Commit Graph

3842 Commits

Author SHA1 Message Date
Glenn Strauss f83ff671fc [mod_dirlisting] limit buffer use for large dirs
send large dir listings to tempfiles
send large header and footers (readme) to tempfiles if XML-encoding

separate header and footer HTML generation from
directory read and HTML generation for dir and files

code reuse, cleanup
reduce some string copying for include file paths
2021-03-26 22:38:33 -04:00
Glenn Strauss 8dc663e86d [mod_cml] use cached time from log_epoch_secs 2021-03-26 07:33:42 -04:00
Glenn Strauss d8f8548fcb [core] use monotonic secs for piped loggers start
use monotonic secs for piped loggers start time
2021-03-26 07:33:42 -04:00
Glenn Strauss 76b9cb8717 [mod_ssi] inline some buffers in ssi plugin_data 2021-03-26 07:33:42 -04:00
Glenn Strauss 9c8b9ff010 [core] move special case for Content-Type CGI hdr
move special case for Content-Type CGI header to identify header with
tag rather than string comparison
2021-03-26 07:33:42 -04:00
Glenn Strauss 160baff923 [core] copy string and len directly from tmp_buf
copy string and len directly from tmp_buf without buffer_commit(tb, ...)
if tmp_buf contents are not used after the copy
2021-03-26 07:33:42 -04:00
Glenn Strauss 0ee964268b [core] restart if large large clock jump detected (#3075)
default is clock jump > 30 mins (1800 seconds)
server.feature-flags += ("server.clock-jump-restart" => 1800)
Can be set to 0 to disable.

  "TLS 1.3 with SessionTicket fail for the first 8 hours of 1970"
2021-03-26 07:33:42 -04:00
Glenn Strauss d50d4dc0e5 [TLS] init STEK even if time is 1970 (fixes #3075)
(thx DamienT)

  "TLS 1.3 with SessionTicket fail for the first 8 hours of 1970"
2021-03-26 07:33:42 -04:00
Glenn Strauss dde9df4310 [multiple] mark addtl funcs attr returns_nonnull 2021-03-26 07:33:42 -04:00
Glenn Strauss a83b5a0121 [core] remove bad prototype from algo_splaytree.h 2021-03-26 07:33:42 -04:00
Glenn Strauss 91adbe7bb1 [core] http_kv.[ch] perf tuning 2021-03-26 07:33:42 -04:00
Glenn Strauss ea38287a4c [multiple] do not clear physical.path if finished
do not reset r->physical.path (unneeded) if returning HANDLER_FINISHED

error handler will reset r->physical.path, if necessary
2021-03-26 07:33:42 -04:00
Glenn Strauss 38c8735850 [multiple] optimize primitives, buffer_extend()
optimize buffer_* primitives

Other than buffer_string_set_length(), reallocate with one power-2 step
in size (or use the requested size, if larger).  This replaces the fixed
BUFFER_PIECE_SIZE round-up of only 64 bytes extension each reallocation,
which could lead to excessive reallocations in some scenarios.

buffer_extend() convenience routine to prep for batch append
(combines buffer_string_prepare_append() and buffer_commit())

mod_fastcgi, mod_scgi, mod_proxy and others now leverage buffer_extend()

mod_scgi directly performs little-endian encoding of short ints

http_response_write_header() optimizes writing response header,
leveraging buffer_extend()

modify mod_proxy to append line ends
similar to how it is done in http_response_write_header()
(removes one call to buffer_append_string_len())
2021-03-26 07:33:42 -04:00
Glenn Strauss f9cd50b782 [core] modify path in-place checking for path-info 2021-03-26 07:33:42 -04:00
Glenn Strauss 81ef66eaf0 [multiple] buffer_has_slash_suffix()
2021-03-26 07:33:42 -04:00
Glenn Strauss 8e093e90f5 [core] http_response_physical_path_error()
consolidate code from error paths in
http_response_physical_path_check() into
2021-03-26 07:33:42 -04:00
Glenn Strauss c636e979e6 [mod_gnutls] quiet clang warning 2021-03-26 07:33:42 -04:00
Glenn Strauss 19bc88850e [multiple] add attrs from gcc -Wsuggest-attribute= 2021-03-26 07:33:41 -04:00
Glenn Strauss fe4310cc61 [mod_dirlisting, mod_trigger_b4_dl] use keyvalue
use keyvalue.[ch] for basic matching

