Allow dropping privs on platforms without setresuid()

Don't fork+execlp the script.  There's no need to do so since on exec
the new process will inherit our file descriptor table (and hence our
stdout), so copying from its stdout to ours is just a waste of time.
This allows to drop the ``proc'' pledge(2) promise and to (slightly)
improve performance.

.gitignore

@@ -0,0 +1,2 @@
+*.o
+vger

Makefile

@@ -1,6 +1,8 @@
+include config.mk
+
 PREFIX?=/usr/local/
 CFLAGS  += -pedantic -Wall -Wextra -Wmissing-prototypes \
-           -Wstrict-prototypes -Wwrite-strings
+           -Wstrict-prototypes -Wwrite-strings ${EXTRAFLAGS}
 
 .SUFFIXES: .c .o
 

README.md

@@ -1,12 +1,8 @@
 # A simplistic and secure Gemini server
 
-**Vger** is a gemini server supporting chroot, virtualhosts, CGI,
-default language choice, redirections and MIME types detection.
+**Vger** is a gemini server supporting chroot, virtualhosts, CGI, default language choice, redirections and MIME types detection.
 
-**Vger** design is relying on inetd and a daemon to take care of
-TLS.  The idea is to delegate TLS and network to daemons which
-proved doing it correctly, so vger takes its request from stdin and
-output the result to stdout.
+**Vger** design is relying on inetd and a daemon to take care of TLS.  The idea is to delegate TLS and network to daemons which proved doing it correctly, so vger takes its request from stdin and output the result to stdout.
 
 The average setup should look like:
 
@@ -19,15 +15,9 @@ The average setup should look like:
        vger on inetd
 ```
 
-**Vger** is perfectly secure if run on **OpenBSD**, using `unveil()`
-the filesystem access is restricted to one directory (default to
-`/var/gemini/`) and with `pledge()` only systems calls related to
-reading files and reading input/output are allowed. More explanations
-about Vger security can be found
-[on this link](https://dataswamp.org/~solene/2021-01-14-vger-security.html).
+**Vger** is perfectly secure if run on **OpenBSD**, using `unveil()` the filesystem access is restricted to one directory (default to `/var/gemini/`) and with `pledge()` only systems calls related to reading files and reading input/output are allowed. More explanations about Vger security can be found [on this link](https://dataswamp.org/~solene/2021-01-14-vger-security.html).
 
-For all supported OS, it's possible to run **Vger** in a chroot
-and drop privileges to a dedicated user.
+For all supported OS, it's possible to run **Vger** in a chroot and drop privileges to a dedicated user.
 
 
 # Install
@@ -35,18 +25,18 @@ and drop privileges to a dedicated user.
 ```
 git clone https://tildegit.org/solene/vger.git
 cd vger
+./configure (only really useful for Linux)
 make
 doas make install
 ```
 
-On GNU/Linux, make sure you installed `libbsd`.
+On GNU/Linux, make sure you installed `libbsd`, it has been reported that using clang was required too.
 
 # Running tests
 
 **Vger** comes with a test suite you can use with `make test`.
 
-Some files under `/var/gemini/` are required to test the code path
-without a `-d` parameter.
+Some files under `/var/gemini/` are required to test the code path without a `-d` parameter.
 
 
 # Command line parameters
@@ -64,8 +54,7 @@ without a `-d` parameter.
 
 # How to configure Vger using relayd and inetd
 
-Create directory `/var/gemini/` (I'd allow this to be configured
-later), files will be served from there.
+Create directory `/var/gemini/` (I'd allow this to be configured later), files will be served from there.
 
 Create an user `gemini_user`.
 
@@ -101,6 +90,4 @@ On OpenBSD, enable inetd and relayd and start them:
 
 Don't forget to open the TCP port 1965 in your firewall.
 
-Vger will serve files named `index.gmi` if no explicit filename is given.
-If this file doesn't exist and auto index is enabled, an index file
-with a link to every file in the directory will be served.
+Vger will serve files named `index.gmi` if no explicit filename is given. If this file doesn't exist and auto index is enabled, an index file with a link to every file in the directory will be served.

config.mk

@@ -0,0 +1 @@
+EXTRAFLAGS=

configure

@@ -0,0 +1,14 @@
+#!/bin/sh
+
+OS="$(uname -s)"
+
+case "$OS" in
+	Linux)
+		EXTRAFLAGS=-lbsd
+		;;
+	*)
+		EXTRAFLAGS=""
+		;;
+esac
+
+echo "EXTRAFLAGS=${EXTRAFLAGS}" > config.mk

main.c

@@ -2,6 +2,7 @@
 #include <sys/stat.h>
 #include <sys/wait.h>
 
+#include <ctype.h>
 #include <dirent.h>
 #include <err.h>
 #include <errno.h>
@@ -19,23 +20,85 @@
 #include "opts.h"
 #include "utils.h"
 
+/* length of "gemini://" */
 #define GEMINI_PART	 9
-#define GEMINI_REQUEST_MAX 1024 /* see https://gemini.circumlunar.space/docs/specification.html */
 
+/*
+ * number of bytes to read with fgets() : 2014 + 1.
