error if unix socket path is duplicated
(does not check across modules, but will detect duplicated unix socket
paths within fastcgi directives, and separately, duplicated unix socket
paths within scgi directives)
Common case is on non-empty files, and doing fstat() after open()
eliminates ToC-ToU between stat() and then open(). While file size
of the target file might still change, the fstat() is on the opened
file, and can not be on different file (which was possible with stat())
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3137 152afb58-edef-0310-8abb-c4023f1b3aa9
also change passing of fixed-sized arrays: need to pass pointer to array
as otherwise size does not get enforced
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3135 152afb58-edef-0310-8abb-c4023f1b3aa9
(still not supporting Depth: Infinity on directories)
patch by mstorsjo submitted as part of feature request #1953
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3133 152afb58-edef-0310-8abb-c4023f1b3aa9
For backwards compatibility with existing lighttpd configs, default is
mimetype.xattr-name = "Content-Type"
Those who wish to use the freedesktop.org definition of xattr mimetype
can set the following in the global lighttpd config:
mimetype.xattr-name = "user.mime_type"
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3131 152afb58-edef-0310-8abb-c4023f1b3aa9
lighttpd -t loads config file and performs syntax check
lighttpd -tt (new) performs preflight startup checks,
including loading and initializing modules, but skipping any
potentially destructive actions which might affect an already
running server (separate instance). These currently include:
- skipping pidfile modification
- skipping bind() to network sockets
- skipping open of error and access logs
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3130 152afb58-edef-0310-8abb-c4023f1b3aa9
lighttpd does not currently support request body transfer-codings
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3128 152afb58-edef-0310-8abb-c4023f1b3aa9
Warn at startup if any dirs in server.upload-dirs do not exist.
Take server.chroot into account, if set.
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3125 152afb58-edef-0310-8abb-c4023f1b3aa9
This is a proposal to add to lighttpd the famous SSI variables
SCRIPT_URI and SCRIPT_URL (known to Apache users), as well as a bonus
ENV variable called REQUEST_SCHEME.
SCRIPT_URI and SCRIPT_URL will be available as SSI variables from
within documents handled by mod_ssi.
They can be used like any other SSI var with the "#echo var" command:
<!--#echo var="SCRIPT_URI"-->
<!--#echo var="SCRIPT_URL"-->
Webmasters willing to display links to the W3C Validator will be able
to use:
<a href="http://validator.w3.org/check?uri=<!--#echo var="SCRIPT_URI"-->">…</a>
instead of the generic http://validator.w3.org/check?uri=referer link
which does not work on some (most?) browsers which do not send
referers when the link itself resides in a document sent through
https.
REQUEST_SCHEME will be available both as an environment variable. It
is defined as "http" or "https", depending on the scheme of the
connection. It is safe to use this name as it does not conflict with
any existing variable on Apache or Nginx. This is slightly different
from the HTTPS var which is often added by webadmins on their server's
configuration. EDIT: Some Apache modules also define REQUEST_SCHEME
with the same possible values as this proposal.
From: fbrosson <fbrosson@users.noreply.github.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3124 152afb58-edef-0310-8abb-c4023f1b3aa9
There actually was one bug: if the input consisted only of spaces,
it would read one byte too much.
`pre` was splitted into `pre2` and (already existing) `pre1` - the two
characters which were read before the current one in `c`.
Restructuring the loop eliminated some code before the loop, which was
similar to the one at the end of the loop.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3120 152afb58-edef-0310-8abb-c4023f1b3aa9
If the server has changed its uid or is running in a chroot
it may be unable to remove the pid file when it exits.
However, if it holds on to an open handle to the pid file
that has write permission, it will be able to truncate the
pid file to 0 bytes in length.
Most monitoring software recognizes a 0-length pid file
as indicating there is no process running.
Therefore always attempt to truncate the pid file before
trying to remove it so that it's not left containing the
pid of a process that is no longer running.
Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3112 152afb58-edef-0310-8abb-c4023f1b3aa9
Release op1 memory on failure; fixes some theoretical memory leaks (a
failure results in early exit anyway).
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3101 152afb58-edef-0310-8abb-c4023f1b3aa9
- raise array size limit from INT_MAX to SSIZE_MAX. INT_MAX already
is way to high to be hit in any sane scenario, but SSIZE_MAX can
*obviously* not be hit due to memory constraints.
- use size_t for array indices instead of int
- use binary search instead of next_power_of_2 hack; document invariants
and check them in debug mode (asserts).
- return the actual insert position instead of something near
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3100 152afb58-edef-0310-8abb-c4023f1b3aa9
- refactor insert into array_find_or_insert; if the element already
exists the caller must resolve the conflict manually:
- array_replace frees the old element
- array_insert_unique calls "insert_dup"
both have no return value anymore
- fix usages of array_replace; they now don't need to delete the old
entry anymore; usage in configparser was probably broken, as it
possibly deleted the old element before calling array_replace
This should fix a lot of the issues reported in "Fortify Open Review
Project - lighttpd 1.4.39" (usually hitting the array limit):
when the array size limit was hit "new" entries leaked instead of
getting added.
On 32-bit INT_MAX entries cannot actually be reached (each entry
requires at least 48 bytes, leading to a total of 96GB memory).
On 64-bit INT_MAX entries would require 224GB memory, so it would be
theoretically possible. But it would need 2^27 reallocations of two
C-arrays of up to 16GB size.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3098 152afb58-edef-0310-8abb-c4023f1b3aa9
Impact is probably low on most platforms, as it will probably overwrite
one byte of "HASH HA1" which isn't used afterwards anymore.
Reference: Fortify Open Review Project - lighttpd 1.4.39
ID 22708159 - Buffer Overflow: Off-by-One
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
Reference: Fortify Open Review Project - lighttpd 1.4.39
ID 22708125 - Type Mismatch: Signed to Unsigned
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3095 152afb58-edef-0310-8abb-c4023f1b3aa9
wait for CGI to close stdout, so we read EOF on pipe to end CGI response
remove extra call to waitpid() which will occur after process exits
if it has not already been explicitly closed by CGI (and has not been
inherited by CGI forked children) (If CGI forks, then it should close
its stdout response pipe when response is done, especially if it intends
to perform lengthy post-processing in the background.)
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3091 152afb58-edef-0310-8abb-c4023f1b3aa9
fbrosson