Commit Graph

3074 Commits (915b4ef3fcbca5642b342542b5a2021de8b9ec5b)

Author SHA1 Message Date
Glenn Strauss 915b4ef3fc [multiple] fix TLS config string parsing
flagged by coverity

(incomplete fix a few commits back)
2021-01-17 15:50:28 -05:00
Glenn Strauss 9d8d559e1f [mod_wolfssl] fix syntax errors 2021-01-17 15:06:24 -05:00
Glenn Strauss 755f895b79 [mod_wolfssl] wipe ssl_pemfile_pkey before free() 2021-01-17 14:52:12 -05:00
Glenn Strauss a16488269d [mod_gnutls] fix ssl.ca_dn_file data access
identified by coverity

If ssl.ca_dn_file is set, then its contents were not properly matched
against the provided client certificate
2021-01-17 14:45:10 -05:00
Glenn Strauss d5b166c04d [multiple] fix TLS config string parsing
flagged by coverity

final segment of colon (':') separated string was being ignored
in some TLS config strings in mod_gnutls and mod_mbedtls

workaround: add ':' at end of config string (or apply this patch)
2021-01-17 14:33:19 -05:00
Glenn Strauss 0e2a14921e [multiple] fix coverity warnings 2021-01-17 14:32:46 -05:00
Glenn Strauss 5b0aed8c32 [mod_deflate] compat with zstd < v1.4.0
ZSTD_compressStream2() was an "advanced API" (experimental; unstable)
in v1.3.x
2021-01-17 08:33:02 -05:00
Glenn Strauss f8792bfb5a [mod_deflate] use zstd typedefs (minor cleanup) 2021-01-17 08:32:38 -05:00
Glenn Strauss 62a874df32 [mod_alias] modify r->physical.path in place
(reduce string copying)

split out func mod_alias_remap() from handler func for unit testing
2021-01-16 22:33:47 -05:00
Glenn Strauss 43cc87dd67 [build] adjust crypto vars in src/CMakeLists.txt 2021-01-16 20:11:48 -05:00
Glenn Strauss 073f57e51a [core] avoid multiple definition of SHA512_CTX
avoid multiple definition of SHA512_CTX when using Nettle
2021-01-16 20:11:12 -05:00
Glenn Strauss f680e1b234 [build] adjust crypto vars in src/CMakeLists.txt
use different vars for different crypto libs
2021-01-16 17:14:11 -05:00
Glenn Strauss 2c875a649d [build] adjust mbedtls vars in src/CMakeLists.txt 2021-01-16 16:52:27 -05:00
Glenn Strauss 7ec08905b9 [build] fix typo in src/CMakeLists.txt 2021-01-16 16:27:47 -05:00
Glenn Strauss 4d5405f0a1 [mod_openssl] update LIBRESSL_VERSION_NUMBER check 2021-01-16 15:58:25 -05:00
Glenn Strauss fdf45433c8 [core] check ifdef WOLFSSL_SHA512 for SHA512 avail 2021-01-16 15:51:49 -05:00
Glenn Strauss db1ca2a60f [core] add decls in connections.h 2021-01-13 16:14:48 -05:00
Glenn Strauss f0074a7ded [mod_access] mark mod_access_check attribute pure 2021-01-13 16:10:16 -05:00
Glenn Strauss c0e73fd1d8 [mod_dirlisting] hide unused variable on MacOS
(quiet compiler warning)
2021-01-12 23:01:26 -05:00
Glenn Strauss 8ae6807654 [mod_deflate] use zstd streaming API 2021-01-12 22:39:28 -05:00
Glenn Strauss 9211fb3d86 [mod_deflate] support Accept-Encoding: zstd 2021-01-12 18:29:20 -05:00
Glenn Strauss ef28cce5e5 [mod_dirlisting] use fdopendir(), fstatat()
use fdopendir(), fstatat(), if available
2021-01-11 16:55:23 -05:00
Glenn Strauss 14f8f9b21c [mod_openssl] set Ciphersuites once API available
set Ciphersuites once API is available (SSL_CTX_set_ciphersuites())
in LibreSSL.

  "Add support for TLS 1.3"
2021-01-11 14:37:00 -05:00
Glenn Strauss cb24e1c70b [multiple] fix: honor CipherString for alt TLS lib
fix typo: honor user-defined CipherString for alternative TLS libraries
(LibreSSL, BoringSSL, wolfSSL)
2021-01-11 14:36:41 -05:00
Glenn Strauss 3adbb3e3fa [mod_openssl] update LIBRESSL_VERSION_NUMBER check 2021-01-11 12:40:41 -05:00
Glenn Strauss 8faa456fc8 [core] fix crash in error trace if backend is down (fixes #3052)
(thx hamelg)

  "segfault with mod_scgi on backend server with unix socket domain"
2021-01-08 17:43:52 -05:00
Glenn Strauss 65521537a8 [mod_dirlisting] quiet coverity false positive 2021-01-07 10:22:14 -05:00
Glenn Strauss 21f0dabef4 [multiple] replace buffer_is_equal_caseless_string
buffer_is_equal_caseless_string() -> buffer_eq_icase_slen()
2021-01-07 09:08:53 -05:00
Glenn Strauss 891007fb6a [multiple] use HTTP_HEADER_* enum before strcmp
When known, use HTTP_HEADER_* enum before string comparisons
2021-01-07 08:58:30 -05:00
Glenn Strauss b6892fb242 [mod_extforward] fix extforward.headers defaults (fixes #3051)
(thx glen)

Regression in lighttpd 1.4.56 - 1.4.58 when extforward.headers is
not set in lighttpd.conf.

