src/sbbs3 websrvr.c 1.700 1.701
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23416

Modified Files:
websrvr.c
Log Message:
Allow redirects from non-existant URLs.
This allows redirect targets from paths that don't exist. Required to implement hard-coded API endpoints via ssjs.

src/sbbs3 websrvr.c 1.701 1.702
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv16639

Modified Files:
websrvr.c
Log Message:
While we're making ssllabs happy, disable TLS 1.0 and 1.1 in the web server only (you can still use them from JS etc).

src/sbbs3 websrvr.c 1.702 1.703
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv13539

Modified Files:
websrvr.c
Log Message:
Comment out TLS 1.2 minver. Too many existing things don't support 1.2.

We don't need PCI DSS compliance I hope, we just want people doing things.

Re: src/sbbs3/websrvr.c
By: deuce to CVS commit on Thu Jan 23 2020 09:27:47

For what it's worth, we've been using the following list of ciphers where I work... seems to have decent security/compatibility currently.

ECDHE-ECDSA-AES128-GCM-SHA256

ECDHE-RSA-AES128-GCM-SHA256

ECDHE-ECDSA-AES256-GCM-SHA384

ECDHE-RSA-AES256-GCM-SHA384

ECDHE-ECDSA-CHACHA20-POLY1305

ECDHE-RSA-CHACHA20-POLY1305

DHE-RSA-AES128-GCM-SHA256

DHE-RSA-AES256-GCM-SHA384

--
Michael J. Ryan
+o roughneckbbs.com
bbs@tracker1.dev

---
■ Synchronet ■ Roughneck BBS - coming back 2/2/20

src/sbbs3 websrvr.c 1.703 1.704
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3

Modified Files:
websrvr.c
Log Message:
Fix NULL pointer dereference in CGI handling:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fb3be8ce071 in do_cgi_stuff (session=0x7fb2fbfaac40, cgi=0x7fb2fbfaa850, orig_keep=1) at websrvr.c:4376
4376 SKIP_WHITESPACE(value);

src/sbbs3 websrvr.c 1.705 1.706
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv12695

Modified Files:
websrvr.c
Log Message:
Since lprintf() sends to stdout in sbbscon foreground mode, we must call
it before redirecting stdout to the pipe.

Likely fixes CGI errors seen by alterego (and has been broken for almost fifteen years).

src/sbbs3 websrvr.c 1.706 1.707
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv19117

Modified Files:
websrvr.c
Log Message:
Move lprintf() out of fork() child... it uses a mutex and the state of
mutexes are undefined in children.

src/sbbs3 websrvr.c 1.708 1.709
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv2052

Modified Files:
websrvr.c
Log Message:
Support CGI over TLS on *nix.

src/sbbs3 websrvr.c 1.709 1.710
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv24259

Modified Files:
websrvr.c
Log Message:
Don't attempt to read a FastCGI body if the header type is zero.
Should fix the POST/GET hangs on the wiki once DigitalMan updates.

src/sbbs3 websrvr.c 1.710 1.711
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv22341

Modified Files:
websrvr.c
Log Message:
Add some paranoia for handling FCGI_END_REQUEST.

While the FastCGI read_wait_timeout function should never return
CGI_*_READY with CGI_PROCESS_TERMINATED, it looks like somehow on some
systems, there's an additional select() happening after the process is
done.

Explicitly track this, and try to prevent it.

src/sbbs3 websrvr.c 1.711 1.712
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv757

Modified Files:
websrvr.c
Log Message:
Fix bug in last commit... !

src/sbbs3 websrvr.c 1.712 1.713
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv4082

Modified Files:
websrvr.c
Log Message:
Just because there is a Location: header does not mean we should not send
a body. Broken by HSTS enhancement.

