changes in bozohttpd 20210210:
o fix various NULL derefs from malformed headers. mostly from
<emily@ingalls.rocks>.

add $NetBSD$

Don't pass ${HOST} to test scripts.
htnl_cmp compares against the output of `hostname`.

This makes the tests pass on my machine.

- move special files defines into bozohttpd.h, so we can ...
- consolidate all the special file checks into
bozo_check_special_files() so that all builds check the same
list of special files, reg

- move special files defines into bozohttpd.h, so we can ...
- consolidate all the special file checks into
bozo_check_special_files() so that all builds check the same
list of special files, regardless of build options.
- convert "(void)bozo_http_error(...); return -1;" into plain
"return bozo_http_error(...);"
- fix the call to bozo_check_special_files() to be used on all
input types. part of the fixes for failure to reject access
to /.htpasswd as reported by JP on tech-security.
- use warn_unused_result attribute on bozo_check_special_files(),
and fix the failures to return failure. second part of the
htpasswd access fix.
- update testsuite to use a fixed fake hostname.

call this bozohttpd 20181121.

show more ...

from CHANGES:

o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fi

from CHANGES:

o reduce default timeouts, and add expand timeouts to handle the
initial line, each header, and the total time spent
o add -T option to expose new timeout settings
o minor RFC fixes related to timeout handling responses

old timeouts:
60 seconds for initial request like, 60 seconds per header line,
and no whole timeout (though the recent total header size changes
do introduce one that would be about 11 hours.)
new timeouts:
30 seconds for initial request like, 10 seconds per header line,
and a total request time of 600 seconds.


the new global timeout is implemented using CLOCK_MONOTONIC, with
a fallback to CLOCK_REALTIME if monotonic time is unavailable.


reject multiple Host: headers. besides being protocol standard,
this closes one additional memory leak found by JP. add a simple
test to check this.


clean up option and usage handling some.

show more ...

fix a denial of service attack against header contents, which
is now bounded at 16KiB. reported by JP.

Add support for remapping requested paths via a .bzredirect file.
Fixes PR 52772. Ok: mrg@

- fix a bug in cgi processing. from Dennis Lindroos.
- add a testcase for this, and expand test-simple to handle additional
args to bozohttpd for eg, cgi-bin setting.
- fix objdir bugs in the test

- fix a bug in cgi processing. from Dennis Lindroos.
- add a testcase for this, and expand test-simple to handle additional
args to bozohttpd for eg, cgi-bin setting.
- fix objdir bugs in the testsuite.

show more ...

Add a VERBOSE knob to the testsuite ("yes" by default, producing
basically the same output as before). When turned off, tests run
silently except when there's a failure.

Reviewed by mrg@.

fix running the testsuite from the build tree

merge bozohttpd 20090522

re-add a lot of the distribution files

Get httpd ready for inclusion in build.

Import of bozohttpd for its originally intended purpose: a small (~30k)
simple run-from-inetd httpd suitable for small systems (and some large
ones).