lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2188 Commits
8 Branches
78 Tags
45 MiB
Tree: 93fc82c4ac
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '93fc82c4ac'
${ noResults }
lighttpd1.4/src/connections-glue.c

615 lines
19 KiB
Raw Normal View History Unescape

consistent inclusion of config.h at top of files (fixes #2073) From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3113 152afb58-edef-0310-8abb-c4023f1b3aa9
6 years ago
#include "first.h"
moved external functions to *-glue.c this simplifies the linkage on windows and macosx which can't reference the binary for symbols git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@49 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago
#include "base.h"
Fix some problems with more strict compilers (#1923) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2408 152afb58-edef-0310-8abb-c4023f1b3aa9
13 years ago
#include "connections.h"
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
#include "joblist.h"
#include "log.h"
minor: add missing #include <errno.h> (needed by connections-glue.c when not building with openssl)
6 years ago
#include <errno.h>
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
#ifdef USE_OPENSSL
# include <openssl/ssl.h>
# include <openssl/err.h>
#endif
moved external functions to *-glue.c this simplifies the linkage on windows and macosx which can't reference the binary for symbols git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@49 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago
const char *connection_get_state(connection_state_t state) {
switch (state) {
case CON_STATE_CONNECT: return "connect";
case CON_STATE_READ: return "read";
case CON_STATE_READ_POST: return "readpost";
case CON_STATE_WRITE: return "write";
case CON_STATE_CLOSE: return "close";
case CON_STATE_ERROR: return "error";
case CON_STATE_HANDLE_REQUEST: return "handle-req";
case CON_STATE_REQUEST_START: return "req-start";
case CON_STATE_REQUEST_END: return "req-end";
case CON_STATE_RESPONSE_START: return "resp-start";
case CON_STATE_RESPONSE_END: return "resp-end";
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago
default: return "(unknown)";
moved external functions to *-glue.c this simplifies the linkage on windows and macosx which can't reference the binary for symbols git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@49 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago
}
}
const char *connection_get_short_state(connection_state_t state) {
switch (state) {
case CON_STATE_CONNECT: return ".";
case CON_STATE_READ: return "r";
case CON_STATE_READ_POST: return "R";
case CON_STATE_WRITE: return "W";
case CON_STATE_CLOSE: return "C";
case CON_STATE_ERROR: return "E";
case CON_STATE_HANDLE_REQUEST: return "h";
case CON_STATE_REQUEST_START: return "q";
case CON_STATE_REQUEST_END: return "Q";
case CON_STATE_RESPONSE_START: return "s";
case CON_STATE_RESPONSE_END: return "S";
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago
default: return "x";
moved external functions to *-glue.c this simplifies the linkage on windows and macosx which can't reference the binary for symbols git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@49 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago
}
}
int connection_set_state(server *srv, connection *con, connection_state_t state) {
UNUSED(srv);
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago
moved external functions to *-glue.c this simplifies the linkage on windows and macosx which can't reference the binary for symbols git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@49 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago
con->state = state;
- white space cleanup part 2 this time 1.4 ;) i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
16 years ago
moved external functions to *-glue.c this simplifies the linkage on windows and macosx which can't reference the binary for symbols git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@49 152afb58-edef-0310-8abb-c4023f1b3aa9
17 years ago
return 0;
}
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
#if 0
