This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.
Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.
In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.
- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend
Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)
internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg
no need for extra work for precision allocation to avoid 0-3 extra chars
note: callers passing precise buffer size for without padding will need
to be modified to pass a slightly larger buffer, e.g. mod_secdownload
cast to unsigned before << 4 to avoid (pedantic) undefined behavior
of (time_t) (which is signed integral type) on 32-bit signed time_t
The high bit gets shifted into the sign-bit, which is technically
undefined behavior in C, but is defined behavior in C++.
x-ref:
"pedantic warning from -fsanitize=undefined"
https://redmine.lighttpd.net/issues/3069
use NSS crypto if no other crypto avail, but NSS crypto is available
"NSS crypto support" is not included in tests/LightyTest.pm:has_crypto()
due to NSS libraries (freebl3) lacking public export for HMAC funcs
provide implementations for conventional digest interfaces
but use the newer openssl digest interfaces under the hood
<rant>
It is baffling that the openssl library -- with *thousands* of public
interfaces -- does not provide these, and suggests that openssl
developers do not frequently write apps which utilize these interfaces.
</rant>
Prefer some WolfSSL native APIs when building with WolfSSL.
However, some functionality in WolfSSL is available only through the
WolfSSL compatibility layer for OpenSSL, so the effort to create a
native mod_wolfssl halted here.
(experimental)
mod_gnutls supports most ssl.* config options supported by mod_openssl
x-ref:
"GnuTLS support for the mod_ssl"
https://redmine.lighttpd.net/issues/109
(experimental)
mod_mbedtls supports most ssl.* config options supported by mod_openssl
thx Ward Willats for the initial discussion and attempt in the comments
https://redmine.lighttpd.net/boards/3/topics/7029
./configure --with-nettle to use Nettle crypto lib for algorithms,
instead of OpenSSL or wolfSSL. Note: Nettle does not provide TLS.
x-ref:
"How to use SHA-256 without OpenSSL?"
https://redmine.lighttpd.net/boards/2/topics/8903
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)
NB: request read and write chunkqueues currently point to connection
chunkqueues; per-request and per-connection chunkqueues are
not distinct from one another
con->read_queue == r->read_queue
con->write_queue == r->write_queue
NB: in the future, a separate connection config may be needed for
connection-level module hooks. Similarly, might need to have
per-request chunkqueues separate from per-connection chunkqueues.
Should probably also have a request_reset() which is distinct from
connection_reset().
convert all log_error_write() to log_error() and pass (log_error_st *)
use con->errh in preference to srv->errh (even though currently same)
avoid passing (server *) when previously used only for logging (errh)
secdownload.path-segments = <number>
include only given number of path segments in hash digest calculation
secdownload.hash-querystr = "enable" | "disable"
include the query string in the hash digest calculation
x-ref:
"secdownload.path_elements support"
https://redmine.lighttpd.net/issues/646
"mod_secdownload option to include url GET parameters in md5"
https://redmine.lighttpd.net/issues/1904
issue warning at startup, instead of fatal error, if SHA used in
secdownload.algorithm = "..." but mod_secdownload was built without
SSL crypto. When lighttpd is built without openssl, this allows most
tests/* to be run and pass, except the ones in tests/mod-secdownload.t
which use "hmac-sha1" or "hmac-sha256".
(alternatively, could have made, used isolated tests/secdownload.conf)
also change passing of fixed-sized arrays: need to pass pointer to array
as otherwise size does not get enforced
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3135 152afb58-edef-0310-8abb-c4023f1b3aa9
Impact is probably low on most platforms, as it will probably overwrite
one byte of "HASH HA1" which isn't used afterwards anymore.
Reference: Fortify Open Review Project - lighttpd 1.4.39
ID 22708159 - Buffer Overflow: Off-by-One
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
Mohammed Sadiq
