Commit Graph

2580 Commits (d3cf141d144e52d1f1cc9ea7313728e3532a2d44)
 

Author SHA1 Message Date
Glenn Strauss d3cf141d14 [core] li_tohex_lc() explicitly uses lc hex chars
remove buffer_copy_string_hex()
5 years ago
Glenn Strauss 5e60b8faea [mod_secdownload] compare bin MAC instead of hex 5 years ago
Glenn Strauss 9eda625d67 [core] more efficient hex2int() 5 years ago
Glenn Strauss 936db51f05 [core] buffer_append_string_encoded_hex_lc()
special-purpose routine is more efficient than what was previously in
buffer_append_string_encoded() with ENCODING_HEX
5 years ago
Glenn Strauss 78024584bb [core] check if SOCK_NONBLOCK is ignored (fixes #2883)
x-ref:
  "fdevent_init should check if SOCK_NONBLOCK works"
  https://redmine.lighttpd.net/issues/2883
5 years ago
Glenn Strauss 3efaff973f [mod_fastcgi,mod_scgi] fastcgi.balance,scgi.balance (fixes #2882)
x-ref:
  "fastcgi.balance not working"
  https://redmine.lighttpd.net/issues/2882
5 years ago
Glenn Strauss b70186131a [mod_magnet] reduce buffer copies
reduce buffer copies, but leave where (buffer *) arg required
5 years ago
Glenn Strauss 4753064318 [mod_magnet] code reuse 5 years ago
Glenn Strauss 6fb023d664 [mod_wstunnel] better Sec-WebSocket-Protocol parse
Improve handling of Sec-WebSocket-Protocol: binary, base64 for RFC6455.
When client sends Sec-WebSocket-Protocol in request header, client
may expect Sec-WebSocket-Protocol response.  mod_wstunnel is basic
tunnel endpoint and supports "binary" and "text" modes for RFC6455,
conventionally requested by client browsers as "binary" or "base64"
5 years ago
Glenn Strauss 04d76e7afd [core] some header cleanup
provide standard types in first.h instead of base.h
provide lighttpd types in base_decls.h instead of settings.h
reduce headers exposed by headers for core data structures
  do not expose <pcre.h> or <stdlib.h> in headers
move stat_cache_entry to stat_cache.h
reduce use of "server.h" and "base.h" in headers
5 years ago
Glenn Strauss fefc82153a [build] remove m4 AC_PATH_PROG for PKG_CONFIG
replaced by PKG_PROG_PKG_CONFIG and PKG_CHECK_MODULES()
5 years ago
Glenn Strauss d400f8aac5 [core] fdevent_accept_listenfd() nonblock cloexec
fdevent_accept_listenfd() now always returns fd O_NONBLOCK O_CLOEXEC
for consistency, rather than setting elsewhere in connection_accepted()

Handle older Linux 2.6 kernels which might have accept4() in glibc,
but return ENOSYS, as accept4() was not added until Linux kernel 2.6.28.
5 years ago
Glenn Strauss 26fb8d3ee6 [mod_proxy] fix segfault in Set-Cookie reverse map (fixes #2879)
fix segfault in reverse url-path mapping of Set-Cookie sent from backend
when proxy.header = ( "map-urlpath" => ( ... ) ) is used and there are
multiple Set-Cookie response headers with path= attributes which need to
be reverse mapped.

(thx ganto)

x-ref:
  "Segfault with proxy-header map-urlpath"
  https://redmine.lighttpd.net/issues/2879
5 years ago
Glenn Strauss 210b57708e [core] fix rare race condition from backends (fixes #2878)
fix rare race condition from backends with server.stream-response-body=2

(thx abelbeck)

x-ref:
  "fastcgi and stream-response-body=2 hangs on last chunk"
  https://redmine.lighttpd.net/issues/2878
5 years ago
Glenn Strauss 957916a90e [core] minor code cleanup in gw_recv_response() 5 years ago
Glenn Strauss 86f64a0288 [mod_magnet] fix regression in lighty.stat (fixes #2877)
fix regression in mod_magnet lighty.stat introduced in lighttpd 1.4.49
in commit commit:b1df38ab

x-ref:
  "lighty.stat failure"
  https://redmine.lighttpd.net/issues/2877
5 years ago
Glenn Strauss e21906b3b4 [core] fix crash if 'host' empty in config (fixes #2876)
x-ref:
 "segfault with fastcgi app"
  https://redmine.lighttpd.net/issues/2876
5 years ago
Glenn Strauss 78e25f0f50 [mod_extforward] allow explict IPs to be untrusted (#2860)
Allowing explicit IPs to be rejected might be useful in situations
where an internal network is to be allowed by CIDR mask, but there are
a small number of untrusted hosts on the network, e.g. hosts behind a
NAT to which some external ports are forwarded.

