Commit Graph

3949 Commits

Author SHA1 Message Date
Glenn Strauss 5ff9e2f6eb [core] remove some (now) unused http_chunk APIs
remove http_chunk_append_file() and http_chunk_append_file_range()

callers should choose to use stat_cache_entry_open() for caching
or should open file and check sizes and ranges
2021-05-14 03:43:41 -04:00
Glenn Strauss 1ce8220947 [core] range chk http_chunk_append_file_ref_range
add range sanity check in http_chunk_append_file_ref_range()
(before potentially sending HTTP/1.1 chunked header)
2021-05-14 03:43:18 -04:00
Glenn Strauss f0da8dd910 [mod_magnet] use http_chunk_append_file_ref_range 2021-05-14 02:39:40 -04:00
Glenn Strauss 1d9fe2a3d6 [mod_flv_streaming] check range before sending FLV
check range before sending FLV header
2021-05-14 02:29:24 -04:00
Glenn Strauss 2663bda37c [core] add option to read config file from stdin
add option to read config file from stdin using: -f -
(with "-" indicating to read config file from stdin)

This was already been possible using temporary files, unlinked and
passed to lighttpd as -f /proc/self/fd/XX (with XX as fd number)
on systems (or containers) in which /proc/self/fd/ is available

Note: using -f - is incompatible with one-shot mode (-1)
since one-shot mode expects stdin to be connected to the client
2021-05-13 20:35:38 -04:00
Glenn Strauss fd0cc46833 [core] remove HANDLER_UNSET enum value 2021-05-13 15:15:20 -04:00
Glenn Strauss bedfd8a78e [mod_*_dbi] fix sqlite3_dbdir spelling in comments
The sqlite3 option is "sqlite3_dbdir"
2021-05-13 13:48:24 -04:00
Glenn Strauss 302d82a59c [core] accept in network_server_handle_fdevent()
merge connection_accept() into network_server_handle_fdevent()

(possible since connection_accepted() was split out from
 connection_accept() a long time ago)
2021-05-13 02:10:58 -04:00
Glenn Strauss 924d3c9bd6 [multiple] mark con->srv_socket a const ptr 2021-05-13 02:09:48 -04:00
Glenn Strauss c964568e25 [core] remove redundant check for max_conns
network_server_handle_fdevent() checks max_conns and is the only
callers of connection_accept(), so connection_accept() does not
need to repeat the check.
2021-05-13 01:04:57 -04:00
Glenn Strauss 7b0bc1298a [core] reorder hook enum for better mem locality 2021-05-12 05:25:38 -04:00
Glenn Strauss 0afab29cfb [core] merge uri_raw and uri_clean hooks
hooks are run consecutively in http_response_prepare()

merge uri_raw before uri_clean to preserve existing ordering
2021-05-12 05:23:28 -04:00
Glenn Strauss 3a9a3716c4 [core] adjust r->http_host ptr caching
faster to use http_header_request_set_ptr() and buffer_copy_string_len()
than to use http_header_request_set() and http_header_request_get()

check r->http_host for NULL instead of relying on buffer_copy_* to do so
2021-05-10 20:20:28 -04:00
Glenn Strauss 01a9e31227 [cmake] update src/config.h.cmake 2021-05-08 19:50:05 -04:00
Glenn Strauss 21539ec69e [cmake] improve cmake detection of timegm 2021-05-08 18:53:04 -04:00
Glenn Strauss 7a15bfcf04 [mod_auth] include unistd.h for crypt() on *nix
(needed by *BSD in addition to Mac OS)
2021-05-08 18:44:25 -04:00
Glenn Strauss 22e8f600f5 [core] quiet coverity noise 2021-05-08 18:32:14 -04:00
Glenn Strauss f8914ac381 [core] remove excess assertions in buffer_commit()
buffer_commit() is called by routines which preallocate for operations
like read().  The caller must properly manage the memory.  The checks
removed from buffer_commit() are too late.
2021-05-08 16:51:28 -04:00
Glenn Strauss 980554bc70 [core] simplify buffer_path_simplify() 2021-05-08 14:34:05 -04:00
Glenn Strauss b2f4c00784 [core] mark some likely hot paths (better asm)
slightly reorganize some code for better asm
2021-05-08 01:16:46 -04:00
Glenn Strauss 17d9733f6e [core] http_response_prepare() OPTIONS *, CONNECT
special-case OPTIONS * and CONNECT in http_response_prepare()

http_response_prepare() is no longer revisited if r->handler_module
is set, so it is no longer necessary to fill r->physical.path for
2021-05-07 21:29:02 -04:00
Glenn Strauss 325690b039 [core] mark cold paths in http_response_config
HTTP/1.1 is not typically disabled

GET/HEAD are typically the most frequent request types
  and request body is not typically present for GET/HEAD
2021-05-07 16:39:52 -04:00
Glenn Strauss f7bcc83355 [core] buffer_is_equal_string -> buffer_eq_slen 2021-05-07 16:39:52 -04:00
Glenn Strauss 1aae63af62 [core] remove buffer_is_equal_right_len()
(not widely used or widely useful)
2021-05-07 16:39:52 -04:00
Glenn Strauss e0a4a7849f [core] check for Upgrade before h2 upgrade check
(short-circuit if Upgrade header not present)
2021-05-07 16:39:52 -04:00
Glenn Strauss e2bd776f8f [tests] disable secdownload HMAC tests for NSS
NSS crypto lib does not expose interfaces to HMAC funcs
2021-05-07 16:39:52 -04:00
Glenn Strauss 28f1d010d2 [core] improve HTTP/2 behavior w/ max-request-size
improve HTTP/2 behavior when server.max-request-size reached

