Commit Graph

3790 Commits (830d7e05613e554c67fb3bc81b67dad6e1ece72d)
 

Author SHA1 Message Date
Glenn Strauss 830d7e0561 [core] fix -fsanitize=undefined pedantic warning (fixes #3069)
cast to unsigned before << 4 to avoid (pedantic) undefined behavior
of (time_t) (which is signed integral type) on 32-bit signed time_t
The high bit gets shifted into the sign-bit, which is technically
undefined behavior in C, but is defined behavior in C++.

x-ref:
  "pedantic warning from -fsanitize=undefined"
  https://redmine.lighttpd.net/issues/3069
2 years ago
Glenn Strauss f9ff15a013 [core] mark config registration funcs cold 2 years ago
Glenn Strauss b59b17aaec [core] rename local var 2 years ago
Glenn Strauss 086945bfb0 [core] allow '*' in "*:80" socket spec 2 years ago
Glenn Strauss 28fc51c747 [build] augment configure.ac msgs to remove FAM (#3068)
augment configure.ac msgs to remove FAM on linux and *bsd

x-ref:
  "stat-cache-fam feature appears disabled since 1.4.56"
  https://redmine.lighttpd.net/issues/3068
2 years ago
Glenn Strauss 46269cf3a3 [mod_mbedtls] preproc wrap ssl_parse_client_hello
wrap ssl_parse_client_hello() with preprocessor definitions
2 years ago
Glenn Strauss 457d78c6e1 [build] use -pipe with gcc and clang 2 years ago
Glenn Strauss 603a1fa573 [core] inline funcs to decode h2 framing nums (fixes #3067)
cast high uint8_t byte to uint32_t before bit shifting << 24 to avoid
(pedantic) undefined behavior of uint8_t byte with high bit set when
it is promoted to int and then bit-shifted left 24 bytes.  The high bit
gets shifted into the sign-bit, which is technically undefined behavior
in C, but is defined behavior in C++.

x-ref:
  "pedantic warning from -fsanitize=undefined"
  https://redmine.lighttpd.net/issues/3067
2 years ago
Glenn Strauss 165600498b [build] fix SCons pkg-config err handling (fixes #3066)
(thx elchenberg)

x-ref:
  "OSError in SConstruct on Alpine Linux"
  https://redmine.lighttpd.net/issues/3066
2 years ago
Glenn Strauss 4a600dabd5 [mod_auth] close HTTP/2 connection after bad pass
mitigation slows down brute force password attacks

x-ref:
  "Possible feature: authentication brute force hardening"
  https://redmine.lighttpd.net/boards/3/topics/8885
2 years ago
Glenn Strauss dc4ff14c1f [tests] remove stray option in test lighttpd.conf 2 years ago
Glenn Strauss 2403cc4f09 [mod_gnutls,mod_mbedtls] recog common cipherstring
recognize and translate a common recommended cipherstring
  "ECDHE+AESGCM:ECDHE+AES256:CHACHA20:!SHA1:!SHA256:!SHA384"

(basically: ECDHE+AESGCM:ECDHE+AES256:CHACHA20
 without CBC ciphers reported as weak by SSLLabs)
2 years ago
Glenn Strauss 1ca25d4e2c [core] 101 upgrade fails if Content-Length incl (fixes #3063)
(thx daimh)

commit 903024d7 in lighttpd 1.4.57 fixed issue #3046 but in the process
broke HTTP/1.1 101 Switching Protocols which included Content-Length: 0
in the response headers.  Content-Length response header is permitted
by the RFCs, but not necessary with HTTP status 101 Switching Protocols.

x-ref:
  "websocket proxy fails if 101 Switching Protocols from backend includes Content-Length"
  https://redmine.lighttpd.net/issues/3063
2 years ago
Glenn Strauss 5e8567f820 [mod_magnet] do not call luaL_error outside pcall (#3065)
(thx axe34)

do not call luaL_error() outside lua_pcall()

In magnet_attach_content(), call log_error() to report error,
not luaL_error(), and set flag to exit loop to allow the proper
number of entries to be popped off the lua stack.

x-ref:
  "Segmentation Fault due to Empty String on Mod Magnet"
  https://redmine.lighttpd.net/issues/3065
2 years ago
Glenn Strauss 5c386efe8f [mod_magnet] avoid infinite loop in atpanic (fixes #3065)
(thx axe34)