CIDR masks must be marked "trust", or else are ignored with a warning.

x-ref:
  "RFE: mod_extforward CIDR support"
  https://redmine.lighttpd.net/issues/2860
5 years ago
Glenn Strauss ae54806dc2 - next is 1.4.50 5 years ago
Glenn Strauss d0d5d4267b [doc] NEWS 5 years ago
Glenn Strauss 758d24142b [core] fix incorrect hash algorithm impl
fix incorrect implementation of djb hash algorithm
5 years ago
Glenn Strauss 5a6e4df85c [mod_auth] check that digest realm matches config 5 years ago
Glenn Strauss 81b7e8e2fb [mod_auth] constant time compare plain passwords
(digests have same length)
5 years ago
Glenn Strauss 7265c72b6c [autoconf] reduce minimum automake version to 1.13
Although removal of AM_PROG_CC_C_O in f107bac8 requires automake 1.14
to provide the same functionality in AC_PROG_CC, any widely used,
modern compiler supports cc -c -o.  Reducing the minimum required
automake version avoids the current need for Centos 7 maintainers
to patch configure.ac in order to build binary packages.
5 years ago
Glenn Strauss 4a674224ab [core] re-enable overloaded backends w/ multi wkrs
re-enable overloaded backends when server.max-worker is non-zero

(thx jens-maus)

x-ref:
  "mod_proxy not re-enabling proxy with 1.4.48" (multiple workers)
  https://redmine.lighttpd.net/boards/2/topics/7906
5 years ago
Glenn Strauss fc7edb3946 [mod_extforward] CIDR support for trusted proxies (fixes #2860)
x-ref:
  "RFE: mod_extforward CIDR support"
  https://redmine.lighttpd.net/issues/2860
5 years ago
Glenn Strauss cd2b51cb1a [core] fix CONNECT w strict header parsing enabled
fix CONNECT with strict header parsing enabled (default)
(or set server.http-parseopt-header-strict = "disabled")

x-ref:
  "ssh over https tunnel"
  https://redmine.lighttpd.net/boards/2/topics/7805
5 years ago
Glenn Strauss bd32f67046 [core] open additional fds O_CLOEXEC 5 years ago
Glenn Strauss b1df38ab6a [core] increase stat_cache abstraction
reduce dependency on struct connection
routines for getting/caching content_type and etag separate from stat
5 years ago
Glenn Strauss 2496c1af4c [core] pass array_get_element_klen() const array * 5 years ago
Glenn Strauss 6a6d32698e [core] fix path-info calculation in git master (fixes #2861)
(thx ReimuHakurei)

x-ref:
  "Regression: PHP URLs return 404 from lighttpd when they contain PATH_INFO ending in a trailing slash."
  https://redmine.lighttpd.net/issues/2861
5 years ago
Glenn Strauss 978a3f8dad [core] add include sys/poll.h on Solaris (fixes #2859)
x-ref:
  "fdevent_solaris_port.c header missing on Solaris 10"
  https://redmine.lighttpd.net/issues/2859
5 years ago
Glenn Strauss 58a1793964 [core] fix 32-bit compile POST w/ chunked request body (#2854)
(thx the_jk)

x-ref:
  "chunked transfer encoding in request body only works for tiny chunks"
  https://redmine.lighttpd.net/issues/2854
5 years ago
Glenn Strauss 30fe3684f6 [mod_wstunnel] fix for frames larger than 64k (fixes #2858)
(thx rschmid)

x-ref:
  "Wrong websocket frametype if frame is longer then UINT16_MAX"
  https://redmine.lighttpd.net/issues/2858
5 years ago
Glenn Strauss 1c594f0629 [doc] minor update to *outdated* doc
x-ref:
  "unknown config-key: auth.debug (ignored)"
  https://redmine.lighttpd.net/boards/2/topics/7842