+ * fgets() reads at most size-1 (1024 here).
+ * See https://gemini.circumlunar.space/docs/specification.html.
+ */
+#define GEMINI_REQUEST_MAX 1025
 
-
-void        autoindex(const char *);
-void        cgi(const char *cgicmd);
+void 		autoindex(const char *);
+void 		cgi      (const char *cgicmd);
 void 		display_file(const char *);
-void 		status(const int, const char *);
-void		status_redirect(const int, const char *);
 void 		drop_privileges(const char *, const char *);
+void 		echdir   (const char *);
+void 		status   (const int, const char *);
+void 		status_redirect(const int, const char *);
+void 		status_error(const int, const char *);
+int 		uridecode (char *);
+
+
+void
+echdir(const char *path)
+{
+	if (chdir(path) == -1) {
+		switch (errno) {
+		case ENOTDIR:	/* FALLTHROUGH */
+		case ENOENT:
+			status_error(51, "file not found");
+			break;
+		case EACCES:
+			status_error(50, "Forbidden path");
+			break;
+		default:
+			status_error(50, "Internal server error");
+			break;
+		}
+		errlog("failed to chdir(%s)", path);
+	}
+}
+
+int
+uridecode(char *uri)
+{
+	int 		n = 0;
+	char 		c = '\0';
+	long 		l = 0;
+	char           *pos = NULL;
+
+	if ((pos = strchr(uri, '%')) == NULL)
+	    return n;
+
+	while ((pos = strchr(pos, '%')) != NULL) {
+		if (strlen(pos) < 3)
+		    return n;
+
+		char 		hex[3] = {'\0'};
+		for (size_t i = 0; i < 2; i++)
+		    hex[i] = tolower(pos[i + 1]);
+
+		errno = 0;
+		l = strtol(hex, 0, 16);
+		if (errno == ERANGE && (l == LONG_MAX || l == LONG_MIN))
+		    continue;	/* conversion failed */
+
+		c = (char)l;
+		pos[0] = c;
+		/* rewind of two char to remove %hex */
+		memmove(pos + 1, pos + 3, strlen(pos + 3) + 1);	/* +1 for \0 */
+		n++;
+		pos++;		/* avoid infinite loop */
+	}
+	return n;
+}
 
 void
 drop_privileges(const char *user, const char *path)
 {
 	struct passwd  *pw;
-	int    chrooted = 0;
 
 	/*
 	 * use chroot() if an user is specified requires root user to be
@@ -44,68 +107,68 @@ drop_privileges(const char *user, const char *path)
 	if (strlen(user) > 0) {
 
 		/* is root? */
-		if (getuid() != 0) {
-			errlog("chroot requires program to be run as root");
-		}
+		if (getuid() != 0)
+		    errlog("chroot requires program to be run as root");
+
 		/* search user uid from name */
-		if ((pw = getpwnam(user)) == NULL) {
-			errlog("the user %s can't be found on the system", user);
-		}
+		if ((pw = getpwnam(user)) == NULL)
+		    errlog("the user %s can't be found on the system", user);
+
 		/* chroot worked? */
-		if (chroot(path) != 0) {
-			errlog("the chroot_dir %s can't be used for chroot", path);
-		}
+		if (chroot(path) != 0)
+		    errlog("the chroot_dir %s can't be used for chroot", path);
+
 		chrooted = 1;
-		if (chdir("/") == -1) {
-			errlog("failed to chdir(\"/\")");
-		}
+		echdir("/");
 		/* drop privileges */
+#if defined (__OpenBSD__) || defined(__FreeBSD__)
 		if (setgroups(1, &pw->pw_gid) ||
 		    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
 		    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
 			errlog("dropping privileges to user %s (uid=%i) failed",
 			       user, pw->pw_uid);
 		}
+#else
+		if (setgroups(1, &pw->pw_gid) ||
+		    setgid(pw->pw_gid) ||
+		    setuid(pw->pw_uid)) {
+			errlog("dropping privileges to user %s (uid=%i) failed",
+			       user, pw->pw_uid);
+		}
+#endif
 	}
 #ifdef __OpenBSD__
 	/*
 	 * prevent access to files other than the one in path
 	 */
-	if (chrooted) {
-		eunveil("/", "r");
-	} else {
-		eunveil(path, "r");
-	}
-	/* permission to execute what's inside cgipath */
-	if (strlen(cgibin) > 0) {
-		/* first, build the full path of cgi (not in chroot) */
-		char cgifullpath[PATH_MAX] = {'\0'};
-		estrlcpy(cgifullpath, path, sizeof(cgifullpath));
-		estrlcat(cgifullpath, cgibin, sizeof(cgifullpath));
+	if (chrooted)
+	    eunveil("/", "r");
+	else
+	    eunveil(path, "r");
 
-		eunveil(cgifullpath, "rx");
-	}
-	/* forbid more unveil */
-	eunveil(NULL, NULL);
+	/* permission to execute what's inside cgidir */
+	if (strlen(cgidir) > 0)
+	    eunveil(cgidir, "rx");
 
-	/*
-	 * prevent system calls other parsing queryfor fread file and
