Commit Graph

2774 Commits

Author SHA1 Message Date
Glenn Strauss d825966739 [core] reject Transfer-Encoding from proxy (#2913)
reject Transfer-Encoding from backend for mod_proxy.
mod_proxy currently sends HTTP/1.0 requests to the backend,
for which Transfer-Encoding: chunked is not a valid response header.
Additionally, there is no value to Transfer-Encoding: chunked from
backend since lighttpd mod_proxy sends HTTP/1.0 request along with
Connection: close, so the backend closing the socket is the end of
the response from the backend.

  "Reverse proxy does not work with sandstorm"
2018-10-07 20:10:14 -04:00
Glenn Strauss 7a7f4f987a [mod_openssl] no renegotiation in TLS 1.3 (fixes #2912)
  "OpenSSL 1.1.1: renegotiation initiated by client, killing connection"
2018-10-06 05:07:28 -04:00
Glenn Strauss 4674d2d180 [core] fix missing param from prev commit 2018-10-05 10:17:46 -04:00
Glenn Strauss 877ac2942a [core] better consistency in buffer_is_equal*()
buffer_is_equal_caseless_string() now correctly matches against
the string only up to the provided string length, since the
string might not be '\0' terminated.
2018-10-05 01:05:44 -04:00
Glenn Strauss 7af5ba92ed [core] PATH_INFO calculation when basedir is "/" (fixes #2911)
PATH_INFO calculation when basedir is "/" or empty

  "pathinfo not recognized if basedir is empty"
2018-10-04 23:32:41 -04:00
Glenn Strauss e3c39f5cbc [meson] build fixes for libmariadb and libsasl2
(commented out test for libmysqlclient in favor of libmariadb)
2018-09-29 22:53:39 -04:00
Glenn Strauss d6bd929e5d [build] put request.c in common src
put request.c in common src for CMake, SCons, and meson builds
(request.c is already in common source list in
2018-09-29 22:09:58 -04:00
Glenn Strauss 233db8d668 [TLS] sys-crypto.h abstraction
(add the header)
2018-09-26 08:23:36 -04:00
Glenn Strauss 368630d925 [TLS] sys-crypto.h abstraction 2018-09-26 01:08:24 -04:00
Glenn Strauss e1f21b2adb [mod_secdownload] support if HMAC() is a macro
support if HMAC() is a macro, which may not handle CONST_BUF_LEN()
expanding to two arguments
2018-09-25 21:42:57 -04:00
Glenn Strauss 5b327e0089 [multiple] quiet compiler warnings --without-pcre
quiet compiler warnings for ./configure --without-pcre
2018-09-25 20:49:25 -04:00
Glenn Strauss 0257c822c0 [core] quiet coverity false positive 2018-09-25 20:40:36 -04:00
Glenn Strauss 070ce5b618 [mod_deflate] null-check to quiet coverity warning 2018-09-25 20:24:19 -04:00
Glenn Strauss 7e20dc6a42 [mod_userdir] security: skip username "." and ".."
On systems without getpwnam(), disallow username "." and "..", and
disallow usernames beginning with '.' if userdir.letterhomes = "enabled"
2018-09-25 11:21:41 -04:00
Glenn Strauss 6edd040b22 [build] fix SCons build for mod_authn_pam 2018-09-24 02:03:36 -04:00
Glenn Strauss 65fcd7810f [core] prefer buffer_append_string_len()
prefer buffer_append_string_len() when string len is known
(instead of buffer_append_string() which will recalculate strlen)
2018-09-23 19:18:49 -04:00
Glenn Strauss b61ed6da2a [core] http_method_append() 2018-09-23 19:18:47 -04:00
Glenn Strauss 90c30d5e90 [core] http_status_append() 2018-09-23 19:18:25 -04:00
Glenn Strauss b192231392 [core] log_failed_assert() __attribute__((cold)) 2018-09-23 18:01:58 -04:00
Glenn Strauss 2dbcfc9266 [core] inline status_counter routines 2018-09-23 18:01:58 -04:00
Glenn Strauss c98d89a4bb [tests] #undef NDEBUG before assert.h in t/test_* 2018-09-23 18:01:58 -04:00
Glenn Strauss 8c7f1dfb03 [core] more memory-efficient fn table for data_*
save 40 bytes (64-bit), or 16 bytes (32-bit) per data_* element
at the cost of going through indirect function pointer to execute
methods.  At runtime, the reset() method is most used among them.
2018-09-23 18:01:58 -04:00
Glenn Strauss 002a4c524d [core] array_get_int_ptr() 2018-09-23 18:01:58 -04:00
Glenn Strauss 66ff05db8f [tests] t/test_array.c
(more tests should be added, but starting with something has benefits)
2018-09-23 18:01:58 -04:00
Glenn Strauss 810109cc34 [multiple] code reuse: using array_*() funcs 2018-09-23 18:01:58 -04:00
Glenn Strauss 2b40854ab9 [core] fix include_shell on inline shell commands (fixes #2910)
regression in lighttpd 1.4.50

