My favorites | Sign in
Project Logo
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Summary | Updates | People
Details: Show all Hide all

Last 7 days

  • Dec 14, 2009
    issue 109 (Slow receiving data on Windows (MinGW)) reported by mpodeszfa   -   What steps will reproduce the problem? 1. write callback for receiving big data by POST - it can be empty function. 2. compile example in MinGW on MS Windows, and GCC in Linux 3. send data (like file upload) by POST and compare how different speed is in receiving data from request_info->post_data. What is the expected output? What do you see instead? Incredible slow receiving data on Windows (much over 10 times slower then on GNU/Linux). 100% CPU consumption on one core systems. What version of the product are you using? On what operating system? Windows XP (x86), Windows 7 (AMD64) and Ubuntu 9.10 AMD64. Please provide any additional information below.
    What steps will reproduce the problem? 1. write callback for receiving big data by POST - it can be empty function. 2. compile example in MinGW on MS Windows, and GCC in Linux 3. send data (like file upload) by POST and compare how different speed is in receiving data from request_info->post_data. What is the expected output? What do you see instead? Incredible slow receiving data on Windows (much over 10 times slower then on GNU/Linux). 100% CPU consumption on one core systems. What version of the product are you using? On what operating system? Windows XP (x86), Windows 7 (AMD64) and Ubuntu 9.10 AMD64. Please provide any additional information below.

Last 30 days

  • Dec 03, 2009
    issue 108 (not smart about urls containing cgi script) reported by loic.nageleisen   -   What steps will reproduce the problem? 1. set up mongoose + php cgi 2. create a info.php containing e.g <?php phpinfo(); ?> 3. go to http://localhost:8080/info.php and see expected output 4. go to http://localhost:8080/info.php/foo and be granted with error 404 What is the expected output? execution of php script with server env vars set as follow: REQUEST_URI=/info.php/foo SCRIPT_NAME=/info.php PATH_INFO=/foo PHP_SELF=/info.php/foo What do you see instead? Error 404: Not Found File not found What version of the product are you using? On what operating system? mongoose-2.8 Please provide any additional information below. mongoose should look for cgi script existence in the request not only at the end but up inside too. this allows for e.g cakephp to use semi-pretty urls without mod-rewrite. this should fix another bug by preventing http://localhost:8080/info.php/ to show source contents, instead running the script. for non-cgi files, the current behavior should be kept.
    What steps will reproduce the problem? 1. set up mongoose + php cgi 2. create a info.php containing e.g <?php phpinfo(); ?> 3. go to http://localhost:8080/info.php and see expected output 4. go to http://localhost:8080/info.php/foo and be granted with error 404 What is the expected output? execution of php script with server env vars set as follow: REQUEST_URI=/info.php/foo SCRIPT_NAME=/info.php PATH_INFO=/foo PHP_SELF=/info.php/foo What do you see instead? Error 404: Not Found File not found What version of the product are you using? On what operating system? mongoose-2.8 Please provide any additional information below. mongoose should look for cgi script existence in the request not only at the end but up inside too. this allows for e.g cakephp to use semi-pretty urls without mod-rewrite. this should fix another bug by preventing http://localhost:8080/info.php/ to show source contents, instead running the script. for non-cgi files, the current behavior should be kept.
  • Dec 03, 2009
    issue 106 (Get User Ip) commented on by valenok   -   Please note that mg_GetClientIPAddress uses static buffer for the result. Since Mongoose is threaded, you are risking here. I would modify that function slightly to make it safe by passing a buffer to it: void mg_GetClientIPAddress (const struct mg_request_info *ri, char *buf, size_t len)
    Please note that mg_GetClientIPAddress uses static buffer for the result. Since Mongoose is threaded, you are risking here. I would modify that function slightly to make it safe by passing a buffer to it: void mg_GetClientIPAddress (const struct mg_request_info *ri, char *buf, size_t len)
  • Dec 02, 2009
    issue 106 (Get User Ip) commented on by PKuo001   -   1. This is the helper function I use: char *mg_GetClientIPAddress (const struct mg_request_info *ri) { static char clientIPAddress[50+1] = {0}; SOCKADDR_IN sa; bzero (clientIPAddress, sizeof(clientIPAddress)); bzero (&sa, sizeof(sa)); sa.sin_addr.S_un.S_addr = htonl(ri->remote_ip); sa.sin_port = htons(ri->remote_port); sa.sin_family = AF_INET; (void)snprintf (clientIPAddress, sizeof(clientIPAddress), "%s", inet_ntoa(sa.sin_addr)); return (clientIPAddress); } 2. check out authentication.c in the examples area.
    1. This is the helper function I use: char *mg_GetClientIPAddress (const struct mg_request_info *ri) { static char clientIPAddress[50+1] = {0}; SOCKADDR_IN sa; bzero (clientIPAddress, sizeof(clientIPAddress)); bzero (&sa, sizeof(sa)); sa.sin_addr.S_un.S_addr = htonl(ri->remote_ip); sa.sin_port = htons(ri->remote_port); sa.sin_family = AF_INET; (void)snprintf (clientIPAddress, sizeof(clientIPAddress), "%s", inet_ntoa(sa.sin_addr)); return (clientIPAddress); } 2. check out authentication.c in the examples area.
  • Dec 02, 2009
    issue 107 (send_file() buglet) reported by PKuo001   -   What steps will reproduce the problem? 1. request a page to be served from a folder 2. 3. What is the expected output? What do you see instead? Instead of the complete file (text), either blank output or only partial file is displayed at the browser What version of the product are you using? On what operating system? 2.8, Windows 2000 or later Please provide any additional information below. The standalone EXE seems to work fine, but when embedded, that is where the problem arises. The cause is in the send_file() function, line 2796: the formatting string should end as "%s\r\n\r\n" and not "%s\r\n" as is currently the case.
