File bsc1122623.patch of Package openwsman.16236

Index: openwsman-2.6.7/src/server/shttpd/shttpd.c
===================================================================
--- openwsman-2.6.7.orig/src/server/shttpd/shttpd.c
+++ openwsman-2.6.7/src/server/shttpd/shttpd.c
@@ -336,10 +336,12 @@ date_to_epoch(const char *s)
 }
 
 static void
-remove_double_dots(char *s)
+remove_all_leading_dots(char *s)
 {
 	char	*p = s;
 
+	while (*s != '\0' && *s == '.') s++;
+
 	while (*s != '\0') {
 		*p++ = *s++;
 		if (s[-1] == '/' || s[-1] == '\\')
@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c)
 		*c->query++ = '\0';
 
 	_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
-	remove_double_dots(c->uri);
+	remove_all_leading_dots(c->uri);
 
 	root = c->ctx->options[OPT_ROOT];
 	if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c)
 
 	(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
 
+	DBG(("decide_what_to_do -> processed path: [%s]", path));
 	/* User may use the aliases - check URI for mount point */
 	if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
 		(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c)
 	if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
 		_shttpd_setup_embedded_stream(c,
 		    ruri->callback, ruri->callback_data);
-	} else
+	} else {
+		_shttpd_send_server_error(c, 403, "Forbidden");
+	}
+#if 0
 	if (strstr(path, HTPASSWD)) {
 		/* Do not allow to view passwords files */
 		_shttpd_send_server_error(c, 403, "Forbidden");
@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c)
 	} else {
 		_shttpd_send_server_error(c, 500, "Internal Error");
 	}
+#endif
 }
 
 static int
@@ -698,11 +705,11 @@ parse_http_request(struct conn *c)
 		_shttpd_send_server_error(c, 500, "Cannot allocate request");
 	}
 
+	io_inc_tail(&c->rem.io, req_len);
+
 	if (c->loc.flags & FLAG_CLOSED)
 		return;
 
-	io_inc_tail(&c->rem.io, req_len);
-
 	DBG(("Conn %d: parsing request: [%.*s]", c->rem.chan.sock, req_len, s));
 	c->rem.flags |= FLAG_HEADERS_PARSED;
 
@@ -968,7 +975,7 @@ write_stream(struct stream *from, struct
 }
 
 
-static void
+static int
 connection_desctructor(struct llhead *lp)
 {
 	struct conn		*c = LL_ENTRY(lp, struct conn, link);
@@ -992,7 +999,8 @@ connection_desctructor(struct llhead *lp
 	 * Check the "Connection: " header before we free c->request
 	 * If it its 'keep-alive', then do not close the connection
 	 */
-	do_close = (c->ch.connection.v_vec.len >= vec.len &&
+	do_close = c->rem.flags & FLAG_CLOSED ||
+	    (c->ch.connection.v_vec.len >= vec.len &&
 	    !_shttpd_strncasecmp(vec.ptr,c->ch.connection.v_vec.ptr,vec.len)) ||
 	    (c->major_version < 1 ||
 	    (c->major_version >= 1 && c->minor_version < 1));
@@ -1014,7 +1022,7 @@ connection_desctructor(struct llhead *lp
 		io_clear(&c->loc.io);
 		c->birth_time = _shttpd_current_time;
 		if (io_data_len(&c->rem.io) > 0)
-			process_connection(c, 0, 0);
+			return 1;
 	} else {
 		if (c->rem.io_class != NULL)
 			c->rem.io_class->close(&c->rem);
@@ -1025,6 +1033,8 @@ connection_desctructor(struct llhead *lp
 
 		free(c);
 	}
+
+	return 0;
 }
 
 static void
@@ -1032,7 +1042,7 @@ worker_destructor(struct llhead *lp)
 {
 	struct worker	*worker = LL_ENTRY(lp, struct worker, link);
 
-	free_list(&worker->connections, connection_desctructor);
+	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
 	free(worker);
 }
 
@@ -1065,6 +1075,8 @@ add_to_set(int fd, fd_set *set, int *max
 static void
 process_connection(struct conn *c, int remote_ready, int local_ready)
 {
+again:
+
 	/* Read from remote end if it is ready */
 	if (remote_ready && io_space_len(&c->rem.io))
 		read_stream(&c->rem);
@@ -1093,7 +1105,11 @@ process_connection(struct conn *c, int r
 	if ((_shttpd_current_time > c->expire_time) ||
 	    (c->rem.flags & FLAG_CLOSED) ||
 	    ((c->loc.flags & FLAG_CLOSED) && !io_data_len(&c->loc.io)))
-		connection_desctructor(&c->link);
+		if (connection_desctructor(&c->link)) {
+			remote_ready = 0;
+			local_ready = 0;
+			goto again;
+		}
 }
 
 static int
@@ -1650,7 +1666,7 @@ worker_function(void *param)
 	while (worker->exit_flag == 0)
 		poll_worker(worker, 1000 * 10);
 
-	free_list(&worker->connections, connection_desctructor);
+	free_list(&worker->connections, (void (*)(struct llhead *))connection_desctructor);
 	free(worker);
 }
 
Index: openwsman-2.6.7/src/server/wsmand.c
===================================================================
--- openwsman-2.6.7.orig/src/server/wsmand.c
+++ openwsman-2.6.7/src/server/wsmand.c
@@ -198,6 +198,11 @@ static void daemonize(void)
 	int fd;
 	char *pid;
 
+	/* Change our CWD to service_path */
+	i=chdir("/");
+	// i=chdir(wsmand_options_get_service_path());
+        assert(i == 0);
+
 	if (wsmand_options_get_foreground_debug() > 0) {
 		return;
 	}
@@ -214,10 +219,6 @@ static void daemonize(void)
 	log_pid = 0;
 	setsid();
 
-	/* Change our CWD to / */
-	i=chdir("/");
-        assert(i == 0);
-
 	/* Close all file descriptors. */
 	for (i = getdtablesize(); i >= 0; --i)
 		close(i);
openSUSE Build Service is sponsored by