specialized buffer_eq_icase_ssn func replace strncasecmp()
in cases where string lengths are not known to be at least
as large as the len being compared case-insensitively.
(Separate commit in case any future changes modify the
implementation to be unsafe for shorter strings, where
strncasecmp() would stop at '\0' in either string)
ldap_set_option LDAP_OPT_RESTART to handle EINTR on SIGCHLD from CGI
(ldap uses poll(), which is not restartable with sigaction SA_RESTART)
x-ref:
"mod_authn_ldap/mod_cgi race condition, "Can't contact LDAP server""
https://redmine.lighttpd.net/issues/2940
quickly clear buffer instead of buffer_string_set_length(b, 0) or
buffer_reset(b). Avoids free() of large buffers about to be reused,
or buffers that are module-scoped, persistent, and reused.
(buffer_reset() should still be used with buffers in connection *con
when the data in the buffers is supplied by external, untrusted source)
use ldap_set_rebind_proc() to provide auth when rebinding following
ldap referrals (instead of rebinding anonymously for ldap referrals)
x-ref:
"LDAP authentication vs. AD: problems with referrals"
https://redmine.lighttpd.net/issues/2846
More specific checks on contents of array lists. Each module using
lists now does better checking on the types of values in the list
(strings, integers, arrays/lists)
This helps prevent misconfiguration of things like cgi.assign,
fastcgi.server, and scgi.server, where source code might be
served as static files if parenthesis are misplaced.
x-ref:
https://redmine.lighttpd.net/boards/2/topics/6571
Glenn Strauss
Mohammed Sadiq