Commit Graph

3807 Commits

Author SHA1 Message Date
Glenn Strauss b9e1e93fb1 [core] http_cgi_encode_varname()
move and rename from buffer.c to http_cgi.c:
buffer_copy_string_encoded_cgi_varnames() -> http_cgi_encode_varname()
2021-03-07 04:38:34 -05:00
Glenn Strauss 5c2f5577b4 [core] save parsed listen addrs at startup
save parsed listen addrs at startup for reuse at runtime

srv_socket->srv_token is normalized at startup and contains IP and port.
save offset to colon, if present, or else length of string (unix socket)

At runtime, srv_token_colon can be quickly used as length of IP string
(without port) or, if not length of string, offset of stringified port
following the colon.
2021-03-07 04:38:34 -05:00
Glenn Strauss c95f832f99 [core] http_cgi.[ch] CGI interfaces (RFC 3875)
collect Common Gateway Interface (CGI) interfaces (RFC 3875)
2021-03-07 04:38:34 -05:00
Glenn Strauss 1f96e59d03 [core] http_cgi_local_redir() rename
rename http_response_process_local_redir() -> http_cgi_local_redir()

adjust some checks for local redir
2021-03-04 17:52:01 -05:00
Glenn Strauss 7138de92f9 [core] quiet coverity warning 2021-03-02 20:32:45 -05:00
Glenn Strauss c6304bb43c [mod_openssl] use newer openssl 3.0.0 interfaces
avoid interfaces deprecated in openssl 3.0.0

some newer interfaces might be present in openssl 1.1.1,
but might not be present in alt TLS libs (libressl or boringssl),
so retrict use to >= openssl 3.0.0
2021-03-02 10:14:26 -05:00
Glenn Strauss af7c054b51 [core] ignore server.event-handler = "libev"
ignore server.event-handler = "libev" if lighttpd not built with libev
(no longer an error)

On most platforms, native event handling in lighttpd is more performant
than the overhead of libev, which usually uses the same underlying
OS system interface for event notification
2021-03-02 10:14:26 -05:00
Glenn Strauss bc3a2b4e47 [TLS] fix crash for (broken) nested $SERVER[] cfg
fix crash for (broken) nested $SERVER["socket"] config

$SERVER["socket"] belongs in the global scope and should not be
nested in any other conditional config logic.  Even so, lighttpd
should not crash when such misconfiguration occurs.

x-ref:
  "Lighttpd multiple SSL hosts using Server Name Indication (SNI)"
  https://redmine.lighttpd.net/boards/2/topics/9612
2021-03-02 10:14:25 -05:00
Glenn Strauss cc35c03c3c [core] RFC 7233 Range handling for non-streaming
RFC 7233 Range handling for all non-streaming responses,
including (non-streaming) dynamic responses

(previously Range responses handled only for static files)
2021-03-02 10:14:25 -05:00
Glenn Strauss d68e639b71 [core] http_range.[ch] RFC 7233 Range handling
(import from one of my development branches from 2015)
2021-03-02 10:14:25 -05:00
Glenn Strauss ce74705cea [core] chunkqueue_append_cq_range() 2021-02-25 21:36:20 -05:00
Glenn Strauss 7df6fb5ec8 [mod_deflate] do not cache 206 Partial Content 2021-02-24 20:46:44 -05:00
Glenn Strauss 12ac70d0fe [mod_auth] send 401 if digest algo not supported
client browsers might remember prior algorithm if algorithm changed;
send 401 Unauthorized to reset client browser
(sending 400 Bad Request was not user friendly)
2021-02-23 09:29:26 -05:00
Glenn Strauss a1bb0c0d52 [autoconf] add ajp13 to build msgs 2021-02-20 23:37:36 -05:00
Glenn Strauss 8bf9dac1f5 [mod_secdownload] use http_auth_const_time_memeq()
code reuse
2021-02-19 00:00:57 -05:00
Glenn Strauss dda40a15df [mod_secdownload] use algo_hmac.[ch] 2021-02-18 23:13:12 -05:00
Glenn Strauss c5003c26c8 [core] algo_hmac.[ch] wrapper (portability)
hash-based message authentication code (HMAC) wrapper
2021-02-18 23:12:02 -05:00
Glenn Strauss 830d7e0561 [core] fix -fsanitize=undefined pedantic warning (fixes #3069)
cast to unsigned before << 4 to avoid (pedantic) undefined behavior
of (time_t) (which is signed integral type) on 32-bit signed time_t
The high bit gets shifted into the sign-bit, which is technically
undefined behavior in C, but is defined behavior in C++.