static void dump_packet(const unsigned char *data, size_t len) {
size_t i, j;
if (len == 0) return;
for (i = 0; i < len; i++) {
if (i % 16 == 0) fprintf(stderr, " ");
fprintf(stderr, "%02x ", data[i]);
if ((i + 1) % 16 == 0) {
fprintf(stderr, " ");
for (j = 0; j <= i % 16; j++) {
unsigned char c;
if (i-15+j >= len) break;
c = data[i-15+j];
fprintf(stderr, "%c", c > 32 && c < 128 ? c : '.');
}
fprintf(stderr, "\n");
}
}
if (len % 16 != 0) {
for (j = i % 16; j < 16; j++) {
fprintf(stderr, " ");
}
fprintf(stderr, " ");
for (j = i & ~0xf; j < len; j++) {
unsigned char c;
c = data[j];
fprintf(stderr, "%c", c > 32 && c < 128 ? c : '.');
}
fprintf(stderr, "\n");
}
}
#endif
static int connection_handle_read_ssl(server *srv, connection *con) {
#ifdef USE_OPENSSL
[TLS] read all available records from SSL_read() read all available records from SSL_read(), even if larger than MAX_READ_LIMIT, since the data is already in memory. openssl is configured with SSL_MODE_RELEASE_BUFFERS and will release openssl buffers once records have been read. Without reading available data, there was a chance that the connection would hang waiting for a read event on the fd, even though all the data had already been read from kernel socket buffers and was in openssl memory waiting to be read with SSL_read(). (thx glen and avij)
6 years ago
int r, ssl_err, len;
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
char *mem = NULL;
size_t mem_len = 0;
if (!con->srv_socket->is_ssl) return -1;
ERR_clear_error();
do {
chunkqueue_get_memory(con->read_queue, &mem, &mem_len, 0, SSL_pending(con->ssl));
#if 0
/* overwrite everything with 0 */
memset(mem, 0, mem_len);
#endif
len = SSL_read(con->ssl, mem, mem_len);
[TLS] read all available records from SSL_read() read all available records from SSL_read(), even if larger than MAX_READ_LIMIT, since the data is already in memory. openssl is configured with SSL_MODE_RELEASE_BUFFERS and will release openssl buffers once records have been read. Without reading available data, there was a chance that the connection would hang waiting for a read event on the fd, even though all the data had already been read from kernel socket buffers and was in openssl memory waiting to be read with SSL_read(). (thx glen and avij)
6 years ago
if (len > 0) {
chunkqueue_use_memory(con->read_queue, len);
con->bytes_read += len;
} else {
chunkqueue_use_memory(con->read_queue, 0);
}
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client, killing connection");
connection_set_state(srv, con, CON_STATE_ERROR);
return -1;
}
[TLS] ssl.read-ahead = "disable" for low mem (fixes #2778) new directive ssl.read-ahead = "enable"/"disable" to control SSL_CTX_set_read_ahead(). Default "enable". The "disable" setting is intended for use on low memory systems with a slow CPU which is unable to keep up with decryption of large request bodies. x-ref: "larger memory usage for file uploads via SSL on embedded system" https://redmine.lighttpd.net/issues/2778
5 years ago
} while (len > 0 && (con->conf.ssl_read_ahead || SSL_pending(con->ssl) > 0));
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
if (len < 0) {
int oerrno = errno;
switch ((r = SSL_get_error(con->ssl, len))) {
case SSL_ERROR_WANT_WRITE:
[TLS] better handling of SSL_ERROR_WANT_READ/WRITE better handling of SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE
6 years ago
con->is_writable = -1;
case SSL_ERROR_WANT_READ:
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
con->is_readable = 0;
/* the manual says we have to call SSL_read with the same arguments next time.
* we ignore this restriction; no one has complained about it in 1.5 yet, so it probably works anyway.
*/
return 0;
case SSL_ERROR_SYSCALL:
/**
* man SSL_get_error()
*
* SSL_ERROR_SYSCALL
* Some I/O error occurred. The OpenSSL error queue may contain more
* information on the error. If the error queue is empty (i.e.
* ERR_get_error() returns 0), ret can be used to find out more about
* the error: If ret == 0, an EOF was observed that violates the
* protocol. If ret == -1, the underlying BIO reported an I/O error
* (for socket I/O on Unix systems, consult errno for details).