    What steps will reproduce the problem? 1. request a page to be served from a folder 2. 3. What is the expected output? What do you see instead? Instead of the complete file (text), either blank output or only partial file is displayed at the browser What version of the product are you using? On what operating system? 2.8, Windows 2000 or later Please provide any additional information below. The standalone EXE seems to work fine, but when embedded, that is where the problem arises. The cause is in the send_file() function, line 2796: the formatting string should end as "%s\r\n\r\n" and not "%s\r\n" as is currently the case.
  • Dec 01, 2009
    issue 106 (Get User Ip) reported by flair123   -   1.How to Get User login IP? 2.How to request User login in ?
    1.How to Get User login IP? 2.How to request User login in ?
  • Nov 30, 2009
    issue 96 (Crash when switching SSL page to non-SSL page) commented on by laiyibin2002@hotmail.com   -   Seems nobody is interested in this issue. It happens when a non-SSL connection is working in the same thread as a previous SSL connection. Any way, today I found the cause of the problem: in "close_connection", after free SSL handle, the pointer is not reset to 0: line4361: if (conn->ssl) SSL_free(conn->ssl); here it should be: if (conn->ssl) { SSL_free(conn->ssl); conn->ssl = 0; /**** RESET the ssl pointer***/ } Now, the problem is gone.
    Seems nobody is interested in this issue. It happens when a non-SSL connection is working in the same thread as a previous SSL connection. Any way, today I found the cause of the problem: in "close_connection", after free SSL handle, the pointer is not reset to 0: line4361: if (conn->ssl) SSL_free(conn->ssl); here it should be: if (conn->ssl) { SSL_free(conn->ssl); conn->ssl = 0; /**** RESET the ssl pointer***/ } Now, the problem is gone.
  • Nov 30, 2009
    issue 96 (Crash when switching SSL page to non-SSL page) commented on by laiyibin2002@hotmail.com   -   Seems nobady is interested in this issue. It happens when a non-SSL connection is working in the same thread as a previous SSL connection. Any way, I worked it around by ignoring SIGSEGV: (void) signal(SIGSEGV, SIG_IGN);
    Seems nobady is interested in this issue. It happens when a non-SSL connection is working in the same thread as a previous SSL connection. Any way, I worked it around by ignoring SIGSEGV: (void) signal(SIGSEGV, SIG_IGN);
  • Nov 28, 2009
    issue 105 (cgi process creation fails when root directory path contains...) reported by esto...@seznam.cz   -   What steps will reproduce the problem? 1. create directory c:\liška 2. copy mongoose.exe into it 3. create file info.php #!c:\Program Files\php\php-cgi.exe <?php phpinfo(); ?> 4. run mongoose.exe 5. view localhost:8080/info.php What is the expected output? What do you see instead? It should return phpinfo() output but returns blank page and "[error] [client 127.0.0.1] GET /info.php: line 1311: CreateProcess( info.php): 193" in console What version of the product are you using? On what operating system? mongoose-2.8 on Windows XP (Media Center Edition, SP3) Please provide any additional information below. Similar to Issue 34 . In a directory c:\tmp (no diacritical signs) it works as expected.
    What steps will reproduce the problem? 1. create directory c:\liška 2. copy mongoose.exe into it 3. create file info.php #!c:\Program Files\php\php-cgi.exe <?php phpinfo(); ?> 4. run mongoose.exe 5. view localhost:8080/info.php What is the expected output? What do you see instead? It should return phpinfo() output but returns blank page and "[error] [client 127.0.0.1] GET /info.php: line 1311: CreateProcess( info.php): 193" in console What version of the product are you using? On what operating system? mongoose-2.8 on Windows XP (Media Center Edition, SP3) Please provide any additional information below. Similar to Issue 34 . In a directory c:\tmp (no diacritical signs) it works as expected.
  • Nov 27, 2009
    issue 104 (php predefined vars and current directory) reported by sebastia...@yahoo.com   -   index.php in root web dir.... <?php print $_SERVER['SCRIPT_NAME']; ?> this return me "/index.php" in apache and "index.php" in mongoose What is the expected output? What do you see instead? "/index.php" What version of the product are you using? On what operating system? mongoose 2.8 in WIN XP HOME
    index.php in root web dir.... <?php print $_SERVER['SCRIPT_NAME']; ?> this return me "/index.php" in apache and "index.php" in mongoose What is the expected output? What do you see instead? "/index.php" What version of the product are you using? On what operating system? mongoose 2.8 in WIN XP HOME
  • Nov 27, 2009
    issue 92 (Memory leak) commented on by valenok   -   Issue 78 has been merged into this issue.
    Issue 78 has been merged into this issue.
  • Nov 27, 2009
    issue 78 (Утечка памяти на VPS) changed by valenok   -  
    Status: Duplicate
    Status: Duplicate
  • Nov 27, 2009
    issue 101 (No indication that directory for option root does not exist.) Status changed by valenok   -   Patched in, http://code.google.com/p/mongoose/source/detail?r=478 Thank you!
    Status: Fixed
    Patched in, http://code.google.com/p/mongoose/source/detail?r=478 Thank you!
    Status: Fixed
  • Nov 27, 2009
    r478 (Introduced set_root_option(): alerting when root directory i...) committed by valenok   -   Introduced set_root_option(): alerting when root directory is not good.
    Introduced set_root_option(): alerting when root directory is not good.
  • Nov 22, 2009
    issue 103 (Extracting post data) reported by sameer23n   -   What steps will reproduce the problem? 1. Sending multipart form data 2. 3. What is the expected output? What do you see instead? Multipart form data (attached file) minus the header information from ri- >post_data What version of the product are you using? On what operating system? mongoose 2.3 and mongoose 2.8 in different applications. Please provide any additional information below. I want to extract the attached file from the post_data. The post_data also has the header informaiton attached. How do I get back my binary file from this? Thanks.
    What steps will reproduce the problem? 1. Sending multipart form data 2. 3. What is the expected output? What do you see instead? Multipart form data (attached file) minus the header information from ri- >post_data What version of the product are you using? On what operating system? mongoose 2.3 and mongoose 2.8 in different applications. Please provide any additional information below. I want to extract the attached file from the post_data. The post_data also has the header informaiton attached. How do I get back my binary file from this? Thanks.

