See doc/config/lighttpd.conf for explanation of listen() backlog queue
Additionally, mod_fastcgi and mod_scgi backend servers can now also be
configured with separate listen-backlog settings per server
x-ref:
"add server.listen-backlog option instead of hard-coded value (128 * 8) for listen()"
https://redmine.lighttpd.net/issues/2116
"Don't disable backend when overloaded"
https://redmine.lighttpd.net/issues/1825
github:
Closes #50
For backwards compatibility with existing lighttpd configs, default is
mimetype.xattr-name = "Content-Type"
Those who wish to use the freedesktop.org definition of xattr mimetype
can set the following in the global lighttpd config:
mimetype.xattr-name = "user.mime_type"
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3131 152afb58-edef-0310-8abb-c4023f1b3aa9
Warn at startup if any dirs in server.upload-dirs do not exist.
Take server.chroot into account, if set.
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3125 152afb58-edef-0310-8abb-c4023f1b3aa9
- refactor insert into array_find_or_insert; if the element already
exists the caller must resolve the conflict manually:
- array_replace frees the old element
- array_insert_unique calls "insert_dup"
both have no return value anymore
- fix usages of array_replace; they now don't need to delete the old
entry anymore; usage in configparser was probably broken, as it
possibly deleted the old element before calling array_replace
This should fix a lot of the issues reported in "Fortify Open Review
Project - lighttpd 1.4.39" (usually hitting the array limit):
when the array size limit was hit "new" entries leaked instead of
getting added.
On 32-bit INT_MAX entries cannot actually be reached (each entry
requires at least 48 bytes, leading to a total of 96GB memory).
On 64-bit INT_MAX entries would require 224GB memory, so it would be
theoretically possible. But it would need 2^27 reallocations of two
C-arrays of up to 16GB size.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3098 152afb58-edef-0310-8abb-c4023f1b3aa9
instead of looping over all config blocks for each conditional var that
gets enabled, enable them all and run over them once.
Right now it seems we actually set all variables at once in normal
config handling (SNI only sets a subset); future modifications
might introduce new variables which are activated at a later stage
(physical path related for example).
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3083 152afb58-edef-0310-8abb-c4023f1b3aa9
- stream_open()-ing an empty file shouldn't return an error (and didn't on my
system)
- don't try to handle empty file as non-error in config_parse_file;
this fixes the read of an potentially unitialized variable
- stream_open()-ing an empty file doesn't try to map the file anymore
and should not result in any errors; return an empty stream instead.
- stream_open(): make sure the returned stream is always initialized
correctly, and can always be used with stream_close(), whether opening
was successful or not
- stream_close(): also reset the size member
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3003 152afb58-edef-0310-8abb-c4023f1b3aa9
- a lot of code tried to handle manually adding terminating zeroes and
keeping track of the correct "used" count.
Replaced all "external" usages with simple wrapper functions:
* buffer_string_is_empty (used <= 1), buffer_is_empty (used == 0);
prefer buffer_string_is_empty
* buffer_string_set_length
* buffer_string_length
* CONST_BUF_LEN() macro
- removed "static" buffer hacks (buffers pointing to constant/stack
memory instead of malloc()ed data)
- buffer_append_strftime(): refactor buffer+strftime uses
- li_tohex(): no need for a buffer for binary-to-hex conversion:
the output data length is easy to predict
- remove "-Winline" from extra warnings: the "inline" keyword just
supresses the warning about unused but defined (static) functions;
don't care whether it actually gets inlined or not.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2979 152afb58-edef-0310-8abb-c4023f1b3aa9
* removed almost all usages of buffer as "memory" (without terminating
zero)
* refactored cgi variable name encoding
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2977 152afb58-edef-0310-8abb-c4023f1b3aa9
* remove unused structs and functions
(buffer_array, read_buffer)
* change return type from int to void for many functions,
as the return value (indicating error/success) was never checked,
and the function would only fail on programming errors and not on
invalid input; changed functions to use force_assert instead of
returning an error.
* all "len" parameters now are the real size of the memory to be read.
the length of strings is given always without the terminating 0.
