lighttpd1.4

lighttpd

Author	SHA1	Message	Date
Glenn Strauss	6748a58cca	[core] pass scheme port to http_request_parse() con->proto_default_port is a property of the connection, which influences the default port used in host normalization	2 years ago
Glenn Strauss	1dd58c5ad8	[multiple] con->proto_default_port	2 years ago
Glenn Strauss	c8cd7cf49b	[multiple] extern log_epoch_secs replace srv->cur_ts	2 years ago
Glenn Strauss	409bba80b1	[multiple] reduce direct use of srv->cur_ts	2 years ago
Glenn Strauss	010c28949c	[multiple] prefer (connection ) to (srv ) convert all log_error_write() to log_error() and pass (log_error_st ) use con->errh in preference to srv->errh (even though currently same) avoid passing (server ) when previously used only for logging (errh)	2 years ago
Glenn Strauss	feb21b3da2	[core] inline header and env arrays into con	2 years ago
Glenn Strauss	601c572c39	[core] inline buffer as part of data_string value (instead of value being (buffer *))	2 years ago
Glenn Strauss	ddb78f75ee	[core] remove unused array_reset()	2 years ago
Glenn Strauss	36f3206a4c	[core] pass ptr to http_request_parse()	2 years ago
Glenn Strauss	63e32e8100	[core] perf: HTTP header parsing using \n offsets	2 years ago
Glenn Strauss	fa4ab19275	[core] reduce use of struct parse_header_state	2 years ago
Glenn Strauss	c22ec74770	[core] do not pass srv to http header parsing func srv is retrieved from con->srv in the few cases where needed	2 years ago
Glenn Strauss	9858051d03	[core] remove srv->split_vals	2 years ago
Glenn Strauss	61f85d14ee	[core] reject WS following header field-name (fixes #2985 ) reject whitespace following request header field-name and before colon Such whitespace is forbidden in RFC 7230 Section 3.2.4. strict header parsing is enabled by default in lighttpd. However, if explicitly disabled in lighttpd.conf, lighttpd will continue to accept (and re-format) such field-names before passing to any backend. UNSAFE: server.http-parseopts = ( "header-strict" => "disable" ) This is NOT RECOMMENDED since doing so disables other protections provided by lighttpd strict http header parsing. (thx fedormixalich) x-ref: stricter request header parsing https://redmine.lighttpd.net/issues/2985	2 years ago
Glenn Strauss	cbad7517c8	[core] struct log_error_st for error logging	3 years ago
Glenn Strauss	daa5f7c576	[mod_accesslog] attempt to reconstruct req line cease http_request_parse_reqline() unconditionally copying request line, as request line is currently used only by mod_accesslog 'r' format	3 years ago
Glenn Strauss	950832af67	[core] RFC7230 HTTP-version parse	3 years ago
Glenn Strauss	e5d61e9a5f	[core] http_request_parse() mark error paths cold	3 years ago
Glenn Strauss	25185d1de0	[core] pass req hdrs buffer to http_request_parse	3 years ago
Glenn Strauss	d7ad5819e6	[core] copy request only if might need for logging copy request header only if we may need to log it upon error	3 years ago
Glenn Strauss	c2a9692e78	[tests] include first.h and NDEBUG early	4 years ago
Glenn Strauss	c98d89a4bb	[tests] #undef NDEBUG before assert.h in t/test_*	4 years ago
Glenn Strauss	3dd3cde902	[core] abstraction layer for HTTP header manip http_header.[ch] convert existing calls to manip request/response headers convert existing calls to manip environment array (often header-related)	4 years ago
Glenn Strauss	ad27206608	[core] redo HTTP header line folding Replace separators between folded header lines in-place using spaces and then process the single header line. (Reverts change which replaces folding whitespace with single space) Acknowledgement: Or Peles of VDOO reference: VD-0871, VD-0872, VD-0873 (thx Or Peles)	4 years ago
Stefan Bühler	3be0707839	[core] replace folding whitespace with a single space - previously the leading whitespace from folded lines was kept - also ignore lines without any data	4 years ago
Glenn Strauss	d161f53de0	[core] security: use-after-free invalid Range req (thx Marcus Wengelin)	4 years ago
Glenn Strauss	5868b8ca12	[core] add missing includes to quiet compiler warn add missing system includes to quiet compiler warnings on Mac OS X	4 years ago
Glenn Strauss	3eb7902e10	[core] server.http-parseopts URL normalization opt (fixes #1720 ) server.http-parseopts = ( ... ) URL normalization options Note: not applied to CONNECT method Note: In a future release, URL normalization likely enabled by default (normalize URL, reject control chars, remove . and .. path segments) To prepare for this change, lighttpd.conf configurations should explicitly select desired behavior by enabling or disabling: server.http-parseopts = ( "url-normalize" => "enable", ... ) server.http-parseopts = ( "url-normalize" => "disable" ) x-ref: "lighttpd ... compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data." https://www.cvedetails.com/cve/CVE-2008-4359/ "Rewrite/redirect rules and URL encoding" https://redmine.lighttpd.net/issues/1720	4 years ago
Glenn Strauss	6ccccaaa38	[tests] move src/test_*.c to src/t/	4 years ago
Glenn Strauss	1b62dc325c	[tests] test_request unit tests unit tests for request processing collect existing request processing tests from Perl tests/.t (test_request.c runs much* more quickly than Perl tests/*.t)	4 years ago

29 Commits (6748a58ccaa7167081942580ca437a82262f3f3b)