<tt class="literal"><span class="pre">WEBS_SSL_SUPPORT</span></tt> enabled, there was a return path that leaked
memory.</dd>
<dt>Fix:</dt>
<dd>Added call to <tt class="literal"><span class="pre">bfree(B_L,</span> <span class="pre">accessLimit);</span></tt></dd>
</dl>
</div>
<div class="section" id="ejscript-write-corruption">
<h2><a class="toc-backref" href="#id35" name="ejscript-write-corruption">Ejscript Write Corruption</a></h2>
<dl>
<dt>Summary:</dt>
<dd>Very long text strings passed to the Ejscript <tt class="literal"><span class="pre">write()</span></tt> function
were being corrupted before being displayed.</dd>
<dt>Fix:</dt>
<dd>Commented out a <tt class="literal"><span class="pre">trace()</span></tt> statement in <tt class="literal"><span class="pre">ejGetLexToken()</span></tt> that appears to have been the
culprit. The value of <tt class="literal"><span class="pre">ep-&gt;token</span></tt> was being corrupted somewhere
in the trace.</dd>
</dl>
</div>
<div class="section" id="error-in-dsnprintf-x-format">
<h2><a class="toc-backref" href="#id36" name="error-in-dsnprintf-x-format">Error in dsnprintf(): &quot;%X&quot; format</a></h2>
<dl>
<dt>Summary:</dt>
<dd>The &quot;%X&quot; format specifier did not correctly cause the function to output
uppercase hexadecimal digits.</dd>
<dt>Fix:</dt>
<dd>Added support for the &quot;%X&quot; format specifier.</dd>
</dl>
</div>
<div class="section" id="bug018565-re-fixed">
<h2><a class="toc-backref" href="#id37" name="bug018565-re-fixed">BUG018565 Re-fixed</a></h2>
<dl>
<dt>Summary:</dt>
<dd>See 2.1.1 release notes (below). This bug fix did not make it into the
2.1.1 release.</dd>
<dt>Fix:</dt>
<dd>Corrected code in <tt class="literal"><span class="pre">sockGen.c</span></tt>.</dd>
</dl>
</div>
<div class="section" id="potential-error-in-error">
<h2><a class="toc-backref" href="#id38" name="potential-error-in-error">Potential Error in <tt class="literal"><span class="pre">error()</span></tt></a></h2>
<dl>
<dt>Summary:</dt>
<dd>If <tt class="literal"><span class="pre">error()</span></tt> is called where the etype parameter is not E_LOG, E_ASSERT, 
or E_USER, the call to <tt class="literal"><span class="pre">bfreeSafe(B_L,</span> <span class="pre">buf)</span></tt> now at line 71 will fail, 
because 'buf' is randomly  initialized.</dd>
<dt>Fix:</dt>
<dd>We format a message saying that this is an unknown message type, 
and in doing so give buf a valid value.</dd>
</dl>
</div>
<div class="section" id="added-support-for-customized-access-control">
<h2><a class="toc-backref" href="#id39" name="added-support-for-customized-access-control">Added Support For Customized Access Control</a></h2>
<dl>
<dt>Summary:</dt>
<dd>Several users requested a method to control URL access in a hierarchical
fashion. For example, users assigned to an 'admin' group might have
access to all URLs on the WebServer, and users assigned to the group
'technician' would have access to a smaller set of pages, and users
assigned to the group 'users' would perhaps only have access to a set of
read-only pages. The built-in WebServer access control system only
allows users to access URLs that exactly match their group membership.</dd>
<dt>Fix:</dt>
<dd>Added call to a user-supplied function `` bool_t dmfCanAccess(const
char_t* userGroup, const char_t* group)``. This function is called
from inside <tt class="literal"><span class="pre">umUserCanAccessURL()</span></tt> if the macro
<tt class="literal"><span class="pre">qHierarchicalAccess</span></tt> is defined.</dd>
</dl>
</div>
<div class="section" id="memory-leak-in-websparserequest">
<h2><a class="toc-backref" href="#id40" name="memory-leak-in-websparserequest">Memory Leak in websParseRequest()</a></h2>
<dl>
<dt>Summary:</dt>
<dd>Memory was being leaked in the code now at line 907 of <tt class="literal"><span class="pre">webs.c</span></tt>.</dd>
<dt>Fix:</dt>
<dd>Added a call to <tt class="literal"><span class="pre">bfree()</span></tt>.</dd>
</dl>
</div>
</div>
<div class="section" id="macintosh-os-x-support">
<h1><a class="toc-backref" href="#id41" name="macintosh-os-x-support">Macintosh OS X Support</a></h1>
<p>A separate Mac OS X platform directory has been added, and this platform
has been tested on version 10.1.5 of the operating system.
To build the WebServer on OS X:</p>
<pre class="literal-block">
cd MACOSX
make
</pre>
<p>Note that like all *nix operating systems, only the root user has
permission to open a server port with a lower number than 1024. You must
run the WebServer as root to serve pages over port 80, or change the server
port (in <tt class="literal"><span class="pre">main.c</span></tt>) to a different port (typically port 8080).</p>
</div>
<div class="section" id="bug-fixes-for-version-2-1-1">
<h1><a class="toc-backref" href="#id42" name="bug-fixes-for-version-2-1-1">Bug Fixes for Version 2.1.1</a></h1>
<div class="section" id="intermittent-access-error-for-cgi-scripts-bug01937">
<h2><a class="toc-backref" href="#id43" name="intermittent-access-error-for-cgi-scripts-bug01937">Intermittent Access Error for CGI Scripts (BUG01937)</a></h2>
<dl>
<dt>Summary:</dt>
<dd>Pages were occasionally replaced with the message, <tt class="literal"><span class="pre">Access</span> <span class="pre">Error:</span> <span class="pre">Data</span> 
<span class="pre">follows</span> <span class="pre">when</span> <span class="pre">trying</span> <span class="pre">to</span> <span class="pre">obtain</span> <span class="pre">CGI</span> <span class="pre">generated</span> <span class="pre">no</span> <span class="pre">output</span></tt>.</dd>
<dt>Fix:</dt>
<dd>On multiple CPU systems, it is possible for a CGI application to exit before 
its output is flushed to disk. The change for this release locates the code 
that collects the output from the CGI application in a separate routine. 
