lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity
1,643 Commits
8 Branches
83 Tags
59 MiB
master
personal/gstrauss/master
personal/stbuehler/ci-build
personal/stbuehler/fix-fdevent
personal/stbuehler/1.4.48-mod-proxy-fix
personal/stbuehler/cleanup-build
personal/stbuehler/mod-csrf
personal/stbuehler/mod-csrf-old
lighttpd-1.4.69
lighttpd-1.4.68
lighttpd-1.4.67
lighttpd-1.4.66
lighttpd-1.4.65
lighttpd-1.4.64
lighttpd-1.4.63
lighttpd-1.4.62
lighttpd-1.4.61
lighttpd-1.4.60
lighttpd-1.4.59
lighttpd-1.4.58
lighttpd-1.4.57
lighttpd-1.4.56
lighttpd-1.4.56-rc7
lighttpd-1.4.56-rc6
lighttpd-1.4.56-rc5
lighttpd-1.4.56-rc4
lighttpd-1.4.56-rc3
lighttpd-1.4.56-rc2
lighttpd-1.4.56-rc1
lighttpd-1.4.55
lighttpd-1.4.54
lighttpd-1.4.53
lighttpd-1.4.52
lighttpd-1.4.51
lighttpd-1.4.50
lighttpd-1.4.49
lighttpd-1.4.48
lighttpd-1.4.47
lighttpd-1.4.46
lighttpd-1.4.45
lighttpd-1.4.44
lighttpd-1.4.43
lighttpd-1.4.42
lighttpd-1.4.41
lighttpd-1.4.40
lighttpd-1.4.39
lighttpd-1.4.38
lighttpd-1.4.37
lighttpd-1.4.36
lighttpd-1.4.36--rc1
lighttpd-1.4.35
lighttpd-1.4.34
lighttpd-1.4.33
lighttpd-1.4.32
lighttpd-1.4.31
lighttpd-1.4.30
lighttpd-1.4.29
lighttpd-1.4.24
lighttpd-1.3.11
lighttpd-1.3.12
lighttpd-1.3.13
lighttpd-1.3.14
lighttpd-1.3.15
lighttpd-1.3.16
lighttpd-1.4.1
lighttpd-1.4.10
lighttpd-1.4.11
lighttpd-1.4.12
lighttpd-1.4.13
lighttpd-1.4.14
lighttpd-1.4.15
lighttpd-1.4.16
lighttpd-1.4.17
lighttpd-1.4.18
lighttpd-1.4.19
lighttpd-1.4.2
lighttpd-1.4.20
lighttpd-1.4.21
lighttpd-1.4.22
lighttpd-1.4.23
lighttpd-1.4.25
lighttpd-1.4.26
lighttpd-1.4.27
lighttpd-1.4.28
lighttpd-1.4.3
lighttpd-1.4.4
lighttpd-1.4.5
lighttpd-1.4.6
lighttpd-1.4.7
lighttpd-1.4.8
lighttpd-1.4.9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '059a5a67dd'
${ noResults }
Commit Graph

1218 Commits (059a5a67ddff848385773162f90d6477b450d391)

Author SHA1 Message Date
Stefan Bühler f8f3351506 fix bad shift in conditional netmask ".../0" handling 
config conditionals like $HTTP["remoteip"] == "a.b.c.d/0" (or completely
broken netmasks) triggered bad shifts. Matching against "/0" is not very
useful though - it is always true.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2963 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 3605a3bec3 use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2962 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler d1a2356916 fix SQL injection / host name validation (thx Jann Horn) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2959 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler efc41b2bb1 check length of unix domain socket filenames 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2958 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 7bd0f54ab2 add some asserts to help static analyzers 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2957 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 326f2fb8a4 [mod_accesslog] don't close fd -1 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2956 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 8e31e18b8e [mod_webdav] fix logic error in handling file creation error 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2955 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 57c661c191 fix unchecked return values from stream_open/stat_cache_get_entry 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2954 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler b106513e58 [network] check return value of lseek() 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2953 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 9f2be4882d force assertion: setting FD_CLOEXEC must work (if available) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2952 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler ef0b353fee [mod_cml_lua] fix null pointer dereference 
a local lua script could trigger it by not sending any files and not
  setting a last-modified header, leading to zero mtime and a buffer
  ptr = NULL which was used in http_response_handle_cachable

