Commit graph

31 commits

Author SHA1 Message Date
Your Name
50fba1b2f1 fix 2017-06-04 01:02:11 +02:00
Tom Vijlbrief
f408467088 Fix a debug check on FreeBSD and probably Linux
On FreeBSD 12.0 I get within a minute:

Check failed at libhttp/httpconnection.c:433 in destroyHttpConnection(): !close(http->fd)

See also:

https://github.com/shellinabox/shellinabox/issues/389

I assume that close() fails with ECONNRESET and that we should just check
for errno != EBADF, which should also be OK for Linux and other systems,
which might return EIO in some conditions.

Linux close(2) manual page:

	EBADF	fd isn't a valid open file descriptor.
	EINTR	The close() call was interrupted by a signal; see signal(7).
	EIO	An I/O error occurred.

FreeBSD close(2) manual page:

     [EBADF]            The fd argument is not an active descriptor.
     [EINTR]            An interrupt was received.
     [ENOSPC]           The underlying object did not fit, cached data was
                        lost.
     [ECONNRESET]       The underlying object was a stream socket that was
                        shut down by the peer before all pending data was
                        delivered.

     In case of any error except EBADF, the supplied file descriptor is
     deallocated and therefore is no longer valid.
2016-09-11 12:31:47 +02:00
KLuka
4aa0eb97e4 Disable HTTP fallback via "/plain" URL (CVE-2015-8400)
* Disabled all methods of HTTP fallback when HTTPS is enabled. This
  is enforced on server side so that even modified client code (JS)
  can not redirect client from HTTPS to HTTP, like it was possible
  before (issue #355).
* Current solution unfortunately also disables automatic upgrade from
  HTTP to HTTPS (when available), since all non-SSL connections are
  droped immediately.
2015-12-03 17:47:26 +01:00
KLuka
48a65d6bcb Fixed handling of large HTTP requests
* Protection against large HTTP requests was fixed by adding some null
  pointer checks. Too large HTTP requests are now correctly handled by
  returning error code and closing connection.
2015-08-26 23:27:06 +02:00
KLuka
6c9f98bf34 Logging and debuging
* Added prefixes to all log messages. Prefix should describe source of
  message, like "config", "http", "ssl", "server", etc... This should
  give users more info to figure out what went wrong or what is going
  on. Prefixes also make automatic processing easier.
* Usage is not displayed by default when given command line options are
  incorrect. This way it is easier to notice actual error.
2015-08-23 19:25:36 +02:00
KLuka
eacb2fcb81 Disable secure client-initiated renegotiation
* In case that this SSL feature is abused it is possible to overload the
  server. Other web servers disable this feature by default, but users
  are able to change it with configuration. This is not possible with
  shellinabox as this feature is not needed.
* Solution was implemented similary as in Lighttpd web server.
2015-08-06 18:06:11 +02:00
KLuka
c6186530bb Minor fixes for unix domain sockets
* Improved user input checking and error handling for code from #320.
* Added some guards for unlinking socket file in server init and destroy
  functions.
* Added peer name handling for AF_UNIX type connections in HTTP handling
  code.
2015-07-06 22:02:54 +02:00
KLuka
b3309b23d8 Fixes for some defects found by Coverity
* Added more checks for return values and null pointers.
* Removed some dead code and unused variables.
* Fixed handling of calls to exec() family functions. If this functions
  fail we need to cleanup resources.
2015-05-31 13:04:00 +02:00
KLuka
883b7aa7f0 Real IP recognition over proxy (partial fix #54)
* Recogniton of HTTP header field 'X-Real-IP' was added. Value
  is used in LOGIN service with peer name as remote host identifier.
  This was we are able to see real IP in login related log files
  such as /var/log/auth.log, etc...
* Real IP, peer name and URL are also passed to launched  service
  as environment variables (SHELLINABOX_PEERNAME, SHELLINABOX_REALIP
  and SHELLINABOX_URL). This can be used by custom user service shell
  scripts or programs.
* Real IP can also be passed to custom user service as command line
  parameter ${realip}.
2015-05-17 20:05:15 +02:00
Ezra Buehler
284d90ccc4 Remove trailing whitespace 2015-03-11 17:56:36 +01:00
Philip Hughes
939068c533 Swap to gzip compression (fixes #262 and #266)
Instead of making the browser sniffing more complicated, it's probably
better to use code that works for all current browsers. As such, this
swaps to use gzip compression encoding instead of deflate and drops the
IE browser sniffing code. This means shellinabox works in IE11 and
should work in every version of IE since IE7. From this commit, IE6 is
no longer supported. Thanks @lfourquaux.
2015-03-10 10:21:20 +00:00
KLuka
4f0b949081 IE 11 - This page can’t be displayed (Issue #262)
Now we are able to identify IE11 as MSIE browser and disable
compresion.

