Commit Graph

718 Commits (ba290f181fa5e3c62346b9b321edd15ebea377c5)

Author SHA1 Message Date
fbrosson 6982b1930e [mod_ssi] config ssi.conditional-requests
Summary:
A new SSI directive, "ssi.conditional-requests", allows to inform
lighttpd which SSI pages should be considered as cacheable and which
should not. In particular, the "ETag" & "Last-Modified" headers will
only be sent for those SSI pages for which the directive is enabled.

Long description:
"ETag" and "Last-Modified" headers were being sent for all SSI pages,
regardless of whether they were cacheable or not. And yet, there was
no cache validation at all for any SSI page.
This commit fixes these two minor issues by adding a new directive,
"ssi.conditional-requests", which allows to specify which SSI pages
are cacheable and which are not, and by adding cache validation to
those SSI pages which are cacheable. And since sending ETags for
non-cacheable documents is not appropriate, they are no longuer
computed nor sent for those SSI pages which are not cacheable.
Regarding the "Last-Modified" header for non-cacheable documents,
the standards allow to either send the current date and time for
that header or to simply skip it. The approach chosen is to not send
it for non-cacheable SSI pages. "ETag" and "Last-Modified" headers
are therefore only sent for an SSI page if ssi.conditional-requests
is enabled for that page.

The ssi.conditional-requests directive can be enabled or disabled
globally and/or in any context. It is disabled by default.

An index.shtml which only includes deterministic SSI commands such as:
<!--#echo var="LAST_MODIFIED"-->
is a trivial example of a dynamic SSI page that is cacheable.
7 years ago
Glenn Strauss bb95317774 [core] setrlimit max-fds <= rlim_max for non-root (fixes #2723)
x-ref:
  "setrlimit can increase RLIMIT_NOFILE up to rlim_max for non-root"
  https://redmine.lighttpd.net/issues/2723
7 years ago
Glenn Strauss 51e0f2087b [core] define __STDC_WANT_LIB_EXT1__ (fixes #2722)
x-ref:
  "define __STDC_WANT_LIB_EXT1__ for memset_s()"
  https://redmine.lighttpd.net/issues/2722
7 years ago
Glenn Strauss c63427c999 [mod_dirlisting] class for dir <tr> (fixes #2304)
x-ref:
  "special class for directories tr's in directory listing"
  https://redmine.lighttpd.net/issues/2304
7 years ago
Glenn Strauss dc9f95c75d [mod_status] table w/ count of con states (fixes #2427)
(replaces "legend")
7 years ago
Glenn Strauss c68f83aed4 [mod_status] page refresh option (fixes #2170)
e.g. http://server-address/server-status?refresh=10

x-ref:
  "server-status page should have an automatic reload"
  https://redmine.lighttpd.net/issues/2170
7 years ago
Glenn Strauss 760baed402 [mod_expire] reset caching response headers for error docs (fixes #1919)
remove Cache-Control and Expires headers before handling error docs
(caching headers may have been set by mod_expire before http status
 was determined to be an error)

x-ref:
  "mod_expires sends headers on 404 responses"
  https://redmine.lighttpd.net/issues/1919
7 years ago
Glenn Strauss f4cb07f723 [mod_webdav] readdir POSIX compat (fixes #1826)
do not expect '.' to be part of dir listing

x-ref:
  "mod_webdav readdir POSIX compatibility issue"
  https://redmine.lighttpd.net/issues/1826
7 years ago
Glenn Strauss e5e5548b88 [mod_extforward] reset cond_cache for scheme (fixes #1499)
bug #1499 was mostly fixed in 05858f6c
This patch additionally resets the cond_cache since scheme might change

x-ref:
  "HTTPS env var should be "on" when using mod_extforward and the X-Forwarded-Proto header is set."
  https://redmine.lighttpd.net/issues/1499
7 years ago
Glenn Strauss 659ce5e78e [mod_magnet] rename var for clarity (fixes #1483)
"length" argument is more accurately described as 0-index end of range

x-ref:
  "magnet offset > length bug"
  https://redmine.lighttpd.net/issues/1483
7 years ago
Glenn Strauss 4b412797b8 [mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468)
https://tools.ietf.org/html/rfc7616 and
https://tools.ietf.org/html/rfc7617 (September 2015)
update Digest and Basic auth to allow server to recommend charset
which should be used by client.