github: closes #89
5 years ago
Glenn Strauss e6564641d8 [core] remove unused func 5 years ago
Glenn Strauss dc1675ea32 [core] fix POST with chunked request body (fixes #2854)
(thx the_jk)

x-ref:
  "chunked transfer encoding in request body only works for tiny chunks"
  https://redmine.lighttpd.net/issues/2854
5 years ago
Glenn Strauss cb371557e5 [core] merge redirect/rewrite pattern substitution
merge redirect/rewrite pattern substitution function (share code)
5 years ago
Glenn Strauss a5a2654bd4 [core] code cleanup: separate physical path sub
code cleanup: separate subroutine to check physical path
5 years ago
Glenn Strauss d5f37803dd [mod_authn_ldap] auth with ldap referrals (fixes #2846)
use ldap_set_rebind_proc() to provide auth when rebinding following
ldap referrals (instead of rebinding anonymously for ldap referrals)

x-ref:
  "LDAP authentication vs. AD: problems with referrals"
  https://redmine.lighttpd.net/issues/2846
5 years ago
Glenn Strauss ec9e6abcb3 [core] check for path-info forward down path
check for path-info forward down path rather than back from end of path
5 years ago
Glenn Strauss 76b9b1fa46 [mod_openssl] elliptic curve auto selection (fixes #2833)
elliptic curve auto selection where available
openssl v1.0.2 - SSL_CTX_set_ecdh_auto()
openssl v1.1.0 - ECDH support always enabled

x-ref:
  "Using X25519 Key exchange"
  https://redmine.lighttpd.net/issues/2833

  "SSL_CTX_set_ecdh_auto is undefined for newer openssl's"
  https://github.com/openssl/openssl/issues/1437
  It has been removed from OpenSSL 1.1.0.
  Here is the relevant CHANGES entry:
  *) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
     always enabled now.  If you want to disable the support you should
     exclude it using the list of supported ciphers. This also means
     that the "-no_ecdhe" option has been removed from s_server.
     [Kurt Roeckx]
5 years ago
Glenn Strauss f90ccdef51 [mod_openssl] minor code cleanup; reduce var scope
('git show -u -b -w <commit-sha>' to see minimal changes)
5 years ago
Glenn Strauss b9df146b3c [core] non-blocking write() to piped loggers
If pipe fills and would block, then discard remaining write.
Do not block lighttpd if the logger blocks, such as if disk fills up.
6 years ago
Glenn Strauss e8226c11cb [core] do not reparse request if async cb
do not reparse request if async callback, e.g. for mod_auth
6 years ago
Glenn Strauss b28f03b5a4 [core] warn if mod_indexfile after dynamic handler
mod_indexfile should be listed in server.modules
prior to dynamic handlers

x-ref:
  https://redmine.lighttpd.net/boards/2/topics/7797
6 years ago
Glenn Strauss 37f9b60d5e [mod_authn_ldap] fix mem leak when ldap auth fails (fixes #2849)
thx, codehero

x-ref:
  "Linux OOM kills lighttpd when using mod_authn_ldap"
  https://redmine.lighttpd.net/issues/2849
6 years ago
Glenn Strauss d4083effab [core] fix base64 decode when char is unsigned (fixes #2848)
thx, codehero

x-ref:
  "buffer_append_base64_decode() broken on compilers where char is assumed unsigned"
  https://redmine.lighttpd.net/issues/2848
6 years ago
Glenn Strauss 0c95ed370f [core] report to stderr if errorlog path ENOENT (fixes #2847)
x-ref:
  "handling permissions at startup"
  https://redmine.lighttpd.net/issues/2847
6 years ago
Glenn Strauss 84b5064dc4 [core] discard from socket using recv MSG_TRUNC
discard from socket using recv MSG_TRUNC on Linux TCP SOCK_STREAM socket

Currently, lighttpd supports only TCP SOCK_STREAM.  If UDP SOCK_DGRAM
were to be supported in the future, then socket type will need to be
stored so that MSG_TRUNC is used appropriately for the desired effect.

To find out socket type on arbitrary socket fd:
  getsockopt(..., SOL_SOCKET, SO_TYPE, ...)
but better to store it with each listening socket.
6 years ago