Earlier this year

  • Nov 19, 2009
    issue 102 (Patch to Make 16-bit Clean(er)) reported by joel.sherrill   -   Hi, We have imported Mongoose 2.8 into the RTEMS CVS Repository. We had simple httpd so it is a logical update. We compile for a number of 16-bit targets and the attached patch removes those warnings.
    Hi, We have imported Mongoose 2.8 into the RTEMS CVS Repository. We had simple httpd so it is a logical update. We compile for a number of 16-bit targets and the attached patch removes those warnings.
  • Nov 16, 2009
    issue 101 (No indication that directory for option root does not exist.) commented on by joel.sherrill   -   Doh! You guys already had mg_stat. :) static bool_t set_root_option(struct mg_context *ctx, const char *root) { struct mgstat buf; if ( mg_stat(root, &buf) != 0) { cry(fc(ctx), "Invalid directory for root (%s)", root); return (FALSE); } return (TRUE); }
    Doh! You guys already had mg_stat. :) static bool_t set_root_option(struct mg_context *ctx, const char *root) { struct mgstat buf; if ( mg_stat(root, &buf) != 0) { cry(fc(ctx), "Invalid directory for root (%s)", root); return (FALSE); } return (TRUE); }
  • Nov 16, 2009
    issue 101 (No indication that directory for option root does not exist.) commented on by joel.sherrill   -   The following is enough code to detect the error on Linux and RTEMS and return an error. It may have to be different on Windows. static bool_t set_root_option(struct mg_context *ctx, const char *root) { struct stat buf; if ( stat(root, &buf) != 0) { cry(fc(ctx), "Invalid directory for root (%s)", root); return (FALSE); } return (TRUE); } static const struct mg_option known_options[] = { {"root", "\tWeb root directory", NULL, OPT_ROOT, set_root_option},
    The following is enough code to detect the error on Linux and RTEMS and return an error. It may have to be different on Windows. static bool_t set_root_option(struct mg_context *ctx, const char *root) { struct stat buf; if ( stat(root, &buf) != 0) { cry(fc(ctx), "Invalid directory for root (%s)", root); return (FALSE); } return (TRUE); } static const struct mg_option known_options[] = { {"root", "\tWeb root directory", NULL, OPT_ROOT, set_root_option},
  • Nov 16, 2009
    issue 101 (No indication that directory for option root does not exist.) reported by joel.sherrill   -   Even with DEBUG defined, there is no indication that the directory configured for option-root does not exist. Maybe there is something in the logs but I didn't have them turned on.
    Even with DEBUG defined, there is no indication that the directory configured for option-root does not exist. Maybe there is something in the logs but I didn't have them turned on.
  • Nov 16, 2009
    issue 93 (need to add #define for strtoll for Microsoft VS2008) commented on by keyz182   -   I uploaded a patch to the group a few months ago to fix this. I used _atoi64 (because I hadn't found _strtoi64..). I've updated it to use _strtoi64
    I uploaded a patch to the group a few months ago to fix this. I used _atoi64 (because I hadn't found _strtoi64..). I've updated it to use _strtoi64
  • Nov 15, 2009
    issue 99 (Current Directory Meaning on WIN32) Status changed by valenok   -   This inconsistency has been already eliminated, you can refer to the head version at http://mongoose.googlecode.com/svn/trunk/mongoose.c . I would not recommend using the head version in anything rather than test environment, because it is fairly unstable. I cannot say when the next release will be out. I haven't been working on Mongoose actively last couple of months, and probably will not have time in the near future either.
    Status: Accepted
    This inconsistency has been already eliminated, you can refer to the head version at http://mongoose.googlecode.com/svn/trunk/mongoose.c . I would not recommend using the head version in anything rather than test environment, because it is fairly unstable. I cannot say when the next release will be out. I haven't been working on Mongoose actively last couple of months, and probably will not have time in the near future either.
    Status: Accepted
  • Nov 13, 2009
    issue 100 (Almost Working On RTEMS) reported by joel.sherrill   -   I have attached my local copy of mongoose.c which builds for RTEMS and runs long enough to accept the first connection. Then it blows the stack. This brings up a few issues: + Are the RTEMS ifdef's properly incorporated? + Can there be ifdef's to disable SSL and DLLs completely. So nothing related to them builds. + How should we configure the per-thread stack size? This required ~48K per thread with Simple HTTPD. Seems like a natural config option. + Should the priority of the mongoose threads be configurable? + What is the formula for pthread, mutex, condition variable connection? Base number plus what per active connection. It built quickly. I have tried it on RTEMS, Linux and Windows this week. :)
    I have attached my local copy of mongoose.c which builds for RTEMS and runs long enough to accept the first connection. Then it blows the stack. This brings up a few issues: + Are the RTEMS ifdef's properly incorporated? + Can there be ifdef's to disable SSL and DLLs completely. So nothing related to them builds. + How should we configure the per-thread stack size? This required ~48K per thread with Simple HTTPD. Seems like a natural config option. + Should the priority of the mongoose threads be configurable? + What is the formula for pthread, mutex, condition variable connection? Base number plus what per active connection. It built quickly. I have tried it on RTEMS, Linux and Windows this week. :)
  • Nov 13, 2009
    issue 99 (Current Directory Meaning on WIN32) reported by joel.sherrill   -   Hi, Under Linux, the webserver uses the current working directory as the default starting point. (e.g. pwd). Under WIN32, the mg_getcwd() implementation parses the full name of the executable (e.g. GetModuleFileNameW) to get the default starting directory rather than using the current working directory (e.g. _getcwd or GetCurrentDirectory) Is there some particular reason for the inconsistent behavior between WIN32 and POSIXy systems? Thanks.
    Hi, Under Linux, the webserver uses the current working directory as the default starting point. (e.g. pwd). Under WIN32, the mg_getcwd() implementation parses the full name of the executable (e.g. GetModuleFileNameW) to get the default starting directory rather than using the current working directory (e.g. _getcwd or GetCurrentDirectory) Is there some particular reason for the inconsistent behavior between WIN32 and POSIXy systems? Thanks.
