diff options
Diffstat (limited to 'httpd/server.c')
-rw-r--r-- | httpd/server.c | 55 |
1 files changed, 43 insertions, 12 deletions
diff --git a/httpd/server.c b/httpd/server.c index ca67a47..86d0dca 100644 --- a/httpd/server.c +++ b/httpd/server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server.c,v 1.63 2015/04/23 16:59:28 florian Exp $ */ +/* $OpenBSD: server.c,v 1.70 2015/07/16 16:29:25 florian Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -41,6 +41,7 @@ #include <event.h> #include <imsg.h> #include <tls.h> +#include <vis.h> #include "httpd.h" @@ -312,20 +313,31 @@ server_purge(struct server *srv) void serverconfig_free(struct server_config *srv_conf) { + free(srv_conf->auth); free(srv_conf->return_uri); free(srv_conf->tls_cert_file); - free(srv_conf->tls_cert); free(srv_conf->tls_key_file); - free(srv_conf->tls_key); + + if (srv_conf->tls_cert != NULL) { + explicit_bzero(srv_conf->tls_cert, srv_conf->tls_cert_len); + free(srv_conf->tls_cert); + } + + if (srv_conf->tls_key != NULL) { + explicit_bzero(srv_conf->tls_key, srv_conf->tls_key_len); + free(srv_conf->tls_key); + } } void serverconfig_reset(struct server_config *srv_conf) { - srv_conf->tls_cert_file = srv_conf->tls_key_file = NULL; - srv_conf->tls_cert = srv_conf->tls_key = NULL; - srv_conf->return_uri = NULL; srv_conf->auth = NULL; + srv_conf->return_uri = NULL; + srv_conf->tls_cert = NULL; + srv_conf->tls_cert_file = NULL; + srv_conf->tls_key = NULL; + srv_conf->tls_key_file = NULL; } struct server * @@ -571,6 +583,11 @@ server_tls_readcb(int fd, short event, void *arg) goto err; } + if (len == 0) { + what |= EVBUFFER_EOF; + goto err; + } + if (evbuffer_add(bufev->input, rbuf, len) == -1) { what |= EVBUFFER_ERROR; goto err; @@ -704,7 +721,7 @@ server_input(struct client *clt) /* Adjust write watermark to the socket buffer output size */ bufferevent_setwatermark(clt->clt_bev, EV_WRITE, - clt->clt_sndbufsiz, 0); + SERVER_MIN_PREFETCHED * clt->clt_sndbufsiz, 0); /* Read at most amount of data that fits in one fcgi record. */ bufferevent_setwatermark(clt->clt_bev, EV_READ, 0, FCGI_CONTENT_SIZE); @@ -729,6 +746,10 @@ server_write(struct bufferevent *bev, void *arg) goto done; bufferevent_enable(bev, EV_READ); + + if (clt->clt_srvbev && !(clt->clt_srvbev->enabled & EV_READ)) + bufferevent_enable(clt->clt_srvbev, EV_READ); + return; done: (*bev->errorcb)(bev, EVBUFFER_WRITE|EVBUFFER_EOF, bev->cbarg); @@ -769,6 +790,11 @@ server_read(struct bufferevent *bev, void *arg) goto fail; if (clt->clt_done) goto done; + + if (EVBUFFER_LENGTH(EVBUFFER_OUTPUT(clt->clt_bev)) > (size_t) + SERVER_MAX_PREFETCH * clt->clt_sndbufsiz) + bufferevent_disable(bev, EV_READ); + return; done: (*bev->errorcb)(bev, EVBUFFER_READ|EVBUFFER_EOF, bev->cbarg); @@ -919,7 +945,7 @@ server_accept(int fd, short event, void *arg) close(s); free(clt); /* - * the client struct was not completly set up, but still + * the client struct was not completely set up, but still * counted as an inflight client. account for this. */ server_inflight_dec(NULL, __func__); @@ -954,6 +980,7 @@ server_accept_tls(int fd, short event, void *arg) } else if (ret != 0) { log_warnx("%s: TLS accept failed - %s", __func__, tls_error(srv->srv_tls_ctx)); + server_close(clt, "TLS accept failed"); return; } @@ -1020,7 +1047,7 @@ server_log(struct client *clt, const char *msg) { char ibuf[HOST_NAME_MAX+1], obuf[HOST_NAME_MAX+1]; struct server_config *srv_conf = clt->clt_srv_conf; - char *ptr = NULL; + char *ptr = NULL, *vmsg = NULL; int debug_cmd = -1; extern int verbose; @@ -1050,13 +1077,14 @@ server_log(struct client *clt, const char *msg) if (EVBUFFER_LENGTH(clt->clt_log) && evbuffer_add_printf(clt->clt_log, "\n") != -1) ptr = evbuffer_readline(clt->clt_log); + (void)stravis(&vmsg, msg, HTTPD_LOGVIS); server_sendlog(srv_conf, debug_cmd, "server %s, " "client %d (%d active), %s:%u -> %s, " "%s%s%s", srv_conf->name, clt->clt_id, server_clients, - ibuf, ntohs(clt->clt_port), obuf, msg, + ibuf, ntohs(clt->clt_port), obuf, vmsg == NULL ? "" : vmsg, ptr == NULL ? "" : ",", ptr == NULL ? "" : ptr); - if (ptr != NULL) - free(ptr); + free(vmsg); + free(ptr); } } @@ -1118,6 +1146,9 @@ server_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) case IMSG_CFG_SERVER: config_getserver(env, imsg); break; + case IMSG_CFG_TLS: + config_gettls(env, imsg); + break; case IMSG_CFG_DONE: config_getcfg(env, imsg); break; |