In addition to calling that routine from within the CGI application processing 
loop, it is also called in a brief loop after the CGI application has exited. 
This extra loop runs for only up to one second while the collected output 
remains empty. If, after 1 second, the output remains empty, the original 
course of action is followed (<tt class="literal"><span class="pre">Access</span> <span class="pre">Error</span></tt> is reported).</dd>
</dl>
</div>
<div class="section" id="cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865">
<h2><a class="toc-backref" href="#id44" name="cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865">CPU Utilization Hangs at 100% on a Socket Disconnect (BUG01865)</a></h2>
<dl>
<dt>Summary:</dt>
<dd>This error occurs whenever a user terminates a request before the server 
has had ample time to service it. This can be simulated by quickly hitting 
the refresh button on the browser twice in a row, causing the first request 
to be terminated. The server then enters into a tight loop that utilizes 
all of its time.</dd>
<dt>Fix:</dt>
<dd>Always close the socket prior to a disconnect.</dd>
</dl>
</div>
<div class="section" id="security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518">
<h2><a class="toc-backref" href="#id45" name="security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518">Security Features can be Bypassed by Adding an Extra Slash in the URL (BUG01518)</a></h2>
<dl>
<dt>Summary:</dt>
<dd>By adding an extra slash in a URL, password prompting is bypassed, allowing 
unrestricted access to secured pages.</dd>
<dt>Fix:</dt>
<dd>Remove multiple adjacent occurrences of slashes in the URL before passing 
it to the security handler.</dd>
</dl>
</div>
<div class="section" id="call-to-webssetvar-causes-a-crash-bug01938">
<h2><a class="toc-backref" href="#id46" name="call-to-webssetvar-causes-a-crash-bug01938">Call to <tt class="literal"><span class="pre">websSetVar</span></tt> causes a crash (BUG01938)</a></h2>
<dl>
<dt>Summary:</dt>
<dd>Whenever a request is not completed while being processed by websGetInput(), 
a call to websDone is made, followed by an attempt to process the partial 
request data.</dd>
<dt>Fix:</dt>
<dd>Return immediately after closing the socket.</dd>
</dl>
</div>
<div class="section" id="remove-stray-semicolon-in-emfdb-c-bug01820">
<h2><a class="toc-backref" href="#id47" name="remove-stray-semicolon-in-emfdb-c-bug01820">Remove stray semicolon in <tt class="literal"><span class="pre">emfdb.c</span></tt> (BUG01820)</a></h2>
<dl>
<dt>Summary and Fix:</dt>
<dd>A stray semicolon was removed from this file.</dd>
</dl>
</div>
</div>
<div class="section" id="novell-netware-support">
<h1><a class="toc-backref" href="#id48" name="novell-netware-support">Novell Netware Support</a></h1>
<p>With the addition of Novell Netware in this 2.11 release, WebServer now supports these platforms:</p>
<blockquote>
<ul class="simple">
<li>LINUX</li>
<li>LynxOS</li>
<li>Novell Netware &lt;/font&gt;4.2, 5.1</li>
<li>Mac OS X</li>
<li>UNIX - SCO OpenServer 3.2V5.0.0</li>
<li>VxWorks 5.3.1</li>
<li>Windows 2000</li>
<li>Windows 98</li>
<li>Windows 95</li>
<li>Windows NT</li>
<li>Windows CE</li>
</ul>
</blockquote>
<p>To make a Novell Netware target file (<tt class="literal"><span class="pre">webs.nlm</span></tt>):</p>
<pre class="literal-block">
cd NW
wmake webs.nlm
load &lt;path&gt;; \webs.nlm
webs
</pre>
<p><strong>Note:</strong> This makefile lacks a valid default rule. In addition, an
environment variable (QMKVER) controls the amount of debug information
that is compiled and linked into the nlm file. If this variable is set
to <tt class="literal"><span class="pre">P</span></tt>, it produces a production version. All other settings
(or the omission of the variable) results in a debug version.  For other
platforms supported by WebServer, please refer to your WebServer 2.1
documentation for appropriate instructions.</p>
</div>
<div class="section" id="copyright-information">
<h1><a class="toc-backref" href="#id49" name="copyright-information">Copyright Information</a></h1>
<dl>
<dt>Trademarks</dt>
<dd>GoAhead and GoAhead WebServer are registered trademarks of GoAhead
Software.  All other brand or product names are the trademarks or
registered trademarks of their respective holders.</dd>
<dt>Copyright </dt>
<dd>Copyright 漏 2000, 2001 GoAhead Software, Inc. All rights reserved.
Product and technical information in this document is subject to
change without notice and does not represent a commitment on the part
of GoAhead Software, Inc.</dd>
<dt>Copy Restrictions </dt>
<dd>The software described in this document may be used and copied only
in accordance with the terms of the accompanying license agreement.</dd>
<dt>GoAhead Software, Inc.</dt>
<dd>10900 NE 8th Street Suite 750 Bellevue, WA 98004 +1 ( 425) 453-1900
www.goahead.com <a class="reference" href="mailto:info&#64;goahead.com">info&#64;goahead.com</a></dd>
</dl>
<p>1-53-03</p>
</div>
</div>
</body>
</html>