There's a (small) possibility that the HSTS enhancement is now broken.

src/sbbs3 websrvr.c 1.716 1.717
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3

Modified Files:
websrvr.c
Log Message:
Fix transmission of files >= 2GB in size on systems that support large file offsets
(64-bit off_t), e.g. 64-bit Linux. Issue reported by plt via irc.

src/sbbs3 websrvr.c 1.717 1.718
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23357

Modified Files:
websrvr.c
Log Message:
Improve send-file performance on Windows (over Gb Ethernet LAN) from about 1 MBytes/second to 25+ MBytes/second by increasing the size of the ringbuffer (from 20 -> 256 KBytes) and the size of the file-read buffer in sock_sendfile().
Also log the through-put (in cps) when a file is sent.

src/sbbs3 websrvr.c 1.718 1.719
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3

Modified Files:
websrvr.c
Log Message:
Address gcc warning: format '%d' expects argument of type 'int', but arg
has type 'long int'

src/sbbs3 websrvr.c 1.719 1.720
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17800

Modified Files:
websrvr.c
Log Message:
The problem: the sysop (me) is not notified of critical errors (e.g. synchro.net zone file problems) in a timely manner.
Part of the solution: notify a configured user (e.g. user #1) via short-message/telegram and email/netmail logged-errors when messages of a configured severity (e.g. "Critical") are logged.
The second part of the solution (coming next) will be allowing timed events to log a message of a configurable severity logged when the event fails (returns a non-zero error level to sbbs).

I'm saving the error-notification-user-number and log-severity as part of the node.cnf file because:
- that's where the validation user number is already set
- I can conceive of a large system were certain node ranges (different instances of sbbs) might want different operators to be notified of logged-errors

This also means I eliminated all the legacy com port/modem stuff from the end of the node.cnf file. None of that is used in sbbs v3.

Also included in this commit are improvements around logging:
- reduce the severity of UDP recvfrom failures in services
- a more detailed log message when the mail server successfully delivers an email (via SMTP) - easier to answer the question: was that email you/they sent delivered successfully?

https://gitlab.synchro.net/sbbs/sbbs/-/commit/c9db48cec8efd56f8291443d
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix requests to the webserver using IPv6 address http://[1234:1234::] requests. The host portion contains ":" after split_port_part(), resulting in a 400 error.
Renaming is_legal_hostname() to is_legal_host(), since requests to webservers are to
"hosts" not "hostnames".

https://gitlab.synchro.net/sbbs/sbbs/-/commit/d17a5ce0ba8d80a29f136c9e
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Merge branch 'leenooks/sbbs-master'

https://gitlab.synchro.net/sbbs/sbbs/-/commit/37a23fea45bbdb3589e7d909
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix heap corruption that could occur when HSTS feature is enabled

At least on Windows, when realloc() is used to allocate a new buffer,
guess what's in that buffer initially? undefined values. So you can't
strcat() onto the end of that! Ouch. This was a fun one to track down.

https://gitlab.synchro.net/sbbs/sbbs/-/commit/987c1129e127fe9a7b67d430
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix 32-bit GCC warning on rPi about printf format

format '%ld' expects argument of type 'long int', but argument 7 has type '__off64_t'

https://gitlab.synchro.net/sbbs/sbbs/-/commit/c399ca73f145f7e8dc625ec6
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Some CGI programs know they're not running from a console because
QUERY_STRING is defined (even if blank).

Always define it.

https://gitlab.synchro.net/sbbs/sbbs/-/commit/2c66387d8a91bc26d226430a
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Merge remote-tracking branch 'origin/master'

https://gitlab.synchro.net/main/sbbs/-/commit/22c6721d6f926ba5fce85a54
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Remove unused assignment.

No need to get time() here since it's never checked.

Resolves CID 174292

https://gitlab.synchro.net/main/sbbs/-/commit/6623cff0e3516937e38ae76a
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Always return 403 to requests for access.ars or webctrl.ini

Previously, 403 was only returned if they existed, and 404 if they
didn't.

https://gitlab.synchro.net/main/sbbs/-/commit/5d3de1eea3288155bc7a630e
Modified Files:
src/sbbs3/websrvr.c
Log Message:
For the cases we'll send a Content-Length of zero, do not send content.

Should fix #223
Introduced in d56ba01f which likely fixed some stuff on the wiki.

https://gitlab.synchro.net/main/sbbs/-/commit/bc5bfa5f6f9fb7208ed7bbe1
Modified Files:
src/sbbs3/websrvr.c
Log Message:
We still want the zero-length entity, just not any content.