*
*/
while((ssl_err = ERR_get_error())) {
/* get all errors from the error-queue */
log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
r, ERR_error_string(ssl_err, NULL));
}
switch(oerrno) {
default:
log_error_write(srv, __FILE__, __LINE__, "sddds", "SSL:",
len, r, oerrno,
strerror(oerrno));
break;
}
break;
case SSL_ERROR_ZERO_RETURN:
/* clean shutdown on the remote side */
if (r == 0) {
/* FIXME: later */
}
/* fall thourgh */
default:
while((ssl_err = ERR_get_error())) {
switch (ERR_GET_REASON(ssl_err)) {
case SSL_R_SSL_HANDSHAKE_FAILURE:
[core] compile with upcoming openssl 1.1.0 release (fixes #2727) (thx falemagn) x-ref: "Won't compile with OpenSSL 1.1.0" https://redmine.lighttpd.net/issues/2727
6 years ago
#ifdef SSL_R_TLSV1_ALERT_UNKNOWN_CA
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
case SSL_R_TLSV1_ALERT_UNKNOWN_CA:
[core] compile with upcoming openssl 1.1.0 release (fixes #2727) (thx falemagn) x-ref: "Won't compile with OpenSSL 1.1.0" https://redmine.lighttpd.net/issues/2727
6 years ago
#endif
#ifdef SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN:
[core] compile with upcoming openssl 1.1.0 release (fixes #2727) (thx falemagn) x-ref: "Won't compile with OpenSSL 1.1.0" https://redmine.lighttpd.net/issues/2727
6 years ago
#endif
#ifdef SSL_R_SSLV3_ALERT_BAD_CERTIFICATE
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE:
[core] compile with upcoming openssl 1.1.0 release (fixes #2727) (thx falemagn) x-ref: "Won't compile with OpenSSL 1.1.0" https://redmine.lighttpd.net/issues/2727
6 years ago
#endif
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
if (!con->conf.log_ssl_noise) continue;
break;
default:
break;
}
/* get all errors from the error-queue */
log_error_write(srv, __FILE__, __LINE__, "sds", "SSL:",
r, ERR_error_string(ssl_err, NULL));
}
break;
}
connection_set_state(srv, con, CON_STATE_ERROR);
return -1;
[TLS] ssl.read-ahead = "disable" for low mem (fixes #2778) new directive ssl.read-ahead = "enable"/"disable" to control SSL_CTX_set_read_ahead(). Default "enable". The "disable" setting is intended for use on low memory systems with a slow CPU which is unable to keep up with decryption of large request bodies. x-ref: "larger memory usage for file uploads via SSL on embedded system" https://redmine.lighttpd.net/issues/2778
5 years ago
} else if (len == 0) {
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
con->is_readable = 0;
/* the other end close the connection -> KEEP-ALIVE */
return -2;
[TLS] ssl.read-ahead = "disable" for low mem (fixes #2778) new directive ssl.read-ahead = "enable"/"disable" to control SSL_CTX_set_read_ahead(). Default "enable". The "disable" setting is intended for use on low memory systems with a slow CPU which is unable to keep up with decryption of large request bodies. x-ref: "larger memory usage for file uploads via SSL on embedded system" https://redmine.lighttpd.net/issues/2778
5 years ago
} else {
return 0;
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
}
#else
UNUSED(srv);
UNUSED(con);
return -1;
#endif
}
/* 0: everything ok, -1: error, -2: con closed */
int connection_handle_read(server *srv, connection *con) {
int len;
char *mem = NULL;
size_t mem_len = 0;
int toread;
if (con->srv_socket->is_ssl) {
return connection_handle_read_ssl(srv, con);
}
/* default size for chunks is 4kb; only use bigger chunks if FIONREAD tells
* us more than 4kb is available
* if FIONREAD doesn't signal a big chunk we fill the previous buffer
* if it has >= 1kb free
*/
#if defined(__WIN32)
chunkqueue_get_memory(con->read_queue, &mem, &mem_len, 0, 4096);
len = recv(con->fd, mem, mem_len, 0);
#else /* __WIN32 */
fix some warnings reported by cppcheck fix some warnings reported by cppcheck and change mod_skeleton.c to use buffer_string_length()
6 years ago
if (ioctl(con->fd, FIONREAD, &toread) || toread <= 4*1024) {
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
toread = 4096;
}
else if (toread > MAX_READ_LIMIT) {
toread = MAX_READ_LIMIT;
}
chunkqueue_get_memory(con->read_queue, &mem, &mem_len, 0, toread);
len = read(con->fd, mem, mem_len);
#endif /* __WIN32 */
chunkqueue_use_memory(con->read_queue, len > 0 ? len : 0);
if (len < 0) {
con->is_readable = 0;
#if defined(__WIN32)
{
int lastError = WSAGetLastError();
switch (lastError) {
case EAGAIN:
return 0;