-	 * write to stdio
-	 */
-	if (strlen(cgibin) > 0) {
-		/* cgi need execlp() (exec) and fork() (proc) */
-		epledge("stdio rpath exec proc", NULL);
-	} else {
-		epledge("stdio rpath", NULL);
-	}
+	eunveil(NULL, NULL);	/* no more call to unveil() */
+
+	/* promise permissions */
+	if (strlen(cgidir) > 0)
+	    epledge("stdio rpath exec", NULL);
+	else
+	    epledge("stdio rpath", NULL);
 #endif
+	if (!chrooted)
+	    echdir(path);	/* move to the gemini data directory */
 }
 
 void
 status(const int code, const char *file_mime)
 {
-	printf("%i %s; %s\r\n",
-	       code, file_mime, lang);
+	if (strcmp(file_mime, "text/gemini") == 0)
+	    printf("%i %s; %s\r\n", code, file_mime, lang);
+	else
+	    printf("%i %s\r\n", code, file_mime);
 }
 
 void
@@ -116,138 +179,123 @@ status_redirect(const int code, const char *url)
 }
 
 void
-display_file(const char *uri)
+status_error(const int code, const char *reason)
 {
-	FILE		*fd = NULL;
-	struct stat	 sb = {0};
-	ssize_t		 nread = 0;
-	const char	*file_mime;
-	char		*buffer[BUFSIZ];
-	char		target[FILENAME_MAX] = {'\0'};
-	char		fp[PATH_MAX] = {'\0'};
-	char        tmp[PATH_MAX] = {'\0'}; /* used to build temporary path */
+	printf("%i %s\r\n",
+	       code, reason);
+}
 
-	/* build file path inside chroot */
-	estrlcpy(fp, chroot_dir, sizeof(fp));
-	estrlcat(fp, uri, sizeof(fp));
+void
+display_file(const char *fname)
+{
+	FILE           *fd = NULL;
+	struct stat 	sb = {0};
+	ssize_t 	nread = 0;
+	const char     *file_mime;
+	char           *buffer[BUFSIZ];
+	char 		target[FILENAME_MAX] = {'\0'};
+	char 		tmp[PATH_MAX] = {'\0'};	/* used to build
+						 * temporary path */
 
-	/* this is to check if path exists and obtain metadata later */
-	if (stat(fp, &sb) == -1) {
-
-		/* check if fp is a symbolic link
-		 * if so, redirect using its target */
-		if (lstat(fp, &sb) != -1 && S_ISLNK(sb.st_mode) == 1)
-		goto redirect;
-		else
-		goto err;
-	}
-
-	/* check if directory */
-	if (S_ISDIR(sb.st_mode) != 0) {
-		if (fp[strlen(fp) -1 ] != '/') {
-			/* no ending "/", redirect to "path/" */
-			estrlcpy(tmp, uri,  sizeof(tmp));
-			estrlcat(tmp, "/", sizeof(tmp));
-			status_redirect(31, tmp);
+	/*
+	 * special case : fname empty. The user requested just the directory
+	 * name
+	 */
+	if (strlen(fname) == 0) {
+		if (stat("index.gmi", &sb) == 0) {
+			/* there is index.gmi in the current directory */
+			display_file("index.gmi");
+			return;
+		} else if (doautoidx) {
+			/* no index.gmi, so display autoindex if enabled */
+			autoindex(".");
 			return;
-
 		} else {
-			/* there is a leading "/", display index.gmi */
-			estrlcpy(tmp, fp, sizeof(tmp));
-			estrlcat(tmp, "index.gmi", sizeof(tmp));
-
-			/* check if index.gmi exists or show autoindex */
-			if (stat(tmp, &sb) == 0) {
-				estrlcpy(fp, tmp, sizeof(fp));
-			} else if (doautoidx != 0) {
-				autoindex(fp);
-				return;
-			} else {
-				goto err;
-			}
+			goto err;
 		}
 	}
-
+	/* this is to check if path exists and obtain metadata later */
+	if (stat(fname, &sb) == -1) {
+		/*
+		 * check if fname is a symbolic link if so, redirect using
+		 * its target
+		 */
+		if (lstat(fname, &sb) != -1 && S_ISLNK(sb.st_mode) == 1)
+		    goto redirect;
+		else
+		    goto err;
+	}
+	/* check if directory */
+	if (S_ISDIR(sb.st_mode) != 0) {
+		/* no ending "/", redirect to "fname/" */
+		estrlcpy(tmp, fname, sizeof(tmp));
+		estrlcat(tmp, "/", sizeof(tmp));
+		status_redirect(31, tmp);
+		return;
+	}
 	/* open the file requested */
-	if ((fd = fopen(fp, "r")) == NULL) { goto err; }
+	if ((fd = fopen(fname, "r")) == NULL)
+	    goto err;
 
-	file_mime = get_file_mime(fp, default_mime);
+	file_mime = get_file_mime(fname, default_mime);
 
 	status(20, file_mime);
 
 	/* read the file byte after byte in buffer and write it to stdout */
 	while ((nread = fread(buffer, 1, sizeof(buffer), fd)) != 0)
 		fwrite(buffer, 1, nread, stdout);
-	goto closefd;
-	syslog(LOG_DAEMON, "path served %s", fp);
+	goto closefd;		/* close file descriptor */
+	syslog(LOG_INFO, "path served %s", fname);
 
 	return;
 
 err:
 	/* return an error code and no content */