consolidate PCRE logic and leverage PCRE study in keyvalue.[ch]

remove direct link to -lpcre from modules using keyvalue.[ch]
2021-03-22 07:10:32 -04:00
Glenn Strauss 7b9c5adda1 [multiple] PCRE w/ PCRE_STUDY_JIT_COMPILE (fixes #2361)
enabled by default
disable using server.feature-flags += ("server.pcre_jit" => "disable")

Available since pcre-8.20 (2011), and improved in pcre-8.32 (2012),
PCRE_STUDY_JIT_COMPILE can greatly speed up repeated execution of PCRE
patterns.  (

lighttpd continues to use pcre_exec() instead of pcre_jit_exec(),
even though doing so does not realize all of the performance increase
potentially available with PCRE_STUDY_JIT_COMPILE and pcre_jit_exec().

pcre_jit_exec() is available with PCRE 8.32 and later, if PCRE is
compiled with --enable-jit, but lighttpd does not currently use
pcre_jit_exec() since the PCRE library might not have been compiled
with --enable-jit (though this could be solved with a weak symbol).
Similarly, lighttpd does not currently configure the pcre_jit_stack.

(Using pcre_jit_exec() may be revisited in the future.)

  "add support for pcre JIT"
2021-03-22 07:10:32 -04:00
Glenn Strauss 8845e1e67e [core] defer pcre_compile until after config parse 2021-03-22 07:10:32 -04:00
Glenn Strauss e8de53cb74 [core] fix chunkqueue_small_resp_optim partial rd 2021-03-22 07:10:30 -04:00
Glenn Strauss f5a62a0fd2 [core] http_response_handle_cachable() optim
short-circuit http_response_handle_cachable() if conditional request
headers are not present
2021-03-13 06:21:06 -05:00
Glenn Strauss c035eb7733 [multiple] prefer monotonic time for internal use
(this commit, actually switch to call new func to get monotonic time)
2021-03-13 05:56:55 -05:00
Glenn Strauss ea6e3445a7 [mod_nss] avoid NSS crash w/ config file error
but trust anchors have not been set with SSL_SetTrustAnchors()
(e.g. if ssl.verifyclient.activate = "enable" but
      has not been configured in lighttpd.conf)
2021-03-13 01:42:03 -05:00
Glenn Strauss aa81834bc3 [mod_openssl] skip cert chain build if self-issued
If cert is self-issued, then do not attempt to build certificate chain.

(Attempting to build certificate chain when chain is not provided, but is specified, is provided as backward compatible behavior
 from lighttpd versions prior to lighttpd 1.4.56)
2021-03-13 01:41:45 -05:00
Glenn Strauss 006c5efcf4 [core] optimize buffer_urldecode_path()
remove buffer_urldecode_query() (unused)
query string generally needs to be split on '&'
before decoding '+' and decoding %-encoding

remove int2hex() (unused, and not well-named for nibble-to-hex)
2021-03-12 03:14:35 -05:00
Glenn Strauss dbe3e2361b [multiple] prefer monotonic time for internal use
Note: monotonic time does not change while VM is suspended

Continue to use real time where required by HTTP protocol, for logging
and for other user-visible instances, such as mod_status, as well as for
external databases and caches.
2021-03-11 18:59:53 -05:00
Glenn Strauss fb5e0ff892 [core] check EAGAIN if unix socket connect() delay 2021-03-08 23:11:53 -05:00
Glenn Strauss 8b52995c1d [multiple] use binary '|' to reconstruct ts 2021-03-08 20:24:16 -05:00
Glenn Strauss 8c7dbf1a21 [core] remove stream.[ch]
- remove stream.[ch] (was used only by configfile.c)
- read config files into memory; no big gain from mmap
  (config files are typically small files)
2021-03-07 04:38:34 -05:00
Glenn Strauss 86ede08134 [core] _WIN32 impl of read-only mmap(), munmap() 2021-03-07 04:38:34 -05:00
Glenn Strauss ac1fee6b30 [core] adjust stat_cache_get_entry() conditions 2021-03-07 04:38:34 -05:00
Glenn Strauss 03cf18ab8e [core] use epoll_create1() if available 2021-03-07 04:38:34 -05:00
Glenn Strauss 574c47ee66 [core] add some ifdefs in algo_hmac.c 2021-03-07 04:38:34 -05:00
Glenn Strauss b9e1e93fb1 [core] http_cgi_encode_varname()
move and rename from buffer.c to http_cgi.c:
buffer_copy_string_encoded_cgi_varnames() -> http_cgi_encode_varname()
2021-03-07 04:38:34 -05:00
Glenn Strauss 5c2f5577b4 [core] save parsed listen addrs at startup
save parsed listen addrs at startup for reuse at runtime

