lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
2,653 Commits
8 Branches
85 Tags
72 MiB
master
personal/gstrauss/master
personal/stbuehler/ci-build
personal/stbuehler/fix-fdevent
personal/stbuehler/1.4.48-mod-proxy-fix
personal/stbuehler/cleanup-build
personal/stbuehler/mod-csrf
personal/stbuehler/mod-csrf-old
lighttpd-1.4.71
lighttpd-1.4.70
lighttpd-1.4.69
lighttpd-1.4.68
lighttpd-1.4.67
lighttpd-1.4.66
lighttpd-1.4.65
lighttpd-1.4.64
lighttpd-1.4.63
lighttpd-1.4.62
lighttpd-1.4.61
lighttpd-1.4.60
lighttpd-1.4.59
lighttpd-1.4.58
lighttpd-1.4.57
lighttpd-1.4.56
lighttpd-1.4.56-rc7
lighttpd-1.4.56-rc6
lighttpd-1.4.56-rc5
lighttpd-1.4.56-rc4
lighttpd-1.4.56-rc3
lighttpd-1.4.56-rc2
lighttpd-1.4.56-rc1
lighttpd-1.4.55
lighttpd-1.4.54
lighttpd-1.4.53
lighttpd-1.4.52
lighttpd-1.4.51
lighttpd-1.4.50
lighttpd-1.4.49
lighttpd-1.4.48
lighttpd-1.4.47
lighttpd-1.4.46
lighttpd-1.4.45
lighttpd-1.4.44
lighttpd-1.4.43
lighttpd-1.4.42
lighttpd-1.4.41
lighttpd-1.4.40
lighttpd-1.4.39
lighttpd-1.4.38
lighttpd-1.4.37
lighttpd-1.4.36
lighttpd-1.4.36--rc1
lighttpd-1.4.35
lighttpd-1.4.34
lighttpd-1.4.33
lighttpd-1.4.32
lighttpd-1.4.31
lighttpd-1.4.30
lighttpd-1.4.29
lighttpd-1.4.24
lighttpd-1.3.11
lighttpd-1.3.12
lighttpd-1.3.13
lighttpd-1.3.14
lighttpd-1.3.15
lighttpd-1.3.16
lighttpd-1.4.1
lighttpd-1.4.10
lighttpd-1.4.11
lighttpd-1.4.12
lighttpd-1.4.13
lighttpd-1.4.14
lighttpd-1.4.15
lighttpd-1.4.16
lighttpd-1.4.17
lighttpd-1.4.18
lighttpd-1.4.19
lighttpd-1.4.2
lighttpd-1.4.20
lighttpd-1.4.21
lighttpd-1.4.22
lighttpd-1.4.23
lighttpd-1.4.25
lighttpd-1.4.26
lighttpd-1.4.27
lighttpd-1.4.28
lighttpd-1.4.3
lighttpd-1.4.4
lighttpd-1.4.5
lighttpd-1.4.6
lighttpd-1.4.7
lighttpd-1.4.8
lighttpd-1.4.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8c7f1dfb03'
${ noResults }
Commit Graph

10 Commits (8c7f1dfb035e19f34249ba1c692ef6dda3b03a15)

Author SHA1 Message Date
Glenn Strauss 002a4c524d [core] array_get_int_ptr() 5 years ago
Glenn Strauss 66ff05db8f [tests] t/test_array.c 
(more tests should be added, but starting with something has benefits)
 5 years ago
Glenn Strauss 3dd3cde902 [core] abstraction layer for HTTP header manip 
http_header.[ch]
convert existing calls to manip request/response headers
convert existing calls to manip environment array (often header-related)
 5 years ago
Glenn Strauss ad27206608 [core] redo HTTP header line folding 
Replace separators between folded header lines in-place using spaces
and then process the single header line.

(Reverts change which replaces folding whitespace with single space)

Acknowledgement: Or Peles of VDOO  reference: VD-0871, VD-0872, VD-0873
(thx Or Peles)
 5 years ago
Stefan Bühler 3be0707839 [core] replace folding whitespace with a single space 
- previously the leading whitespace from folded lines was kept
- also ignore lines without any data
 5 years ago
Glenn Strauss d161f53de0 [core] security: use-after-free invalid Range req 
(thx Marcus Wengelin)
 5 years ago
Glenn Strauss 5868b8ca12 [core] add missing includes to quiet compiler warn 
add missing system includes to quiet compiler warnings on Mac OS X
 5 years ago
Glenn Strauss 2e385a1a53 [core] fix buffer_to_upper() 
fix buffer_to_upper() and case-insensitive filesystem detection
 5 years ago
Glenn Strauss 3eb7902e10 [core] server.http-parseopts URL normalization opt (fixes #1720) 
server.http-parseopts = ( ... ) URL normalization options

Note: *not applied* to CONNECT method

Note: In a future release, URL normalization likely enabled by default
  (normalize URL, reject control chars, remove . and .. path segments)
  To prepare for this change, lighttpd.conf configurations should
  explicitly select desired behavior by enabling or disabling:
    server.http-parseopts = ( "url-normalize" => "enable", ... )
    server.http-parseopts = ( "url-normalize" => "disable" )

x-ref:
  "lighttpd ... compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data."
  https://www.cvedetails.com/cve/CVE-2008-4359/
  "Rewrite/redirect rules and URL encoding"
  https://redmine.lighttpd.net/issues/1720
 5 years ago
Glenn Strauss 6ccccaaa38 [tests] move src/test_*.c to src/t/ 5 years ago