Commit Graph

2665 Commits (e1f21b2adb6b6a976f76e054712a83c83d17c5ad)

Author SHA1 Message Date
Glenn Strauss e1f21b2adb [mod_secdownload] support if HMAC() is a macro
support if HMAC() is a macro, which may not handle CONST_BUF_LEN()
expanding to two arguments
2018-09-25 21:42:57 -04:00
Glenn Strauss 5b327e0089 [multiple] quiet compiler warnings --without-pcre
quiet compiler warnings for ./configure --without-pcre
2018-09-25 20:49:25 -04:00
Glenn Strauss 0257c822c0 [core] quiet coverity false positive 2018-09-25 20:40:36 -04:00
Glenn Strauss 070ce5b618 [mod_deflate] null-check to quiet coverity warning 2018-09-25 20:24:19 -04:00
Glenn Strauss 7e20dc6a42 [mod_userdir] security: skip username "." and ".."
On systems without getpwnam(), disallow username "." and "..", and
disallow usernames beginning with '.' if userdir.letterhomes = "enabled"
2018-09-25 11:21:41 -04:00
Glenn Strauss 6edd040b22 [build] fix SCons build for mod_authn_pam 2018-09-24 02:03:36 -04:00
Glenn Strauss 65fcd7810f [core] prefer buffer_append_string_len()
prefer buffer_append_string_len() when string len is known
(instead of buffer_append_string() which will recalculate strlen)
2018-09-23 19:18:49 -04:00
Glenn Strauss b61ed6da2a [core] http_method_append() 2018-09-23 19:18:47 -04:00
Glenn Strauss 90c30d5e90 [core] http_status_append() 2018-09-23 19:18:25 -04:00
Glenn Strauss b192231392 [core] log_failed_assert() __attribute__((cold)) 2018-09-23 18:01:58 -04:00
Glenn Strauss 2dbcfc9266 [core] inline status_counter routines 2018-09-23 18:01:58 -04:00
Glenn Strauss c98d89a4bb [tests] #undef NDEBUG before assert.h in t/test_* 2018-09-23 18:01:58 -04:00
Glenn Strauss 8c7f1dfb03 [core] more memory-efficient fn table for data_*
save 40 bytes (64-bit), or 16 bytes (32-bit) per data_* element
at the cost of going through indirect function pointer to execute
methods.  At runtime, the reset() method is most used among them.
2018-09-23 18:01:58 -04:00
Glenn Strauss 002a4c524d [core] array_get_int_ptr() 2018-09-23 18:01:58 -04:00
Glenn Strauss 66ff05db8f [tests] t/test_array.c
(more tests should be added, but starting with something has benefits)
2018-09-23 18:01:58 -04:00
Glenn Strauss 810109cc34 [multiple] code reuse: using array_*() funcs 2018-09-23 18:01:58 -04:00
Glenn Strauss 2b40854ab9 [core] fix include_shell on inline shell commands (fixes #2910)
regression in lighttpd 1.4.50

  "include_shell behavior change in 1.4.50"
2018-09-23 18:01:58 -04:00
Glenn Strauss fc1ddbed33 [mod_sockproxy] add to build
2018-09-23 18:01:58 -04:00
Glenn Strauss df4812ec2e [mod_authn_pam] mod_auth PAM support (fixes #688)
  "auth via pam"
2018-09-23 18:01:58 -04:00
Glenn Strauss 5c2d52b4ac [mod_flv_streaming] code simplifications 2018-09-23 18:01:58 -04:00
Glenn Strauss ae9f354bae [doc] lighttpd.service uses
doc/systemd/lighttpd.service now uses
instead of, as recommended in

(thx janik)
2018-09-23 18:01:58 -04:00
Glenn Strauss d61f33817c [multiple] code reuse: employ array_match_*() 2018-09-23 18:01:58 -04:00
Glenn Strauss 863dff6191 [mod_skeleton] review and simplify 2018-09-23 18:01:58 -04:00
Glenn Strauss e6741acd4e [core] code reuse array_match_*() routines 2018-09-23 18:01:58 -04:00
Glenn Strauss 6b887f35e3 [mod_auth] send 401 for mismatch HTTP auth scheme (fixes #2906)
  "Lighttpd responds with 400 not 401"
2018-09-23 18:01:58 -04:00
Glenn Strauss 4992c4de10 [mod_fastcgi,mod_scgi] error on oversized request (fixes #2905)
regression in lighttpd 1.4.49 and lighttpd 1.4.50

(thx slawomir.pryczek)

  "oversized fcgi requests should fail gracefully"
2018-09-23 18:01:58 -04:00
Glenn Strauss a458c2e731 [mod_proxy,mod_wstunnel] copy full plugin_config (fixes #2903)
  "gw backend redesign"
2018-09-23 18:01:58 -04:00
Glenn Strauss 5045a9e833 [core] fastcgi.h link to Open Market License (OML) (fixes #2901)
  "License terms of fastcgi.h"
2018-09-23 18:01:58 -04:00
Glenn Strauss 2eabe1636c [mod_rewrite] fix url.rewrite-repeat and url.rewrite-if-not-file (fixes #2908)
regression in lighttpd 1.4.50