  • Nov 05, 2009
    issue 98 (Cannot execute index.php by default) reported by shaiss   -   index.html loads by default, but not index.php. This is a basic behavior.
    index.html loads by default, but not index.php. This is a basic behavior.
  • Nov 03, 2009
    issue 97 (feature request : RewriteBase ) reported by zhazhenzhong   -   In linux Apache there a feature called RewriteBase. Quite a few blogs use this function to have static link for pages and hide the *.php or *.asp file names in the link. To me, it looks a little similar to mongoose's aliases feature. but there is no way to change the last /? to /index.php? Hope mongoose can provide a solution to this feature in the further development :-)
    In linux Apache there a feature called RewriteBase. Quite a few blogs use this function to have static link for pages and hide the *.php or *.asp file names in the link. To me, it looks a little similar to mongoose's aliases feature. but there is no way to change the last /? to /index.php? Hope mongoose can provide a solution to this feature in the further development :-)
  • Nov 02, 2009
    issue 96 (Crash when switching SSL page to non-SSL page) reported by laiyibin...@hotmail.com   -   What steps will reproduce the problem? 1. Open an SSL page: https://10.0.0.145(my IP) 2. Then open a non-SSL page: http://10.0.0.145 Do these two steps two or three times. What is the expected output? What do you see instead? The browser should display the same page. But I encountered a crash in Mongoose with the following messages: Then mongoose crashed with following messages: [1257191398] [error] [client 10.0.0.145] worker_thread: SSL handshake error *** glibc detected *** ./mongoose: double free or corruption (!prev): 0x08c4bff0 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6[0xb7f28624] /lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7f2a826] /usr/lib/i686/cmov/libcrypto.so.0.9.8(CRYPTO_free+0x3a)[0xb7564cca] /usr/lib/i686/cmov/libcrypto.so.0.9.8(BUF_MEM_free+0x47)[0xb75c5557] /usr/lib/libssl.so(SSL_free+0xd2)[0xb76a2e82] ./mongoose[0x804f451] ======= Memory map: ======== 08048000-08053000 r-xp 00000000 08:03 1515619 /home/benl/Downloads/mongoose/mongoose 08053000-08054000 rw-p 0000a000 08:03 1515619 /home/benl/Downloads/mongoose/mongoose 08c47000-08c68000 rw-p 00000000 00:00 0 [heap] b6a00000-b6a21000 rw-p 00000000 00:00 0 b6a21000-b6b00000 ---p 00000000 00:00 0 b6b91000-b6b9d000 r-xp 00000000 08:03 2793536 /lib/libgcc_s.so.1 b6b9d000-b6b9e000 rw-p 0000b000 08:03 2793536 /lib/libgcc_s.so.1 b6bab000-b6bac000 ---p 00000000 00:00 0 b6bac000-b73ac000 rw-p 00000000 00:00 0 b73ac000-b74f0000 r-xp 00000000 08:03 3963495 /usr/lib/libcrypto.so.0.9.8 b74f0000-b7506000 rw-p 00144000 08:03 3963495 /usr/lib/libcrypto.so.0.9.8 b7506000-b7509000 rw-p 00000000 00:00 0 b7509000-b751d000 r-xp 00000000 08:03 3958778 /usr/lib/libz.so.1.2.3.3 b751d000-b751e000 rw-p 00013000 08:03 3958778 /usr/lib/libz.so.1.2.3.3 b751e000-b7658000 r-xp 00000000 08:03 3973542 /usr/lib/i686/cmov/libcrypto.so.0.9.8 b7658000-b766e000 rw-p 0013a000 08:03 3973542 /usr/lib/i686/cmov/libcrypto.so.0.9.8 b766e000-b7671000 rw-p 00000000 00:00 0 b7671000-b76b4000 r-xp 00000000 08:03 2531378 /usr/lib/libssl.so.0.9.8 b76b4000-b76b8000 rw-p 00042000 08:03 2531378 /usr/lib/libssl.so.0.9.8 b76b8000-b76b9000 ---p 00000000 00:00 0 b76b9000-b7eba000 rw-p 00000000 00:00 0 b7eba000-b800f000 r-xp 00000000 08:03 2803015 /lib/i686/cmov/libc-2.7.so b800f000-b8010000 r--p 00155000 08:03 2803015 /lib/i686/cmov/libc-2.7.so b8010000-b8012000 rw-p 00156000 08:03 2803015 /lib/i686/cmov/libc-2.7.so b8012000-b8016000 rw-p 00000000 00:00 0 b8016000-b802b000 r-xp 00000000 08:03 2803029 /lib/i686/cmov/libpthread-2.7.so b802b000-b802d000 rw-p 00014000 08:03 2803029 /lib/i686/cmov/libpthread-2.7.so b802d000-b802f000 rw-p 00000000 00:00 0 b802f000-b8031000 r-xp 00000000 08:03 2803018 /lib/i686/cmov/libdl-2.7.so b8031000-b8033000 rw-p 00001000 08:03 2803018 /lib/i686/cmov/libdl-2.7.so b803f000-b8042000 rw-p 00000000 00:00 0 b8042000-b8043000 r-xp 00000000 00:00 0 [vdso] b8043000-b805d000 r-xp 00000000 08:03 2793486 /lib/ld-2.7.so b805d000-b805f000 rw-p 0001a000 08:03 2793486 /lib/ld-2.7.so bffb9000-bffce000 rw-p 00000000 00:00 0 [stack] Aborted What version of the product are you using? On what operating system? Mongoose 2.8. Linux 2.6 + openSSL0.9.8 Please provide any additional information below. If stick to SSL or non-SSL, it's ok.
