lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
3,743 Commits 9 Branches 87 Tags 16 MiB
Commit Graph

101 Commits

Author SHA1 Message Date
Glenn Strauss 21f0dabef4 [multiple] replace buffer_is_equal_caseless_string 
buffer_is_equal_caseless_string() -> buffer_eq_icase_slen()
 2021-01-07 09:08:53 -05:00
Glenn Strauss 122094e3e3 [multiple] employ http_date.h, sys-time.h 
- replace use of strptime() w/ implementation specialized for HTTP dates
- use thread-safe gmtime_r(), localtime_r() (replace localtime, gmtime)
 2020-12-24 16:13:20 -05:00
Glenn Strauss c58b95f297 [core] light_isupper(), light_islower() 
more efficient char checks
(replace one comparision and one branch with one subtraction)
 2020-10-11 12:19:26 -04:00
Glenn Strauss b600b75f20 [core] inline buffer_reset() 
buffer_reset() is used on pre-allocated buffers, so remove NULL check
 2020-08-10 20:05:02 -04:00
Glenn Strauss e1bb579361 [core] disperse settings.h to appropriate headers 2020-08-10 20:04:57 -04:00
Glenn Strauss 3057b63ea2 [multiple] address coverity warnings 2020-07-10 22:18:26 -04:00
Glenn Strauss 2781a3be6d [multiple] address coverity warnings 2020-07-10 21:34:28 -04:00
Glenn Strauss b04f0311f9 [core] perf: tighten some code in some hot paths 2020-07-08 19:54:29 -04:00
Glenn Strauss 9914bb297b [core] C99 restrict on some base funcs 
buffer.[ch], chunk.[ch], request.[ch], sock_addr.[ch]
 2020-07-08 19:54:29 -04:00
Glenn Strauss 7c7f8c467c [multiple] split con, request (very large change) 
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)

NB: request read and write chunkqueues currently point to connection
    chunkqueues; per-request and per-connection chunkqueues are
    not distinct from one another
      con->read_queue  == r->read_queue
      con->write_queue == r->write_queue

NB: in the future, a separate connection config may be needed for
    connection-level module hooks.  Similarly, might need to have
    per-request chunkqueues separate from per-connection chunkqueues.
    Should probably also have a request_reset() which is distinct from
    connection_reset().
 2020-07-08 19:54:29 -04:00
Glenn Strauss 5bbe58728d [core] perf: buffer copy and append 
reorder some code
add more const
avoid redundant asserts
 2020-07-08 19:54:29 -04:00
Glenn Strauss 0ff60d8218 [multiple] rename r to rc rv rd wr to be different 
variable rename
 2020-07-08 19:54:28 -04:00
Glenn Strauss f24e6d696a [multiple] plugin_stats array 
use global rather than passing around (server *) just for that

li_itostrn() and li_utostrn() return string length
(rather than requiring subsequent strlen() to find length)
 2020-07-08 19:54:28 -04:00
Glenn Strauss 5c0c4936b4 [core] __attribute_returns_nonnull__ 2020-02-24 11:15:32 -05:00
Glenn Strauss 10d71279ae [core] uint32_t for struct buffer sizes 2020-02-24 11:15:32 -05:00
Glenn Strauss d22e7a769d [core] cold buffer_string_prepare_append_resize() 2020-02-24 11:14:45 -05:00
Glenn Strauss fc42ec12d9 [multiple] replace strcasecmp() on short strings 2019-06-06 02:48:43 -04:00
Glenn Strauss ac8444f2e6 [core] specialized buffer_eq_*() for short strings 
specialized buffer_eq_*() funcs for use with short strings,
e.g. case-insensitive comparison for equality
 2019-06-06 02:48:43 -04:00
Glenn Strauss 64b0f7229e [core] buffer_reset() should not be passed NULL 2019-05-13 21:01:57 -04:00
Glenn Strauss b31e7840d5 [multiple] quiet clang --analyze where trivial 
quiet clang --analyze warnings where trivial to do so
 2019-01-21 18:05:10 -05:00
Glenn Strauss 77c01f9817 [core] buffer_append_path_len() 
concatenate paths, placing single '/' between strings

reverts broken commit:b9402283

(thx avij)
 2018-11-28 02:12:41 -05:00
Glenn Strauss 80638252dc [multiple] validate UTF-8 in url-decoded paths 
validate UTF-8 in url-decoded paths obtained elsewhere than from request

(burl_normalize(), if enabled with server.http-parseopts, checks url for
 overlong encodings of ASCII chars in the HTTP request-line)
 2018-11-25 19:52:08 -05:00
Glenn Strauss e8e59396d3 [core] reject decoded url-path without leading '/' 
buffer_simplify_path() no longer prepends '/' if '/' is missing.
Callers must check for leading '/' depending on use, such as in
concatenation with others paths, or direct use accessing filesystem

