Commit Graph

4286 Commits (0d9a8ed0aa89080f47beeb97bb82cad6a4ce7b54)

Author SHA1 Message Date
Glenn Strauss 0d9a8ed0aa [mod_ssi] 0-init ssi_val_t in ssi_ctx_t 2021-11-12 17:56:38 -05:00
Glenn Strauss adf2f816df [tests] mod_ssi tests moved to src/t/test_mod_ssi
remove mod_ssi Perl tests now performed by src/t/test_mod_ssi
2021-11-12 17:56:38 -05:00
Glenn Strauss 699209103c [core] use ck_assert() in vector.[ch] 2021-11-07 16:46:20 -05:00
Glenn Strauss be82f3d2e1 [doc] improve sample configs 2021-11-05 11:53:57 -04:00
Glenn Strauss 55d787cd55 [doc] expand vhosts.template 2021-11-05 06:52:45 -04:00
Istiak Ferdous 299220ac0d [doc] improve sample configs
(commit msg edited by gstrauss)
2021-11-05 06:37:46 -04:00
Glenn Strauss feb9b0c4a7 [core] fix removal of when testing (fixes #3115)
(thx dinoex)

fix removal of when testing config with lighttpd -tt
(regression in lighttpd 1.4.60, 1.4.61)

  "Test the configuration file while lighttpd is running."
2021-11-05 04:48:25 -04:00
Glenn Strauss 9974b57aa5 [core] run plugin cleanup hooks in reverse
run plugin cleanup hooks in reverse to balance ctor/dtor-like plugin
2021-11-05 04:48:25 -04:00
Glenn Strauss 8c7b86a316 [tests] reenable test_mod_ssi in cmake
(Instead, workaround added for libtool)
(There must be better ways to do this, but I don't know them right now)
2021-11-05 04:48:25 -04:00
Glenn Strauss d1f4bc98b9 [tests] disable test_mod_ssi in cmake (temporary)
disable test_mod_ssi in cmake (temporary) until include paths updated
or dependency added for the generated ssi parser header and impl
2021-11-04 05:49:39 -04:00
Glenn Strauss e93093422c [tests] disable test_mod_ssi in cmake (temporary)
disable test_mod_ssi in cmake (temporary) until include paths updated
or dependency added for the generated ssi parser header and impl
2021-11-04 05:41:02 -04:00
Glenn Strauss fe7d5a762d [core] libev EV_ERROR conflicts with kqueue
libev EV_ERROR conflicts with kqueue sys/event.h EV_ERROR
2021-11-04 05:32:33 -04:00
Glenn Strauss ec50657efe [mod_cgi] check fd-to-cgi not -1 before close
sanity check
2021-11-04 05:03:08 -04:00
Glenn Strauss 8b10f94c07 [core] warn if dynamic modules before mod_auth
warn if known dynamic modules listed before mod_auth in server.modules

e.g. mod_auth must be listed before mod_fastcgi in server.modules
     for fastcgi.server = ( "mode" => "authorizer" ) to work properly
2021-11-04 03:15:02 -04:00
Glenn Strauss 9cdb812c96 [core] use TCP_CORK w/ TLS if cq length > 16k
use TCP_CORK (on Linux) with TLS if cq length > 16k
2021-11-03 11:48:14 -04:00
Glenn Strauss b376934b67 [core] close backend socket fds more quickly
(thx ThomasDevoogdt)

close backend socket fds more quickly by polling with zero timeout when
there are pending fds scheduled to be closed after the next poll.