case EINTR:
/* we have been interrupted before we could read */
con->is_readable = 1;
return 0;
case ECONNRESET:
/* suppress logging for this error, expected for keep-alive */
break;
default:
log_error_write(srv, __FILE__, __LINE__, "sd", "connection closed - recv failed: ", lastError);
break;
}
}
#else /* __WIN32 */
switch (errno) {
case EAGAIN:
return 0;
case EINTR:
/* we have been interrupted before we could read */
con->is_readable = 1;
return 0;
case ECONNRESET:
/* suppress logging for this error, expected for keep-alive */
break;
default:
log_error_write(srv, __FILE__, __LINE__, "ssd", "connection closed - read failed: ", strerror(errno), errno);
break;
}
#endif /* __WIN32 */
connection_set_state(srv, con, CON_STATE_ERROR);
return -1;
} else if (len == 0) {
con->is_readable = 0;
/* the other end close the connection -> KEEP-ALIVE */
/* pipelining */
return -2;
} else if (len != (ssize_t) mem_len) {
/* we got less then expected, wait for the next fd-event */
con->is_readable = 0;
}
con->bytes_read += len;
#if 0
dump_packet(b->ptr, len);
#endif
return 0;
}
[core] support Transfer-Encoding: chunked req body (fixes #2156) support Transfer-Encoding: chunked request body in conjunction with server.stream-request-body = 0 dynamic handlers will still return 411 Length Required if server.stream-request-body = 1 or 2 (!= 0) since CGI-like env requires CONTENT_LENGTH be set (and mod_proxy currently sends HTTP/1.0 requests to backends, and Content-Length recommended for robust interaction with backend) x-ref: "request: support Chunked Transfer Coding for HTTP PUT" https://redmine.lighttpd.net/issues/2156
6 years ago
static int connection_handle_read_post_cq_compact(chunkqueue *cq) {
/* combine first mem chunk with next non-empty mem chunk
* (loop if next chunk is empty) */
chunk *c;
while (NULL != (c = cq->first) && NULL != c->next) {
buffer *mem = c->next->mem;
off_t offset = c->next->offset;
size_t blen = buffer_string_length(mem) - (size_t)offset;
force_assert(c->type == MEM_CHUNK);
force_assert(c->next->type == MEM_CHUNK);
buffer_append_string_len(c->mem, mem->ptr+offset, blen);
c->next->offset = c->offset;
c->next->mem = c->mem;
c->mem = mem;
c->offset = offset + (off_t)blen;
chunkqueue_remove_finished_chunks(cq);
if (0 != blen) return 1;
}
return 0;
}
static int connection_handle_read_post_chunked_crlf(chunkqueue *cq) {
/* caller might check chunkqueue_length(cq) >= 2 before calling here
* to limit return value to either 1 for good or -1 for error */
chunk *c;
buffer *b;
char *p;
size_t len;
/* caller must have called chunkqueue_remove_finished_chunks(cq), so if
* chunkqueue is not empty, it contains chunk with at least one char */
if (chunkqueue_is_empty(cq)) return 0;
c = cq->first;
b = c->mem;
p = b->ptr+c->offset;
if (p[0] != '\r') return -1; /* error */
if (p[1] == '\n') return 1;
len = buffer_string_length(b) - (size_t)c->offset;
if (1 != len) return -1; /* error */
while (NULL != (c = c->next)) {
b = c->mem;
len = buffer_string_length(b) - (size_t)c->offset;
if (0 == len) continue;
p = b->ptr+c->offset;
return (p[0] == '\n') ? 1 : -1; /* error if not '\n' */
}
return 0;
}
handler_t connection_handle_read_post_error(server *srv, connection *con, int http_status) {
UNUSED(srv);
con->keep_alive = 0;
/*(do not change status if response headers already set and possibly sent)*/
if (0 != con->bytes_header) return HANDLER_ERROR;
con->http_status = http_status;
con->mode = DIRECT;
chunkqueue_reset(con->write_queue);
return HANDLER_FINISHED;
}
static handler_t connection_handle_read_post_chunked(server *srv, connection *con, chunkqueue *cq, chunkqueue *dst_cq) {
/* con->conf.max_request_size is in kBytes */
const off_t max_request_size = (off_t)con->conf.max_request_size << 10;
off_t te_chunked = con->request.te_chunked;
do {
off_t len = cq->bytes_in - cq->bytes_out;
while (0 == te_chunked) {
char *p;
chunk *c = cq->first;
force_assert(c->type == MEM_CHUNK);
p = strchr(c->mem->ptr+c->offset, '\n');
if (NULL != p) { /* found HTTP chunked header line */
off_t hsz = p + 1 - (c->mem->ptr+c->offset);
unsigned char *s = (unsigned char *)c->mem->ptr+c->offset;
for (unsigned char u;(u=(unsigned char)hex2int(*s))!=0xFF;++s) {
if (te_chunked > (~((off_t)-1) >> 4)) {
log_error_write(srv, __FILE__, __LINE__, "s",
"chunked data size too large -> 400");
