src/sbbs3 websrvr.c 1.708 1.709
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv2052

Modified Files:
websrvr.c
Log Message:
Support CGI over TLS on *nix.




---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

src/sbbs3 websrvr.c 1.709 1.710
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv24259

Modified Files:
websrvr.c
Log Message:
Don't attempt to read a FastCGI body if the header type is zero.
Should fix the POST/GET hangs on the wiki once DigitalMan updates.




---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

src/sbbs3 websrvr.c 1.710 1.711
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv22341

Modified Files:
websrvr.c
Log Message:
Add some paranoia for handling FCGI_END_REQUEST.

While the FastCGI read_wait_timeout function should never return
CGI_*_READY with CGI_PROCESS_TERMINATED, it looks like somehow on some
systems, there's an additional select() happening after the process is
done.

Explicitly track this, and try to prevent it.




---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

src/sbbs3 websrvr.c 1.711 1.712
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv757

Modified Files:
websrvr.c
Log Message:
Fix bug in last commit... !



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

src/sbbs3 websrvr.c 1.712 1.713
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv4082

Modified Files:
websrvr.c
Log Message:
Just because there is a Location: header does not mean we should not send
a body. Broken by HSTS enhancement.

There's a (small) possibility that the HSTS enhancement is now broken.




---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

src/sbbs3 websrvr.c 1.716 1.717
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3

Modified Files:
websrvr.c
Log Message:
Fix transmission of files >= 2GB in size on systems that support large file offsets
(64-bit off_t), e.g. 64-bit Linux. Issue reported by plt via irc.



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

src/sbbs3 websrvr.c 1.717 1.718
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23357

Modified Files:
websrvr.c
Log Message:
Improve send-file performance on Windows (over Gb Ethernet LAN) from about 1 MBytes/second to 25+ MBytes/second by increasing the size of the ringbuffer (from 20 -> 256 KBytes) and the size of the file-read buffer in sock_sendfile().
Also log the through-put (in cps) when a file is sent.


---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

src/sbbs3 websrvr.c 1.718 1.719
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3

Modified Files:
websrvr.c
Log Message:
Address gcc warning: format '%d' expects argument of type 'int', but arg
has type 'long int'



---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

src/sbbs3 websrvr.c 1.719 1.720
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17800

Modified Files:
websrvr.c
Log Message:
The problem: the sysop (me) is not notified of critical errors (e.g. synchro.net zone file problems) in a timely manner.
Part of the solution: notify a configured user (e.g. user #1) via short-message/telegram and email/netmail logged-errors when messages of a configured severity (e.g. "Critical") are logged.
The second part of the solution (coming next) will be allowing timed events to log a message of a configurable severity logged when the event fails (returns a non-zero error level to sbbs).

I'm saving the error-notification-user-number and log-severity as part of the node.cnf file because:
- that's where the validation user number is already set
- I can conceive of a large system were certain node ranges (different instances of sbbs) might want different operators to be notified of logged-errors

This also means I eliminated all the legacy com port/modem stuff from the end of the node.cnf file. None of that is used in sbbs v3.

Also included in this commit are improvements around logging:
- reduce the severity of UDP recvfrom failures in services
- a more detailed log message when the mail server successfully delivers an email (via SMTP) - easier to answer the question: was that email you/they sent delivered successfully?


---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/sbbs/sbbs/-/commit/c9db48cec8efd56f8291443d
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix requests to the webserver using IPv6 address http://[1234:1234::] requests. The host portion contains ":" after split_port_part(), resulting in a 400 error.
Renaming is_legal_hostname() to is_legal_host(), since requests to webservers are to
"hosts" not "hostnames".

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/sbbs/sbbs/-/commit/d17a5ce0ba8d80a29f136c9e
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Merge branch 'leenooks/sbbs-master'

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/sbbs/sbbs/-/commit/37a23fea45bbdb3589e7d909
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix heap corruption that could occur when HSTS feature is enabled

At least on Windows, when realloc() is used to allocate a new buffer,
guess what's in that buffer initially? undefined values. So you can't
strcat() onto the end of that! Ouch. This was a fun one to track down.