    What steps will reproduce the problem? 1. Open an SSL page: https://10.0.0.145(my IP) 2. Then open a non-SSL page: http://10.0.0.145 Do these two steps two or three times. What is the expected output? What do you see instead? The browser should display the same page. But I encountered a crash in Mongoose with the following messages: Then mongoose crashed with following messages: [1257191398] [error] [client 10.0.0.145] worker_thread: SSL handshake error *** glibc detected *** ./mongoose: double free or corruption (!prev): 0x08c4bff0 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6[0xb7f28624] /lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7f2a826] /usr/lib/i686/cmov/libcrypto.so.0.9.8(CRYPTO_free+0x3a)[0xb7564cca] /usr/lib/i686/cmov/libcrypto.so.0.9.8(BUF_MEM_free+0x47)[0xb75c5557] /usr/lib/libssl.so(SSL_free+0xd2)[0xb76a2e82] ./mongoose[0x804f451] ======= Memory map: ======== 08048000-08053000 r-xp 00000000 08:03 1515619 /home/benl/Downloads/mongoose/mongoose 08053000-08054000 rw-p 0000a000 08:03 1515619 /home/benl/Downloads/mongoose/mongoose 08c47000-08c68000 rw-p 00000000 00:00 0 [heap] b6a00000-b6a21000 rw-p 00000000 00:00 0 b6a21000-b6b00000 ---p 00000000 00:00 0 b6b91000-b6b9d000 r-xp 00000000 08:03 2793536 /lib/libgcc_s.so.1 b6b9d000-b6b9e000 rw-p 0000b000 08:03 2793536 /lib/libgcc_s.so.1 b6bab000-b6bac000 ---p 00000000 00:00 0 b6bac000-b73ac000 rw-p 00000000 00:00 0 b73ac000-b74f0000 r-xp 00000000 08:03 3963495 /usr/lib/libcrypto.so.0.9.8 b74f0000-b7506000 rw-p 00144000 08:03 3963495 /usr/lib/libcrypto.so.0.9.8 b7506000-b7509000 rw-p 00000000 00:00 0 b7509000-b751d000 r-xp 00000000 08:03 3958778 /usr/lib/libz.so.1.2.3.3 b751d000-b751e000 rw-p 00013000 08:03 3958778 /usr/lib/libz.so.1.2.3.3 b751e000-b7658000 r-xp 00000000 08:03 3973542 /usr/lib/i686/cmov/libcrypto.so.0.9.8 b7658000-b766e000 rw-p 0013a000 08:03 3973542 /usr/lib/i686/cmov/libcrypto.so.0.9.8 b766e000-b7671000 rw-p 00000000 00:00 0 b7671000-b76b4000 r-xp 00000000 08:03 2531378 /usr/lib/libssl.so.0.9.8 b76b4000-b76b8000 rw-p 00042000 08:03 2531378 /usr/lib/libssl.so.0.9.8 b76b8000-b76b9000 ---p 00000000 00:00 0 b76b9000-b7eba000 rw-p 00000000 00:00 0 b7eba000-b800f000 r-xp 00000000 08:03 2803015 /lib/i686/cmov/libc-2.7.so b800f000-b8010000 r--p 00155000 08:03 2803015 /lib/i686/cmov/libc-2.7.so b8010000-b8012000 rw-p 00156000 08:03 2803015 /lib/i686/cmov/libc-2.7.so b8012000-b8016000 rw-p 00000000 00:00 0 b8016000-b802b000 r-xp 00000000 08:03 2803029 /lib/i686/cmov/libpthread-2.7.so b802b000-b802d000 rw-p 00014000 08:03 2803029 /lib/i686/cmov/libpthread-2.7.so b802d000-b802f000 rw-p 00000000 00:00 0 b802f000-b8031000 r-xp 00000000 08:03 2803018 /lib/i686/cmov/libdl-2.7.so b8031000-b8033000 rw-p 00001000 08:03 2803018 /lib/i686/cmov/libdl-2.7.so b803f000-b8042000 rw-p 00000000 00:00 0 b8042000-b8043000 r-xp 00000000 00:00 0 [vdso] b8043000-b805d000 r-xp 00000000 08:03 2793486 /lib/ld-2.7.so b805d000-b805f000 rw-p 0001a000 08:03 2793486 /lib/ld-2.7.so bffb9000-bffce000 rw-p 00000000 00:00 0 [stack] Aborted What version of the product are you using? On what operating system? Mongoose 2.8. Linux 2.6 + openSSL0.9.8 Please provide any additional information below. If stick to SSL or non-SSL, it's ok.
  • Oct 28, 2009
    issue 94 (php source code is readable from web) commented on by valenok   -   If you're a newbie, I suggest using UNIX. There's plenty of free UNIX shells with compilers, please use one or install UNIX on your workstation, or use emulator like VirtualBox or QEMU to run UNIX. LOTS of you problems will go away.
    If you're a newbie, I suggest using UNIX. There's plenty of free UNIX shells with compilers, please use one or install UNIX on your workstation, or use emulator like VirtualBox or QEMU to run UNIX. LOTS of you problems will go away.
  • Oct 28, 2009
    issue 94 (php source code is readable from web) commented on by cakyus   -   i'm trying to help. i recently learn c in my college, i'm 100% newbie :). i downloaded the latest source code and tried to compile then i got this .. ||=== mongoose, Debug ===| D:\Documents\projects\mongoose\mongoose.c|130|error: conflicting types for 'pid_t'| D:\Program Files\CodeBlocks\MinGW\bin\..\lib\gcc\mingw32\3.4.5\..\..\..\..\include \sys\types.h|75|error: previous declaration of 'pid_t' was here| D:\Documents\projects\mongoose\mongoose.c||In function `mg_stat':| D:\Documents\projects\mongoose\mongoose.c|1088|warning: integer constant is too large for "long" type| ||=== Build finished: 2 errors, 1 warnings ===| i have tried to comment some lines and got another error.
    i'm trying to help. i recently learn c in my college, i'm 100% newbie :). i downloaded the latest source code and tried to compile then i got this .. ||=== mongoose, Debug ===| D:\Documents\projects\mongoose\mongoose.c|130|error: conflicting types for 'pid_t'| D:\Program Files\CodeBlocks\MinGW\bin\..\lib\gcc\mingw32\3.4.5\..\..\..\..\include \sys\types.h|75|error: previous declaration of 'pid_t' was here| D:\Documents\projects\mongoose\mongoose.c||In function `mg_stat':| D:\Documents\projects\mongoose\mongoose.c|1088|warning: integer constant is too large for "long" type| ||=== Build finished: 2 errors, 1 warnings ===| i have tried to comment some lines and got another error.