-	status(51, "text/gemini");
-	syslog(LOG_DAEMON, "path invalid %s", fp);
+	status_error(51, "file not found");
+	syslog(LOG_INFO, "path invalid %s", fname);
 	goto closefd;
 
 redirect:
 	/* read symbolic link target to redirect */
-	if (readlink(fp, target, FILENAME_MAX) == -1) {
-		goto err;
-	}
+	if (readlink(fname, target, FILENAME_MAX) == -1)
+	    goto err;
 
 	status_redirect(30, target);
-	syslog(LOG_DAEMON, "redirection from %s to %s", fp, target);
+	syslog(LOG_INFO, "redirection from %s to %s", fname, target);
 
 closefd:
-	if (S_ISREG(sb.st_mode) != 0) {
-		fclose(fd);
-	}
+	if (S_ISREG(sb.st_mode) != 0)
+	    fclose(fd);
 }
 
 void
 autoindex(const char *path)
 {
-	int n = 0;
-	char *pos = NULL;
-	struct dirent **namelist; /* this must be freed at last */
+	/* display liks to files in path + a link to parent (..) */
 
+	int 		n = 0;
+	struct dirent **namelist;	/* this must be freed at last */
 
-	syslog(LOG_DAEMON, "autoindex: %s", path);
-
-	status(20, "text/gemini");
-
-	/* display link to parent */
-	char parent[PATH_MAX] = {'\0'};
-	/* parent is "path" without chroot_dir */
-	estrlcpy(parent, path+strlen(chroot_dir), sizeof(parent));
-	/* remove ending '/' */
-	while (parent[strlen(parent)-1] == '/') {
-		parent[strlen(parent)-1] = '\0';
-	}
-	/* remove last part after '/' */
-	pos = strrchr(parent, '/');
-	if (pos != NULL) {
-		pos[1] = '\0'; /* at worse, parent is now "/" */
-	}
-	printf("=> %s ../\n", parent);
+	syslog(LOG_INFO, "autoindex: %s", path);
 
 	/* use alphasort to always have the same order on every system */
 	if ((n = scandir(path, &namelist, NULL, alphasort)) < 0) {
-		status(51, "text/gemini");
+		status_error(50, "Internal server error");
 		errlog("Can't scan %s", path);
 	} else {
-		for(int j = 0; j < n; j++) {
+		status(20, "text/gemini");
+		printf("=> .. ../\n");	/* display link to parent */
+		for (int j = 0; j < n; j++) {
 			/* skip self and parent */
 			if ((strcmp(namelist[j]->d_name, ".") == 0) ||
 			    (strcmp(namelist[j]->d_name, "..") == 0)) {
 				continue;
 			}
 			/* add "/" at the end of a directory path */
-			if (namelist[j]->d_type == DT_DIR) {
-				printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name);
-			} else {
-				printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name);
-			}
+			if (namelist[j]->d_type == DT_DIR)
+			    printf("=> ./%s/ %s/\n", namelist[j]->d_name, namelist[j]->d_name);
+			else
+			    printf("=> ./%s %s\n", namelist[j]->d_name, namelist[j]->d_name);
 			free(namelist[j]);
 		}
 		free(namelist);
@@ -257,71 +305,38 @@ autoindex(const char *path)
 void
 cgi(const char *cgicmd)
 {
-
-	int pipedes[2] = {0};
-	pid_t pid;
-
-	/* get a pipe to get stdout */
-	if (pipe(pipedes) != 0) {
-		status(42, "text/gemini");
-		err(1, "pipe failed");
-	}
-
-	pid = fork();
-
-	if (pid < 0) {
-		close(pipedes[0]);
-		close(pipedes[1]);
-		status(42, "text/gemini");
-		err(1, "fork failed");
-	}
-
-	if (pid > 0) { /* parent */
-		char buf[3];
-		size_t nread = 0;
-		FILE *output = NULL;
-
-		close(pipedes[1]); /* make sure entry is closed so fread() gets EOF */
-
-		/* use fread/fwrite because are buffered */
-		output = fdopen(pipedes[0], "r");
-		if (output == NULL) {
-			status(42, "text/gemini");
-			err(1, "fdopen failed");
-		}
-
-		/* read pipe output */
-		while ((nread = fread(buf, 1, sizeof(buf), output)) != 0) {
-			fwrite(buf, 1, nread, stdout);
-		}
-		close(pipedes[0]);
-		fclose(output);
-
-		wait(NULL); /* wait for child to terminate */
-
-		exit(0);
-
-	} else if (pid == 0) { /* child */
-		dup2(pipedes[1], STDOUT_FILENO); /* set pipe output equal to stdout */
-		close(pipedes[1]); /* no need this file descriptor : it is now stdout */
-		execlp(cgicmd, cgicmd, NULL);
-		/* if execlp is ok, this will never be reached */
-		status(42, "text/gemini");
-		errlog("error when trying to execlp %s", cgicmd);
-	}
+	/* run cgicmd replacing current process */
+	execl(cgicmd, cgicmd, NULL);
+	/* if execl is ok, this will never be reached */
+	status(42, "Couldn't execute CGI script");
+	errlog("error when trying to execl %s", cgicmd);