Fixes last commit, which could cause infinite hangs on certain requests.

https://gitlab.synchro.net/main/sbbs/-/commit/b881935a0f28b65f66d6218c
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Track the active client "highwater mark" (highest number of concurrent clients)

Could be useful for knowing if you need to increase MaxClients for typical usage.

https://gitlab.synchro.net/main/sbbs/-/commit/9048b3d231b7ceeb823c2220
Modified Files:
src/sbbs3/websrvr.c
Log Message:
post_to_file() shouldn't close the file since it didn't open it.

https://gitlab.synchro.net/main/sbbs/-/commit/e2f3407c8cd1379184da9668
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Remove some unused variables.

https://gitlab.synchro.net/main/sbbs/-/commit/03b7b2f9443db9fa02989aec
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix socket descriptor leak in fastcgi_connect()

Found by Coverity-scan (CID 330051)

@Deuce should review this.

https://gitlab.synchro.net/main/sbbs/-/commit/22f130cad457cd21747dd6bc
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix resource leak in ssjs_send_headers()

IdArray returned by JS_Enumerate() was never freed.

Caught by Coverity-scan, CID 319627.

https://gitlab.synchro.net/main/sbbs/-/commit/9f7894575eed369cfd56ad40
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Remove incorrect and unnecessary comment.

https://gitlab.synchro.net/main/sbbs/-/commit/a487e0c681d380e01a76deeb
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Don't allow colons in web-requested path names on Windows

This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other potential pathname issues on Windows involving colons.

There are other illegal filename characters on Windows (e.g. <>|"?*), but filenames with these characters aren't expected to pass the later stat() test, so should fail with a 404 error.

https://gitlab.synchro.net/main/sbbs/-/commit/f38adc13f4b5169a0d59cbce
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix NULL pointer dereference in read_post_data()

What took down cvs/sbbs yesterday:
Program terminated with signal SIGSEGV, Segmentation fault.
6203 session->req.post_data[session->req.post_len]=0; [Current thread is 1 (Thread 0x7f2b989ff700 (LWP 17031))]
(gdb) print post_len
No symbol "post_len" in current context.
(gdb) print session->req.post_len
$1 = 0
(gdb) print session->req.post_data
$2 = 0x0

https://gitlab.synchro.net/main/sbbs/-/commit/f2858ee600525704d27011e0
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Add support for web request path aliases (defined in web_alias.ini)

Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
/Synchronet/ = /files/main/sbbs/
for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).

https://gitlab.synchro.net/main/sbbs/-/commit/005633b1fffb7b6df70cb13b
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Log requests that resolve outside of the web root as hack attempts

"Request for x is outside of the web root" was already logged (with a "NOTICE" log level), but would not sound the hack attempt alarm (on Windows) or log to the hack.log. Now it does.

El 15/1/22 a las 23:09, Rob Swindell escribió:

https://gitlab.synchro.net/main/sbbs/-/commit/f2858ee600525704d27011e0 Modified Files:
src/sbbs3/websrvr.c
Log Message:
Add support for web request path aliases (defined in web_alias.ini)

Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
/Synchronet/ = /files/main/sbbs/
for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).
---
� Synchronet � Vertrauen � Home of Synchronet � [vert/cvs/bbs].synchro.net

alias portion (webrequest) can support multiple levels? like:

/ftp/main/ansis = /sbbs/data/main/ansis
/ftp/other/upload = /home/pepe/uploads

??

---
￭ Synchronet ￭ Dock Sud BBS TLD 24 HS - bbs.docksud.com.ar

Re: Re: src/sbbs3/websrvr.c
By: Ragnarok to Rob Swindell on Mon Jan 17 2022 11:57 am

alias portion (webrequest) can support multiple levels? like:

/ftp/main/ansis = /sbbs/data/main/ansis
/ftp/other/upload = /home/pepe/uploads

Yes. But they likely should end in a '/' too.
--
digital man (rob)

This Is Spinal Tap quote #25:
Viv Savage: Have... a good... time... all the time. That's my philosophy. Norco, CA WX: 58.0°F, 80.0% humidity, 3 mph NW wind, 0.00 inches rain/24hrs

https://gitlab.synchro.net/main/sbbs/-/commit/d8c099dbc962727df2723650
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix HTTP-requests for files >= 2GB in size

An int is 32-bits on all supported platforms, so this has always been broken. The actual file size/request-length sent would depend on fun 2's complement math (a 32GB file was being truncated to 433MB).