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2951 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 954184e949 [mod_scgi] use goto error for all error cases in mod_scgi_set_defaults 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2950 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 8f0e19738f fix r2943 (added invalid read after free) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2949 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 07dd0bd0a5 add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2948 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler fba7dd6f43 fix resource leaks in error cases on config parsing and other initializations 
None of this matters - lighttpd will terminate anyway. Still helps the
  code to get cleaner, and makes reviewing output of static analyzers
  easier.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2947 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler bf10267807 [buffer] fix length check in buffer_is_equal_right_len 
buffer_is_equal_right_len didn't check the length of the second
  buffer. as all calls in lighttpd used the length of the second buffer
  as length parameter those calls were not broken.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2946 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler bcd35cc264 remove logical dead code 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2945 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 29a1070299 add comments for switch fall throughs 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2944 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler b239e7734a [mod_magnet] fix memory leak 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2943 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler b461e031f5 [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2942 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler d59c910d6a [mod_dirlisting] fix memory leak if pcre fails 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2941 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 0aaf939e5e [mod_rrdtool] fix invalid read (string not null terminated) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2940 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler fc3a060a04 [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active) 
If a new fastcgi packet is expected, but the currently available
  data doesn't fill the header and debug is active an invalid
  read is triggerd.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2939 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler a7396296da [network/ssl] fix build error if TLSEXT is disabled 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2937 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 524e0a30a0 add two asserts to help parfait (#2530) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2931 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 24994e113a [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2930 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 657566828e [mod_mysql_vhost] fix memory leak on config init (#2530) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2929 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler e346794d59 [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) 
On platforms that support linking modules with undefined symbols we
actually do it; so most of the time -no-undefined should result in an
error.
On platforms that don't support it, it will result in an error sooner or
later anyway (on those it should build a shared libary with the core
code to link the modules against).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2928 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler f0e5c1415d [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2927 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler 17762fad01 maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2926 152afb58-edef-0310-8abb-c4023f1b3aa9
 9 years ago
Stefan Bühler c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2925 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 18869bcfed [mod_ssi] fix "ssi_val_init" prototype 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2924 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 99cddff73a [core] check success of setuid,setgid,setgroups (CVE-2013-4559) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2923 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler d8b363c1d1 [stat-cache] fix FAM cleanup/fdevent handling 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2922 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler ae1335503a [stat-cache] FAM: fix use after free (CVE-2013-4560) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 6f208cfde1 fix/silence bugs reported by ccc-analyzer (clang) 
These should all be non critical:
 * memory leaks on startup in error cases (which lead to
   immediate shutdowns anyway)
 * http_auth/ldap: passing uninitialized "ret" to ldap_err2string
 * sizeof(T) not matching the target pointer in malloc/calloc calls;
   those cases were either:
   * T being the wrong pointer type - shouldn't matter as long as all
     pointers have same size
   * T being larger than the type needed
 * mod_accesslog: direct use after free in cleanup (server shutdown);
   could crash before "clean" shutdown
 * some false positives (mod_compress, mod_expire)
 * assert(srv->config_context->used > 0); - this is always the case,
   as there is always a global config block

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2920 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 4938c94ada fix typo (fixes #2519) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2916 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508) 
pull all ssl.ca-file values into all SSL_CTXs, but use only the local
ssl.ca-file for verify-client; correct SNI name is no requirement,
so enforcing verification for a subset of SNI names doesn't actually
protect those.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 3ce548c8d0 remove unused members from struct server_socket 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2912 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 268c054c40 [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2911 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 9b0d54d7cc [mod_auth] explicitly link ssl for SHA1 (fixes #2517) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2910 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 3863053b99 [mod_scgi] fix log typos 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2902 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 29ff92d9ba [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2901 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 9cfc080ab7 [core] allow files to be used as document-root (fixes #2475) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2900 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler c26b0f9617 [mod_accesslog] add accesslog.syslog-level option (fixes #2480) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2899 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler f0e5b84c27 [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting) 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2898 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 92567b8b8f [core] check whether server.chroot exists 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2896 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 916cf7cfc0 [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2895 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler f9d58670d5 [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436) 
can be combined with ssl:
    ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID"
	auth.require = ("/" => ( "require" => "valid-user", "method" => "extern") )

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2894 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago
Stefan Bühler 2bcf65c285 [mod_auth] some cleanup, only search for matching auth.require path once 
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2893 152afb58-edef-0310-8abb-c4023f1b3aa9
 10 years ago