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/sbbs/sbbs/-/commit/987c1129e127fe9a7b67d430
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix 32-bit GCC warning on rPi about printf format

format '%ld' expects argument of type 'long int', but argument 7 has type '__off64_t'

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/sbbs/sbbs/-/commit/c399ca73f145f7e8dc625ec6
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Some CGI programs know they're not running from a console because
QUERY_STRING is defined (even if blank).

Always define it.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/sbbs/sbbs/-/commit/2c66387d8a91bc26d226430a
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Merge remote-tracking branch 'origin/master'

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/22c6721d6f926ba5fce85a54
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Remove unused assignment.

No need to get time() here since it's never checked.

Resolves CID 174292

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/6623cff0e3516937e38ae76a
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Always return 403 to requests for access.ars or webctrl.ini

Previously, 403 was only returned if they existed, and 404 if they
didn't.

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/5d3de1eea3288155bc7a630e
Modified Files:
src/sbbs3/websrvr.c
Log Message:
For the cases we'll send a Content-Length of zero, do not send content.

Should fix #223
Introduced in d56ba01f which likely fixed some stuff on the wiki.

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/bc5bfa5f6f9fb7208ed7bbe1
Modified Files:
src/sbbs3/websrvr.c
Log Message:
We still want the zero-length entity, just not any content.

Fixes last commit, which could cause infinite hangs on certain requests.

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/b881935a0f28b65f66d6218c
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Track the active client "highwater mark" (highest number of concurrent clients)

Could be useful for knowing if you need to increase MaxClients for typical usage.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/9048b3d231b7ceeb823c2220
Modified Files:
src/sbbs3/websrvr.c
Log Message:
post_to_file() shouldn't close the file since it didn't open it.

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/e2f3407c8cd1379184da9668
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Remove some unused variables.

---
ï¿­ Synchronet ï¿­ Vertrauen ï¿­ Home of Synchronet ï¿­ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/03b7b2f9443db9fa02989aec
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix socket descriptor leak in fastcgi_connect()

Found by Coverity-scan (CID 330051)

@Deuce should review this.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/22f130cad457cd21747dd6bc
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix resource leak in ssjs_send_headers()

IdArray returned by JS_Enumerate() was never freed.

Caught by Coverity-scan, CID 319627.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/9f7894575eed369cfd56ad40
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Remove incorrect and unnecessary comment.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/a487e0c681d380e01a76deeb
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Don't allow colons in web-requested path names on Windows

This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other potential pathname issues on Windows involving colons.

There are other illegal filename characters on Windows (e.g. <>|"?*), but filenames with these characters aren't expected to pass the later stat() test, so should fail with a 404 error.

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/f38adc13f4b5169a0d59cbce
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix NULL pointer dereference in read_post_data()

What took down cvs/sbbs yesterday:
Program terminated with signal SIGSEGV, Segmentation fault.
6203 session->req.post_data[session->req.post_len]=0; [Current thread is 1 (Thread 0x7f2b989ff700 (LWP 17031))]
(gdb) print post_len
No symbol "post_len" in current context.
(gdb) print session->req.post_len
$1 = 0
(gdb) print session->req.post_data
$2 = 0x0

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/5004246d797799638b7d2db9
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix off-by-one reporting of "active client highwater mark"

Only log the hightwater mark when it's > 1. :-)

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/75bb2cf6633fb51f56a23e53
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Publish client highwater mark (max concurrent client stat) to MQTT

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net

https://gitlab.synchro.net/main/sbbs/-/commit/7fb6c7b4d8ec2150eefe55df
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Add missing argument to new error log message upone putuserdat() failure

Fixes a couple CIDs and a GCC warning

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net