Commit Graph

62 Commits

Author SHA1 Message Date
Glenn Strauss 9fdf24468d [doc] src/t/README 2020-07-08 19:54:29 -04:00
Glenn Strauss 17e0b6fe30 [tests] use buffer_eq_slen() for str comparison
(substitute buffer_eq_slen() for buffer_is_equal_string())
2020-07-08 19:54:29 -04:00
Glenn Strauss c8a1cba0c1 [tests] t/test_mod_userdir
create t/test_mod_userdir to replace sparse tests in tests/mod-userdir.t
remove tests/mod-userdir.t
2020-07-08 19:54:29 -04:00
Glenn Strauss 8b7e110973 [tests] stub out config funcs in test_mod_* 2020-07-08 19:54:29 -04:00
Glenn Strauss 7c7f8c467c [multiple] split con, request (very large change)
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)

NB: request read and write chunkqueues currently point to connection
    chunkqueues; per-request and per-connection chunkqueues are
    not distinct from one another
      con->read_queue  == r->read_queue
      con->write_queue == r->write_queue

NB: in the future, a separate connection config may be needed for
    connection-level module hooks.  Similarly, might need to have
    per-request chunkqueues separate from per-connection chunkqueues.
    Should probably also have a request_reset() which is distinct from
2020-07-08 19:54:29 -04:00
Glenn Strauss 8131e4396d [core] move addtl request-specific struct members 2020-07-08 19:54:29 -04:00
Glenn Strauss 3648d2908e [core] t/test_request.c using (request_st *)
further isolate t/test_request.c tests to use (request_st *)
2020-07-08 19:54:29 -04:00
Glenn Strauss af5df35275 [core] rename content_length to reqbody_length
rename content_length to reqbody_length in request,
to more easily differentiate request body length
from response content_length
2020-07-08 19:54:29 -04:00
Glenn Strauss 8c46768d5b [core] remove unused request_st member 'request' 2020-07-08 19:54:29 -04:00
Glenn Strauss 6870b0f55b [core] pass (request_st *) to request.c funcs
instead of (struct connection *)
2020-07-08 19:54:29 -04:00
Glenn Strauss 6748a58cca [core] pass scheme port to http_request_parse()
con->proto_default_port is a property of the connection,
which influences the default port used in host normalization
2020-07-08 19:54:29 -04:00
Glenn Strauss 1dd58c5ad8 [multiple] con->proto_default_port 2020-07-08 19:54:28 -04:00
Glenn Strauss 68d8d4c532 [multiple] stat_cache singleton 2020-07-08 19:54:28 -04:00
Glenn Strauss c8cd7cf49b [multiple] extern log_epoch_secs
replace srv->cur_ts
2020-07-08 19:54:28 -04:00
Glenn Strauss 409bba80b1 [multiple] reduce direct use of srv->cur_ts 2020-07-08 19:54:28 -04:00
Glenn Strauss 50bdb55de8 [multiple] connection hooks no longer get (srv *)
(explicit (server *) not passed; available in con->srv)
2020-07-08 19:54:28 -04:00
Glenn Strauss 010c28949c [multiple] prefer (connection *) to (srv *)
convert all log_error_write() to log_error() and pass (log_error_st *)

use con->errh in preference to srv->errh (even though currently same)

avoid passing (server *) when previously used only for logging (errh)
2020-07-08 19:54:28 -04:00
Glenn Strauss 24680a9142 [core] array_init() arg for initial size 2020-07-08 18:08:52 -04:00
Glenn Strauss c193da3404 [core] split cond cache from cond matches 2020-07-08 18:08:52 -04:00
Glenn Strauss 63a6e52ce4 [core] store addtl data in pcre_keyvalue_buffer
reduce pointer chasing in keyvalue.c

mark keyvalue.h config routines as cold
2020-07-08 18:08:51 -04:00
Glenn Strauss d1fba24469 [mod_evhost] use config_plugin_values_init()
use array of buffers to increase performance
(reduce pointer chasing)
2020-07-08 18:08:51 -04:00
Glenn Strauss feb21b3da2 [core] inline header and env arrays into con 2020-05-23 17:59:29 -04:00
Glenn Strauss 601c572c39 [core] inline buffer as part of data_string value
(instead of value being (buffer *))
2020-02-24 11:15:32 -05:00
Glenn Strauss ad9b7e009b [core] inline buffer as part of DATA_UNSET key
(instead of key being (buffer *))
2020-02-24 11:15:32 -05:00
Glenn Strauss 5d13b40824 [core] (const buffer *) in (struct burl_parts_t) 2020-02-24 11:15:32 -05:00
Glenn Strauss ddb78f75ee [core] remove unused array_reset() 2020-02-24 11:15:32 -05:00
Glenn Strauss b2991c686d [core] perf: array.c performance enhancements
mark array_get_index() as hot, rewrite to be pure and return sorted pos

mark routines as pure, as appropriate

mark routines as cold if used only at startup for config processing

mark params const, as appropriate

array_get_buf_ptr() for modifiable value buffer after insert into array

uint32_t used and size members instead of size_t

remove a->unique_ndx member; simply add to end of array for value lists
remove du->is_index_key member; simply check buffer_is_empty(du->key)

array_insert_key_value() used to be a hint that lookup could be skipped,
but the state from array_get_index() is now saved and reused internally,
so the distinction is no longer needed.  Use array_set_key_value().
2020-02-24 11:15:32 -05:00
Glenn Strauss 36f3206a4c [core] pass ptr to http_request_parse() 2020-02-24 11:15:32 -05:00
Glenn Strauss 63e32e8100 [core] perf: HTTP header parsing using \n offsets 2020-02-24 11:15:32 -05:00
Glenn Strauss fa4ab19275 [core] reduce use of struct parse_header_state 2020-02-24 11:15:32 -05:00
Glenn Strauss c22ec74770 [core] do not pass srv to http header parsing func
srv is retrieved from con->srv in the few cases where needed
2020-02-24 11:14:45 -05:00
Glenn Strauss 9858051d03 [core] remove srv->split_vals 2020-02-24 11:14:45 -05:00
Glenn Strauss 9cdfb48466 [core] preserve %2b and %2B in query string (fixes #2999)
normalize %2b or %2B in query string to %2B (uppercase hex),
and not to '+'