Also fixed some wrong uses of PRIuOFF: off_t is a signed integer, so technically the maximum file size you can request now is 2^63 bytes, which is "big enough".

https://gitlab.synchro.net/main/sbbs/-/commit/c0f42027dded92626251d686
Modified Files:
src/sbbs3/websrvr.c
Log Message:
I don't know what I was smoking when I did this, but it's fixed now.

Weird early failure return on TLS sends. Most noticible on local
(ie: fast) connections, but clearly stupid all around when you
look at the code.

Fixed, but some day, I should go back and look how we eneded up in
this mess.

https://gitlab.synchro.net/main/sbbs/-/commit/cd4066a287da2b52e7aec775
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Resolve warning about enum value not handled in switch() statement

https://gitlab.synchro.net/main/sbbs/-/commit/a7f6b8549d24feb43c83ee44
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Include client IP address in HTTP-level error log messages

https://gitlab.synchro.net/main/sbbs/-/commit/a82559e327b74c4513751593
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Use safe string formatting to squelch warnings

Attempt to address 2 GCC version 11.2.0 2 warnings reported by Nelgin
‘%s’ directive writing up to 3 bytes into a region of size between 1 and 4097

https://gitlab.synchro.net/main/sbbs/-/commit/2e67162225de28219d747ed1
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Perform a JS garbage collection for each new request in a reused session

A reused HTTP session would never (apparently) perform garbage collection.
The evidence of this was the collection of concurrent user.dat file opens
that would never close until the HTTP sessions were closed. Hundreds or
even thousands of open user.dat's have been seen. After this change,
active web server (webv4 UI) users have not caused these spikes in open user.dat files, at least in my testing.

If no garbage collection was being performed, then likely a lot of JS
heap was being needlessly wasted, which could eventually result in a JS
"out of memory" error. But that's just a theory.

Investigation is needed into why the js_CommonOperationCallback()'s calls to JS_MaybeGC() were not sufficient to actually perform garbage collection
in this case.

https://gitlab.synchro.net/main/sbbs/-/commit/639460420c349337f3d3ceef
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Update log messages for execle() or fork() failures

To be more consistent in syntax and include more details (e.g. the command being invoked).

https://gitlab.synchro.net/main/sbbs/-/commit/b6cdc4730e6ca52fc0fc093b
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Log message improvements: include protocol (HTTP vs HTTPS) and IP address

https://gitlab.synchro.net/main/sbbs/-/commit/2458bfc3e336939c4893a360
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Improve JavaScript-related error messages

https://gitlab.synchro.net/main/sbbs/-/commit/650abd10bff9293db51f22fd
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Add a "scheme" property to http_request object

Value is "http" or "https" depending on if TLS is in use.

https://gitlab.synchro.net/main/sbbs/-/commit/94f85d5f1c8d8792975b5b03
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix MQTT-published action/login message for web server users

e.g. 20230130T171211-480 0 <unknown user> 76.89.231.66 <no name>

the user number name actually *are* known at this stage

https://gitlab.synchro.net/main/sbbs/-/commit/fe30acd5338cf267c284f0c0
Modified Files:
src/sbbs3/websrvr.c
Log Message:
More details in "Failure to send header/request to FastCGI socket" log msg

Elevate the log level back to ERROR (from WARNING), as this is not an expected condition and the sysop (me) should be alerted right away. This had previously be lowered (along with some other log messages) from ERROR to WARNING.

When php-fpm is updated (on Debian, anyway), e.g. from 8.1 to 8.2, a new etc/php configuration (pool.d) directory was used which set me back to a default www.conf file that uses Unix domain sockets instead of TCP sockets.

https://gitlab.synchro.net/main/sbbs/-/commit/38b9bc8a15b819c87235b2c6
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Add UNIX domain FastCGI support

Resolves a long-standing todo comment and has made wiki.synchro.net page rendering even faster.

