Commit Graph

1966 Commits (052a049f29ca7478d5e86924add77bce481d68bf)
 

Author SHA1 Message Date
Glenn Strauss f4cb07f723 [mod_webdav] readdir POSIX compat (fixes #1826)
do not expect '.' to be part of dir listing

x-ref:
  "mod_webdav readdir POSIX compatibility issue"
  https://redmine.lighttpd.net/issues/1826
7 years ago
Glenn Strauss e5e5548b88 [mod_extforward] reset cond_cache for scheme (fixes #1499)
bug #1499 was mostly fixed in 05858f6c
This patch additionally resets the cond_cache since scheme might change

x-ref:
  "HTTPS env var should be "on" when using mod_extforward and the X-Forwarded-Proto header is set."
  https://redmine.lighttpd.net/issues/1499
7 years ago
Glenn Strauss 659ce5e78e [mod_magnet] rename var for clarity (fixes #1483)
"length" argument is more accurately described as 0-index end of range

x-ref:
  "magnet offset > length bug"
  https://redmine.lighttpd.net/issues/1483
7 years ago
Glenn Strauss 4b412797b8 [mod_auth] send charset="UTF-8" in WWW-Authenticate (fixes #1468)
https://tools.ietf.org/html/rfc7616 and
https://tools.ietf.org/html/rfc7617 (September 2015)
update Digest and Basic auth to allow server to recommend charset
which should be used by client.

http://stackoverflow.com/questions/702629/utf-8-characters-mangled-in-http-basic-auth-username

x-ref:
  "LDAP UTF-8 encoding"
  https://redmine.lighttpd.net/issues/1468
7 years ago
Glenn Strauss f1681ca29b [mod_cgi] always set QUERY_STRING (fixes #1339)
(thx alexo)

x-ref:
  "lighttpd doesn't set empty QUERY_STRING in cgi environment"
  https://redmine.lighttpd.net/issues/1339
7 years ago
Glenn Strauss 97556d992b [mod_fastcgi,mod_scgi] check for spawning on same unix socket (fixes #319)
error if unix socket path is duplicated

(does not check across modules, but will detect duplicated unix socket
 paths within fastcgi directives, and separately, duplicated unix socket
 paths within scgi directives)
7 years ago
Glenn Strauss de08a135ea [core] clean up srv before exiting for lighttpd -[vVh]
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3138 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 36ab0587c0 [stream] fstat() after open() to obtain file size
Common case is on non-empty files, and doing fstat() after open()
eliminates ToC-ToU between stat() and then open().  While file size
of the target file might still change, the fstat() is on the opened
file, and can not be on different file (which was possible with stat())

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3137 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 47f3dbebe4 use li_[iu]tostrn() instead of li_[iu]tostr()
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3136 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss e5006d88eb pass buf size to li_tohex()
also change passing of fixed-sized arrays: need to pass pointer to array
as otherwise size does not get enforced

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3135 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss dac02e257c [mod_status] use snprintf() instead of sprintf()
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3134 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss ab829cee5e [mod_webdav] allow Depth: Infinity lock on file (fixes #2296)
(still not supporting Depth: Infinity on directories)

patch by mstorsjo submitted as part of feature request #1953

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3133 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler dd33a350bb [configparser] fix small leak on config failure
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3132 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss d17d48e01e [stat] mimetype.xattr-name global config option (fixes #2631)
For backwards compatibility with existing lighttpd configs, default is
  mimetype.xattr-name = "Content-Type"

Those who wish to use the freedesktop.org definition of xattr mimetype
can set the following in the global lighttpd config:
  mimetype.xattr-name = "user.mime_type"

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3131 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 292309f88b [core] lighttpd -tt performs preflight startup checks (fixes #411)
lighttpd -t loads config file and performs syntax check
lighttpd -tt (new) performs preflight startup checks,
  including loading and initializing modules, but skipping any
  potentially destructive actions which might affect an already
  running server (separate instance).  These currently include:
  - skipping pidfile modification
  - skipping bind() to network sockets
  - skipping open of error and access logs