  • Oct 27, 2009
    issue 94 (php source code is readable from web) commented on by shaiss   -   Wow, this seems like a huge security hole.
    Wow, this seems like a huge security hole.
  • Oct 23, 2009
    issue 95 (random crashes using gitweb) commented on by alexandrul.ct   -   Is there any debug-enabled binary in order to pin-point the problem? It could be something strange in the perl side.
    Is there any debug-enabled binary in order to pin-point the problem? It could be something strange in the perl side.
  • Oct 20, 2009
    issue 95 (random crashes using gitweb) reported by alexandrul.ct   -   What steps will reproduce the problem? 1. setup mongoose to use with gitweb (http://asimilatorul.com/adapter/post/git-instaweb-using-mongoose-and-msysgit/) What is the expected output? What do you see instead? random crashes: Unhandled exception at 0x004031d6 in mongoose4instagit.exe: 0xC0000005: Access violation reading location 0x00000454. What version of the product are you using? On what operating system? mongoose 2.8, windows xp, windows server 2008 Please provide any additional information below. - gitweb/git 1.6.5.1 - mongoose_error.log is empty - mongoose.conf: root k:/pr/xxx/.git/gitweb/www ports 12345 index_files gitweb.cgi #ssl_cert /gitweb/ssl_cert.pem access_log k:/pr/xxx/.git/gitweb/mongoose_access.log error_log k:/pr/xxx/.git/gitweb/mongoose_error.log #cgi setup cgi_env PATH=k:\dev\tools\msysGit\bin cgi_interp k:\dev\tools\msysGit\bin\perl.exe cgi_ext cgi,pl,perl # mimetype mapping mime_types .gz=application/x-gzip,.tar.gz=application/x-tgz,.tgz=application/x-tgz,.tar=application/x-tar,.zip=application/zip,.gif=image/gif,.jpg=image/jpeg,.jpeg=image/jpeg,.png=image/png,.css=text/css,.html=text/html,.htm=text/html,.js=text/javascript,.c=text/plain,.cpp=text/plain,.log=text/plain,.conf=text/plain,.text=text/plain,.txt=text/plain,.dtd=text/xml,.bz2=application/x-bzip,.tbz=application/x-bzip-compressed-tar,.tar.bz2=application/x-bzip-compressed-tar
    What steps will reproduce the problem? 1. setup mongoose to use with gitweb (http://asimilatorul.com/adapter/post/git-instaweb-using-mongoose-and-msysgit/) What is the expected output? What do you see instead? random crashes: Unhandled exception at 0x004031d6 in mongoose4instagit.exe: 0xC0000005: Access violation reading location 0x00000454. What version of the product are you using? On what operating system? mongoose 2.8, windows xp, windows server 2008 Please provide any additional information below. - gitweb/git 1.6.5.1 - mongoose_error.log is empty - mongoose.conf: root k:/pr/xxx/.git/gitweb/www ports 12345 index_files gitweb.cgi #ssl_cert /gitweb/ssl_cert.pem access_log k:/pr/xxx/.git/gitweb/mongoose_access.log error_log k:/pr/xxx/.git/gitweb/mongoose_error.log #cgi setup cgi_env PATH=k:\dev\tools\msysGit\bin cgi_interp k:\dev\tools\msysGit\bin\perl.exe cgi_ext cgi,pl,perl # mimetype mapping mime_types .gz=application/x-gzip,.tar.gz=application/x-tgz,.tgz=application/x-tgz,.tar=application/x-tar,.zip=application/zip,.gif=image/gif,.jpg=image/jpeg,.jpeg=image/jpeg,.png=image/png,.css=text/css,.html=text/html,.htm=text/html,.js=text/javascript,.c=text/plain,.cpp=text/plain,.log=text/plain,.conf=text/plain,.text=text/plain,.txt=text/plain,.dtd=text/xml,.bz2=application/x-bzip,.tbz=application/x-bzip-compressed-tar,.tar.bz2=application/x-bzip-compressed-tar
  • Oct 17, 2009
    issue 94 (php source code is readable from web) commented on by cakyus   -   sorry, i forgot to mention that i'm using windows xp home ed. :)
    sorry, i forgot to mention that i'm using windows xp home ed. :)
  • Oct 17, 2009
    issue 94 (php source code is readable from web) reported by cakyus   -   What steps will reproduce the problem? 1. go to http://127.0.0.1/index.php 2. i CAN NOT read the php source code BUT .. 3. go to http://127.0.0.1/index.php/? 4. and i CAN read the php source code What is the expected output? What do you see instead? it should not display the source code, but it does ! What version of the product are you using? On what operating system? 2.8 and i have testing 2.6 but i got same result Please provide any additional information below. here is my mongoose.conf .. -- mongoose.conf -- ports 80 root c:\mongoose\htdocs index_files index.php cgi_ext php cgi_interp php-cgi.exe dir_list no -------------------
    What steps will reproduce the problem? 1. go to http://127.0.0.1/index.php 2. i CAN NOT read the php source code BUT .. 3. go to http://127.0.0.1/index.php/? 4. and i CAN read the php source code What is the expected output? What do you see instead? it should not display the source code, but it does ! What version of the product are you using? On what operating system? 2.8 and i have testing 2.6 but i got same result Please provide any additional information below. here is my mongoose.conf .. -- mongoose.conf -- ports 80 root c:\mongoose\htdocs index_files index.php cgi_ext php cgi_interp php-cgi.exe dir_list no -------------------
  • Oct 16, 2009
    issue 77 (On windows, can not visit *.exe file as cgi.) commented on by aabukh   -   the scenario: 1. compiled your program, www.c into www.exe 2. started mongoose: ./mongoose -cgi_ext .exe 3. pointed my browser at http://127.0.0.1:8080/www.exe doesn't work for me on Windows XP. I always get "This webpage is not available" message. Any ideas?
    the scenario: 1. compiled your program, www.c into www.exe 2. started mongoose: ./mongoose -cgi_ext .exe 3. pointed my browser at http://127.0.0.1:8080/www.exe doesn't work for me on Windows XP. I always get "This webpage is not available" message. Any ideas?
