Commit Graph

77 Commits (1c7b7949ddb855911e0e2164443c1022a1426e1b)

Author SHA1 Message Date
Simon McVittie 5f6f9a1bea Wrapper: allocate new environment dynamically
Otherwise, if third-party plugins extend newenviron by more than
3 entries, we could overflow the array. It seems unlikely that any
third-party plugin manipulates newenviron in practice, so this
is mostly theoretical. Just in case, I have deliberately avoided
using "i" as the variable name, so that any third-party plugin
that was manipulating newenviron directly will now result in the
wrapper failing to compile.

I have not assumed that realloc(NULL, ...) works as an equivalent of
malloc(...), in case there are still operating systems where that
doesn't work.
2016-05-11 09:18:14 +01:00
Joey Hess 6a46c2cf55 fix another unchecked malloc
<joeyh> any parrticular reason 12?
<igli> well maximum a 32-bit can go is 10 chars
<igli> so one for \0 and round up to 4
2015-01-25 00:10:34 -04:00
Joey Hess fe0eaf1870 Fix NULL ptr deref on ENOMOM in wrapper. (Thanks, igli)
Probably not exploitable, but who knows..
2015-01-25 00:00:40 -04:00
Lafayette Chamber Singers Webmaster 29e80b4eed More cautious escaping of environment values.
Tightened the escaping per this review comment:
http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=f35fc6a603b5473ce2c07bb0236e28e57f718315

(I didn't introduce a $tmp, as $val was local to that block already, and each
hex encoding is in its own C string literal to avoid consuming subsequent
chars that are valid hex digits.)
2014-09-14 20:07:43 -04:00
Lafayette Chamber Singers Webmaster bc4721da04 Installing ikiwiki on a shared-hosting server, there may be no access to
install prerequisite Perl modules in the systemwide locations. They may
have to be installed under the home directory, such as by using local::lib
(which is how the cPanel Perl-module installer works, on systems that use it).

For that to work, the local::lib-defined value for PERL5LIB must be in
the environment when Perl starts up. The former way %config{ENV} was handled
was too late, depending on the Perl code to unpack it from the storable and
put it into the environment.

Easy solution is to build the wrapper to repopulate the environment based on
%config{ENV} before ever exec'ing Perl (and then remove it from the storable
as there is nothing more that the Perl code will need to do with it).
2014-09-14 12:12:09 -04:00
Joey Hess bc99b3174c add void prototype 2014-01-02 12:24:26 -04:00
Amitai Schlair b30cacdf8d Fix longstanding bug (chdir to nonexistent dirs).
In test, set up the post-commit hook for more realism (and bugs!).
To make wrappers work in test, set PERL5LIB, and allow the wrappee's
path to be overridden. Meta-test that post-commit is really hooked
up by verifying that content is getting generated in destdir.

About the longstanding bug, which as far as I know was harmless:
CVS can't operate outside a srcdir, so we're always setting $CWD.
"local $CWD" restores the previous value when we go out of scope.
Usually that's correct. But if we're removing the last file from a
directory, the post-commit hook will exec in a working directory
that's about to not exist (CVS will prune it).

The fix: chdir() manually in cvs_runcvs(), so we can selectively
not chdir() back.
2013-01-27 22:09:57 -05:00
Joey Hess b1cd1c067f add cgi_overload_message 2012-10-11 11:22:03 -04:00
Joey Hess 6bd8c6732e add cgi_overload_delay tunable
Try to avoid a situation in which so many ikiwiki cgi wrapper programs are
running, all waiting on some long-running thing like a site rebuild, that
it prevents the web server from doing anything else. The current approach
only avoids this problem for GET requests; if multiple cgi's run GETs on a
site at the same time, one will display a "please wait" page for a
configurable number of seconds, which then redirects to retry. To enable
this protection, set cgi_overload_delay to the number of seconds to wait.
This is not enabled by default.
2012-10-09 17:12:04 -04:00
Joey Hess 25ea99bc22 Split CFLAGS into words when building wrapper. Closes: #682237 2012-07-20 12:56:57 -04:00
Joey Hess c8f7dcbc31 Use lockf rather than flock when taking the cgilock, for better portability.
This kind of change is scary, but this particular lock is very simply
used and so it seems ok to make it even just for better portability to
SunOS. (People still use that?)
2011-08-24 17:35:53 -04:00
Joey Hess d4a0732752 let thru HTTP_ACCEPT
Needed for attachment to return json when requested.