x-ref:
  "pedantic warning from -fsanitize=undefined"
  https://redmine.lighttpd.net/issues/3069
2021-02-14 13:06:06 -05:00
Glenn Strauss f9ff15a013 [core] mark config registration funcs cold 2021-02-12 07:30:00 -05:00
Glenn Strauss b59b17aaec [core] rename local var 2021-02-10 13:45:21 -05:00
Glenn Strauss 086945bfb0 [core] allow '*' in "*:80" socket spec 2021-02-10 09:28:56 -05:00
Glenn Strauss 28fc51c747 [build] augment configure.ac msgs to remove FAM (#3068)
augment configure.ac msgs to remove FAM on linux and *bsd

x-ref:
  "stat-cache-fam feature appears disabled since 1.4.56"
  https://redmine.lighttpd.net/issues/3068
2021-02-10 08:10:17 -05:00
Glenn Strauss 46269cf3a3 [mod_mbedtls] preproc wrap ssl_parse_client_hello
wrap ssl_parse_client_hello() with preprocessor definitions
2021-02-09 13:24:24 -05:00
Glenn Strauss 457d78c6e1 [build] use -pipe with gcc and clang 2021-02-07 23:17:49 -05:00
Glenn Strauss 603a1fa573 [core] inline funcs to decode h2 framing nums (fixes #3067)
cast high uint8_t byte to uint32_t before bit shifting << 24 to avoid
(pedantic) undefined behavior of uint8_t byte with high bit set when
it is promoted to int and then bit-shifted left 24 bytes.  The high bit
gets shifted into the sign-bit, which is technically undefined behavior
in C, but is defined behavior in C++.

x-ref:
  "pedantic warning from -fsanitize=undefined"
  https://redmine.lighttpd.net/issues/3067
2021-02-07 23:17:10 -05:00
Glenn Strauss 165600498b [build] fix SCons pkg-config err handling (fixes #3066)
(thx elchenberg)

x-ref:
  "OSError in SConstruct on Alpine Linux"
  https://redmine.lighttpd.net/issues/3066
2021-02-07 12:43:46 -05:00
Glenn Strauss 4a600dabd5 [mod_auth] close HTTP/2 connection after bad pass
mitigation slows down brute force password attacks

x-ref:
  "Possible feature: authentication brute force hardening"
  https://redmine.lighttpd.net/boards/3/topics/8885
2021-02-06 08:29:41 -05:00
Glenn Strauss dc4ff14c1f [tests] remove stray option in test lighttpd.conf 2021-02-05 19:40:22 -05:00
Glenn Strauss 2403cc4f09 [mod_gnutls,mod_mbedtls] recog common cipherstring
recognize and translate a common recommended cipherstring
  "ECDHE+AESGCM:ECDHE+AES256:CHACHA20:!SHA1:!SHA256:!SHA384"

(basically: ECDHE+AESGCM:ECDHE+AES256:CHACHA20
 without CBC ciphers reported as weak by SSLLabs)
2021-02-05 02:26:20 -05:00
Glenn Strauss 1ca25d4e2c [core] 101 upgrade fails if Content-Length incl (fixes #3063)
(thx daimh)

commit 903024d7 in lighttpd 1.4.57 fixed issue #3046 but in the process
broke HTTP/1.1 101 Switching Protocols which included Content-Length: 0
in the response headers.  Content-Length response header is permitted
by the RFCs, but not necessary with HTTP status 101 Switching Protocols.

x-ref:
  "websocket proxy fails if 101 Switching Protocols from backend includes Content-Length"
  https://redmine.lighttpd.net/issues/3063
2021-02-04 00:22:12 -05:00
Glenn Strauss 5e8567f820 [mod_magnet] do not call luaL_error outside pcall (#3065)
(thx axe34)

do not call luaL_error() outside lua_pcall()

In magnet_attach_content(), call log_error() to report error,
not luaL_error(), and set flag to exit loop to allow the proper
number of entries to be popped off the lua stack.

x-ref:
  "Segmentation Fault due to Empty String on Mod Magnet"
  https://redmine.lighttpd.net/issues/3065
2021-02-03 14:34:06 -05:00
Glenn Strauss 5c386efe8f [mod_magnet] avoid infinite loop in atpanic (fixes #3065)
(thx axe34)

Be more careful inside the atpanic handler to avoid an infinite loop
that repeats the call to the atpanic handler

x-ref:
  "Segmentation Fault due to Empty String on Mod Magnet"
  https://redmine.lighttpd.net/issues/3065
2021-02-03 14:29:54 -05:00
Glenn Strauss e56e387196 [mod_magnet] reject stat() of empty string (fixes #3064)
(thx axe34)