  • Oct 13, 2009
    issue 93 (need to add #define for strtoll for Microsoft VS2008) reported by dcraw101   -   I needed to add the folllowing #define at line 89: #define strtoll(x, y, z) _strtoi64(x, y, z) If I did not do this then mongoose.c would compile but give linker errors reporting that strtoll was an undefined sysmbol. There might be an extra Microsoft library that resolves this, but it is not in the standard VS2008 libs.
    I needed to add the folllowing #define at line 89: #define strtoll(x, y, z) _strtoi64(x, y, z) If I did not do this then mongoose.c would compile but give linker errors reporting that strtoll was an undefined sysmbol. There might be an extra Microsoft library that resolves this, but it is not in the standard VS2008 libs.
  • Oct 08, 2009
    issue 92 (Memory leak) reported by alrond   -   Через некоторое время работы на VPS перестает хватать памяти для запуска дочерних CGI программ: Error 500: Internal Server Error fork(): Cannot allocate memory Данные по свежезапущенному серверу: VSZ RSS 12060 696 Через время: 53016 956 Свободной памяти еще есть: #free -k total used free shared buffers cached Mem: 131072 92668 38404 0 0 0 -/+ buffers/cache: 92668 38404 Swap: 0 0 0 Утечка наблюдается только после выполнения одновременных запросов. Если запросы по порядку по одному, то проблема не наблюдается.
    Через некоторое время работы на VPS перестает хватать памяти для запуска дочерних CGI программ: Error 500: Internal Server Error fork(): Cannot allocate memory Данные по свежезапущенному серверу: VSZ RSS 12060 696 Через время: 53016 956 Свободной памяти еще есть: #free -k total used free shared buffers cached Mem: 131072 92668 38404 0 0 0 -/+ buffers/cache: 92668 38404 Swap: 0 0 0 Утечка наблюдается только после выполнения одновременных запросов. Если запросы по порядку по одному, то проблема не наблюдается.
  • Oct 06, 2009
    issue 90 (Directory Traversal Security Vulnerability) commented on by marcusbu   -   Hi! I don't know if you fixed this, but here ( http://www.milw0rm.com/exploits/8428 ) seems hackers just detected this bug some months ago. Bye!
    Hi! I don't know if you fixed this, but here ( http://www.milw0rm.com/exploits/8428 ) seems hackers just detected this bug some months ago. Bye!
  • Oct 02, 2009
    issue 91 (Crash on Reload in TRUN version under Windows) reported by tneuhofer   -   What steps will reproduce the problem? 1. Use the trunk version of mongoose 2. Reload an HTML page 3. Server crashes What is the expected output? What do you see instead? Expected --> seeing the HTML output in the browser Instead --> crash What version of the product are you using? On what operating system? 2.9 - TRUNK on <b>Windows</b> Please provide any additional information below. The cause is that <b>INT64_FMT</b> is defined wrong under Windows: Actual: #define INT64_FMT "I64" Target: #define INT64_FMT "I64d"
    What steps will reproduce the problem? 1. Use the trunk version of mongoose 2. Reload an HTML page 3. Server crashes What is the expected output? What do you see instead? Expected --> seeing the HTML output in the browser Instead --> crash What version of the product are you using? On what operating system? 2.9 - TRUNK on <b>Windows</b> Please provide any additional information below. The cause is that <b>INT64_FMT</b> is defined wrong under Windows: Actual: #define INT64_FMT "I64" Target: #define INT64_FMT "I64d"
  • Sep 30, 2009
    issue 88 (Using mongoose.dll from Visual Basic 6.0) commented on by pilly.vasic5   -   i want to someone do my code from VB 6.0! How to i make antivirus system but that who doesnt wrealy see viruses in my compyter also he must to look like he doing that phisicly! I'm sorry becouse my bad writting i'm from the Serbia!
    i want to someone do my code from VB 6.0! How to i make antivirus system but that who doesnt wrealy see viruses in my compyter also he must to look like he doing that phisicly! I'm sorry becouse my bad writting i'm from the Serbia!
  • Sep 27, 2009
    issue 90 (Directory Traversal Security Vulnerability) Status changed by valenok   -   Thanks guys. To be fixed. I assume you've tried to crack UNIX code path, too? If you have any suspicions, I'd love to hear. And, any advice about techniques & tools you're using.
    Status: Accepted
    Thanks guys. To be fixed. I assume you've tried to crack UNIX code path, too? If you have any suspicions, I'd love to hear. And, any advice about techniques & tools you're using.