Note: lighttpd 1.4.50 provides the server.http-parseopts directive.
Recommended settings unless specific use requires looser settings:
  server.http-parseopts = (
    "header-strict"            => "enable",
    "host-strict"              => "enable",
    "host-normalize"           => "enable",
    "url-normalize"            => "enable",
    "url-normalize-unreserved" => "enable",
    "url-normalize-required"   => "enable",
    "url-ctrls-reject"         => "enable",
    "url-path-2f-decode"       => "enable",
    "url-path-dotseg-remove"   => "enable",
    "url-query-20-plus"        => "enable"
  )

x-ref:
  https://digi.ninja/blog/lighttpd_rewrite_bypass.php

As noted in the link above, mod_access should be preferred instead
of mod_rewrite for access controls to URLs.
 2018-11-25 19:52:08 -05:00
Glenn Strauss cf93e91c56 [core] perf: inline buffer_copy_buffer() 2018-11-25 19:52:08 -05:00
Glenn Strauss 75bd40aa5d [core] perf: buffer optimizations 
buffer_string_prepare_copy() no longer writes '\0' into b->ptr
buffer_realloc() always allocates extra +1 for '\0'
 2018-11-25 19:52:08 -05:00
Glenn Strauss 449274903c [core] perf: simplify buffer_move() 
require src and dest to be non-NULL

change no longer releases large swapped buffers with buffer_reset()
 2018-11-25 19:51:07 -05:00
Glenn Strauss a2aba0788b [core] perf: small improvement to encoding CGI var 2018-11-23 00:46:19 -05:00
Glenn Strauss 5fe9339942 [core] perf: inline buffer_append_string_buffer() 2018-11-12 21:56:05 -05:00
Glenn Strauss 2e23b43d12 [core] perf: buffer_align_size() identity if align 
use identity if requested size is already aligned to BUFFER_PIECE_SIZE
 2018-10-27 11:40:54 -04:00
Glenn Strauss d4a93a531d [core] perf: buffer_copy_string_len() 
buffer_copy_string_len() short-circuit common case,
but preserve blank-string initialization side-effect
if buffer is empty
 2018-10-25 00:57:07 -04:00
Glenn Strauss babf8112f7 [core] perf: buffer_free_ptr() __attribute__ cold 2018-10-22 20:52:01 -04:00
Glenn Strauss bc25684f0c [core] perf: buffer_string_append_len() 
buffer_string_append_len() short-circuit common case,
but preserve blank-string initialization side-effect
if buffer is empty
 2018-10-10 11:56:46 -04:00
Glenn Strauss f1489b5a11 [core] perf: buffer.c internal inlines 
buffer_copy_string_len() and buffer_append_string_len() now
internally inline what buffer_commit() does, but do not repeat the
sanity checks already enforced by buffer_string_prepare_copy() and
buffer_string_prepare_append(), respectively

buffer_string_set_length() short-circuit common case
 2018-10-07 23:47:56 -04:00
Glenn Strauss 4674d2d180 [core] fix missing param from prev commit 2018-10-05 10:17:46 -04:00
Glenn Strauss 877ac2942a [core] better consistency in buffer_is_equal*() 
buffer_is_equal_caseless_string() now correctly matches against
the string only up to the provided string length, since the
string might not be '\0' terminated.
 2018-10-05 01:05:44 -04:00
Stefan Bühler e0260a411d [buffer] fix duplicate assert and comment 
this originates from ad3e93ea9 for no apparent reason
 2018-08-26 18:52:22 +02:00
Glenn Strauss 2e385a1a53 [core] fix buffer_to_upper() 
fix buffer_to_upper() and case-insensitive filesystem detection
 2018-08-12 14:43:22 -04:00
Glenn Strauss 6ebd289788 [core] inline some buffer.[ch] routines 2018-08-12 14:43:22 -04:00
Glenn Strauss 83cdf28610 [core] check for continuation in server.tag 
check server.tag for newlines (not expected) and ensure proper
header continuation.

remove buffer_append_string_encoded() ENCODING_HTTP_HEADER
(continuations in response headers handled in response_header_*() funcs)
 2018-08-05 03:44:15 -04:00
Glenn Strauss 1593190651 [core] buffer_append_string_encoded() uc hex 
Use uc hex chars in buffer_append_string_encoded(), preferred in RFC3986

Preserve behavior using lc hex chars in buffer_append_string_c_escaped()
 2018-08-05 03:44:15 -04:00
Glenn Strauss 3d880810d1 [core] buffer_append_uint_hex_lc() uses lc hex 2018-08-05 03:44:15 -04:00
Glenn Strauss d3cf141d14 [core] li_tohex_lc() explicitly uses lc hex chars 
remove buffer_copy_string_hex()
 2018-08-05 03:44:15 -04:00
Glenn Strauss 9eda625d67 [core] more efficient hex2int() 2018-08-05 03:44:15 -04:00
Glenn Strauss 936db51f05 [core] buffer_append_string_encoded_hex_lc() 
special-purpose routine is more efficient than what was previously in
buffer_append_string_encoded() with ENCODING_HEX
 2018-08-05 03:44:15 -04:00
Glenn Strauss 04d76e7afd [core] some header cleanup 
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
  do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
 2018-04-08 22:22:23 -04:00
Glenn Strauss dadfb5fcf5 [core] attempt to quiet coverity false positives 2017-08-12 21:43:04 -04:00
Glenn Strauss 9bc61f16cb [core] attempt to quiet coverity false positives 2017-08-12 15:39:12 -04:00
Glenn Strauss 05c34ce464 [core] buffer_substr_replace() 2017-04-24 02:38:30 -04:00
Glenn Strauss ac143ead29 [core] inline simple buffer is empty checks 2017-04-24 02:37:10 -04:00
Glenn Strauss a53f662a30 [core] remove some unused header includes 
remove exposure of stdio.h in buffer.h for print_backtrace(), now static
 2017-03-28 02:17:33 -04:00