/* 400 Bad Request */
return connection_handle_read_post_error(srv, con, 400);
}
te_chunked <<= 4;
te_chunked |= u;
}
while (*s == ' ' || *s == '\t') ++s;
if (*s != '\r' && *s != ';') {
log_error_write(srv, __FILE__, __LINE__, "s",
"chunked header invalid chars -> 400");
/* 400 Bad Request */
return connection_handle_read_post_error(srv, con, 400);
}
if (hsz >= 1024) {
/* prevent theoretical integer overflow
* casting to (size_t) and adding 2 (for "\r\n") */
log_error_write(srv, __FILE__, __LINE__, "s",
"chunked header line too long -> 400");
/* 400 Bad Request */
return connection_handle_read_post_error(srv, con, 400);
}
if (0 == te_chunked) {
/* do not consume final chunked header until
* (optional) trailers received along with
* request-ending blank line "\r\n" */
if (p[0] == '\r' && p[1] == '\n') {
/*(common case with no trailers; final \r\n received)*/
hsz += 2;
}
else {
/* trailers or final CRLF crosses into next cq chunk */
hsz -= 2;
do {
c = cq->first;
p = strstr(c->mem->ptr+c->offset+hsz, "\r\n\r\n");
} while (NULL == p
&& connection_handle_read_post_cq_compact(cq));
if (NULL == p) {
/*(effectively doubles max request field size
* potentially received by backend, if in the future
* these trailers are added to request headers)*/
if ((off_t)buffer_string_length(c->mem) - c->offset
< srv->srvconf.max_request_field_size) {
break;
}
else {
/* ignore excessively long trailers;
* disable keep-alive on connection */
con->keep_alive = 0;
}
}
hsz = p + 4 - (c->mem->ptr+c->offset);
/* trailers currently ignored, but could be processed
* here if 0 == con->conf.stream_request_body, taking
* care to reject any fields forbidden in trailers,
* making trailers available to CGI and other backends*/
}
chunkqueue_mark_written(cq, (size_t)hsz);
con->request.content_length = dst_cq->bytes_in;
break; /* done reading HTTP chunked request body */
}
/* consume HTTP chunked header */
chunkqueue_mark_written(cq, (size_t)hsz);
len = cq->bytes_in - cq->bytes_out;
if (0 !=max_request_size
&& (max_request_size < te_chunked
|| max_request_size - te_chunked < dst_cq->bytes_in)) {
log_error_write(srv, __FILE__, __LINE__, "sos",
"request-size too long:",
dst_cq->bytes_in + te_chunked, "-> 413");
/* 413 Payload Too Large */
return connection_handle_read_post_error(srv, con, 413);
}
te_chunked += 2; /*(for trailing "\r\n" after chunked data)*/
break; /* read HTTP chunked header */
}
/*(likely better ways to handle chunked header crossing chunkqueue
* chunks, but this situation is not expected to occur frequently)*/
if ((off_t)buffer_string_length(c->mem) - c->offset >= 1024) {
log_error_write(srv, __FILE__, __LINE__, "s",
"chunked header line too long -> 400");
/* 400 Bad Request */
return connection_handle_read_post_error(srv, con, 400);
}
else if (!connection_handle_read_post_cq_compact(cq)) {
break;
}
}
if (0 == te_chunked) break;
if (te_chunked > 2) {
if (len > te_chunked-2) len = te_chunked-2;
if (dst_cq->bytes_in + te_chunked <= 64*1024) {
/* avoid buffering request bodies <= 64k on disk */
chunkqueue_steal(dst_cq, cq, len);
}
else if (0 != chunkqueue_steal_with_tempfiles(srv,dst_cq,cq,len)) {
/* 500 Internal Server Error */
return connection_handle_read_post_error(srv, con, 500);
}
te_chunked -= len;
len = cq->bytes_in - cq->bytes_out;
}
if (len < te_chunked) break;
if (2 == te_chunked) {
if (-1 == connection_handle_read_post_chunked_crlf(cq)) {
log_error_write(srv, __FILE__, __LINE__, "s",
"chunked data missing end CRLF -> 400");
/* 400 Bad Request */
return connection_handle_read_post_error(srv, con, 400);
}
chunkqueue_mark_written(cq, 2);/*consume \r\n at end of chunk data*/
te_chunked -= 2;
}
} while (!chunkqueue_is_empty(cq));
con->request.te_chunked = te_chunked;
return HANDLER_GO_ON;
}
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
handler_t connection_handle_read_post_state(server *srv, connection *con) {
chunkqueue *cq = con->read_queue;
chunkqueue *dst_cq = con->request_content_queue;
int is_closed = 0;
if (con->is_readable) {
con->read_idle_ts = srv->cur_ts;
switch(connection_handle_read(srv, con)) {
case -1:
return HANDLER_ERROR;
case -2:
is_closed = 1;
break;
default:
break;
}
}
chunkqueue_remove_finished_chunks(cq);