Anyone running lua code inside the lighttpd server has control over
the lighttpd server, so this commit does not protect against
malicious behavior, but instead this commit more gracefully handles
a lua programmer mistake of attempting to stat() an empty string.

x-ref:
  "Server Aborted due to Malicious Data sent to lighty.stat"
  https://redmine.lighttpd.net/issues/3064
2021-02-03 14:26:13 -05:00
Glenn Strauss a737572aa4 [meson] add with_zstd to meson_options.txt 2021-02-03 00:36:34 -05:00
Glenn Strauss 5921b2f411 - next is 1.4.60 2021-02-02 08:44:04 -05:00
Glenn Strauss 529cf9547e [doc] NEWS 2021-02-02 08:06:02 -05:00
Glenn Strauss ba290f181f [core] quiet coverity warning
add arbitrary limit of 4096 fds to accept via systemd socket activation
(through environment variables)
2021-02-02 01:07:37 -05:00
Glenn Strauss b0439d8fa8 [mod_mbedtls] remove redundant condition check
(identified by coverity)
2021-02-02 01:06:58 -05:00
Glenn Strauss 2a557809d9 [core] re-validate h2 CONTINUATION frame len in cq
(identified by coverity)
2021-02-02 01:04:39 -05:00
Glenn Strauss 3edeb6b432 [mod_mbedtls] restore ALPN chk after client hello
(removed two commits ago)

must check selected ALPN after client hello has completed
for case where hctx->conf.ssl_acme_tls_1 is not enabled
or else ALPN "h2" will not be detected
2021-02-01 08:18:08 -05:00
Glenn Strauss 649829f906 [mod_cgi] fix assert if empty X-Sendfile path (fixes #3062)
(thx axe34)

Please note that this would not have crashed "x-sendfile-docroot"
were set to restrict the locations of files that can be sent via
X-Sendfile.  If users are untrusted, "x-sendfile" should not be
enable without also configuring "x-sendfile-docroot"

x-ref:
  "Server Aborted due to Malicious Data sent through CGI Sendfile"
  https://redmine.lighttpd.net/issues/3062
2021-02-01 04:11:38 -05:00
Glenn Strauss b80d287df7 [mod_mbedtls] fix acme-tls/1 challenge bootstrap
mbedtls does not provide a callback for ALPN and expects certificate to
be set in SNI callback (if set), while still in MBEDTLS_SSL_CLIENT_HELLO
state.  Waiting until after MBEDTLS_SSL_CLIENT_HELLO would be fine for
using ALPN for "h2", but is too late to set acme-tls/1 challenge cert.
Therefore, parse client hello for ALPN prior to initiating mbedtls
processing of handshake.
2021-02-01 03:08:48 -05:00
Glenn Strauss 889d53aea4 [mod_mbedtls] fix acme-tls/1 challenge bootstrap
handle id-pe-acmeIdentifier OID in custom callback
(requires mbedtls 2.23.0 or later)
2021-02-01 03:06:52 -05:00
Glenn Strauss 86a6c9ca35 [mod_wolfssl] copy stapling buf for OCSP resp 2021-02-01 03:00:54 -05:00
Glenn Strauss e37b962c31 [mod_nss] fix acme-tls/1 challenge bootstrap
ALPN requires SNI, but ALPN hook appears to be called before SNI hook in
NSS, so set flag in ALPN hook, and handle acme-tls/1 ALPN in SNI hook
2021-02-01 03:00:54 -05:00
Glenn Strauss 0936fe6905 [mod_gnutls] fix acme-tls/1 challenge bootstrap
parse ALPN in GNUTLS_HOOK_PRE via gnutls_ext_raw_parse()

(does not appear to work when checking in GNUTLS_HOOK_POST)
2021-02-01 03:00:51 -05:00
Glenn Strauss 2d78182546 [TLS] set r->uri.authority empty str upon accept()
ensure not NULL for error messages
2021-01-30 22:17:40 -05:00
Glenn Strauss 77209c7a26 [mod_openssl] fix acme-tls/1 challenge bootstrap
do not send multiple certs in server hello
2021-01-30 22:17:40 -05:00
Glenn Strauss 18fc244a8e [TLS] fix invalid cfg warning 2021-01-30 22:17:40 -05:00
Glenn Strauss 8d4f785f69 [mod_wolfssl] wolfSSL might repeat SNI_Callback()
wolfSSL might call SNI_Callback() multiple times,
so detect and short-circuit if already called for connection
2021-01-30 22:17:40 -05:00