort_http().
+ */
+ clt->clt_fcgi_error = "";
server_read_httpcontent(clt->clt_bev, clt);
+ errstr = clt->clt_fcgi_error;
+ clt->clt_fcgi_error = NULL;
+ if (errstr == NULL || errstr[0] != '\0')
+ goto fail;
+ errstr = NULL;
bufferevent_enable(clt->clt_bev, EV_READ);
} else {
bufferevent_disable(clt->clt_bev, EV_READ);