http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-basic-auth-username

x-ref:
  "LDAP UTF-8 encoding"
  https://redmine.lighttpd.net/issues/1468
7 years ago
Glenn Strauss f1681ca29b [mod_cgi] always set QUERY_STRING (fixes #1339)
(thx alexo)

x-ref:
  "lighttpd doesn't set empty QUERY_STRING in cgi environment"
  https://redmine.lighttpd.net/issues/1339
7 years ago
Glenn Strauss 97556d992b [mod_fastcgi,mod_scgi] check for spawning on same unix socket (fixes #319)
error if unix socket path is duplicated

(does not check across modules, but will detect duplicated unix socket
 paths within fastcgi directives, and separately, duplicated unix socket
 paths within scgi directives)
7 years ago
Glenn Strauss de08a135ea [core] clean up srv before exiting for lighttpd -[vVh]
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3138 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 36ab0587c0 [stream] fstat() after open() to obtain file size
Common case is on non-empty files, and doing fstat() after open()
eliminates ToC-ToU between stat() and then open().  While file size
of the target file might still change, the fstat() is on the opened
file, and can not be on different file (which was possible with stat())

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3137 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 47f3dbebe4 use li_[iu]tostrn() instead of li_[iu]tostr()
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3136 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss e5006d88eb pass buf size to li_tohex()
also change passing of fixed-sized arrays: need to pass pointer to array
as otherwise size does not get enforced

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3135 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss dac02e257c [mod_status] use snprintf() instead of sprintf()
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3134 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss ab829cee5e [mod_webdav] allow Depth: Infinity lock on file (fixes #2296)
(still not supporting Depth: Infinity on directories)

patch by mstorsjo submitted as part of feature request #1953

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3133 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss d17d48e01e [stat] mimetype.xattr-name global config option (fixes #2631)
For backwards compatibility with existing lighttpd configs, default is
  mimetype.xattr-name = "Content-Type"

Those who wish to use the freedesktop.org definition of xattr mimetype
can set the following in the global lighttpd config:
  mimetype.xattr-name = "user.mime_type"

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3131 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 292309f88b [core] lighttpd -tt performs preflight startup checks (fixes #411)
lighttpd -t loads config file and performs syntax check
lighttpd -tt (new) performs preflight startup checks,
  including loading and initializing modules, but skipping any
  potentially destructive actions which might affect an already
  running server (separate instance).  These currently include:
  - skipping pidfile modification
  - skipping bind() to network sockets
  - skipping open of error and access logs

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3130 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Jan Kneschke 9ae7813685 [core] fixed the loading for default modules if they are specified explicitly
backported 1836 from trunk

From: Jan Kneschke <jan@kneschke.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3129 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 06d3c75440 [core] respond 411 Length Required if request has Transfer-Encoding: chunked (fixes #631)
lighttpd does not currently support request body transfer-codings

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3128 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss f11089ed2b [core] wait for grandchild to be ready when daemonizing (fixes #2712, thx pasdVn)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3127 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 0aa2ea74e3 [mod_proxy] accept LF delimited headers, not just CRLF (fixes #2594)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3126 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss b4a4afdaf7 [config] warn if server.upload-dirs has non-existent dirs (fixes #2508)
Warn at startup if any dirs in server.upload-dirs do not exist.
Take server.chroot into account, if set.

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3125 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
fbrosson a579e7ffc0 [mod_ssi] Add SSI vars SCRIPT_{URI,URL} and REQUEST_SCHEME (fixes #2721)
This is a proposal to add to lighttpd the famous SSI variables
SCRIPT_URI and SCRIPT_URL (known to Apache users), as well as a bonus
ENV variable called REQUEST_SCHEME.

SCRIPT_URI and SCRIPT_URL will be available as SSI variables from
within documents handled by mod_ssi.
They can be used like any other SSI var with the "#echo var" command:
<!--#echo var="SCRIPT_URI"-->
<!--#echo var="SCRIPT_URL"-->
Webmasters willing to display links to the W3C Validator will be able
to use:
<a href="http://validator.w3.org/check?uri=<!--#echo var="SCRIPT_URI"-->">…</a>
instead of the generic http://validator.w3.org/check?uri=referer link
which does not work on some (most?) browsers which do not send
referers when the link itself resides in a document sent through
https.

REQUEST_SCHEME will be available both as an environment variable. It
is defined as "http" or "https", depending on the scheme of the
connection. It is safe to use this name as it does not conflict with
any existing variable on Apache or Nginx. This is slightly different
from the HTTPS var which is often added by webadmins on their server's
configuration. EDIT: Some Apache modules also define REQUEST_SCHEME
with the same possible values as this proposal.

