Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 746404 - www-servers/bozohttpd segmentation fault (PATCH was merged upstream. Need version bump)
Summary: www-servers/bozohttpd segmentation fault (PATCH was merged upstream. Need ver...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it
URL:
Whiteboard:
Keywords: PATCH, PMASKED
Depends on:
Blocks:
 
Reported: 2020-10-04 00:09 UTC by Hadrien Lacour
Modified: 2022-03-02 12:26 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hadrien Lacour 2020-10-04 00:09:07 UTC
Following https://bugs.gentoo.org/show_bug.cgi?id=746356, I noticed a reproducible segfault when loading a file then refreshing the page in my browser.

After investigation, this was due to these warnings:
bozohttpd.c: In function ‘parse_http_date’:
bozohttpd.c:957:19: warning: implicit declaration of function ‘strptime’; did you mean ‘strftime’? [-Wimplicit-function-declaration]
  957 |  if ((remainder = strptime(val, "%a, %d %b %Y %T GMT", &tm)) == NULL &&
      |                   ^~~~~~~~
      |                   strftime
bozohttpd.c:957:17: warning: assignment to ‘char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
  957 |  if ((remainder = strptime(val, "%a, %d %b %Y %T GMT", &tm)) == NULL &&
      |                 ^
bozohttpd.c:958:17: warning: assignment to ‘char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
  958 |      (remainder = strptime(val, "%a, %d-%b-%y %T GMT", &tm)) == NULL &&
      |                 ^
bozohttpd.c:959:17: warning: assignment to ‘char *’ from ‘int’ makes pointer from integer without a cast [-Wint-conversion]
  959 |      (remainder = strptime(val, "%a %b %d %T %Y", &tm)) == NULL)
      |                 ^
bozohttpd.c: In function ‘bozoasprintf’:
bozohttpd.c:2053:6: warning: implicit declaration of function ‘vasprintf’; did you mean ‘vsprintf’? [-Wimplicit-function-declaration]
 2053 |  e = vasprintf(str, fmt, ap);
      |      ^~~~~~~~~
      |      vsprintf
daemon-bozo.c: In function ‘bozo_daemon_init’:
daemon-bozo.c:172:3: warning: ignoring return value of ‘daemon’, declared with attribute warn_unused_result [-Wunused-result]
  172 |   daemon(1, 0);
      |   ^~~~~~~~~~~~
ssl-bozo.c: In function ‘bozo_ssl_printf’:
ssl-bozo.c:170:16: warning: implicit declaration of function ‘vasprintf’; did you mean ‘vsprintf’? [-Wimplicit-function-declaration]
  170 |  if ((nbytes = vasprintf(&buf, fmt, ap)) != -1)  {
      |                ^~~~~~~~~
      |                vsprintf


How the application managed to link with strptime not being defined is quite curious (some C89 vs C99 thing?), but my debugging pointed to the return of that "function".

Here's the commit that solved it in my overlay:
    Need to add the following feature test macros:
    _XOPEN_SOURCE to avoid segfault at bozohttpd.c:962 when refreshing page after
    loading, due to bad strpftime definition
    _DEFAULT_SOURCE to allow compilation after _XOPEN_SOURCE was defined
    _GNU_SOURCE for vasprintf

    As _GNU_SOURCE defines "_XOPEN_SOURCE with the value 700 (600 in glibc versions
    before 2.10; 500 in glibc versions before 2.2)" and "since glibc 2.19, defining
    _GNU_SOURCE also has the effect of implicitly defining _DEFAULT_SOURCE", no
    need for the others.

diff --git a/www-servers/bozohttpd/bozohttpd-20190228-r1.ebuild b/www-servers/bozohttpd/bozohttpd-20190228-r1.ebuild
index 4aa2e95..8afeb77 100644
--- a/www-servers/bozohttpd/bozohttpd-20190228-r1.ebuild
+++ b/www-servers/bozohttpd/bozohttpd-20190228-r1.ebuild
@@ -26,7 +26,8 @@ src_prepare() {
 }