Be more careful inside the atpanic handler to avoid an infinite loop
that repeats the call to the atpanic handler

x-ref:
  "Segmentation Fault due to Empty String on Mod Magnet"
  https://redmine.lighttpd.net/issues/3065
2 years ago
Glenn Strauss e56e387196 [mod_magnet] reject stat() of empty string (fixes #3064)
(thx axe34)

Anyone running lua code inside the lighttpd server has control over
the lighttpd server, so this commit does not protect against
malicious behavior, but instead this commit more gracefully handles
a lua programmer mistake of attempting to stat() an empty string.

x-ref:
  "Server Aborted due to Malicious Data sent to lighty.stat"
  https://redmine.lighttpd.net/issues/3064
2 years ago
Glenn Strauss a737572aa4 [meson] add with_zstd to meson_options.txt 2 years ago
Glenn Strauss 5921b2f411 - next is 1.4.60 2 years ago
Glenn Strauss 529cf9547e [doc] NEWS 2 years ago
Glenn Strauss ba290f181f [core] quiet coverity warning
add arbitrary limit of 4096 fds to accept via systemd socket activation
(through environment variables)
2 years ago
Glenn Strauss b0439d8fa8 [mod_mbedtls] remove redundant condition check
(identified by coverity)
2 years ago
Glenn Strauss 2a557809d9 [core] re-validate h2 CONTINUATION frame len in cq
(identified by coverity)
2 years ago
Glenn Strauss 3edeb6b432 [mod_mbedtls] restore ALPN chk after client hello
(removed two commits ago)

must check selected ALPN after client hello has completed
for case where hctx->conf.ssl_acme_tls_1 is not enabled
or else ALPN "h2" will not be detected
2 years ago
Glenn Strauss 649829f906 [mod_cgi] fix assert if empty X-Sendfile path (fixes #3062)
(thx axe34)

Please note that this would not have crashed "x-sendfile-docroot"
were set to restrict the locations of files that can be sent via
X-Sendfile.  If users are untrusted, "x-sendfile" should not be
enable without also configuring "x-sendfile-docroot"

x-ref:
  "Server Aborted due to Malicious Data sent through CGI Sendfile"
  https://redmine.lighttpd.net/issues/3062
2 years ago
Glenn Strauss b80d287df7 [mod_mbedtls] fix acme-tls/1 challenge bootstrap
mbedtls does not provide a callback for ALPN and expects certificate to
be set in SNI callback (if set), while still in MBEDTLS_SSL_CLIENT_HELLO
state.  Waiting until after MBEDTLS_SSL_CLIENT_HELLO would be fine for
using ALPN for "h2", but is too late to set acme-tls/1 challenge cert.
Therefore, parse client hello for ALPN prior to initiating mbedtls
processing of handshake.
2 years ago
Glenn Strauss 889d53aea4 [mod_mbedtls] fix acme-tls/1 challenge bootstrap
handle id-pe-acmeIdentifier OID in custom callback
(requires mbedtls 2.23.0 or later)
2 years ago
Glenn Strauss 86a6c9ca35 [mod_wolfssl] copy stapling buf for OCSP resp 2 years ago
Glenn Strauss e37b962c31 [mod_nss] fix acme-tls/1 challenge bootstrap
ALPN requires SNI, but ALPN hook appears to be called before SNI hook in
NSS, so set flag in ALPN hook, and handle acme-tls/1 ALPN in SNI hook
2 years ago
Glenn Strauss 0936fe6905 [mod_gnutls] fix acme-tls/1 challenge bootstrap
parse ALPN in GNUTLS_HOOK_PRE via gnutls_ext_raw_parse()

(does not appear to work when checking in GNUTLS_HOOK_POST)
2 years ago
Glenn Strauss 2d78182546 [TLS] set r->uri.authority empty str upon accept()
ensure not NULL for error messages
2 years ago
Glenn Strauss 77209c7a26 [mod_openssl] fix acme-tls/1 challenge bootstrap
do not send multiple certs in server hello
2 years ago
Glenn Strauss 18fc244a8e [TLS] fix invalid cfg warning 2 years ago
Glenn Strauss 8d4f785f69 [mod_wolfssl] wolfSSL might repeat SNI_Callback()
wolfSSL might call SNI_Callback() multiple times,
so detect and short-circuit if already called for connection
2 years ago
Glenn Strauss f885498b46 [build] fix typo in SConstruct (fixes #3061)
(thx eryretqwewrqr)

x-ref:
  "NameError ins SConstruct"
  https://redmine.lighttpd.net/issues/3061
2 years ago
Glenn Strauss 1098de533a [mod_gnutls,mod_mbedtls] recog common cipherstring
recognize and translate a common recommended cipherstring
  "EECDH+AESGCM:AES256+EECDH:CHACHA20:!SHA1:!SHA256:!SHA384"

