From fdf588e523a098d29aca4609b4f9c7dc35785764 Mon Sep 17 00:00:00 2001 From: Tom MTT Date: Mon, 21 Nov 2022 19:30:09 +0100 Subject: [PATCH 1/3] fix(feuille.c): pledge promises --- feuille.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/feuille.c b/feuille.c index 1eea332..1052c96 100644 --- a/feuille.c +++ b/feuille.c @@ -294,7 +294,7 @@ int main(int argc, char *argv[]) /* OpenBSD-only security measures */ #ifdef __OpenBSD__ - pledge("stdio proc inet", "stdio wpath inet"); + pledge("proc stdio rpath wpath cpath inet", "stdio rpath wpath cpath inet"); #endif /* create a thread pool for incoming connections */ From de51c9830a075eba1d964b787ac48236f37eaafb Mon Sep 17 00:00:00 2001 From: Tom MTT Date: Mon, 21 Nov 2022 19:31:20 +0100 Subject: [PATCH 2/3] fix(bin.c): safer generate_id() set next byte of ID to zero each time a new character is appended to prevent undefined behaviours. --- bin.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/bin.c b/bin.c index f5d5801..df35119 100644 --- a/bin.c +++ b/bin.c @@ -34,7 +34,7 @@ char *generate_id(int min_length) /* allocate a buffer to store the ID */ char *buffer; - if ((buffer = calloc(length + 1, sizeof(char))) == NULL) + if ((buffer = malloc((length + 1) * sizeof(char))) == NULL) return NULL; /* for each letter, generate a random one */ @@ -43,6 +43,7 @@ char *generate_id(int min_length) return NULL; buffer[i] = id_symbols[rand() % strlen(id_symbols)]; + buffer[i + 1] = 0; /* collision? */ if (i == length - 1 && paste_exists(buffer)) { @@ -54,12 +55,10 @@ char *generate_id(int min_length) free(buffer); return NULL; } - buffer = tmp; } } - buffer[length] = 0; return buffer; } From 01057061f9df3e54bd16b6d0240cd6fe40795165 Mon Sep 17 00:00:00 2001 From: Tom MTT Date: Mon, 21 Nov 2022 19:33:09 +0100 Subject: [PATCH 3/3] fix: use /var/www/feuille instead of /var/www/htdocs/feuille --- README.md | 6 +++--- cron/purge.cron | 2 +- feuille.1 | 4 ++-- feuille.1.md | 4 ++-- feuille.c | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 601ba8c..25e2944 100644 --- a/README.md +++ b/README.md @@ -237,14 +237,14 @@ if you'd like to download the cron job. ### How do I remove expired pastes after some time? You can put that in your crontab (by doing `sudo crontab -e`). -It will delete all files in `/var/www/htdocs/feuille` that are at least 7 +It will delete all files in `/var/www/feuille` that are at least 7 days old. Don't forget to change the folder to the one **feuille**'s using and eventually `+7` to the maximum file age you'd like to use. ``` -0 0 * * * find /var/www/htdocs/feuille -type f -mtime +7 -exec rm {} + +0 0 * * * find /var/www/feuille -type f -mtime +7 -exec rm {} + ``` See @@ -264,7 +264,7 @@ $ make cgi Once it's done, you can put `./web/cgi/feuille.cgi` in your website's `cgi-bin` folder (usually somewhere like -`/var/www/htdocs/my.paste.bin/cgi-bin`) and configure your web server +`/var/www/my.paste.bin/cgi-bin`) and configure your web server to execute CGI scripts. You can then create an HTML form that will send a POST request to the diff --git a/cron/purge.cron b/cron/purge.cron index 951633c..2e7ad5d 100644 --- a/cron/purge.cron +++ b/cron/purge.cron @@ -1 +1 @@ -0 0 * * * find /var/www/htdocs/feuille -type f -mtime +7 -exec rm {} + +0 0 * * * find /var/www/feuille -type f -mtime +7 -exec rm {} + diff --git a/feuille.1 b/feuille.1 index 50d3fad..143f680 100644 --- a/feuille.1 +++ b/feuille.1 @@ -64,7 +64,7 @@ Default: \f[V]8888\f[R] \f[B]-o path\f[R] Sets the path where \f[B]feuille\f[R] will output the pastes (and chroot, if possible). -Default: \f[V]/var/www/htdocs/feuille\f[R] +Default: \f[V]/var/www/feuille\f[R] .TP \f[B]-s bytes\f[R] Sets the maximum size for every paste (in bytes). @@ -104,7 +104,7 @@ Default: the number of threads configured on your machine. .TP \f[B]sudo feuille\f[R] Runs feuille in the background, chrooting into -\f[V]/var/www/htdocs/feuille\f[R], dropping root privileges and spawning +\f[V]/var/www/feuille\f[R], dropping root privileges and spawning worker processes to accept incoming connections. .TP \f[B]feuille -p 1337\f[R] diff --git a/feuille.1.md b/feuille.1.md index 4cf8019..bc626f1 100644 --- a/feuille.1.md +++ b/feuille.1.md @@ -49,7 +49,7 @@ and IPv6 addresses (won't work on OpenBSD). **-o path** : Sets the path where **feuille** will output the pastes (and chroot, if possible). -: Default: `/var/www/htdocs/feuille` +: Default: `/var/www/feuille` **-s bytes** : Sets the maximum size for every paste (in bytes). @@ -88,7 +88,7 @@ you might not want to set this to a huge number. # EXAMPLES **sudo feuille** -: Runs feuille in the background, chrooting into `/var/www/htdocs/feuille`, +: Runs feuille in the background, chrooting into `/var/www/feuille`, dropping root privileges and spawning worker processes to accept incoming connections. diff --git a/feuille.c b/feuille.c index 1052c96..b2c85fb 100644 --- a/feuille.c +++ b/feuille.c @@ -39,7 +39,7 @@ char *argv0; Settings settings = { .address = "0.0.0.0", .url = "http://localhost", - .output = "/var/www/htdocs/feuille", + .output = "/var/www/feuille", .user = "www", .id_length = 4,