I think some browsers send Accept: * , so I made sure to check that json
was explicitly listed as to be accepted, as well as having a high
priority.
2011-06-15 20:02:14 -04:00
Jon Dowland b7a49ee364 fix use of debug() without sprintf()
Previous commit substituted a printf call (two arguments) for
debug (accepts only one).  Interleave an sprintf call to resolve.
2011-04-20 23:10:33 +01:00
Jon Dowland a0f82c5015 use debug() for wrapper-generation print outs
Use the debug() subroutine for printing out when wrappers
are generated.  This has the effect of hiding the messages
unless verbose mode is enabled.
2011-04-20 22:58:52 +01:00
Joey Hess 4dbb8120f7 Export three cgi env vars needed for CGI->url to work. 2011-01-05 16:08:21 -04:00
Joey Hess 1883e31de2 Propigate PATH into wrapper.
In the last version, the ikiwiki script stopped setting PATH.
But that leads to gcc failing when run from websetup. See
http://www.branchable.com/bugs/Crashes_when_rebuilding_wiki_after_setup_change/
2010-09-26 22:27:46 -04:00
Joey Hess 0aa621a833 move wrapper building loop into Wrapper.pm 2010-07-24 17:33:59 -04:00
Joey Hess 0eabe6f794 git: Added git_wrapper_background_command option. Can be used to eg, make the git wrapper push to github in the background after ikiwiki runs. 2010-07-01 16:57:20 -04:00
Joey Hess 76a5dbe7cb note that tcc workaround is for bug fixed in tcc now 2010-05-04 18:41:55 -04:00
Joey Hess 0c6e467aa6 use __TINYC__ define to avoid tinyc compat fixes breaking FreeBSD
To review, tcc does not really use environ, so you have to use clearenv
there. But POSIX, in their wisdom, didn't standardise clearenv yet,
so on FreeBSD, one still needs to manipulate environ on their own.

(If you use tcc on FreeBSD, this may leave you unsatisfied.)
2010-03-28 18:27:23 -04:00
Joey Hess dddd6aa990 Allow wrappers to be built using tcc. 2010-03-18 17:44:46 -04:00
Joey Hess b4ab74e722 C warning cleanup 2010-03-18 17:40:18 -04:00
Joey Hess b6f6f126d0 avoid -O default for CFLAGS, and document 2009-10-21 16:27:47 -04:00
Giulio Eulisse 990a4b99b0 Pick up user specified CFLAGS when compiling the wrapper.
(cherry picked from commit 13e9383b48857daa206387f3486eb00e3b171a68)
2009-10-21 16:10:14 -04:00
Joey Hess 1365ebf12f Merge commit 'schmonz/master' into cvs 2009-09-10 16:18:27 -04:00
Joey Hess 93cd30bc0a Merge branch 'master' into cvs 2009-09-10 16:18:23 -04:00
Joey Hess 26dae8f049 clean up use of IkiWiki::Receive
Loading and use of IkiWiki::Receive can all be pushed into the git plugin,
rather than scattered around.

I had at first wanted to make a receive plugin and move it there,
but a plugin was not a good fit; you don't want users to have to manually
load it, and making the git plugin load the receive plugin at the right
times would need more, and ugly code.
2009-09-10 16:15:48 -04:00
Amitai Schlair 8063bc3402 Catch up to the new genwrapper hook. 2009-09-10 15:12:45 -04:00
Amitai Schlair 460b1a0deb Merge branch 'master' of git://github.com/joeyh/ikiwiki 2009-09-10 15:03:18 -04:00
Joey Hess 3ebd4e0b45 Add genwrapper hook, that can be used to add code into the C wrapper. 2009-09-10 14:04:46 -04:00
Amitai Schlair aafd267ee0 Abstract out CVS's involvement in the wrapper:
* In Wrapper.pm, add a new hook "wrapperargcheck" to examine argc/argv
  and return success or failure. In the failure case, the wrapper
  terminates.