[core] support Transfer-Encoding: chunked req body (fixes #2156) support Transfer-Encoding: chunked request body in conjunction with server.stream-request-body = 0 dynamic handlers will still return 411 Length Required if server.stream-request-body = 1 or 2 (!= 0) since CGI-like env requires CONTENT_LENGTH be set (and mod_proxy currently sends HTTP/1.0 requests to backends, and Content-Length recommended for robust interaction with backend) x-ref: "request: support Chunked Transfer Coding for HTTP PUT" https://redmine.lighttpd.net/issues/2156
6 years ago
if (-1 == con->request.content_length) { /*(Transfer-Encoding: chunked)*/
handler_t rc = connection_handle_read_post_chunked(srv, con, cq, dst_cq);
if (HANDLER_GO_ON != rc) return rc;
}
else if (con->request.content_length <= 64*1024) {
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
/* don't buffer request bodies <= 64k on disk */
chunkqueue_steal(dst_cq, cq, (off_t)con->request.content_length - dst_cq->bytes_in);
}
else if (0 != chunkqueue_steal_with_tempfiles(srv, dst_cq, cq, (off_t)con->request.content_length - dst_cq->bytes_in)) {
/* writing to temp file failed */
[core] support Transfer-Encoding: chunked req body (fixes #2156) support Transfer-Encoding: chunked request body in conjunction with server.stream-request-body = 0 dynamic handlers will still return 411 Length Required if server.stream-request-body = 1 or 2 (!= 0) since CGI-like env requires CONTENT_LENGTH be set (and mod_proxy currently sends HTTP/1.0 requests to backends, and Content-Length recommended for robust interaction with backend) x-ref: "request: support Chunked Transfer Coding for HTTP PUT" https://redmine.lighttpd.net/issues/2156
6 years ago
return connection_handle_read_post_error(srv, con, 500); /* Internal Server Error */
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
}
chunkqueue_remove_finished_chunks(cq);
if (dst_cq->bytes_in == (off_t)con->request.content_length) {
/* Content is ready */
[config] config options to stream request/response (#949, #376) This allows admin to configure if response is collected in entirety prior to sending data to client For compatibility with existing configs, default is existing behavior: buffer entire response prior to sending data to client The following are config options, though not all implemented yet // default: buffer entire request body before connecting to backend server.stream-request-body = 0 // stream request body to backend; buffer to temp files server.stream-request-body = 1 // stream request body to backend; minimal buffering might block upload server.stream-request-body = 2 // default: buffer entire response body before sending to client server.stream-request-body = 0 // stream response body to client; buffer to temp files server.stream-request-body = 1 // stream response body to client; minimal buffering might block backend server.stream-request-body = 2 x-ref: "fastcgi, cgi, flush, php5 problem." https://redmine.lighttpd.net/issues/949 "Reimplement upload (POST) handling to match apache/zeus/thttpd/boa functionality" https://redmine.lighttpd.net/issues/376
6 years ago
con->conf.stream_request_body &= ~FDEVENT_STREAM_REQUEST_POLLIN;
[core] option to stream request body to backend (fixes #376) Set server.stream-request-body = 1 or server.stream-request-body = 2 to have lighttpd connect to backend (CGI, FastCGI, SCGI, proxy) immediately after parsing request headers, and to stream request body as it arrives. default: buffer entire request body before connecting to backend, in order to avoid tying up (limited) backend resources which are often implemented using libraries which wait for entire request body before proceeding. x-ref: "Reimplement upload (POST) handling to match apache/zeus/thttpd/boa functionality" https://redmine.lighttpd.net/issues/376
6 years ago
if (con->state == CON_STATE_READ_POST) {
connection_set_state(srv, con, CON_STATE_HANDLE_REQUEST);
}
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
return HANDLER_GO_ON;
} else if (is_closed) {
#if 0
[core] support Transfer-Encoding: chunked req body (fixes #2156) support Transfer-Encoding: chunked request body in conjunction with server.stream-request-body = 0 dynamic handlers will still return 411 Length Required if server.stream-request-body = 1 or 2 (!= 0) since CGI-like env requires CONTENT_LENGTH be set (and mod_proxy currently sends HTTP/1.0 requests to backends, and Content-Length recommended for robust interaction with backend) x-ref: "request: support Chunked Transfer Coding for HTTP PUT" https://redmine.lighttpd.net/issues/2156