  "Slow request handling in Lighttpd 1.4.60"
2021-11-03 11:45:54 -04:00
Glenn Strauss 0f51b3728a [core] fdevent_fdnode.c separate from fdevent.c 2021-11-02 02:58:03 -04:00
Glenn Strauss 7113dcb49b [core] merge fdevent impls into fdevent_impl.c 2021-11-02 02:54:01 -04:00
Glenn Strauss ec52917755 [core] fdevent_impl.c separate from fdevent.c 2021-11-01 11:37:27 -04:00
Glenn Strauss b7a8fd468f [core] fdevent_socket_nb_cloexec_init()
fdevent_socket_nb_cloexec_init() separate from fdevent_init()
2021-11-01 10:34:21 -04:00
Glenn Strauss 84449e1497 [tests] t/test_mod_ssi 2021-11-01 05:46:20 -04:00
Glenn Strauss 98ba0310c4 [core] explicitly include sys/cdefs.h
<sys/cdefs.h> might not be included in standard headers by musl libc

2021-10-30 15:10:08 -04:00
Glenn Strauss c29268cd9e [core] remove redundant asserts
buffer_append_strftime() requires a non-NULL const string for format

buffer_append_string_encoded() and buffer_append_string_c_escaped()
both will handle encoding a 0-length string.  Since a 0-length string
is not expected, do not special-case it.  C type buffer_encoding_t
expects a constant value to be passed, so encoding map is not NULL.
2021-10-29 23:56:05 -04:00
Glenn Strauss 563eaea00d [core] 'struct log_error_st' -> 'log_error_st'
typedef redefinitions may cause issues with older compilers

(The intention behind the decls and defines were done to reduce the
 number of unrelated lines modified for the transition to fdlog_st)

2021-10-29 10:19:36 -04:00
Glenn Strauss d361f9cca0 [core] clean up fdlog_st and log_error_st decls
typedef redefinitions may cause issues with older compilers

(The intention behind the decls and defines were done to reduce the
 number of unrelated lines modified for the transition to fdlog_st)

2021-10-29 10:15:02 -04:00
Glenn Strauss 584a69c4ae [mod_alias] fix use-after-free bug (fixes #3114)
(thx LoneFox)

bug introduced in 62a874df in lighttpd 1.4.59

  "Use-after-free bug in mod_alias"
2021-10-29 08:15:41 -04:00
Glenn Strauss 1540fdeab9 - next is 1.4.62 2021-10-28 19:29:08 -04:00
Glenn Strauss 3cf695d34b [doc] NEWS 2021-10-28 18:56:50 -04:00
Glenn Strauss e8eac0c2ad [core] chunkqueue_small_resp_optim() comment 2021-10-28 17:58:06 -04:00
Glenn Strauss 90f062cb07 [core] add HTTP/2 check resp finished w/ empty cq (#3111)
connection_handle_write_state() call to subrequest handler might set
r->resp_body_finished, but we need to check if r->write_queue is empty
before changing state from CON_STATE_WRITE to CON_STATE_RESPONSE_END

(If r->write_queue was already empty when the subrequest handler marked
 resp_body_finished, connection_state_machine_h2() could miss changing
 the request state to CON_STATE_RESPONSE_END)

  "HTTP/2 requests sometimes take very long (missing last chunk)"
  "Slow request handling in Lighttpd 1.4.60"
2021-10-28 02:03:22 -04:00
Glenn Strauss ac9c9935a2 [multiple] add assert after malloc in two spots
add missing assert after malloc in two spots to detect malloc failure
2021-10-27 18:04:20 -04:00
Glenn Strauss 7edb1956f3 [mod_auth] clear crypt() output if len >= 13
crypt() static output buffer is cleared upon next call to crypt(),
but clear output buffer anyway since next call to crypt() might be
much later.  Only clear crypt() output if length >= 13, since if
there is an error in crypt(), 'man crypt' warns:

"Some implementations of crypt, upon error, return an invalid hash that
is stored in a read-only location or only initialized once, which means
that it is only safe to erase the buffer pointed to by the crypt return
value if an error did not occur."
2021-10-27 17:59:13 -04:00
Glenn Strauss a067d99fa0 [core] chunkqueue_small_resp_optim if resp < 16k
(adjusted down from 32k after some basic benchmarking using weighttp)
2021-10-27 04:16:38 -04:00
Glenn Strauss 9a442b5555 [core] tighten chunkqueue_small_resp_optim() 2021-10-27 04:16:38 -04:00
Glenn Strauss 92cdf84951 [doc] uncomment mod_auth load in conf.d/auth.conf
uncomment mod_auth load in conf.d/auth.conf to match other conf.d/*
2021-10-27 04:16:38 -04:00
Glenn Strauss 41564a7e92 [core] tighten chunkqueue_mark_written; better asm
chunkqueue_mark_written() also removes finished chunks from beginning of
chunkqueue instead of separate call to chunkqueue_remove_finished_chunks
2021-10-27 04:16:38 -04:00
Glenn Strauss 3964a6ac39 [core] pwritev w/ chunkqueue_steal_with_tempfiles
use pwritev(), where available, with chunkqueue_steal_with_tempfiles()

The initial write to tempfiles (when response initially grows too
large in memory) can be multiple MEM_CHUNKs, so attempt to use
single pwritev() syscall
2021-10-27 04:16:38 -04:00
Glenn Strauss 5c18891a94 [build] check for preadv(), pwritev() 2021-10-27 04:16:38 -04:00
Glenn Strauss 907ec27737 [core] tighten chunkqueue_steal* code; better asm 2021-10-27 04:16:38 -04:00
Glenn Strauss 9466afd909 [core] remove redundant checks in same context 2021-10-27 04:16:38 -04:00
Glenn Strauss f71b048160 [multiple] warn deprecated mods slated for removal
issue warning to error log for deprecated modules slated for removal
2021-10-27 04:16:38 -04:00
Glenn Strauss fe055165d8 [mod_ajp13,mod_fastcgi] recv_parse smaller funcs
break *_recv_parse() into a pair of slightly smaller funcs
2021-10-27 04:16:38 -04:00
Glenn Strauss c22a56fe3b [core] restart dead proc on connect error if local
restart dead proc on connect error only if proc started by lighttpd
2021-10-27 04:16:38 -04:00
Glenn Strauss 18ed51f06d [mod_proxy] Length Req if proxy forcing HTTP/1.0
return 411 Length Required if mod_proxy configured to force HTTP/1.0
to backend and configured to stream request body, and client request
has a request body but did not provide Content-Length.
2021-10-27 04:16:38 -04:00
Glenn Strauss 1acf9db7d3 [mod_ajp13,mod_fastcgi] check resp w/ content len
limit response body from mod_ajp13 and mod_fastcgi to Content-Length,
if Content-Length is provided in response headers; discard excess
2021-10-27 04:16:38 -04:00
Glenn Strauss e78cd76511 [core] combine more dup header processing code
(pedantically, repeating HTTP_HEADER_HTTP2_SETTINGS should be an error,
 but ignore the duplicate if it matches the value of the first one seen)
2021-10-27 04:16:38 -04:00
Glenn Strauss 7daafadb9d [core] allow debug.log-state-handling in condition
allow debug.log-state-handling to be enabled in config conditions,
even though the connection and request may already have begun
(and therefore not logging state changes which already occurred)

(also, minor additional structure cleanups made in the vicinity)
2021-10-27 04:16:38 -04:00
Glenn Strauss 23b94856b1 [mod_nss] quiet trace for PR_END_OF_FILE_ERROR
quiet trace for PR_END_OF_FILE_ERROR
unless debug.log-ssl-noise = "enable"

2021-10-27 04:16:38 -04:00
Glenn Strauss 6fd98f89fa [core] clear shared log buffer after writes
avoid repeating error trace when all fdlog_t are periodically flushed
2021-10-27 04:16:38 -04:00
Glenn Strauss 92f2ac9b3f [core] thwart h2 request tunnelling
Existing behavior: strict header parsing, strict host parsing, and
basic url normalization are enabled by default in lighttpd, and
protect against h2 request tunnelling attempts using invalid chars
in headers.

Keeping strict parsing settings enabled is strongly recommended.

If any are explicitly disabled in lighttpd.conf, then this patch takes
steps to thwart h2 request tunnelling.

  "HTTP/2: The Sequel is Always Worse"
2021-10-27 04:16:38 -04:00