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3130 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Jan Kneschke 9ae7813685 [core] fixed the loading for default modules if they are specified explicitly
backported 1836 from trunk

From: Jan Kneschke <jan@kneschke.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3129 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 06d3c75440 [core] respond 411 Length Required if request has Transfer-Encoding: chunked (fixes #631)
lighttpd does not currently support request body transfer-codings

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3128 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss f11089ed2b [core] wait for grandchild to be ready when daemonizing (fixes #2712, thx pasdVn)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3127 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 0aa2ea74e3 [mod_proxy] accept LF delimited headers, not just CRLF (fixes #2594)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3126 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss b4a4afdaf7 [config] warn if server.upload-dirs has non-existent dirs (fixes #2508)
Warn at startup if any dirs in server.upload-dirs do not exist.
Take server.chroot into account, if set.

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3125 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
fbrosson a579e7ffc0 [mod_ssi] Add SSI vars SCRIPT_{URI,URL} and REQUEST_SCHEME (fixes #2721)
This is a proposal to add to lighttpd the famous SSI variables
SCRIPT_URI and SCRIPT_URL (known to Apache users), as well as a bonus
ENV variable called REQUEST_SCHEME.

SCRIPT_URI and SCRIPT_URL will be available as SSI variables from
within documents handled by mod_ssi.
They can be used like any other SSI var with the "#echo var" command:
<!--#echo var="SCRIPT_URI"-->
<!--#echo var="SCRIPT_URL"-->
Webmasters willing to display links to the W3C Validator will be able
to use:
<a href="http://validator.w3.org/check?uri=<!--#echo var="SCRIPT_URI"-->">…</a>
instead of the generic http://validator.w3.org/check?uri=referer link
which does not work on some (most?) browsers which do not send
referers when the link itself resides in a document sent through
https.

REQUEST_SCHEME will be available both as an environment variable. It
is defined as "http" or "https", depending on the scheme of the
connection. It is safe to use this name as it does not conflict with
any existing variable on Apache or Nginx. This is slightly different
from the HTTPS var which is often added by webadmins on their server's
configuration. EDIT: Some Apache modules also define REQUEST_SCHEME
with the same possible values as this proposal.

From: fbrosson <fbrosson@users.noreply.github.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3124 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler cc81f1f9dc add NEWS entry for previous commit
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3123 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss f5453290b7 validate return values from strtol, strtoul (fixes #2564)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3122 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 733ce38203 [http_auth/mod_fastcgi] check get_http_*_name() for NULL return (#2583)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3121 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 0a61fdecac [buffer] refactor buffer_path_simplify (fixes #2560)
There actually was one bug: if the input consisted only of spaces,
it would read one byte too much.

`pre` was splitted into `pre2` and (already existing) `pre1` - the two
characters which were read before the current one in `c`.

Restructuring the loop eliminated some code before the loop, which was
similar to the one at the end of the loop.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3120 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 82bee8d5c3 [base64] fix another crash due to broken force_assert conditions
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3119 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 92c3da847b [unittests] add test_buffer and test_base64 unit tests
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3118 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Andrey Mnatsakanov 7b983ae054 [base64] fix crash due to broken force_assert
if the input to `li_to_base64_no_padding` has length 3*n,
`out_tuple_remainder` = `in_tuple_remainder` = 0, and `4*full_tuples
== 4*full_tuples + out_tuple_remainder`

From: Andrey Mnatsakanov <andrey.mnatsakanov@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3117 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 5c68caa6d7 [core] replace array weakref with vector
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3116 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 8455734f4a [core] add generic vector implementation
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3115 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 15ac5b6986 [autobuild] include first.h in make dist
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3114 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 8abd06a7ff consistent inclusion of config.h at top of files (fixes #2073)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3113 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Kyle J. McKay c92b1762ba [core] truncate pidfile on exit (fixes #2695)
If the server has changed its uid or is running in a chroot
it may be unable to remove the pid file when it exits.

However, if it holds on to an open handle to the pid file
that has write permission, it will be able to truncate the
pid file to 0 bytes in length.

