bgplg doesn't work with wildcard httpd servers

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

bgplg doesn't work with wildcard httpd servers

Adam Thompson
Running 6.4 (-stable, via openup/mtier).
I have bgpd(8) talking to my border router, acting as a route collector.
  That part seems fine.
I now have httpd(8) configured trivially to run bgplg(8) (per the
bgplg(8) manpage) but it's not working, and I can't tell why.  **EDIT:
yes, I can, see below**

httpd.conf:
===start===
server "*" {
         listen on * port 80
         location "/cgi-bin/*" {
                 fastcgi
                 root ""
         }
}
===end===

On the client end, I get:

   bgpmirror# wget -v http://localhost/cgi-bin/bgplg
   --2019-01-11 10:12:05--  http://localhost/cgi-bin/bgplg
   Resolving localhost (localhost)... 127.0.0.1, ::1
   Connecting to localhost (localhost)|127.0.0.1|:80... connected.
   HTTP request sent, awaiting response... 200 No headers, assuming
HTTP/0.9
   Length: unspecified
   Saving to: 'bgplg'
(it never completes until I kill it)

Ktrace'ing slowcgi and httpd in -d mode reveals that bgplg execve's
properly, loads, spits out "invalid character in input" and dies.  
Slowcgi and/or httpd do not handle this... well, at all, really.  That
error message also does not get logged anywhere nor is visible anywhere
except ktrace logs.

Looking at the bgplg source code, this means there's something funky in
its environment that it doesn't like.  Ah.  It looks like it's the "*"
in server_name, as passed in by slowcgi:
   slowcgi: env[18], SERVER_NAME=*

Yup.  That's the problem, all right: /usr/src/usr.bin/bgplg/bgplg.c:115
excludes '*'.  But I want my looking glass to be accessible from at
least two different hostnames, and I really would prefer to not have to
define them all manually in httpd.conf(5).

The naive local fix is trivial (adding '*' to the strchr call in line
115), but what else might I be breaking or letting in?  Clearly this is
supposed to ensure the environment is sanitized before continuing, but
is "*" forbidden because it's unsafe, or simply because it never
occurred to anyone?

Thoughts / suggestions ?

Thanks,
-Adam

Reply | Threaded
Open this post in threaded view
|

Re: bgplg doesn't work with wildcard httpd servers

Denis Fondras
On Fri, Jan 11, 2019 at 10:50:21AM -0600, Adam Thompson wrote:

> Running 6.4 (-stable, via openup/mtier).
> I have bgpd(8) talking to my border router, acting as a route collector.
> That part seems fine.
> I now have httpd(8) configured trivially to run bgplg(8) (per the bgplg(8)
> manpage) but it's not working, and I can't tell why.  **EDIT: yes, I can,
> see below**
>
> httpd.conf:
> ===start===
> server "*" {
>         listen on * port 80
>         location "/cgi-bin/*" {
>                 fastcgi
>                 root ""
>         }
> }
> ===end===
>
> On the client end, I get:
>
>   bgpmirror# wget -v http://localhost/cgi-bin/bgplg
>   --2019-01-11 10:12:05--  http://localhost/cgi-bin/bgplg
>   Resolving localhost (localhost)... 127.0.0.1, ::1
>   Connecting to localhost (localhost)|127.0.0.1|:80... connected.
>   HTTP request sent, awaiting response... 200 No headers, assuming HTTP/0.9
>   Length: unspecified
>   Saving to: 'bgplg'
> (it never completes until I kill it)
>
> Ktrace'ing slowcgi and httpd in -d mode reveals that bgplg execve's
> properly, loads, spits out "invalid character in input" and dies.  Slowcgi
> and/or httpd do not handle this... well, at all, really.  That error message
> also does not get logged anywhere nor is visible anywhere except ktrace
> logs.
>
> Looking at the bgplg source code, this means there's something funky in its
> environment that it doesn't like.  Ah.  It looks like it's the "*" in
> server_name, as passed in by slowcgi:
>   slowcgi: env[18], SERVER_NAME=*
>
> Yup.  That's the problem, all right: /usr/src/usr.bin/bgplg/bgplg.c:115
> excludes '*'.  But I want my looking glass to be accessible from at least
> two different hostnames, and I really would prefer to not have to define
> them all manually in httpd.conf(5).
>
> The naive local fix is trivial (adding '*' to the strchr call in line 115),
> but what else might I be breaking or letting in?  Clearly this is supposed
> to ensure the environment is sanitized before continuing, but is "*"
> forbidden because it's unsafe, or simply because it never occurred to
> anyone?
>
> Thoughts / suggestions ?
>

You can use 'server match "."' to match any hostname.
The page title will be "." though.

Reply | Threaded
Open this post in threaded view
|

Re: bgplg doesn't work with wildcard httpd servers

Martin Hein-2
In reply to this post by Adam Thompson
On Fri, 11 Jan 2019 10:50:21 -0600
Adam Thompson <[hidden email]> wrote:
> server "*" {

server "default"

/Martin