    Status: Accepted
  • Sep 22, 2009
    issue 90 (Directory Traversal Security Vulnerability) commented on by g...@corest.com   -   I was running it on wine when I tested it, that's why you see etc/passwd in the URL :)
    I was running it on wine when I tested it, that's why you see etc/passwd in the URL :)
  • Sep 21, 2009
    issue 90 (Directory Traversal Security Vulnerability) reported by pedram.amini   -   It is possible to bypass the ".." check in fix_directory_separators() by using "%c2.%c2" which will be converted to ".." after the call to MultiByteToWideChar(). The filtering check should be moved after the conversion. Example request: http://localhost:8080/%c2.%c2./%c2.%c2./%c2.%c2./%c2.%c2./%c2.%c2./%c2.%c2./etc/passwd This bug was NOT found by me but rather by Gera from CORE Security (http://www.coresecurity.com) during a contest I hosted recently at a security conference. We planted two bugs within the mongoose source and Gera found this one while looking for them. If you're curious about the contest some details are here: http://dvlabs.tippingpoint.com/blog/2009/09/08/ekoparty-2009
    It is possible to bypass the ".." check in fix_directory_separators() by using "%c2.%c2" which will be converted to ".." after the call to MultiByteToWideChar(). The filtering check should be moved after the conversion. Example request: http://localhost:8080/%c2.%c2./%c2.%c2./%c2.%c2./%c2.%c2./%c2.%c2./%c2.%c2./etc/passwd This bug was NOT found by me but rather by Gera from CORE Security (http://www.coresecurity.com) during a contest I hosted recently at a security conference. We planted two bugs within the mongoose source and Gera found this one while looking for them. If you're curious about the contest some details are here: http://dvlabs.tippingpoint.com/blog/2009/09/08/ekoparty-2009
  • Sep 17, 2009
    issue 44 (Mongoose for WIndows CE) commented on by gilbert.wellisch   -   Alright, here is another pass: - Implemented strftime(). - Changed all calls to localtime() to localtime_r() for thread safety. - Added CE implementation of dlsym(), CE uses wide chars for name. - Replaced strtoull() define for strtoll(), for both Windows and CE. - Fixed INT64_FMT format for both Windows and CE. - CE lacks strtoi64() defined strtoll() to strtol() - Found that all HTTP headers should be using GMT per RFC. See: http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3.1 Causing the following changes: - Reintroduced gmtime(), but this time as gmtime_r() - date_to_epoch() does not need to determine DST - date_to_epoch() cannot use mktime() because it is only for local time, it has been changed to fill-in and return a struct tm. - commpare_tm() added because of lack of mktime() for GMT. - mktime() for CE removed, as it is unused now. - send_file() uses "GMT" instead of "%Z" in date formatting - send_file() uses gmtime_r() instead of localtime()
    Alright, here is another pass: - Implemented strftime(). - Changed all calls to localtime() to localtime_r() for thread safety. - Added CE implementation of dlsym(), CE uses wide chars for name. - Replaced strtoull() define for strtoll(), for both Windows and CE. - Fixed INT64_FMT format for both Windows and CE. - CE lacks strtoi64() defined strtoll() to strtol() - Found that all HTTP headers should be using GMT per RFC. See: http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.3.1 Causing the following changes: - Reintroduced gmtime(), but this time as gmtime_r() - date_to_epoch() does not need to determine DST - date_to_epoch() cannot use mktime() because it is only for local time, it has been changed to fill-in and return a struct tm. - commpare_tm() added because of lack of mktime() for GMT. - mktime() for CE removed, as it is unused now. - send_file() uses "GMT" instead of "%Z" in date formatting - send_file() uses gmtime_r() instead of localtime()
  • Sep 16, 2009
    issue 44 (Mongoose for WIndows CE) commented on by valenok   -   Yeah, makes sense. I'll look into that.
    Yeah, makes sense. I'll look into that.
  • Sep 15, 2009
    issue 44 (Mongoose for WIndows CE) commented on by gilbert.wellisch   -   Would you be willing to change the calls to localtime() to localtime_r()? This would simplify coding it for CE in a thread safe way. Also, localtime() may not be thread safe on some environments.
    Would you be willing to change the calls to localtime() to localtime_r()? This would simplify coding it for CE in a thread safe way. Also, localtime() may not be thread safe on some environments.
  • Sep 12, 2009
    EmbeddingMongoose (Covers embedding strategies, with examples) Wiki page commented on by Mhasaninejad   -   Hi, I am new to mongoose. Can I run python cgi script with mongoose. Currently I am using c to write my CGI script for mongoose. I just want to know if python is native to mongoose or I need an interpreter. I have installed mongoose on a trafic controller which has only 4 MB Disk space. Thanks, M.H Thanks a lot
    Hi, I am new to mongoose. Can I run python cgi script with mongoose. Currently I am using c to write my CGI script for mongoose. I just want to know if python is native to mongoose or I need an interpreter. I have installed mongoose on a trafic controller which has only 4 MB Disk space. Thanks, M.H Thanks a lot
  • Sep 10, 2009
    r477 (#included stdint & inttypes for UNIX. using c99 PRId64 for I...) committed by valenok   -   #included stdint & inttypes for UNIX. using c99 PRId64 for INT64_FMT. squashed warning in send_cgi.
    #included stdint & inttypes for UNIX. using c99 PRId64 for INT64_FMT. squashed warning in send_cgi.
  • Sep 07, 2009
    issue 89 (Correct mime-types for XML and XSLT [patch]) Status changed by valenok   -   Committed http://code.google.com/p/mongoose/source/detail?r=476 Thanks.
    Status: Fixed
    Committed http://code.google.com/p/mongoose/source/detail?r=476 Thanks.
    Status: Fixed
  • Sep 07, 2009
    r476 (Added mime types for .xml and .xslt, Issue/89) committed by valenok   -   Added mime types for .xml and .xslt, Issue/89
    Added mime types for .xml and .xslt, Issue/89
  • Sep 07, 2009
    issue 89 (Correct mime-types for XML and XSLT [patch]) reported by m...@packi.ch   -   XML and XSLT are currently served as "text/plain". --- mongoose/mongoose.c 2009-09-07 12:51:14 UTC (rev 8741) +++ mongoose/mongoose.c 2009-09-07 13:51:18 UTC (rev 8742) @@ -1855,6 +1855,8 @@ {".shtm", 5, "text/html", 9}, {".shtml", 6, "text/html", 9}, {".css", 4, "text/css", 8}, + {".xml", 4, "text/xml", 8}, + {".xslt", 5, "application/xml", 15}, {".js", 3, "application/x-javascript", 24}, {".ico", 4, "image/x-icon", 12}, {".gif", 4, "image/gif", 9},
    XML and XSLT are currently served as "text/plain". --- mongoose/mongoose.c 2009-09-07 12:51:14 UTC (rev 8741) +++ mongoose/mongoose.c 2009-09-07 13:51:18 UTC (rev 8742) @@ -1855,6 +1855,8 @@ {".shtm", 5, "text/html", 9}, {".shtml", 6, "text/html", 9}, {".css", 4, "text/css", 8}, + {".xml", 4, "text/xml", 8}, + {".xslt", 5, "application/xml", 15}, {".js", 3, "application/x-javascript", 24}, {".ico", 4, "image/x-icon", 12}, {".gif", 4, "image/gif", 9},
 
Hosted by Google Code