Most monitoring software recognizes a 0-length pid file
as indicating there is no process running.

Therefore always attempt to truncate the pid file before
trying to remove it so that it's not left containing the
pid of a process that is no longer running.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3112 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 6f89a8bbef [core] fix request_start in keep-alive requests to mark time when received first byte (fixes #2412)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3111 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler cfd13c7938 [autobuild] use AC_CANONICAL_HOST instead of AC_CANONICAL_TARGET (fixes #1866)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3110 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 06005655e6 [core] log remote address on request timeouts (fixes #652)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3109 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler d8f4d20d9a restart (some) syscalls after SIGCHLD interrupted them; should fix LDAP problems (fixes #2464)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3108 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 00063098c1 [ssl] support disabling ssl.verifyclient.activate in SNI callback (fixes #2531)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3107 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 82ee3fb2f8 [mod_magnet] define lua_pushglobaltable (for lua5.1) and use it (fixes #2719)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3106 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 70036ff572 [core] accept $SERVER["socket"] without port, use server.port as fallback (fixes #2204)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3105 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss d85bdab43f [core] more careful parse of $SERVER["socket"] config str (prepare #2204)
detect unix domain socket path earlier
detect IPv6 addr without port (might contain ':' within addr, e.g. [::])

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3104 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Glenn Strauss 43da581893 [core] configparser: error on duplicate keys in array merge (fixes #2685)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3103 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 68e4a416cc [core] provide array_extract_element and use it
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3102 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler e7a39cde36 [core] fix memory leak in configparser_merge_data
Release op1 memory on failure; fixes some theoretical memory leaks (a
failure results in early exit anyway).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3101 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 224bf545c1 [core] refactor array search; raise array size limit to SSIZE_MAX
- raise array size limit from INT_MAX to SSIZE_MAX. INT_MAX already
  is way to high to be hit in any sane scenario, but SSIZE_MAX can
  *obviously* not be hit due to memory constraints.
- use size_t for array indices instead of int
- use binary search instead of next_power_of_2 hack; document invariants
  and check them in debug mode (asserts).
- return the actual insert position instead of something near

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3100 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler be121a638b [core] rename variable in array.c
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3099 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 8d8ae9cbc8 [core] improve array API to prevent theoretical memory leaks
- refactor insert into array_find_or_insert; if the element already
  exists the caller must resolve the conflict manually:
  - array_replace frees the old element
  - array_insert_unique calls "insert_dup"
  both have no return value anymore
- fix usages of array_replace; they now don't need to delete the old
  entry anymore; usage in configparser was probably broken, as it
  possibly deleted the old element before calling array_replace

This should fix a lot of the issues reported in "Fortify Open Review
Project - lighttpd 1.4.39" (usually hitting the array limit):
when the array size limit was hit "new" entries leaked instead of
getting added.

On 32-bit INT_MAX entries cannot actually be reached (each entry
requires at least 48 bytes, leading to a total of 96GB memory).

On 64-bit INT_MAX entries would require 224GB memory, so it would be
theoretically possible. But it would need 2^27 reallocations of two
C-arrays of up to 16GB size.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3098 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler c5a42e932f [mod_fastcgi,mod_scgi] fix leaking file-descriptor when backend spawning failed (reported by Fortify Open Review Project)
Reference: Fortify Open Review Project - lighttpd 1.4.39
    ID 22708161 - Unreleased Resource
    ID 22708163 - Unreleased Resource

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3097 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler 2a8f73e7d4 [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
Impact is probably low on most platforms, as it will probably overwrite
one byte of "HASH HA1" which isn't used afterwards anymore.

Reference: Fortify Open Review Project - lighttpd 1.4.39
    ID 22708159 - Buffer Overflow: Off-by-One

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago
Stefan Bühler a6477d8481 [mod_rewrite] fix return type of process_rewrite_rules
Reference: Fortify Open Review Project - lighttpd 1.4.39
    ID 22708125 - Type Mismatch: Signed to Unsigned

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3095 152afb58-edef-0310-8abb-c4023f1b3aa9
7 years ago