  "mod_rewrite now throws error ENDLESS LOOP IN rewrite-rule DETECTED"
2018-09-23 18:01:58 -04:00
Glenn Strauss eebc1b0eec [mod_proxy] fix proxy.forwarded and proxy.replace-http-host (fixes #2902)
config settings were not being copied into proxy request context

  "mod_proxy's “proxy.forwarded” option seems ignored when used with mod_auth."
2018-09-23 18:01:58 -04:00
Glenn Strauss 9725299587 [core] code reuse with http_response_body_clear()
code reuse with http_response_body_clear()
rename con->response.transfer_encoding to con->response.send_chunked
2018-09-23 18:01:58 -04:00
Glenn Strauss 3dd3cde902 [core] abstraction layer for HTTP header manip
convert existing calls to manip request/response headers
convert existing calls to manip environment array (often header-related)
2018-09-23 18:01:58 -04:00
Glenn Strauss c8159ee5f6 [core] http_request_parse_reqline() separate func
http_request_parse_reqline() separate func from http_request_parse()
600+ line http_request_parse() is now two routines with ~300 lines each
2018-09-16 05:18:05 -04:00
Glenn Strauss 28d6015b45 [core] simplify parsing hdr key whitespace then : 2018-09-16 05:18:05 -04:00
Glenn Strauss a7c27c9f99 [core] code reuse with array_insert_key_value()
code reuse with array_insert_key_value() and related array manipulation
2018-09-16 05:18:05 -04:00
Glenn Strauss a90526374f [core] abstraction to insert/modify response hdrs
consistent use of abstraction to insert/modify response headers
2018-09-16 05:18:05 -04:00
Glenn Strauss 9d3cbaa74c [core] parse header line strings before copying 2018-09-16 05:18:05 -04:00
Glenn Strauss ad27206608 [core] redo HTTP header line folding
Replace separators between folded header lines in-place using spaces
and then process the single header line.

(Reverts change which replaces folding whitespace with single space)

Acknowledgement: Or Peles of VDOO  reference: VD-0871, VD-0872, VD-0873
(thx Or Peles)
2018-09-16 05:18:05 -04:00
Stefan Bühler e0260a411d [buffer] fix duplicate assert and comment
this originates from ad3e93ea9 for no apparent reason
2018-08-26 18:52:22 +02:00
Stefan Bühler 3be0707839 [core] replace folding whitespace with a single space
- previously the leading whitespace from folded lines was kept
- also ignore lines without any data
2018-08-26 18:52:22 +02:00
Stefan Bühler df8e4f9561 [core,security] process headers after combining folded headers
- this fixes various use-after-free scenarios (reported by Or Peles of
  VDOO): when parse_single_header stores pointers to header values in
  con->request, those pointers are not updated if the header value is
  reallocated when folded header lines are appended.
- also remove trailing white-space from folded lines
2018-08-26 18:44:46 +02:00
Stefan Bühler a2cc330fb4 [core] header parsing: use goto for error handling
- disable keep-alive for all failures
- default to 400 for status
2018-08-25 13:13:24 +02:00
Stefan Bühler 725d951247 [core] explicitly return 0 instead of constant result 2018-08-25 12:43:03 +02:00
Stefan Bühler ed0054c2d3 [core] split parsing header line into separate function 2018-08-25 12:35:23 +02:00
Glenn Strauss a9e131fa37 - next is 1.4.51 2018-08-13 00:43:56 -04:00
Glenn Strauss a2114a1c9b [doc] NEWS 2018-08-12 22:27:02 -04:00
Glenn Strauss 8c35064583 [core] extend server.http-parseopts
"header-strict" => "enable"
  restrict chars permitted in HTTP request headers
    (overrides server.http-parseopt-header-strict)
"host-strict" => "enable"
  restrict chars permitted in HTTP request Host header
    (overrides server.http-parseopt-host-strict)
"host-normalize" => "enable"
  normalize HTTP Host header
    (overrides server.http-parseopt-host-normalize)
2018-08-12 22:20:26 -04:00
Glenn Strauss ebd9517639 [core] quell insignificant coverity warning 2018-08-12 15:43:03 -04:00
Glenn Strauss c791877f13 [build] add missing file for test_burl
add missing file for test_burl for cmake and meson builds
2018-08-12 15:28:34 -04:00
Glenn Strauss 82dcb34c73 [core] workaround Coverity cov-build bug with gcc7
workaround Coverity cov-build bug with gcc 7
where Coverity does not support _Floatx typedefs
2018-08-12 15:17:11 -04:00