+	exit(1);
 }
 
 int
 main(int argc, char **argv)
 {
 	char 		request  [GEMINI_REQUEST_MAX] = {'\0'};
-	char 		hostname [GEMINI_REQUEST_MAX] = {'\0'};
-	char 		uri      [PATH_MAX]           = {'\0'};
 	char 		user     [_SC_LOGIN_NAME_MAX] = "";
-	char        query[PATH_MAX]               = {'\0'};
-	int 		virtualhost = 0;
+	char 		hostname [GEMINI_REQUEST_MAX] = {'\0'};
+	char 		query    [PATH_MAX] = {'\0'};
+	char 		chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
+	char 		file     [FILENAME_MAX] = DEFAULT_INDEX;
+	char 		dir      [PATH_MAX] = {'\0'};
+	char           *pos = NULL;
 	int 		option = 0;
-	char        *pos = NULL;
+	int 		virtualhost = 0;
+	int 		docgi = 0;
+
+	/*
+	 * request : contain the whole request from client : gemini://...\r\n
+	 * user : username, used in drop_privileges()
+	 * hostname : extracted from hostname. used with virtualhosts and cgi SERVER_NAME
+	 * query : file requested in cgi : gemini://...?query
+	 * file : file basename to display. Emtpy is a directory has been requested
+	 * dir : directory requested. vger will chdir() in to find file
+	 * pos : used to parse request and split into interesting parts
+	 */
 
 	while ((option = getopt(argc, argv, ":d:l:m:u:c:vi")) != -1) {
 		switch (option) {
@@ -339,7 +354,8 @@ main(int argc, char **argv)
 			estrlcpy(user, optarg, sizeof(user));
 			break;
 		case 'c':
-			estrlcpy(cgibin, optarg, sizeof(cgibin));
+			estrlcpy(cgidir, optarg, sizeof(cgidir));
+			docgi = 1;
 			break;
 		case 'v':
 			virtualhost = 1;
@@ -349,21 +365,38 @@ main(int argc, char **argv)
 			break;
 		}
 	}
+	/*
+	 * set logging options and defaults
+	 */
+	openlog("vger", LOG_PID, LOG_DAEMON);
 
 	/*
-	 * do chroot if an user is supplied run pledge/unveil if OpenBSD
+	 * do chroot if an user is supplied
 	 */
 	drop_privileges(user, chroot_dir);
 
 	/*
 	 * read 1024 chars from stdin
 	 * to get the request
+	 * (actually 1024 + \0)
 	 */
 	if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
+		/* EOF reached before reading anything */
+		if (feof(stdin)) {
+			status(59, "request is too short and probably empty");
+			errlog("request is too short and probably empty");
+
+			/* error before reading anything */
+		} else if (ferror(stdin)) {
+			status(59, "Error while reading request");
+			errlog("Error while reading request: %s", request);
+		}
+	}
+	/* check if string ends with '\n', or to long */
+	if (request[strnlen(request, GEMINI_REQUEST_MAX) - 1] != '\n') {
 		status(59, "request is too long (1024 max)");
 		errlog("request is too long (1024 max): %s", request);
 	}
-
 	/* remove \r\n at the end of string */
 	pos = strchr(request, '\r');
 	if (pos != NULL)
@@ -378,95 +411,116 @@ main(int argc, char **argv)
 		errlog("request «%s» doesn't match gemini://",
 		       request);
 	}
-	syslog(LOG_DAEMON, "request %s", request);
+	syslog(LOG_INFO, "request %s", request);
 
 	/* remove the gemini:// part */
-	memmove(request, request + GEMINI_PART, strlen(request) +1 - GEMINI_PART);
+	memmove(request, request + GEMINI_PART, strlen(request) + 1 - GEMINI_PART);
 
 	/* remove all "/.." for safety reasons */
-    while ((pos = strstr(request, "/..")) != NULL ) {
-		memmove(request, pos+3, strlen(pos) +1 - 3); /* "/.." = 3 */
-	}
+	while ((pos = strstr(request, "/..")) != NULL)
+	    memmove(request, pos + 3, strlen(pos) + 1 - 3);	/* "/.." = 3 */
 
-	/*
-	 * look for the first / after the hostname
-	 * in order to split hostname and uri
-	 */
+	/* look for hostname in request : first thing before first / if any */
 	pos = strchr(request, '/');
-
 	if (pos != NULL) {
-		/* if there is a / found */
-		/* separate hostname and uri */
-		estrlcpy(uri, pos, strlen(pos)+1);
-		/* just keep hostname in request */
+		/* copy what's after hostname in dir */
+		estrlcpy(dir, pos, strlen(pos) + 1);
+		/* just keep hostname in request : stop the string with \0 */
 		pos[0] = '\0';
 	}
-	/* check if client added :port at end of request */
+	/* check if client added :port at end of hostname and remove it */
 	pos = strchr(request, ':');
 	if (pos != NULL) {
-	/* end string at :*/
-	pos[0] = '\0';