From: fbrosson <fbrosson@users.noreply.github.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3124 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler cc81f1f9dc add NEWS entry for previous commit
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3123 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 0a61fdecac [buffer] refactor buffer_path_simplify (fixes #2560)
There actually was one bug: if the input consisted only of spaces,
it would read one byte too much.

`pre` was splitted into `pre2` and (already existing) `pre1` - the two
characters which were read before the current one in `c`.

Restructuring the loop eliminated some code before the loop, which was
similar to the one at the end of the loop.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3120 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 92c3da847b [unittests] add test_buffer and test_base64 unit tests
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3118 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Andrey Mnatsakanov 7b983ae054 [base64] fix crash due to broken force_assert
if the input to `li_to_base64_no_padding` has length 3*n,
`out_tuple_remainder` = `in_tuple_remainder` = 0, and `4*full_tuples
== 4*full_tuples + out_tuple_remainder`

From: Andrey Mnatsakanov <andrey.mnatsakanov@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3117 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 5c68caa6d7 [core] replace array weakref with vector
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3116 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 8455734f4a [core] add generic vector implementation
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3115 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 8abd06a7ff consistent inclusion of config.h at top of files (fixes #2073)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3113 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Kyle J. McKay c92b1762ba [core] truncate pidfile on exit (fixes #2695)
If the server has changed its uid or is running in a chroot
it may be unable to remove the pid file when it exits.

However, if it holds on to an open handle to the pid file
that has write permission, it will be able to truncate the
pid file to 0 bytes in length.

Most monitoring software recognizes a 0-length pid file
as indicating there is no process running.

Therefore always attempt to truncate the pid file before
trying to remove it so that it's not left containing the
pid of a process that is no longer running.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3112 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 6f89a8bbef [core] fix request_start in keep-alive requests to mark time when received first byte (fixes #2412)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3111 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler cfd13c7938 [autobuild] use AC_CANONICAL_HOST instead of AC_CANONICAL_TARGET (fixes #1866)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3110 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 06005655e6 [core] log remote address on request timeouts (fixes #652)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3109 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler d8f4d20d9a restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP problems (fixes #2464)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3108 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 00063098c1 [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3107 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 82ee3fb2f8 [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3106 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 70036ff572 [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3105 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss d85bdab43f [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
detect unix domain socket path earlier
detect IPv6 addr without port (might contain ':' within addr, e.g. [::])

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3104 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 43da581893 [core] configparser: error on duplicate keys in array merge (fixes #2685)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3103 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 68e4a416cc [core] provide array_extract_element and use it
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3102 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler e7a39cde36 [core] fix memory leak in configparser_merge_data
Release op1 memory on failure; fixes some theoretical memory leaks (a
failure results in early exit anyway).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3101 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 224bf545c1 [core] refactor array search; raise array size limit to SSIZE_MAX
- raise array size limit from INT_MAX to SSIZE_MAX. INT_MAX already
  is way to high to be hit in any sane scenario, but SSIZE_MAX can
  *obviously* not be hit due to memory constraints.
- use size_t for array indices instead of int
- use binary search instead of next_power_of_2 hack; document invariants
  and check them in debug mode (asserts).
- return the actual insert position instead of something near

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3100 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 8d8ae9cbc8 [core] improve array API to prevent theoretical memory leaks
- refactor insert into array_find_or_insert; if the element already
  exists the caller must resolve the conflict manually:
  - array_replace frees the old element
  - array_insert_unique calls "insert_dup"
  both have no return value anymore
- fix usages of array_replace; they now don't need to delete the old
  entry anymore; usage in configparser was probably broken, as it
  possibly deleted the old element before calling array_replace

This should fix a lot of the issues reported in "Fortify Open Review
Project - lighttpd 1.4.39" (usually hitting the array limit):
when the array size limit was hit "new" entries leaked instead of
getting added.

On 32-bit INT_MAX entries cannot actually be reached (each entry
requires at least 48 bytes, leading to a total of 96GB memory).

On 64-bit INT_MAX entries would require 224GB memory, so it would be
theoretically possible. But it would need 2^27 reallocations of two
C-arrays of up to 16GB size.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3098 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler c5a42e932f [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)
Reference: Fortify Open Review Project - lighttpd 1.4.39
    ID 22708161 - Unreleased Resource
    ID 22708163 - Unreleased Resource

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3097 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 2a8f73e7d4 [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
Impact is probably low on most platforms, as it will probably overwrite
one byte of "HASH HA1" which isn't used afterwards anymore.