Patch taken from issue comments.

https://code.google.com/p/shellinabox/issues/detail?id=262
2015-03-05 17:26:47 +01:00
zodiac@gmail.com
1a33fc8127 The server could sometimes end up listening for events even though it
was not really interested in them. This could result in inefficient I/O
behavior and most noticably it broke the ability to interrupt long running
output with CTRL-C.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@238 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2010-10-02 23:40:24 +00:00
zodiac@gmail.com
301823036a Some changes to improve compatibility with MacOS X.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@231 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2010-09-29 06:28:58 +00:00
zodiac@gmail.com
e8c241583d Fixed a check() failure that was caused by incorrect handling of partially
processed buffers. I believe, this could only be triggered by clients that
enabled HTTP pipelining. That might explain why we haven't seen bug reports
any earlier.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@216 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2010-08-27 22:22:15 +00:00
zodiac@gmail.com
9b0a937e35 Started working on support for WebSockets.
Fixed some compiler warnings when compiling with -Wextra

Thanks to Jan Jaeger's excellent bug report, made some changes
that should make it easier to build ShellInABox for OpenWRT.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@202 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2010-03-29 16:40:17 +00:00
zodiac
15e91a32f7 Internet Explorer still doesn't properly support CSS. In particular, it has
problems dealing with "inherit" styles. This prevented proper switching
between color and monochrome.

Implemented a work-around.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@172 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-08-16 05:20:09 +00:00
zodiac
161e848e23 Simplify the code that compresses HTTP replies. This also gives us the ability
to manipulate headers more easily. We now add "Connection: close" in more cases
where we force a closing of the connection.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@171 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-08-15 22:55:02 +00:00
zodiac
71ba8641c1 Fixed support for Swedish keyboards
Some more tweaks for IE6 support. Overall, IE6 is still pretty
broken. Not sure if we can do much about this.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@166 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-08-11 18:37:12 +00:00
zodiac
13263e1737 Make 'update' warn about merge conflicts
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@147 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-07-08 20:11:40 +00:00
zodiac
8920606f6f Optionally compress large responses, if the browser accepts deflate compression. This mainly improves start up time.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@142 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-07-08 08:33:36 +00:00
zodiac@gmail.com
2c090c8beb Respect "Connection: close" if sent by the browser.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@123 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-06-21 18:51:14 +00:00
zodiac
41fd8f3ea5 Fixed various issues with building on OpenBSD
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@119 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-05-21 07:50:22 +00:00
zodiac
0258d46926 - Add support for commands that want to read before they write anything.
- A couple of changes to avoid false error messages in valgrind.
- Fixed a bug that could potentially lead to a double-free()


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@114 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-04-16 05:33:05 +00:00
zodiac
abba562359 Work-around for an IE6 bug when doing HTTPS through proxies.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@86 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-03-21 19:09:05 +00:00
zodiac
11d1a710f2 Work-around for compilers that turn on "-Wformat=2" by default. This is an
ill-advised choice, as this particular compiler options has a tendency to
generate a lot of false positives.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@62 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-02-15 20:01:53 +00:00
zodiac
1e27276feb Use a config.h file, instead of passing configuration options on the compiler's
command line.

Fix fatal compilation warning when building without SSL support.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@59 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-02-11 23:25:15 +00:00
zodiac
90d9d492b7 Added better compatibility with different versions of compilers and libaries.
In particular, work around a problem with gcc complaining about NULL format
strings. And added additional system header files that might be required on
some platforms.

This should fix some of the problems reported when compiling on BSD-style
systems. But we are still using SysV style session management code. This
probably needs to be rewritten before ShellInABox can be run on BSD-style
system.

In particular, we rely on grantpt(), we use the utmpx API, and we access
/dev/urandom.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@55 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-02-02 00:55:15 +00:00
zodiac
799169b020 Fixed a printf format error when compiling in 64bit mode.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@30 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-01-07 23:35:40 +00:00
zodiac
046a9305c9 Updated copyright notice.
git-svn-id: https://shellinabox.googlecode.com/svn/trunk@25 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2009-01-02 06:09:13 +00:00
zodiac
aab20f5ed0 First public release of the version 2.0 rewrite. This is the
first release of ShellInABox that supports an AJAX interface
instead of the original Java applet.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@2 0da03de8-d603-11dd-86c2-0f8696b7b6f9
2008-12-29 23:57:07 +00:00