PHP-FPM defaults to creating/listening on UNIX domain sockets.

This resolves gitlab issue #507

https://gitlab.synchro.net/main/sbbs/-/commit/d2ef0fe2ccfacd2b5805b6c4
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix webserver build on Windows - no UNIX domain socket support

According to https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
it is possible, but I think I'm using an WinSDK that's too old, so let's just not support this feature on Windows just yet. Define UDS_SUPPORT when supported.

https://gitlab.synchro.net/main/sbbs/-/commit/6049bc00c20620b31d6f2d41
Modified Files:
src/sbbs3/websrvr.c
Log Message:
If the FastCGI address starts with a '/', it's obviously a UNIX domain socket

We don't really need the "unix:" prefix now, but just leave that support in
for backward compatibility.

https://gitlab.synchro.net/main/sbbs/-/commit/73a821b70820580fcf3bba9a
Modified Files:
src/sbbs3/websrvr.c
Log Message:
If the FastCGI address begins with a '.', treat as UNIX Domain Socket as well

<Deuce> So the [previous] change doesn't work with relative paths?

So... support relative UDS paths in this manner (without the "unix:" prefix)

https://gitlab.synchro.net/main/sbbs/-/commit/db6e54740d51622cfdda6ccc
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Include protocol and client IP address in FastCGI send error log msg

https://gitlab.synchro.net/main/sbbs/-/commit/2dc32fab0bda70f194ecd6cf
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Don't query the active_clients count twice in a row

https://gitlab.synchro.net/main/sbbs/-/commit/6697e52d90e024eb602aa2ac
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Don't try to send 0-byte files

Saves some opening, reading, and logging, but otherwise was harmeless.

Fix issue #422

https://gitlab.synchro.net/main/sbbs/-/commit/5546278f0146522c886cca18
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Open SBBS_SSJS.*.html response file(s) only when actually writing data

The first write to a the temporary SBBS_SSJS.*.html file will open the file. This should reduce the number of 0-byte files left laying around in the the temp directory, which shouldn't be happening in the first place.

Also:
Fixed bug noticed in temp file clean up loop: POST data files would *also*
be retained when the DEBUG_SSJS option flag is set.

Also:
Replace some unsafe string operations with safe equivalents.

Happy Thanksgiving Nelgin!

https://gitlab.synchro.net/main/sbbs/-/commit/274efc589d79d20711f04da2
Modified Files:
src/sbbs3/websrvr.c
Log Message:
A little clean-up around FILE* opening/closing, error handling

"HTTP Logging" replaced in log messages with "Web Server access-logging".

Using new FCLOSE_OPEN_FILE macro to close and NULify open FILE*'s.

https://gitlab.synchro.net/main/sbbs/-/commit/786add2421406f8f9ed9e113
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Replace IPv6 colons in access-log filenames with exclaimation marks on Windows

Colons are not legal filename characters on Windows and when virtual hosts are enabled, the IPv6 address of the server may be used in the access-log filename so we need to clean that up or errors opening/creating the access-log files occur.

https://gitlab.synchro.net/main/sbbs/-/commit/b4f04d357b85fcb615dd400e
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Log client address in "Sending file" and "Sent file" log messages

For symmetry

https://gitlab.synchro.net/main/sbbs/-/commit/df3d7d09a69ec2fdf20a0d73
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Ensure do_cryptInit() is called before calling lock_ssl_cert()

https://gitlab.synchro.net/main/sbbs/-/commit/6180a88022c5d1e3f3a02dcd
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Look in mods dir for FileIndexScript before the exec dir

... unless the full path was specified.

https://gitlab.synchro.net/main/sbbs/-/commit/850a6595d70e78025c5a8f29
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Don't pass a TLS session ID of 0 js_CreateCommonObjects() for non-TLS sessions

The proper sentinel value here for "no TLS session" is -1, not 0.

This, at minimum, was causing a lot of extraneous calls to destroy_session() (from js_socket.c's do_js_close()) with an invalid (hopefully, not
otherwise used) cryptlib session ID of 0.

