lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
1,637 Commits
9 Branches
85 Tags
14 MiB
Commit Graph

532 Commits (efc41b2bb1affbfb33eb6de1071e7ffa3a083a3e)

Author SHA1 Message Date
Stefan Bühler efc41b2bb1 check length of unix domain socket filenames 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2958 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-16 13:08:43 +00:00
Stefan Bühler 8e31e18b8e [mod_webdav] fix logic error in handling file creation error 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2955 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-16 13:08:36 +00:00
Stefan Bühler 57c661c191 fix unchecked return values from stream_open/stat_cache_get_entry 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2954 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-16 13:08:34 +00:00
Stefan Bühler b106513e58 [network] check return value of lseek() 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2953 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-16 13:08:32 +00:00
Stefan Bühler 9f2be4882d force assertion: setting FD_CLOEXEC must work (if available) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2952 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-16 13:08:29 +00:00
Stefan Bühler ef0b353fee [mod_cml_lua] fix null pointer dereference 
a local lua script could trigger it by not sending any files and not
  setting a last-modified header, leading to zero mtime and a buffer
  ptr = NULL which was used in http_response_handle_cachable

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2951 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-16 13:08:27 +00:00
Stefan Bühler 07dd0bd0a5 add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2948 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-16 13:08:20 +00:00
Stefan Bühler fba7dd6f43 fix resource leaks in error cases on config parsing and other initializations 
None of this matters - lighttpd will terminate anyway. Still helps the
  code to get cleaner, and makes reviewing output of static analyzers
  easier.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2947 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:19 +00:00
Stefan Bühler bf10267807 [buffer] fix length check in buffer_is_equal_right_len 
buffer_is_equal_right_len didn't check the length of the second
  buffer. as all calls in lighttpd used the length of the second buffer
  as length parameter those calls were not broken.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2946 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:16 +00:00
Stefan Bühler bcd35cc264 remove logical dead code 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2945 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:14 +00:00
Stefan Bühler 29a1070299 add comments for switch fall throughs 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2944 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:12 +00:00
Stefan Bühler b239e7734a [mod_magnet] fix memory leak 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2943 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:10 +00:00
Stefan Bühler b461e031f5 [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2942 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:07 +00:00
Stefan Bühler d59c910d6a [mod_dirlisting] fix memory leak if pcre fails 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2941 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:05 +00:00
Stefan Bühler 0aaf939e5e [mod_rrdtool] fix invalid read (string not null terminated) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2940 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:03 +00:00
Stefan Bühler fc3a060a04 [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active) 
If a new fastcgi packet is expected, but the currently available
  data doesn't fill the header and debug is active an invalid
  read is triggerd.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2939 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:06:00 +00:00
Stefan Bühler b8a1835093 NEWS entry for previous commit 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2938 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-02-14 21:05:58 +00:00
Stefan Bühler 0d855be97e - next is 1.4.35 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2935 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-01-20 14:20:06 +00:00
Stefan Bühler 24994e113a [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2930 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-01-10 12:05:06 +00:00
Stefan Bühler 657566828e [mod_mysql_vhost] fix memory leak on config init (#2530) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2929 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-01-10 12:05:04 +00:00
Stefan Bühler e346794d59 [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) 
On platforms that support linking modules with undefined symbols we
actually do it; so most of the time -no-undefined should result in an
error.
On platforms that don't support it, it will result in an error sooner or
later anyway (on those it should build a shared libary with the core
code to link the modules against).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2928 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-01-10 12:05:02 +00:00
Stefan Bühler f0e5c1415d [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2927 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-01-10 12:04:59 +00:00
Stefan Bühler 17762fad01 maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2926 152afb58-edef-0310-8abb-c4023f1b3aa9
 2014-01-10 12:04:57 +00:00
Stefan Bühler c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2925 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-11-13 17:18:39 +00:00
Stefan Bühler 99cddff73a [core] check success of setuid,setgid,setgroups (CVE-2013-4559) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2923 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-11-13 11:43:33 +00:00
Stefan Bühler d8b363c1d1 [stat-cache] fix FAM cleanup/fdevent handling 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2922 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-11-13 11:43:31 +00:00
Stefan Bühler ae1335503a [stat-cache] FAM: fix use after free (CVE-2013-4560) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-11-13 11:43:28 +00:00
Stefan Bühler 6b7240f2d8 NEWS entry for previous commit 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2919 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-11-13 11:43:23 +00:00
Stefan Bühler 1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508) 
pull all ssl.ca-file values into all SSL_CTXs, but use only the local
ssl.ca-file for verify-client; correct SNI name is no requirement,
so enforcing verification for a subset of SNI names doesn't actually
protect those.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-11-05 15:29:07 +00:00
Stefan Bühler 268c054c40 [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2911 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-10-13 11:34:55 +00:00
Stefan Bühler 9b0d54d7cc [mod_auth] explicitly link ssl for SHA1 (fixes #2517) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2910 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-10-13 11:16:55 +00:00
Stefan Bühler 32199a7bdf - next is 1.4.34 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2909 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-09-27 20:22:12 +00:00
Stefan Bühler 29ff92d9ba [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2901 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 15:46:13 +00:00
Stefan Bühler 9cfc080ab7 [core] allow files to be used as document-root (fixes #2475) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2900 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 15:02:44 +00:00
Stefan Bühler c26b0f9617 [mod_accesslog] add accesslog.syslog-level option (fixes #2480) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2899 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 14:13:43 +00:00
Stefan Bühler f0e5b84c27 [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2898 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 13:15:03 +00:00
Stefan Bühler 92567b8b8f [core] check whether server.chroot exists 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2896 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 13:14:59 +00:00
Stefan Bühler 916cf7cfc0 [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2895 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 13:14:57 +00:00
Stefan Bühler f9d58670d5 [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436) 
can be combined with ssl:
    ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID"
	auth.require = ("/" => ( "require" => "valid-user", "method" => "extern") )