 src_compile() {
-       emake CC="$(tc-getCC)" OPT="${CFLAGS}" CPPFLAGS="${CPPFLAGS} -DDO_HTPASSWD" LDLIBS=-lcrypt
+       emake CC="$(tc-getCC)" OPT="${CFLAGS}" LDLIBS=-lcrypt \
+               CPPFLAGS="${CPPFLAGS} -DDO_HTPASSWD -D_GNU_SOURCE"
 }

 src_install() {


PS: bozohttpd seems quite wonky, anyone knows another minimalist (like bozohttpd or thttpd) but maintainted HTTP server with CGI, HTTP basic auth and directory listing?
Comment 1 Hadrien Lacour 2020-10-04 00:19:39 UTC
Since the default service configuration makes it run as root (need to uncomment the "USER=daemon" line in /etc/conf.d/bozohttpd), maybe a security news is warranted?
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2020-10-04 02:47:34 UTC
(In reply to Hadrien Lacour from comment #1)
> Since the default service configuration makes it run as root (need to
> uncomment the "USER=daemon" line in /etc/conf.d/bozohttpd), maybe a security
> news is warranted?

I'm not sure what you mean by "security news", but since it seems this crash comes about after building with a modified ebuild, so that would be an invalid bug for Gentoo. Please reopen if you can reproduce this issue with the ebuild that Gentoo ships.

If that is a valid build configuration to upstream, I would also encourage you to report the issue upstream too.
Comment 3 Hadrien Lacour 2020-10-04 10:52:18 UTC
The segault can be reproduced with the default ebuild:
$ mkdir www
$ echo 'hello world' >www/test.txt
$ bozohttpd -b -f -i localhost -I 8000 -s -X www &
$ firefox 'http://localhost:8000/test.txt'
After loading, refresh the page
$ dmesg | tail -n2
[ 9743.332360] bozohttpd[10826]: segfault at 666cb75d ip 0000556f6648e6a2 sp 00007fff0eb36540 error 4 in bozohttpd[556f66485000+15000]
[ 9743.332368] Code: 6f 78 4d 85 ed 74 3e 4c 8d 64 24 50 31 c0 48 8d 35 6e 6d 00 00 4c 89 ef 4c 89 e2 e8 68 c4 ff ff 85 c0 0f 84 30 05 00 00 48 98 <80> 38 00 75 16 4c 89 e7 e8 61 c4 ff ff 48 39 84 24 e8 00 00 00 0f

The command line is the same as the bundled server with default configuration, only with -f (foreground) and -s (stderr logging) added.
Comment 4 Hadrien Lacour 2020-10-04 11:07:10 UTC
bundled service*
Comment 5 Jonas Stein gentoo-dev 2021-12-31 05:16:23 UTC
http://www.eterna.com.au/bozohttpd/CHANGES
..
changes in bozohttpd 20201014:
	o  also set -D_GNU_SOURCE in Makefile.boot.  from
	   hadrien.lacour@posteo.net.
	o  fix array size botch (assertion, not exploitable.)  from
	   martin@netbsd.org.
	o  also match %2F as well as %2f.  from leah@vuxu.org.
	o  many manual and help fixes.  clean ups for higher lint levels,
	   consistency/style clean ups.  various option fixes including made
	   -f imply -b.  from <henrik@gulbra.net> for freebsd.
Comment 6 Larry the Git Cow gentoo-dev 2022-03-02 12:26:48 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab1a41182e784453a1e46048a0c963e161b1e99c

commit ab1a41182e784453a1e46048a0c963e161b1e99c
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2022-03-02 12:23:09 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2022-03-02 12:26:12 +0000

    www-servers/bozohttpd: treeclean
    
    Closes: https://bugs.gentoo.org/830428
    Closes: https://bugs.gentoo.org/713614
    Closes: https://bugs.gentoo.org/746356
    Closes: https://bugs.gentoo.org/746404
    Closes: https://bugs.gentoo.org/746416
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 profiles/package.mask                            |  5 ----
 www-servers/bozohttpd/Manifest                   |  1 -
 www-servers/bozohttpd/bozohttpd-20190228.ebuild  | 35 ----------------------
 www-servers/bozohttpd/files/bozohttpd.conffile   | 11 -------
 www-servers/bozohttpd/files/bozohttpd.initscript | 37 ------------------------
 www-servers/bozohttpd/metadata.xml               |  9 ------
 6 files changed, 98 deletions(-)