+		/* end string at : */
+		pos[0] = '\0';
 	}
 	/* copy hostname from request */
 	estrlcpy(hostname, request, sizeof(hostname));
 
-	/* look for "?" if any to set query for cgi, or remove it*/
-	pos = strchr(uri, '?');
-	if (pos != NULL) {
-		estrlcpy(query, pos+1, sizeof(query));
-		esetenv("QUERY_STRING", query, 1);
-		pos[0] = '\0';
+	/* remove leading '/' in dir */
+	while (dir[0] == '/')
+	    memmove(dir, dir + 1, strlen(dir + 1) + 1);
+
+	if (virtualhost) {
+		/* add hostname at the beginning of the dir path */
+		char 		tmp      [PATH_MAX] = {'\0'};
+		estrlcpy(tmp, hostname, sizeof(tmp));
+		estrlcat(tmp, "/", sizeof(tmp));
+		estrlcat(tmp, dir, sizeof(tmp));
+		estrlcpy(dir, tmp, sizeof(dir));
 	}
+	/* percent decode */
+	uridecode(dir);
 
 	/*
-	 * if virtualhost feature is actived looking under the chroot_path +
-	 * hostname directory gemini://foobar/hello will look for
-	 * chroot_path/foobar/hello
+	 * split dir and filename. file is last part after last '/'. if none
+	 * found, then requested file is actually a directory
 	 */
-	if (virtualhost) {
-		if (strlen(uri) == 0) {
-			estrlcpy(uri, "/index.gmi", sizeof(uri));
+	if (strlen(dir) > 0) {
+		pos = strrchr(dir, '/');
+		if (pos != NULL) {
+			estrlcpy(file, pos + 1, sizeof(file));	/* +1 : no leading '/' */
+			pos[0] = '\0';
+
+			/* change directory to requested directory */
+			if (strlen(dir) > 0)
+			    echdir(dir);
+		} else {
+			estrlcpy(file, dir, sizeof(file));
 		}
-		char tmp[PATH_MAX] = {'\0'};
-		estrlcpy(tmp, hostname, sizeof(tmp));
-		estrlcat(tmp, uri, sizeof(tmp));
-		estrlcpy(uri, tmp, sizeof(uri));
 	}
+	if (docgi) {
+		/* check if directory is cgidir */
+		char 		cgifp    [PATH_MAX] = {'\0'};
+		estrlcpy(cgifp, chroot_dir, sizeof(cgifp));
+		if (cgifp[strlen(cgifp) - 1] != '/')
+		    estrlcat(cgifp, "/", sizeof(cgifp));
 
-	/* check if uri is cgibin */
-	if ((strlen(cgibin) > 0) &&
-		(strncmp(uri, cgibin, strlen(cgibin)) == 0)) {
+		estrlcat(cgifp, dir, sizeof(cgifp));
+
+		/* not cgipath, display file content */
+		if (strcmp(cgifp, cgidir) != 0)
+			goto file_to_stdout;
 
-		/* cgipath with chroot_dir at the beginning */
-		char cgipath[PATH_MAX] = {'\0'};
-		estrlcpy(cgipath, chroot_dir, sizeof(cgipath));
-		estrlcat(cgipath, uri, sizeof(cgipath));
 		/* set env variables for CGI */
-		/* see https://lists.orbitalfox.eu/archives/gemini/2020/000315.html */
+		/*
+		 * see
+		 * https://lists.orbitalfox.eu/archives/gemini/2020/000315.htm
+		 * l
+		 */
 		esetenv("GATEWAY_INTERFACE", "CGI/1.1", 1);
 		esetenv("SERVER_PROTOCOL", "GEMINI", 1);
 		esetenv("SERVER_SOFTWARE", "vger/1", 1);
 
+		/* look for "?" if any to set query for cgi, remove it */
+		pos = strchr(file, '?');
+		if (pos != NULL) {
+			estrlcpy(query, pos + 1, sizeof(query));
+			esetenv("QUERY_STRING", query, 1);
+			pos[0] = '\0';
+		}
 		/* look for an extension to find PATH_INFO */
-		pos = strrchr(cgipath, '.');
+		pos = strrchr(file, '.');
 		if (pos != NULL) {
 			/* found a dot */
 			pos = strchr(pos, '/');
 			if (pos != NULL) {
 				setenv("PATH_INFO", pos, 1);
-				pos[0] = '\0'; /* keep only script name */
+				pos[0] = '\0';	/* keep only script name */
 			}
 		}
-		esetenv("SCRIPT_NAME", cgipath, 1);
+		esetenv("SCRIPT_NAME", file, 1);
 		esetenv("SERVER_NAME", hostname, 1);
 
-		cgi(cgipath);
-
-	} else {
-		//TODO: percent decoding here
-		/* open file and send it to stdout */
-		display_file(uri);
+		cgi(file);
+		return 0;
 	}
+file_to_stdout:
+	/* regular file  to stdout */
+	display_file(file);
+
+	/* end logging */
+	closelog();
 
 	return (0);
 }

mimes.c

@@ -5,6 +5,7 @@
 #include "mimes.h"
 #include "opts.h"
 
+/* extension to mimetype table */
 static const struct {
 	const char	*extension;
 	const char	*type;
@@ -124,6 +125,7 @@ get_file_mime(const char *path, const char *default_mime)
 	size_t	 i;
 	char	*extension;
 
+	/* search for extension after last '.' in path */
 	if ((extension = strrchr(path, '.')) == NULL)
 		goto out;
 

opts.h

@@ -1,13 +1,18 @@
 #include <limits.h> /* PATH_MAX */
 
+/* Defaults values */
 #define DEFAULT_MIME	 "application/octet-stream"