6 years ago
return connection_handle_read_post_error(srv, con, 400); /* Bad Request */
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
#endif
return HANDLER_ERROR;
} else {
[config] config options to stream request/response (#949, #376) This allows admin to configure if response is collected in entirety prior to sending data to client For compatibility with existing configs, default is existing behavior: buffer entire response prior to sending data to client The following are config options, though not all implemented yet // default: buffer entire request body before connecting to backend server.stream-request-body = 0 // stream request body to backend; buffer to temp files server.stream-request-body = 1 // stream request body to backend; minimal buffering might block upload server.stream-request-body = 2 // default: buffer entire response body before sending to client server.stream-request-body = 0 // stream response body to client; buffer to temp files server.stream-request-body = 1 // stream response body to client; minimal buffering might block backend server.stream-request-body = 2 x-ref: "fastcgi, cgi, flush, php5 problem." https://redmine.lighttpd.net/issues/949 "Reimplement upload (POST) handling to match apache/zeus/thttpd/boa functionality" https://redmine.lighttpd.net/issues/376
6 years ago
con->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN;
[core] option to stream request body to backend (fixes #376) Set server.stream-request-body = 1 or server.stream-request-body = 2 to have lighttpd connect to backend (CGI, FastCGI, SCGI, proxy) immediately after parsing request headers, and to stream request body as it arrives. default: buffer entire request body before connecting to backend, in order to avoid tying up (limited) backend resources which are often implemented using libraries which wait for entire request body before proceeding. x-ref: "Reimplement upload (POST) handling to match apache/zeus/thttpd/boa functionality" https://redmine.lighttpd.net/issues/376
6 years ago
return (con->conf.stream_request_body & FDEVENT_STREAM_REQUEST)
? HANDLER_GO_ON
: HANDLER_WAIT_FOR_EVENT;
mv funcs from connections.c to connections-glue.c connection_handle_read() connection_handle_read_ssl() connection_handle_read_post_state() no code changes besides making connection_handle_read() public (by removing 'static' and adding to connections.h)
6 years ago
}
}
[mod_cgi] handle local redirect response (fixes #2108) RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response http://www.ietf.org/rfc/rfc3875 x-ref: "CGI local redirect not implemented correctly" https://redmine.lighttpd.net/issues/2108
6 years ago
void connection_response_reset(server *srv, connection *con) {
UNUSED(srv);
[core] combine duplicated connection reset code connection_reset() now calls connection_response_reset() instead of duplicating the code in both routines
6 years ago
con->mode = DIRECT;
[mod_cgi] handle local redirect response (fixes #2108) RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response http://www.ietf.org/rfc/rfc3875 x-ref: "CGI local redirect not implemented correctly" https://redmine.lighttpd.net/issues/2108
6 years ago
con->http_status = 0;
con->is_writable = 1;
con->file_finished = 0;
con->file_started = 0;
con->got_response = 0;
con->parsed_response = 0;
con->response.keep_alive = 0;
con->response.content_length = -1;
con->response.transfer_encoding = 0;
[core] combine duplicated connection reset code connection_reset() now calls connection_response_reset() instead of duplicating the code in both routines
6 years ago
if (con->physical.path) { /*(skip for mod_fastcgi authorizer)*/
buffer_reset(con->physical.doc_root);
buffer_reset(con->physical.path);
buffer_reset(con->physical.basedir);
buffer_reset(con->physical.rel_path);
buffer_reset(con->physical.etag);
}
[mod_cgi] handle local redirect response (fixes #2108) RFC3875 CGI 1.1 specification section 6.2.2 Local Redirect Response http://www.ietf.org/rfc/rfc3875 x-ref: "CGI local redirect not implemented correctly" https://redmine.lighttpd.net/issues/2108
6 years ago
array_reset(con->response.headers);
chunkqueue_reset(con->write_queue);
}