* the "buffer" struct still counts the terminating 0 in ->used,
provide buffer_string_length() to get the length of a string in a
buffer.
unset config "strings" have used == 0, which is used in some places
to distinguish unset values from "" (empty string) values.
* most buffer usages should now use it as string container.
* optimise some buffer copying by "moving" data to other buffers
* use (u)intmax_t for generic int-to-string functions
* remove unused enum values: UNUSED_CHUNK, ENCODING_UNSET
* converted BUFFER_APPEND_SLASH to inline function (no macro feature
needed)
* refactor: create chunkqueue_steal: moving (partial) chunks into another
queue
* http_chunk: added separate function to terminate chunked body instead of
magic handling in http_chunk_append_mem().
http_chunk_append_* now handle empty chunks, and never terminate the
chunked body.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2975 152afb58-edef-0310-8abb-c4023f1b3aa9
None of this matters - lighttpd will terminate anyway. Still helps the
code to get cleaner, and makes reviewing output of static analyzers
easier.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2947 152afb58-edef-0310-8abb-c4023f1b3aa9
These should all be non critical:
* memory leaks on startup in error cases (which lead to
immediate shutdowns anyway)
* http_auth/ldap: passing uninitialized "ret" to ldap_err2string
* sizeof(T) not matching the target pointer in malloc/calloc calls;
those cases were either:
* T being the wrong pointer type - shouldn't matter as long as all
pointers have same size
* T being larger than the type needed
* mod_accesslog: direct use after free in cleanup (server shutdown);
could crash before "clean" shutdown
* some false positives (mod_compress, mod_expire)
* assert(srv->config_context->used > 0); - this is always the case,
as there is always a global config block
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2920 152afb58-edef-0310-8abb-c4023f1b3aa9
pull all ssl.ca-file values into all SSL_CTXs, but use only the local
ssl.ca-file for verify-client; correct SNI name is no requirement,
so enforcing verification for a subset of SNI names doesn't actually
protect those.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
if ssl.empty-fragments is set to enabled, but the openssl version used
to compile lighttpd doesn't support empty fragments, a warning is
displayed (it might still work).
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2891 152afb58-edef-0310-8abb-c4023f1b3aa9
con->conf.is_ssl got removed and replaced by:
* con->conf.ssl_enabled for the config var "ssl.engine" - it is only
used to determine which server-sockets should use ssl. (usually not
needed as it is mandatory and enough to set ssl.pemfile anyway)
* con->srv_socket->is_ssl to detect the actual ssl status of the
bound socket, which is the same as the ssl status of the connection
* con->uri.scheme for the actual $HTTP["scheme"] value, also used for
the CGI "HTTPS=ON" variable. This defaults to "https" if the
connection uses ssl, but can be changed for example by mod_extforward
if X-Forwarded-Proto: is set to either "http" or "https" (other values
are ignored right now)
Also removed the broken srv_socket->is_proxy_ssl as it was a connection
value in a server_socket struct...
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2887 152afb58-edef-0310-8abb-c4023f1b3aa9
The proper way to declare a function taking no parameters isn't:
foo bar();
But this instead:
foo bar(void);
Signed-off-by: Cyril Brulebois <kibi@debian.org>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2843 152afb58-edef-0310-8abb-c4023f1b3aa9
* This patch may "break" some configs, if they do stupid things. Like setting
ssl.pemfile to a not existing file in a "non-socket/non-ssl" block.
Fix them! :)
From: Peter Colberg <peter@colberg.org>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2648 152afb58-edef-0310-8abb-c4023f1b3aa9
* The breakage-log simply replaces stderr (the old stderr is moved away if needed for errorlog),
and stderr isn't closed after forking.
It defaults to stderr if started with -n (no daemonize), otherwise it defaults to /dev/null.
It is _not_ reopened in log_error_cycle, as there may be many long running childs which have it
still open anyway. Use a pipe-logger with cycle-support if you need it.
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2550 152afb58-edef-0310-8abb-c4023f1b3aa9
Glenn Strauss
Jan Kneschke
Stefan Bühler
Gaurav