Workaround: extforward.headers = ("X-Forwarded-For")
  (or appropriate value depending on header sent by upstream proxy)

  "mod_extforward regression 1.4.56"
2021-01-07 08:51:42 -05:00
Glenn Strauss a99550d76c [mod_extforward] config warning for module order
expand config warning for module load order to include other TLS modules
2021-01-06 07:52:20 -05:00
Glenn Strauss bdb58c245a [mod_openssl] extend ssl.openssl.ssl-conf-cmd
extend ssl.openssl.ssl-conf-cmd to accept "SecurityLevel"
(lighttpd extension) and use the (string) value to call the
openssl-specific SSL_CTX_set_security_level()
2021-01-05 15:03:22 -05:00
Glenn Strauss 6a28bd79b3 [mod_wolfssl] minor updates for wolfSSL v4.6.0 2021-01-05 12:52:14 -05:00
Glenn Strauss 048af4c506 [core] fix crash at shutdown w/ certain config
If server.systemd-socket-activation = "enable" and one or more of the
sockets is not listed in lighttpd.conf, then when the server is shutting
down, a buffer from the config file is free()d twice.
2021-01-01 13:03:55 -05:00
Glenn Strauss dfe471b77c [mod_dirlisting] place vars closer to where used
allocate memory for PATH_MAX to avoid pathconf() for _PC_NAME_MAX
2020-12-30 06:41:16 -05:00
Glenn Strauss 2f303d8205 [mod_gnutls] use local strncmp_const()
On some older gcc, strncmp is a macro and expects three arguments,
but does not see expansion of lighttpd CONST_STR_LEN() macro before
warning/error about incorrect number of arguments
2020-12-28 09:14:48 -05:00
Glenn Strauss 3088c76c8c [mod_mbedtls] use local strncmp_const()
On some older gcc, strncmp is a macro and expects three arguments,
but does not see expansion of lighttpd CONST_STR_LEN() macro before
warning/error about incorrect number of arguments
2020-12-28 09:13:21 -05:00
Glenn Strauss 171a064036 [mod_mbedtls] include mbedtls/platform_util.h
include mbedtls/platform_util.h for mbedtls_platform_zeroize()
(instead of relying on an indirect include)

(fixes build with (very old) mbedtls-2.14.0)
2020-12-28 08:54:50 -05:00
Glenn Strauss 0cb6466541 [mod_webdav] hide unused funcs depending on build
hide unused funcs depending on build flags
2020-12-27 22:51:40 -05:00
Glenn Strauss 37ae942346 [core] fix bug in read retry found by coverity
read retry loop needs separate var for result and data size to read

rename 'toSend' variable to 'len' (of chunk)
2020-12-27 22:35:48 -05:00
Glenn Strauss 2639e5ae43 [multiple] chunkqueue_write_chunk()
create API in chunk.[ch] for writing a chunk to an fd

(pull similar code from mod_cgi and mod_webdav)

This new API is intended for use on request body input, which is
written to size-limited temporary files controlled by lighttpd and
written to files or pipes.

(network_backend_write() is for writing chunkqueues to sockets)
2020-12-27 09:17:33 -05:00
Glenn Strauss 15bfe5ef0e [mod_webdav] typedef off_t loff_t for FreeBSD
FreeBSD provides an API similar to Linux copy_file_range()
but uses off_t instead of loff_t in the syscall.

off_t is equivalent to off64_t when lighttpd is built with LFS
(and lighttpd is built with LFS enabled by default)
2020-12-27 04:19:11 -05:00
Glenn Strauss 72b9bb5ba3 [core] http_response_match_if_range()
separate func to check "If-Range"
2020-12-26 20:00:42 -05:00
Glenn Strauss e16b4503e2 [core] fix bug in FastCGI uploads (#3033)
(thx zoon01 and ms49434)

  "Memory Growth with PUT and full buffered streams"
2020-12-26 02:56:39 -05:00
Glenn Strauss 5309ec8c95 [core] fix crash after specific err in config file 2020-12-25 17:47:16 -05:00
Glenn Strauss b700a8ca09 [multiple] etag.[ch] -> http_etag.[ch]; better imp
more efficient implementation of HTTP ETag generation and comparison

modify dekhash() to take hash value to allow for incremental hashing
2020-12-25 14:41:16 -05:00
Glenn Strauss 655453a195 [core] inet_ntop_cache -> sock_addr_cache
* rename inet_ntop_cache.[ch] to sock_addr_cache.[ch]
* reimplement as separate caches for IPv4 and IPv6
2020-12-24 20:05:01 -05:00
Glenn Strauss 1212f60991 buffer_append_path_len() to join paths
use buffer_append_path_len() to join path segments
2020-12-24 16:13:20 -05:00
Glenn Strauss a0b615acd9 [core] http_date_timegm() (portable timegm())
move from mod_openssl.c
2020-12-24 16:13:20 -05:00
Glenn Strauss 122094e3e3 [multiple] employ http_date.h, sys-time.h
- replace use of strptime() w/ implementation specialized for HTTP dates
- use thread-safe gmtime_r(), localtime_r() (replace localtime, gmtime)
2020-12-24 16:13:20 -05:00