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2894 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 13:14:56 +00:00
Stefan Bühler 559b198f86 [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2892 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 13:14:52 +00:00
Stefan Bühler 93fd9ea7a4 [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492) 
if ssl.empty-fragments is set to enabled, but the openssl version used
  to compile lighttpd doesn't support empty fragments, a warning is
  displayed (it might still work).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2891 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 13:14:50 +00:00
Stefan Bühler 6d4d2118c3 [ssl] accept ssl renegotiations if they are not disabled (fixes #2491) 
* don't fiddle with ssl internals
 * renegotiations should be safe with recent openssl versions,
   openssl itself should reject unsafe renegotiations

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2890 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-08-30 13:14:48 +00:00
Stefan Bühler 05858f6cf2 [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) 
con->conf.is_ssl got removed and replaced by:
 * con->conf.ssl_enabled for the config var "ssl.engine" - it is only
   used to determine which server-sockets should use ssl. (usually not
   needed as it is mandatory and enough to set ssl.pemfile anyway)
 * con->srv_socket->is_ssl to detect the actual ssl status of the
   bound socket, which is the same as the ssl status of the connection
 * con->uri.scheme for the actual $HTTP["scheme"] value, also used for
   the CGI "HTTPS=ON" variable. This defaults to "https" if the
   connection uses ssl, but can be changed for example by mod_extforward
   if X-Forwarded-Proto: is set to either "http" or "https" (other values
   are ignored right now)

Also removed the broken srv_socket->is_proxy_ssl as it was a connection
value in a server_socket struct...

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2887 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-07-31 20:23:21 +00:00
Stefan Bühler 25a3f2e826 [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470) 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2885 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-06-29 12:46:02 +00:00
Stefan Bühler 6cdb46587c [ssl] use DH only if openssl supports it (fixes #2479) 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2884 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-06-29 12:46:00 +00:00
Stefan Bühler 3df2ec9248 [core] recognize more http methods to forward to backends (fixes #2346) 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2883 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-06-29 10:53:24 +00:00
Stefan Bühler 9b36534752 [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2882 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-06-29 10:53:22 +00:00
Stefan Bühler 12c4a40b28 [mod_userdir] add userdir.active option, "enabled" by default 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2880 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-06-29 10:07:43 +00:00
Stefan Bühler a6b42cc61e [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490) 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2878 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-06-29 09:45:29 +00:00
Stefan Bühler c008fd7ec8 [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478) 
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2877 152afb58-edef-0310-8abb-c4023f1b3aa9
 2013-06-29 09:45:27 +00:00