(thx int-e)

  "url-normalize-required expands %2B in query strings"
2020-01-26 00:41:05 -05:00
Glenn Strauss 61f85d14ee [core] reject WS following header field-name (fixes #2985)
reject whitespace following request header field-name and before colon
Such whitespace is forbidden in RFC 7230 Section 3.2.4.

strict header parsing is enabled by default in lighttpd.  However,
if explicitly disabled in lighttpd.conf, lighttpd will continue to
accept (and re-format) such field-names before passing to any backend.
  UNSAFE: server.http-parseopts = ( "header-strict" => "disable" )
  This is NOT RECOMMENDED since doing so disables other protections
  provided by lighttpd strict http header parsing.

(thx fedormixalich)

  stricter request header parsing
2020-01-26 00:40:20 -05:00
Glenn Strauss cbad7517c8 [core] struct log_error_st for error logging 2019-04-20 02:10:28 -04:00
Glenn Strauss e757978497 [core] remove repeated slashes in http-parseopts
remove repeated slashes in server.http-parseopts
with url-path-dotseg-remove, including leading "//"

(prior to this patch, leading "//" was skipped)
2019-04-15 23:53:22 -04:00
Glenn Strauss 32120d5b8b [core] fix abort in http-parseopts (fixes #2945)
fix abort in server.http-parseopts with url-path-2f-decode enabled

(thx stze)

  "Security - SIGABRT during GET request handling with url-path-2f-decode enabled"
2019-04-10 11:36:28 -04:00
Glenn Strauss daa5f7c576 [mod_accesslog] attempt to reconstruct req line
cease http_request_parse_reqline() unconditionally copying request line,
as request line is currently used only by mod_accesslog 'r' format
2019-02-10 03:10:11 -05:00
Glenn Strauss 950832af67 [core] RFC7230 HTTP-version parse 2019-02-10 02:57:09 -05:00
Glenn Strauss e5d61e9a5f [core] http_request_parse() mark error paths cold 2019-02-09 14:30:00 -05:00
Glenn Strauss 25185d1de0 [core] pass req hdrs buffer to http_request_parse 2019-02-08 22:49:46 -05:00
Glenn Strauss d7ad5819e6 [core] copy request only if might need for logging
copy request header only if we may need to log it upon error
2019-02-08 22:49:46 -05:00
Glenn Strauss 142e54b2a8 [mod_evhost] handle IPv6 literal addr; add tests 2019-02-02 18:40:47 -05:00
Glenn Strauss f03e5e239d [tests] t/test_keyvalue
create t/test_keyvalue to replace sparse tests in
  tests/mod-redirect.t and tests/mod-rewrite.t
remove tests/mod-redirect.t and tests/mod-rewrite.t
2018-12-10 22:36:23 -05:00
Glenn Strauss c2a9692e78 [tests] include first.h and NDEBUG early 2018-12-03 23:03:04 -05:00
Glenn Strauss 5a32d0f72a [mod_access] t/test_mod_access
create t/test_mod_access to test mod_access basic logic
remove tests/mod-access.t
2018-12-03 23:03:04 -05:00
Glenn Strauss 8aad091613 [mod_evhost] t/test_mod_evhost
create t/test_mod_evhost to test mod_evhost basic logic
remove tests/mod-evhost.t
2018-12-03 23:03:04 -05:00
Glenn Strauss b2a6239851 [mod_simple_vhost] t/test_mod_simple_vhost
create t/test_mod_simple_vhost to test mod_simple_vhost basic logic
remove tests/mod-simplevhost.t, which was not testing mod_simple_vhost
2018-12-03 23:03:04 -05:00
Glenn Strauss 77c01f9817 [core] buffer_append_path_len()
concatenate paths, placing single '/' between strings

reverts broken commit:b9402283

(thx avij)
2018-11-28 02:12:41 -05:00
Glenn Strauss e8e59396d3 [core] reject decoded url-path without leading '/'
buffer_simplify_path() no longer prepends '/' if '/' is missing.
Callers must check for leading '/' depending on use, such as in
concatenation with others paths, or direct use accessing filesystem

Note: lighttpd 1.4.50 provides the server.http-parseopts directive.
Recommended settings unless specific use requires looser settings:
  server.http-parseopts = (
    "header-strict"            => "enable",
    "host-strict"              => "enable",
    "host-normalize"           => "enable",
    "url-normalize"            => "enable",
    "url-normalize-unreserved" => "enable",
    "url-normalize-required"   => "enable",
    "url-ctrls-reject"         => "enable",
    "url-path-2f-decode"       => "enable",
    "url-path-dotseg-remove"   => "enable",
    "url-query-20-plus"        => "enable"


As noted in the link above, mod_access should be preferred instead
of mod_rewrite for access controls to URLs.
2018-11-25 19:52:08 -05:00