Reference: Fortify Open Review Project - lighttpd 1.4.39
    ID 22708159 - Buffer Overflow: Off-by-One

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler f3606dc539 [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3094 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler f56fe331e5 [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3093 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss dde7bea99a [mod_cgi] kill CGI if fail to write request body
(clean up potential zombie processes from unreaped children)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3092 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss f2cbd0a3aa [mod_cgi] simplify mod_cgi_handle_subrequest()
wait for CGI to close stdout, so we read EOF on pipe to end CGI response

remove extra call to waitpid() which will occur after process exits
if it has not already been explicitly closed by CGI (and has not been
inherited by CGI forked children)  (If CGI forks, then it should close
its stdout response pipe when response is done, especially if it intends
to perform lengthy post-processing in the background.)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3091 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss e5e66f791f [mod_cgi] consolidate CGI cleanup code
(more consistent behavior)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3090 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 94647804cf [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542)
(Thx, anomie, who identified and explained problem in above ticket)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3089 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss c80ae9b212 [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)
(slightly modified from patch by bert)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3088 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 02594f107a [plugins] don't include dlfcn.h if not needed (fixes #2548)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3087 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 75e4859a1b [mod_compress] case-insensitive content-codings (fixes #2645)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3086 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler c033a1966e [core] improve conditional enabling (thx Gwenlliana, #2598)
instead of looping over all config blocks for each conditional var that
gets enabled, enable them all and run over them once.

Right now it seems we actually set all variables at once in normal
config handling (SNI only sets a subset); future modifications
might introduce new variables which are activated at a later stage
(physical path related for example).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3083 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler ad65603ec0 [core] fix conditional cache handling
- add new "skip" result to mark conditions that didn't actually get
  evaluated to false but just skipped because the preconditions failed.
- add "local_result" for each cache entry to remember whether the
  condition itself matched (not including the preconditions).
  this can be reused after a cache reset if the condition itself was not
  reset, but the preconditions were
- clear result of subtree (children and else-branches) when clearing a
  condition cache

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3082 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 1c01a42aa3 [core] never evaluate else branches until the previous branches are aready (fixes #2598)
The first condition which evaluates true in any if-else... condition
chain short-circuits the chain, and any remaining conditions in the
chain are marked false.

Previous conditions in if-else condition chaining must be evaluatable
(to true or false) -- must not remain in unset (not yet evaluatable)
state -- prior to evaluating later conditions.  Since any true
condition short-circuits remaining conditions, all prev conditions
must be false prior to evaluating later conditions.

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3081 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 431559e5df [configparser] don't continue after parse error (fixes #2717)
only use values in reduce actions when the config is still valid
(ctx->ok).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3080 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss f23a24a263 [mod_cgi] issue trace and exit if execve() fails (closes #2302)
(replace SEGFAULT if execve() fails)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3079 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 665cc39b95 [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3077 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 5cc061bfab [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
do not propagate sighup if 0 == server.max-workers; reduce impact of
sighup on child processes, such as piped loggers, by not forwarding
sighup signal unless server.max-workers configured

For those configuring server.max-workers, it is recommended that
piped loggers be used to avoid log corruption, and then admins can
avoid sending lighttpd SIGHUP as there is currently no benefit to
doing so with the standard modules (beyond that of log rotation of
non-piped access and error logs).

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3076 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 3fd80ff8ec [mod_cgi] use MAP_PRIVATE to mmap temporary file instead of MAP_SHARED (fixes #2715)
Flash filesystem JFFS2 does not support mmap PROT_READ MAP_SHARED,
though it does support mmap PROT_READ MAP_PRIVATE

Although MAP_SHARED is preferred, CGI input body is fully collected
prior to handler invoking the CGI, so the temporary file is never
modified after being mapped.  Since the request input body is specific
to request and is temporary file, mmap PROT_READ MAP_PRIVATE works fine.

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3075 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 566cf8decb add force_assert for more allocation results
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3072 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler f3b577ddee use libmemcached instead of deprecated libmemcache
Differential Revision: https://review.lighttpd.net/D5

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3071 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler c354229f42 add handling for lua 5.2 and 5.3 (fixes #2674)
Reviewers: stbuehler

Differential Revision: https://review.lighttpd.net/D4

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3070 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
fbrosson d8e028e069 [mod_ssi] enhance support for ssi vars
Try ssi_vars if ssi_cgi_env does not have a matching var name.
Allow var names to also include digits after the initial letter or underscore.