Nothing checks or logs the return value of destroy_session(), but I'd expect
it to be failing ... a lot.

https://gitlab.synchro.net/main/sbbs/-/commit/ec45b264572304e92c3e0839
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Log an error if ssl_sync() fails, for W6RAY

Hopefully help debug why HTTPS isn't working for him

https://gitlab.synchro.net/main/sbbs/-/commit/5bea6c6be1f0e73a35176920
Modified Files:
src/sbbs3/websrvr.c
Log Message:
If socket is closed while in sess_sendbuf(), don't log a warning message

... with a socket descriptor value of -1.

https://gitlab.synchro.net/main/sbbs/-/commit/b973a74765fb50b36c045713
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix off_t printf warning.

https://gitlab.synchro.net/main/sbbs/-/commit/5bd8253c7c482272b9a4ea1f
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Temporary workaround for TLS issue.

It appears that if the timing is "just wrong", a large POST can
cause TLS to fail. This has shown up as an inability to edit
pages in the wiki.

This is not a fix however, but simple a workaround until this is
root-caused.

https://gitlab.synchro.net/main/sbbs/-/commit/6326f6d0d33019f5af7b31fb
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Set javascript callback "terminated" flag to true when recycling

(or terminating) the server.

This will allow background JS threads to terminate when recycling, so the server doesn't just hang indefinitelyi when recycling.

Add more logging in cleanup() when waiting for children threads to terminate.

Also, eliminate the global 'terminate' variable, answering the question:
Can this be changed to a if(ws_set!=NULL) check instead?

Yes, yes it can.

https://gitlab.synchro.net/main/sbbs/-/commit/95be5a80e00eebcb23370f92
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Simplify the child thread wait loop in cleanup()

https://gitlab.synchro.net/main/sbbs/-/commit/8d7d9eb22fbabde369e6ab31
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Lower severity of "Response file path is NULL" log msg from CRIT to WARNING

This is not a completely unexpected thing to happen during ungraceful termination

https://gitlab.synchro.net/main/sbbs/-/commit/50be44416dbf437e93f0f283
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Pass user_t as pointer.

Silly to pass a 728-byte object as a parameter.

https://gitlab.synchro.net/main/sbbs/-/commit/e9778331b2584afc731f45bc
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix a bunch of false "File sent" logs (and uploader-notifications)

Web browsers tend start a download and then immediately close the socket
(so now send_failed will be true), while on a secondary socket, do a range download of the same file.

So log the range requests/completions and don't log successful file sends
when the send was terminated due to a send failure.

We still count very small (e.g. 2 byte) ranges as successful file transfers
and notify the uploader (of a partial download), so we should fix those
issues still. But at least now, there's a whole lot less "noise" created
from HTTP[S} file downloads via browser.

https://gitlab.synchro.net/main/sbbs/-/commit/3711e03ad615c3183aa401b4
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Use volatile keyword to (maybe) fix CID 488122: Data race condition

Ideally, I'd use atomic_bool instead, but we're using an older WinSDK for Win7 compatibility and so... can't.

Perhaps an xpdev 'protected_bool_t' should be created.

https://gitlab.synchro.net/main/sbbs/-/commit/90de10cf0dc28c25fab197b4
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Grow another 4-byte string.

https://gitlab.synchro.net/main/sbbs/-/commit/920902f3db4c4eac5ebcaf57
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Fix bug with error files (e.g. 404.html) introduced in commit 90de10cf

Deuce expanded the local 'error_code' buf to not trip the SAFECOPY macro destionation buffer length check. Only this buffer needed to be 4 chars
exactly to truncate the 'message' string at 3 chars (e.g. just "404" for an error message string that starts with "404 "). Switch from SAFECOPY to strlcpy to eliminate this bug.

As reported by Ragnarok as part of issue #748

The web error files should work again.

https://gitlab.synchro.net/main/sbbs/-/commit/984e76515378b50e3593ca8e
Modified Files:
src/sbbs3/websrvr.c
Log Message:
Update the previous commit to revert the error_code length to 4, since we can

And use sizeof, not the magic number (again).