(basically: EECDH+AESGCM:AES256+EECDH:CHACHA20
 without CBC ciphers reported as weak by SSLLabs)
2 years ago
Glenn Strauss b03b86f47b [core] fix merging large headers across mult reads (fixes #3059)
(thx mitd)

x-ref:
  "Connections stuck in Close_Wait causing 100% cpu usage"
  https://redmine.lighttpd.net/issues/3059
2 years ago
Glenn Strauss cf3e301272 [core] tighten struct data_config and related code
tighten struct data_config and config_cond_info
create config key at startup and reuse for debug/trace
separate routine for configparser_parse_condition()
separate routine for configparser_parse_else_condition()
2 years ago
Glenn Strauss 0045b9aa1a [core] const data_unset *array_get_element_klen()
return (const data_unset *) from array_get_element_klen();
use array_get_data_unset() for non-const (note: marked attribute cold)
2 years ago
Glenn Strauss db73879bf0 [mod_ajp13] AJPv13 Tomcat connector for lighttpd
(experimental)

AJPv13 protocol reference:
  https://tomcat.apache.org/connectors-doc/ajp/ajpv13a.html
2 years ago
Glenn Strauss d9b956b938 [core] enable HTTP/2 by default
HTTP/2 via TLS ALPN extension  (TLS)
HTTP/2 via Upgrade: h2c        (cleartext)
HTTP/2 via Prior Knowledge     (cleartext)

To disable HTTP/2:
  server.feature-flags += ("server.h2proto" => "disable")
To disable upgrade to HTTP/2 over cleartext HTTP:
  server.feature-flags += ("server.h2c"     => "disable")
2 years ago
Glenn Strauss 5ccebbf04e [multiple] quiet some clang-analyzer warnings 2 years ago
Glenn Strauss 33e400b429 [multiple] avoid duplicate parsing in trigger func (#3056)
x-ref:
  "OCSP Stapling reload seems not to work"
  https://redmine.lighttpd.net/issues/3056
2 years ago
Glenn Strauss 81e4f4c4a7 [TLS] detect expired stapling file at startup (fixes #3056)
also adjust time_t comparison to (pc_stapling_nextts > cur_ts + 256)
(time_t is expected to be signed integral type, but might be unsigned)

x-ref:
  "OCSP Stapling reload seems not to work"
  https://redmine.lighttpd.net/issues/3056
2 years ago
Glenn Strauss 3a2ddc6cf8 [core] skip interest in POLLRDHUP after POLLRDHUP (#3059)
x-ref:
  "Connections stuck in Close_Wait causing 100% cpu usage"
  https://redmine.lighttpd.net/issues/3059
2 years ago
Glenn Strauss 471ab4dd5b [core] fix 100% CPU spin if traffic limit hit
(thx Dirk) (reported on FreeBSD)

HTTP/1.1 requests might end up spinning if traffic limits are configured
  (connection.kbytes-per-second)
  (server.kbytes-per-second)
2 years ago
Glenn Strauss fcbfc08352 [core] check more carefully after SSL_WANT_WRITE
con->is_readable and con->is_writable might be set to -1 by TLS modules
which encounter SSL_WANT_READ or SSL_WANT_WRITE.  Either might occur
during read or write, and so -1 was used to flag this.

However, code which used con->is_readable and con->is_writable now needs
to check for value > 0 rather than treating value as a boolean.
2 years ago
Glenn Strauss b757e738fd [mod_gnutls] fix alt code for coverity 2 years ago
Glenn Strauss 915b4ef3fc [multiple] fix TLS config string parsing
flagged by coverity

(incomplete fix a few commits back)
2 years ago
Glenn Strauss 9d8d559e1f [mod_wolfssl] fix syntax errors 2 years ago
Glenn Strauss 755f895b79 [mod_wolfssl] wipe ssl_pemfile_pkey before free() 2 years ago