 #define DEFAULT_LANG	 ""
 #define DEFAULT_CHROOT	 "/var/gemini"
+#define DEFAULT_INDEX    "index.gmi"
 #define DEFAULT_AUTOIDX  0
 
- /* longest is 56 so 64 should be enough */
+/* 
+ * Options used later
+ */
+/* longest hardcoded mimetype is 56 long so 64 should be enough */
 static char            default_mime[64]     = DEFAULT_MIME;
-static char            chroot_dir[PATH_MAX] = DEFAULT_CHROOT;
 static char            lang[16]             = DEFAULT_LANG;
 static unsigned int    doautoidx            = DEFAULT_AUTOIDX;
-static char            cgibin[PATH_MAX]     = {'\0'};
+static char            cgidir[PATH_MAX]     = {'\0'};
+static int             chrooted             = 0;

shell.nix

@@ -0,0 +1,4 @@
+with (import <nixpkgs> {});
+mkShell {
+    buildInputs = [ gcc libbsd gnumake ];
+}

tests/test.sh

@@ -29,19 +29,23 @@ if ! [ $OUT = "fcc5a293f316e01f7b3103f97eca26b1" ] ; then echo "error" ; exit 1
 
 # redirect to uri with trailing / if directory
 OUT=$(printf "gemini://host.name/subdir\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
-if ! [ $OUT = "84e5e7bb3eee0dfcc8db14865dc83e77" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "b0e7e20db5ca7b80918025e7c15a8b02" ] ; then echo "error" ; exit 1 ; fi
+
+# redirect to uri with trailing / if directory and vhost enabled
+OUT=$(printf "gemini://perso.pw/cgi-bin\r\n" | ../vger -vd var/gemini | tee /dev/stderr | MD5)
+if ! [ $OUT = "827eef65a3cd71e2ce805bc1e05eac44" ] ; then echo "error" ; exit 1 ; fi
 
 # file from local directory with lang=fr and markdown MIME type
 OUT=$(printf "gemini://perso.pw/file.md\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5)
-if ! [ $OUT = "e663f17730d5ddc24010c14a238e1e78" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "09c82ffe243ce3b3cfb04c2bc4a91acb" ] ; then echo "error" ; exit 1 ; fi
 
 # file from local directory with lang=fr and unknown MIME type (default to application/octet-stream)
 OUT=$(printf "gemini://perso.pw/foobar.unknown\r\n" | ../vger -d var/gemini/ -l fr | tee /dev/stderr | MD5)
-if ! [ $OUT = "a23b0053d759863a45da4afbffd847d2" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "2c73bfb33dd2d12be322ebb85e03c015" ] ; then echo "error" ; exit 1 ; fi
 
 # file from local directory and unknown MIME type, default forced to text/plain
 OUT=$(printf "gemini://perso.pw/foobar.unknown\r\n" | ../vger -d var/gemini/ -m text/plain | tee /dev/stderr | MD5)
-if ! [ $OUT = "383a5a5ddb7bb30e3553ecb666378ebc" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "8169f43fbb2032f4054b153c38fe61d6" ] ; then echo "error" ; exit 1 ; fi
 
 # redirect file
 OUT=$(printf "gemini://perso.pw/old_location\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
@@ -69,32 +73,36 @@ if ! [ $OUT = "e354a1a29ea8273faaf0cdc29c1d8583" ] ; then echo "error" ; exit 1
 
 # auto index in directory without index.gmi must redirect
 OUT=$(printf "gemini://host.name/autoidx\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5)
-if ! [ $OUT = "874f5e1af67eff6b93bedf8ac8033066" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "5742b21d465e377074408045a71656dc" ] ; then echo "error" ; exit 1 ; fi
 
 # auto index in directory
 OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | MD5)
-if ! [ $OUT = "515bcb4ba5f8869360f53afe2841e044" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "2d4a82fea3f10ab3e123e9f9d5dd1fbc" ] ; then echo "error" ; exit 1 ; fi
 
 # cgi simple script
-OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5)
+OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
 if ! [ $OUT = "666e48200f90018b5e96c2cf974882dc" ] ; then echo "error" ; exit 1 ; fi
 
 # cgi with use of variables
-OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5)
+OUT=$(printf "gemini://host.name/cgi-bin/who.cgi?user=jean-mi\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
 if ! [ $OUT = "fa065a67d1f7c973501d4a9e3ca2ea57" ] ; then echo "error" ; exit 1 ; fi
 
 # cgi with error
-OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | MD5)
-if ! [ $OUT = "2c88347cfac44450035283a8508a29cb" ] ; then echo "error" ; exit 1 ; fi
-
-# remove ?.* if any