srv_socket->srv_token is normalized at startup and contains IP and port.
save offset to colon, if present, or else length of string (unix socket)

At runtime, srv_token_colon can be quickly used as length of IP string
(without port) or, if not length of string, offset of stringified port
following the colon.
2021-03-07 04:38:34 -05:00
Glenn Strauss c95f832f99 [core] http_cgi.[ch] CGI interfaces (RFC 3875)
collect Common Gateway Interface (CGI) interfaces (RFC 3875)
2021-03-07 04:38:34 -05:00
Glenn Strauss 1f96e59d03 [core] http_cgi_local_redir() rename
rename http_response_process_local_redir() -> http_cgi_local_redir()

adjust some checks for local redir
2021-03-04 17:52:01 -05:00
Glenn Strauss 7138de92f9 [core] quiet coverity warning 2021-03-02 20:32:45 -05:00
Glenn Strauss c6304bb43c [mod_openssl] use newer openssl 3.0.0 interfaces
avoid interfaces deprecated in openssl 3.0.0

some newer interfaces might be present in openssl 1.1.1,
but might not be present in alt TLS libs (libressl or boringssl),
so retrict use to >= openssl 3.0.0
2021-03-02 10:14:26 -05:00
Glenn Strauss af7c054b51 [core] ignore server.event-handler = "libev"
ignore server.event-handler = "libev" if lighttpd not built with libev
(no longer an error)

On most platforms, native event handling in lighttpd is more performant
than the overhead of libev, which usually uses the same underlying
OS system interface for event notification
2021-03-02 10:14:26 -05:00
Glenn Strauss bc3a2b4e47 [TLS] fix crash for (broken) nested $SERVER[] cfg
fix crash for (broken) nested $SERVER["socket"] config

$SERVER["socket"] belongs in the global scope and should not be
nested in any other conditional config logic.  Even so, lighttpd
should not crash when such misconfiguration occurs.

  "Lighttpd multiple SSL hosts using Server Name Indication (SNI)"
2021-03-02 10:14:25 -05:00
Glenn Strauss cc35c03c3c [core] RFC 7233 Range handling for non-streaming
RFC 7233 Range handling for all non-streaming responses,
including (non-streaming) dynamic responses

(previously Range responses handled only for static files)
2021-03-02 10:14:25 -05:00
Glenn Strauss d68e639b71 [core] http_range.[ch] RFC 7233 Range handling
(import from one of my development branches from 2015)
2021-03-02 10:14:25 -05:00
Glenn Strauss ce74705cea [core] chunkqueue_append_cq_range() 2021-02-25 21:36:20 -05:00
Glenn Strauss 7df6fb5ec8 [mod_deflate] do not cache 206 Partial Content 2021-02-24 20:46:44 -05:00
Glenn Strauss 12ac70d0fe [mod_auth] send 401 if digest algo not supported
client browsers might remember prior algorithm if algorithm changed;
send 401 Unauthorized to reset client browser
(sending 400 Bad Request was not user friendly)
2021-02-23 09:29:26 -05:00
Glenn Strauss a1bb0c0d52 [autoconf] add ajp13 to build msgs 2021-02-20 23:37:36 -05:00
Glenn Strauss 8bf9dac1f5 [mod_secdownload] use http_auth_const_time_memeq()
code reuse
2021-02-19 00:00:57 -05:00