  "include_shell behavior change in 1.4.50"
2018-09-23 18:01:58 -04:00
Glenn Strauss fc1ddbed33 [mod_sockproxy] add to build
2018-09-23 18:01:58 -04:00
Glenn Strauss df4812ec2e [mod_authn_pam] mod_auth PAM support (fixes #688)
  "auth via pam"
2018-09-23 18:01:58 -04:00
Glenn Strauss 5c2d52b4ac [mod_flv_streaming] code simplifications 2018-09-23 18:01:58 -04:00
Glenn Strauss ae9f354bae [doc] lighttpd.service uses
doc/systemd/lighttpd.service now uses
instead of, as recommended in

(thx janik)
2018-09-23 18:01:58 -04:00
Glenn Strauss d61f33817c [multiple] code reuse: employ array_match_*() 2018-09-23 18:01:58 -04:00
Glenn Strauss 863dff6191 [mod_skeleton] review and simplify 2018-09-23 18:01:58 -04:00
Glenn Strauss e6741acd4e [core] code reuse array_match_*() routines 2018-09-23 18:01:58 -04:00
Glenn Strauss 6b887f35e3 [mod_auth] send 401 for mismatch HTTP auth scheme (fixes #2906)
  "Lighttpd responds with 400 not 401"
2018-09-23 18:01:58 -04:00
Glenn Strauss 4992c4de10 [mod_fastcgi,mod_scgi] error on oversized request (fixes #2905)
regression in lighttpd 1.4.49 and lighttpd 1.4.50

(thx slawomir.pryczek)

  "oversized fcgi requests should fail gracefully"
2018-09-23 18:01:58 -04:00
Glenn Strauss a458c2e731 [mod_proxy,mod_wstunnel] copy full plugin_config (fixes #2903)
  "gw backend redesign"
2018-09-23 18:01:58 -04:00
Glenn Strauss 5045a9e833 [core] fastcgi.h link to Open Market License (OML) (fixes #2901)
  "License terms of fastcgi.h"
2018-09-23 18:01:58 -04:00
Glenn Strauss 2eabe1636c [mod_rewrite] fix url.rewrite-repeat and url.rewrite-if-not-file (fixes #2908)
regression in lighttpd 1.4.50

  "mod_rewrite now throws error ENDLESS LOOP IN rewrite-rule DETECTED"
2018-09-23 18:01:58 -04:00
Glenn Strauss eebc1b0eec [mod_proxy] fix proxy.forwarded and proxy.replace-http-host (fixes #2902)
config settings were not being copied into proxy request context

  "mod_proxy's “proxy.forwarded” option seems ignored when used with mod_auth."
2018-09-23 18:01:58 -04:00
Glenn Strauss 9725299587 [core] code reuse with http_response_body_clear()
code reuse with http_response_body_clear()
rename con->response.transfer_encoding to con->response.send_chunked
2018-09-23 18:01:58 -04:00
Glenn Strauss 3dd3cde902 [core] abstraction layer for HTTP header manip
convert existing calls to manip request/response headers
convert existing calls to manip environment array (often header-related)
2018-09-23 18:01:58 -04:00
Glenn Strauss c8159ee5f6 [core] http_request_parse_reqline() separate func
http_request_parse_reqline() separate func from http_request_parse()
600+ line http_request_parse() is now two routines with ~300 lines each
2018-09-16 05:18:05 -04:00
Glenn Strauss 28d6015b45 [core] simplify parsing hdr key whitespace then : 2018-09-16 05:18:05 -04:00
Glenn Strauss a7c27c9f99 [core] code reuse with array_insert_key_value()
code reuse with array_insert_key_value() and related array manipulation
2018-09-16 05:18:05 -04:00
Glenn Strauss a90526374f [core] abstraction to insert/modify response hdrs
consistent use of abstraction to insert/modify response headers
2018-09-16 05:18:05 -04:00
Glenn Strauss 9d3cbaa74c [core] parse header line strings before copying 2018-09-16 05:18:05 -04:00
Glenn Strauss ad27206608 [core] redo HTTP header line folding
Replace separators between folded header lines in-place using spaces
and then process the single header line.

(Reverts change which replaces folding whitespace with single space)

Acknowledgement: Or Peles of VDOO  reference: VD-0871, VD-0872, VD-0873
(thx Or Peles)
2018-09-16 05:18:05 -04:00
Stefan Bühler e0260a411d [buffer] fix duplicate assert and comment
this originates from ad3e93ea9 for no apparent reason
2018-08-26 18:52:22 +02:00
Stefan Bühler 3be0707839 [core] replace folding whitespace with a single space
- previously the leading whitespace from folded lines was kept
- also ignore lines without any data
2018-08-26 18:52:22 +02:00
Stefan Bühler df8e4f9561 [core,security] process headers after combining folded headers
- this fixes various use-after-free scenarios (reported by Or Peles of
  VDOO): when parse_single_header stores pointers to header values in
  con->request, those pointers are not updated if the header value is
  reallocated when folded header lines are appended.
- also remove trailing white-space from folded lines
2018-08-26 18:44:46 +02:00