X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/agedu/blobdiff_plain/15e738400fc6d322b0caad7a5a7ef1dcaea5065f..9827dd71b88e2c1080f1f31a40802cd44c98bf16:/httpd.c

diff --git a/httpd.c b/httpd.c
index bbe82ab..e5ee270 100644
--- a/httpd.c
+++ b/httpd.c
@@ -262,23 +262,29 @@ char *got_data(struct connctx *ctx, char *data, int length,
 	if (!magic_access && !auth_correct) {
 	    if (auth_string) {
 		ret = http_error("401", "Unauthorized",
-				 "WWW-Authenticate: Basic realm=\""PNAME"\"\r",
+				 "WWW-Authenticate: Basic realm=\""PNAME"\"\r\n",
 				 "\nYou must authenticate to view these pages.");
 	    } else {
 		ret = http_error("403", "Forbidden", NULL,
 				 "This is a restricted-access set of pages.");
 	    }
 	} else {
+	    char *q;
 	    p = ctx->url;
 	    p += strspn(p, "/?");
-	    index = strtoul(p, NULL, 10);
-	    document = html_query(ctx->t, index, cfg);
-	    if (document) {
-		ret = http_success("text/html", 1, document);
-		sfree(document);
-	    } else {
+	    index = strtoul(p, &q, 10);
+	    if (*q) {
 		ret = http_error("404", "Not Found", NULL,
-				 "Pathname index out of range.");
+				 "This is not a valid pathname index.");
+	    } else {
+		document = html_query(ctx->t, index, cfg);
+		if (document) {
+		    ret = http_success("text/html", 1, document);
+		    sfree(document);
+		} else {
+		    ret = http_error("404", "Not Found", NULL,
+				     "Pathname index out of range.");
+		}
 	    }
 	}
 	return ret;
@@ -362,9 +368,11 @@ int check_owning_uid(int fd, int flip)
 	while (fgets(linebuf, sizeof(linebuf), fp)) {
 	    if (strlen(linebuf) >= 75 &&
 		!strncmp(linebuf+6, matchbuf, strlen(matchbuf))) {
+		fclose(fp);
 		return atoi(linebuf + 75);
 	    }
 	}
+	fclose(fp);
     }
 
     return -1;
@@ -406,7 +414,6 @@ void run_httpd(const void *t, int authmask, const struct httpd_config *dcfg,
     int fd, ret;
     int authtype;
     char *authstring = NULL;
-    unsigned long ipaddr;
     struct fd *f;
     struct sockaddr_in addr;
     socklen_t addrlen;
@@ -423,22 +430,28 @@ void run_httpd(const void *t, int authmask, const struct httpd_config *dcfg,
 	fprintf(stderr, "socket(PF_INET): %s\n", strerror(errno));
 	exit(1);
     }
+    memset(&addr, 0, sizeof(addr));
     addr.sin_family = AF_INET;
     if (!dcfg->address) {
+#ifdef RANDOM_LOCALHOST
+	unsigned long ipaddr;
 	srand(0L);
 	ipaddr = 0x7f000000;
 	ipaddr += (1 + rand() % 255) << 16;
 	ipaddr += (1 + rand() % 255) << 8;
 	ipaddr += (1 + rand() % 255);
 	addr.sin_addr.s_addr = htonl(ipaddr);
+#else
+	addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
+#endif
 	addr.sin_port = htons(0);
-	
     } else {
 	addr.sin_addr.s_addr = inet_addr(dcfg->address);
 	addr.sin_port = dcfg->port ? htons(dcfg->port) : 0;
     }
     addrlen = sizeof(addr);
     ret = bind(fd, (const struct sockaddr *)&addr, addrlen);
+#ifdef RANDOM_LOCALHOST
     if (ret < 0 && errno == EADDRNOTAVAIL && !dcfg->address) {
 	/*
 	 * Some systems don't like us binding to random weird
@@ -449,6 +462,7 @@ void run_httpd(const void *t, int authmask, const struct httpd_config *dcfg,
 	addr.sin_port = htons(0);
 	ret = bind(fd, (const struct sockaddr *)&addr, addrlen);
     }
+#endif
     if (ret < 0) {
 	fprintf(stderr, "bind: %s\n", strerror(errno));
 	exit(1);