* In cvs.pm, implement the new hook to return failure if a directory is
  being cvs added.
2009-09-09 21:58:42 -04:00
Amitai Schlair 5e94e973ee Only examine argv if the VCS is cvs. 2009-08-30 02:00:49 -04:00
Amitai Schlair 992d0aac09 The string to match might not be "New directory" exactly, so match that
substring instead.
2009-08-30 00:05:23 -04:00
Amitai Schlair 5da229aa51 Instead of passing the args through the wrapper so the CVS plugin
can evaluate them, check them in the wrapper right off the bat.
This doesn't prevent the deadlock in web commits that need to cvs
add directories, but I'm committing so Joey can take a look if he
wants.
2009-08-23 18:25:02 -04:00
Amitai Schlair 524de4db26 Pass along wrapper args to ikiwiki, then handle the "cvs add dir"
case with a getopt hook directly in my plugin. If the wrapper change
is safe, we won't need a wrapper wrapper.
2009-08-22 01:25:41 -04:00
Joey Hess badc6c229f Create any missing directory necessary to put the wrapper file into. Closes: #514384 2009-02-09 15:13:12 -05:00
Joey Hess 9711181a3f doubled semicolon 2009-02-04 13:12:05 -05:00
Simon McVittie 3e290ce7ee IkiWiki::Wrapper: allow REDIRECT_STATUS and REDIRECT_URL through from environment
This is useful to act as an Apache 404 ErrorDocument.
2009-01-31 18:06:44 +00:00
Joey Hess bb93fccf06 Coding style change: Remove explcit vim folding markers. 2008-12-17 15:22:16 -05:00
Joey Hess ecd4f0ee55 make unlockwiki drop the cgilock
This is necessary so that things that fork to the background,
like pinger, and inline ping, don't block other cgis from running.

Note that websetup also calls unlockwiki, before refreshing / rebuilding
the wiki. It makes perfect sense for that not to block other cgis.
2008-11-11 20:48:02 -05:00
Joey Hess eef8b966b3 O_CREATE needs mode 2008-11-11 15:53:55 -05:00
Joey Hess 9a48669f1e avoid multiple ikiwiki cgi processes piling up, eating all memory, and thrashing
Fixed by making the cgi wrapper wait on a cgilock.
If you had to set apache's MaxClients low to avoid ikiwiki thrashing
your server, you can now turn it up to a high value.

The downside to this is that a cgi call that doesn't need to call lockwiki
will be serialised by this so only one can run at a time. (For example,
do=search.) There are few such calls, and all of them call loadindex,
so each still eats gobs of memory, so serialising them still seems ok.
2008-11-11 15:40:04 -05:00
Joey Hess d3d3999410 do no-op post_commit test in wrapper
This speeds up web commits by 1/4th of a second or so, since perl does
not have to start up for the post commit hook.

perl's locking is completly FuBar, since it's impossible to tell what perl
flock() really does, and thus difficult to write code in other languages
that interoperates with perl's locking. (Let alone interoperating with
existing fcntl locking from perl...)

In this particular case, I think I was able to find a way to avoid the
insanity, mostly. The C code does a true flock(2), and if perl is using an
incompatable lock method that does not use the same locking primative at
the kernel level, then the C code's test will fail, and it will go ahead
and run the perl code. Then the perl code's test will test the right thing.

On Debian, at least lately, perl's flock() does a true flock(2), so the
optimisation does work.
2008-10-26 15:13:04 -04:00
Joey Hess 7ddea03684 move untrusted committer test into the wrapper
This saves around 1/4th second per trusted commit since ikiwiki
doesn't need to start up.
2008-10-26 14:03:18 -04:00
Joey Hess 4a7ac5c251 remember how to write C code
been a while!
2008-10-24 15:49:55 -04:00
Joey Hess 761dee41b1 export CALLER_UID 2008-10-24 15:46:29 -04:00
Joey Hess 3b27af4a29 Pass HTTPS variable through the wrapper so that CGI->https can be used by plugins. Closes: #502047 2008-10-13 12:32:16 -04:00
Joey Hess e630e7507e Avoid troublesome abs_path calls in wrapper setup
As documented in the forum post.
2008-07-21 18:26:14 -04:00
Joey Hess 4e1d7d8ff2 fix use ordering
The recent setup revamp exposed some latent bugs in use/package ordering
that caused some symbols to not the exported into the correct scope.
2008-07-11 06:09:34 -04:00
Joey Hess 598a8ce1f7 whitespace 2008-07-11 06:09:34 -04:00