accept slightly more data than max-request-size if END_STREAM flag recvd

reduce rwin so that client may exceed server.max-request-size, but not
by much.  (client might ignore and might send a firehose of data anyway)
accept up to 64k more data to potentially sink data that was in-flight
beyond the rwin, in order to allow server to send 413 Payload Too Large
before resetting the stream.
2021-05-07 16:39:52 -04:00
Glenn Strauss b288eeafaa [core] http_response_send_file() mark cold paths 2021-05-06 17:35:00 -04:00
Glenn Strauss 2097fe441b [mod_extforward] shared mod_extforward_bad_request 2021-05-06 17:35:00 -04:00
Glenn Strauss 6c40f997b9 [core] merge http_response_send_file 0-size case
merge http_response_send_file 0-sized file special case
(historically was a short-circuit before Range handling,
 but Range handling has been rewritten and moved elsewhere)
2021-05-06 17:35:00 -04:00
Glenn Strauss 4c12d7da08 [core] tighten code in request_check_hostname() 2021-05-06 17:35:00 -04:00
Glenn Strauss 060be714be [mod_auth] include unistd.h for crypt() on Mac OS 2021-05-06 17:35:00 -04:00
Glenn Strauss a473d48c43 [core] consolidate overflow checks in li_to_base64 2021-05-06 17:35:00 -04:00
Glenn Strauss bc572e1c56 [core] base64_charset enum supports only 2 tables 2021-05-06 17:35:00 -04:00
Glenn Strauss 6de4c809c9 [core] buffer_append_base64_encode_opt()
with option to include or omit padding

single func to handle both:
- buffer_append_base64_encode_no_padding
- buffer_append_base64_encode
2021-05-06 17:35:00 -04:00
Glenn Strauss 6f942adfe0 [core] li_to_base64 alt code to add padding 2021-05-06 17:35:00 -04:00
Glenn Strauss 5e39c81ff2 [core] li_base64_decode mark cold code path 2021-05-06 17:35:00 -04:00
Glenn Strauss 099dc83fbe [core] li_base64_decode similar to li_to_base64 2021-05-06 17:35:00 -04:00
Glenn Strauss 871ef50eff [build] --with-nss add test for /usr/include/nspr4
  "nspr header location"
2021-05-06 17:35:00 -04:00
Glenn Strauss 57c8b3287d [mod_staticfile] move cold paths to separate func 2021-05-06 17:35:00 -04:00
Glenn Strauss 9a5e1652be [multiple] static file optimization; reuse cache
reuse cache lookup in common case of serving a static file
rather than repeating the stat_cache_entry lookup
(which is more work than memcmp() to re-check stat_cache_entry match)
2021-05-06 17:35:00 -04:00
Glenn Strauss 7ff6adc44c [core] tolerate dup array config values if match
tolerate duplicated array config values if identical key and value
(still issue warning trace)
2021-05-06 17:35:00 -04:00
Glenn Strauss 92d467b45e [TLS] ALPN h2 policy
HTTP/2 requires that TLS protocol >= TLSv1.2
HTTP/2 requires that TLS record compression be disabled
HTTP/2 requires that TLSv1.2 renegotiation be disabled

HTTP/2 requires that TLS SNI extension be presented with ALPN h2
  (not enforced;
   SNI omitted by client when connecting to IP instead of to name)

RFC 7540 9.2 Use of TLS Features
"Implementations are encouraged to provide defaults that comply,
 but it is recognized that deployments are ultimately responsible
 for compliance."

If TLS record compression or renegotiation are for some reason required
(which is strongly discouraged), then disable HTTP/2 in lighttpd with
  server.feature-flags = ("server.h2proto" => "disable")
2021-05-06 17:34:58 -04:00
Glenn Strauss 9ac307ec14 [mod_authn_file] wipe password/digest after use
slurp password/digest file into memory and then clear after use
(avoid stdio, which buffers by default and does not wipe those buffers)

password/digest files are not expected to be very large
e.g. a password file with 1000 entries is expected to be < 64k
If files are larger, mod_authn_dbi or other mod_authn_* is recommended
2021-04-29 09:19:56 -04:00
Glenn Strauss 13ea2d880b [core] consistent inclusion of sys-time.h 2021-04-28 14:08:29 -04:00
Glenn Strauss a1eba3c89b [core] reuse code to parse backend response
reuse code to parse backend response (http_header_parse_hoff())
2021-04-27 15:13:40 -04:00
Glenn Strauss 3a845f7bec [mod_webdav] quiet pedantic compiler warning 2021-04-27 14:03:06 -04:00
Glenn Strauss 1db8da2fb6 [mod_expire] send only Cache-Control to >=HTTP/1.1
HTTP/1.1 dictates that Cache-Control overrides Expires if both present.
Therefore, send only Cache-Control to HTTP/1.1 requests.  This means
that if an intermediary upgraded the request to HTTP/1.1, and the actual
client sent HTTP/1.0, then the actual client might not understand
Cache-Control when it may have understood Expires.  RFC 2616 HTTP/1.1
was released June 1999, almost 22 years ago (as this comment is written)
If a client today is sending HTTP/1.0, chances are the client does not
cache.  Avoid the overhead of formatting time for Expires to send both
Cache-Control and Expires when the majority of clients are HTTP/1.1 or
HTTP/2 (or later).
2021-04-27 03:04:19 -04:00
Glenn Strauss 6b6252a3ba [core] move timegm() impl inline in sys-time.h
(for systems without timegm())
2021-04-26 12:50:20 -04:00
Glenn Strauss c2feb3e1ad [mod_expire] check for default if mime not found
check for default caching if mime-type not found in expire.mimetypes
2021-04-26 08:59:34 -04:00