From: fbrosson <fbrosson@users.noreply.github.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3069 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 3dd2f66d13 - next is 1.4.40
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3068 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 6ef3b709db [chunk] fix use after free / double free (fixes #2700)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3065 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 737d4f0f20 [core] fix memset_s call (fixes #2698)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3064 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 53c4ab8438 - next ist 1.4.39
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3063 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Kyle J. McKay b37dd77491 [core] show correct crypt support result (fixes #2690)
If the crypt function is available as part of the standard
system library, then HAVE_LIBCRYPT will not be set, but
HAVE_CRYPT or HAVE_CRYPT_R will.

Make server.c test HAVE_CRYPT, HAVE_CRYPT_R  and HAVE_LIBCRYPT
to determine the correct value of crypt support.

Signed-off-by: Kyle J. McKay

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3061 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Kyle J. McKay 159ca0c15d [network] add darwin-sendfile backend (fixes #2687)
The FreeBSD version of sendfile is already supported.  Starting
with OS X 10.5, Darwin also supports sendfile, but using a
slightly different argument list even though much of the
implementation is likely taken from FreeBSD just like the man
page is.

Add support for darwin's sendfile by introducing a new
network_darwin_sendfile.c file that's just a copy of the
network_freebsd_sendfile.c file except with the arguments
adjusted to compensate for the minor API difference (FreeBSD
has separate in and out byte count arguments whereas Darwin
has a combined in/out byte count argument).

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3060 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Kyle J. McKay b0ecb4d44b [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691)
When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur.  The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3059 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler bfaa48260a [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
Differential Revision: https://review.lighttpd.net/D7

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3054 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 85d8a17575 [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3052 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 3943de280e [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3051 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler a069548370 [core] revert increase of temp file size back to 1MB, provide a configure option "server.upload-temp-file-size" instead (fixes #2680)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3050 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler c512345fa2 [config] check config option scope; warn if server option is given in conditional
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3049 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 39add4476f [mod_secdownload] use a hopefully constant time comparison to check hash (fixes #2679)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3048 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Gaurav 5c5f67a5c7 add force_assert for many allocations and function results
From: Gaurav <g.gupta@samsung.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3047 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler f19128086c [core] don't buffer request bodies smaller than 64k on disk
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3046 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Loganaden Velvindron d7be04beb5 [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available
From: Loganaden Velvindron <logan@elandsys.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3045 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Gaurav 37bdb250a4 [core] check configparserAlloc() result with force_assert
From: Gaurav <g.gupta@samsung.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3044 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler a93be99441 [core] fix search for header end if split across chunks (fixes #2670)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3043 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 3512b5cb77 [core] allocate at least 4k buffer for incoming data
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3042 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 69f890e2c5 [stat-cache] fix handling of collisions, might have returned wrong data (fixes #2669)
- don't remember splay_tree nodes for long (dir_node, file_node) after
  cache lookup; only remember the data they pointed to (sce for file
  entries, fam_node for dir entries)
- unset sce / fam_node when a collision (not matching path) is detected
- check again for collision before splaytree_insert; the entry in
  question is already at the top because it was splayed before. simply
  replace the data on collisions (and release the old data).
- check fam_node for collisions too
- splaytree_size handles NULL nodes too
- enable some force_assert lines (were in #ifdef DEBUG_STAT_CACHE before)

Differential Revision: https://review.lighttpd.net/D1

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3039 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler d8b5492f5a -next is 1.4.38
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3037 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler dd4fe73c47 fix some warnings found by coverity ("leak" in setup phase, not catching too long unix socket paths in mod_proxy)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3034 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 0b02cd2690 [mmap] handle SIGBUS in network; those get triggered if the file gets smaller during reading
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3031 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler b66fa2cb68 [plugins] when modules are linked statically still only load the modules given in the config
- previously it would load all modules in some fixed order
- also warn when mod_magnet or mod_trigger_b4_dl are compiled without
  needed dependencies
- mod_trigger_b4_dl fails in plugin_init when dependencies are missing

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3029 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 912533cd68 [mmap] fix mmap alignment
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3028 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 6d6dbadb14 [mod_cgi] rewrite mmap and generic (post body) send error handling
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3027 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler 9257d7df4f [bsd xattr] fix compile break with BSD extended attributes in stat_cache
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3023 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler d7cd5b087a [autoconf] define HAVE_CRYPT when crypt() is present
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3022 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago
Stefan Bühler e57a70174b [kqueue] fix kevent call
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3020 152afb58-edef-0310-8abb-c4023f1b3aa9
8 years ago