-OUT=$(printf "gemini://host.name/main.gmi?anything-here\r\n" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
-if ! [ $OUT = "c7e352d6aae4ee7e7604548f7874fb9d" ] ; then echo "error" ; exit 1 ; fi
+OUT=$(printf "gemini://host.name/cgi-bin/nope\r\n" | ../vger -d var/gemini/ -c var/gemini/cgi-bin | tee /dev/stderr | MD5)
+if ! [ $OUT = "74ba4b36dcebec9ce9dae33033f3378a" ] ; then echo "error" ; exit 1 ; fi
 
 # virtualhost + cgi
-OUT=$(printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | ../vger -v -d var/gemini/ -c perso.pw/cgi-bin | tee /dev/stderr | MD5)
+OUT=$(printf "gemini://perso.pw/cgi-bin/test.cgi\r\n" | ../vger -v -d var/gemini/ -c var/gemini/perso.pw/cgi-bin | tee /dev/stderr | MD5)
 if ! [ $OUT = "666e48200f90018b5e96c2cf974882dc" ] ; then echo "error" ; exit 1 ; fi
 
+# percent-decoding
+OUT=$(printf "%s\r\n" "gemini://host.name/percent%25-encode%3f.gmi" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
+if ! [ $OUT = "83d59cca9ed7040145ac6df1992f5daf" ] ; then echo "error" ; exit 1 ; fi
+
+# percent-decoding failing
+OUT=$(printf "%s\r\n" "gemini://host.name/percent%25-encode%3.gmi" | ../vger -d var/gemini/ | tee /dev/stderr | MD5)
+if ! [ $OUT = "c782da4173898f57033a0804b8e96fc3" ] ; then echo "error" ; exit 1 ; fi
+
 # must fail only on OpenBSD !
 # try to escape from unveil
 if [ -f /bsd ]

tests/var/gemini/percent%-encode?.gmi

@@ -0,0 +1,2 @@
+solene, here is a % for you
+and a λ of course :)

utils.c

@@ -3,18 +3,29 @@
 #include <stdarg.h>
 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h>
 #include <syslog.h>
 #include <unistd.h>
 
 #include "utils.h"
 
+#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined( __NetBSD__) || defined(__DragonFly__)
+#include <string.h>
+#else
+#include <bsd/string.h>
+#endif
+
+/* e*foo() functions are the equivalent of foo() but handle errors.
+ * In case an error happens:
+ * The error is printed to stdout
+ * return 1
+ */
+
 #ifdef __OpenBSD__
 void
 eunveil(const char *path, const char *permissions)
 {
 	if (unveil(path, permissions) == -1) {
-		syslog(LOG_DAEMON, "unveil on %s failed", path);
+		syslog(LOG_ERR, "unveil on %s failed", path);
 		err(1, "unveil on %s failed", path);
 	}
 }
@@ -23,7 +34,7 @@ void
 epledge(const char *promises, const char *execpromises)
 {
 	if (pledge(promises, execpromises) == -1) {
-		syslog(LOG_DAEMON, "pledge failed for: %s", promises);
+		syslog(LOG_ERR, "pledge failed for: %s", promises);
 		err(1, "pledge failed for: %s", promises);
 	}
 }
@@ -65,16 +76,19 @@ esetenv(const char *name, const char *value, int overwrite)
 	return ret;
 }
 
+/* send error in syslog, to stdout and die */
 void
 errlog(const char *format, ...)
 {
 	char e[1024] = {'\0'};
     va_list ap;
 
+    fflush(stdout); /* make sure older messages are printed */
+
     va_start(ap, format);
     vsnprintf(e, sizeof(e), format, ap);
     va_end(ap);
 
-	syslog(LOG_DAEMON, "%s", e);
+	syslog(LOG_ERR, "%s", e);
 	err(1, "%s", e);
 }

vger.8

@@ -44,17 +44,14 @@ will read the file /var/gemini/hostname.example/file.gmi
 .It Op Fl c
 Enable CGI support.
 .Ar cgi_path
-will be executed as a cgi script instead of returning its content.
-This path is relative to the directory set with
-.Fl d
-flag. If using virtualhost, you must insert the virtualhost directory in the cgi path.
+files will be executed as a cgi script instead of returning their content.
+.Ar cgi_path must not end with '/'.
+If using virtualhost, you must insert the virtualhost directory in the cgi path.
 As example, for a request gemini://hostname.example/cgi-bin/hello.cgi, one must set:
 .Bd -literal -offset indent
-vger -c /cgi-bin/hello.cgi
+vger -c /var/gemini/hostname.example/cgi-bin/hello.cgi
 .Ed
 .Pp
-Note you can define a directory instead of a single file.
-.Pp
 In this case,
 .Xr pledge 2
 promises and unveil permission are set to enable cgi execution.
@@ -75,7 +72,7 @@ On
 .Nm
 will use
 .Xr unveil 2
-on this path in read-only to prevent file access outside this directory.
+on this path to only allow read-only file access within this directory.
 .It Op Fl u Ar username
 Enable
 .Xr chroot 2