Commit Graph

3940 Commits (c964568e25737aba57afd839142c567ae7fd232e)

Author SHA1 Message Date
Glenn Strauss c964568e25 [core] remove redundant check for max_conns
network_server_handle_fdevent() checks max_conns and is the only
callers of connection_accept(), so connection_accept() does not
need to repeat the check.
2021-05-13 01:04:57 -04:00
Glenn Strauss 7b0bc1298a [core] reorder hook enum for better mem locality 2021-05-12 05:25:38 -04:00
Glenn Strauss 0afab29cfb [core] merge uri_raw and uri_clean hooks
hooks are run consecutively in http_response_prepare()

merge uri_raw before uri_clean to preserve existing ordering
2021-05-12 05:23:28 -04:00
Glenn Strauss 3a9a3716c4 [core] adjust r->http_host ptr caching
faster to use http_header_request_set_ptr() and buffer_copy_string_len()
than to use http_header_request_set() and http_header_request_get()

check r->http_host for NULL instead of relying on buffer_copy_* to do so
2021-05-10 20:20:28 -04:00
Glenn Strauss 01a9e31227 [cmake] update src/config.h.cmake 2021-05-08 19:50:05 -04:00
Glenn Strauss 21539ec69e [cmake] improve cmake detection of timegm 2021-05-08 18:53:04 -04:00
Glenn Strauss 7a15bfcf04 [mod_auth] include unistd.h for crypt() on *nix
(needed by *BSD in addition to Mac OS)
2021-05-08 18:44:25 -04:00
Glenn Strauss 22e8f600f5 [core] quiet coverity noise 2021-05-08 18:32:14 -04:00
Glenn Strauss f8914ac381 [core] remove excess assertions in buffer_commit()
buffer_commit() is called by routines which preallocate for operations
like read().  The caller must properly manage the memory.  The checks
removed from buffer_commit() are too late.
2021-05-08 16:51:28 -04:00
Glenn Strauss 980554bc70 [core] simplify buffer_path_simplify() 2021-05-08 14:34:05 -04:00
Glenn Strauss b2f4c00784 [core] mark some likely hot paths (better asm)
slightly reorganize some code for better asm
2021-05-08 01:16:46 -04:00
Glenn Strauss 17d9733f6e [core] http_response_prepare() OPTIONS *, CONNECT
special-case OPTIONS * and CONNECT in http_response_prepare()

http_response_prepare() is no longer revisited if r->handler_module
is set, so it is no longer necessary to fill r->physical.path for
2021-05-07 21:29:02 -04:00
Glenn Strauss 325690b039 [core] mark cold paths in http_response_config
HTTP/1.1 is not typically disabled

GET/HEAD are typically the most frequent request types
  and request body is not typically present for GET/HEAD
2021-05-07 16:39:52 -04:00
Glenn Strauss f7bcc83355 [core] buffer_is_equal_string -> buffer_eq_slen 2021-05-07 16:39:52 -04:00
Glenn Strauss 1aae63af62 [core] remove buffer_is_equal_right_len()
(not widely used or widely useful)
2021-05-07 16:39:52 -04:00
Glenn Strauss e0a4a7849f [core] check for Upgrade before h2 upgrade check
(short-circuit if Upgrade header not present)
2021-05-07 16:39:52 -04:00
Glenn Strauss e2bd776f8f [tests] disable secdownload HMAC tests for NSS
NSS crypto lib does not expose interfaces to HMAC funcs
2021-05-07 16:39:52 -04:00
Glenn Strauss 28f1d010d2 [core] improve HTTP/2 behavior w/ max-request-size
improve HTTP/2 behavior when server.max-request-size reached

accept slightly more data than max-request-size if END_STREAM flag recvd

reduce rwin so that client may exceed server.max-request-size, but not
by much.  (client might ignore and might send a firehose of data anyway)
accept up to 64k more data to potentially sink data that was in-flight
beyond the rwin, in order to allow server to send 413 Payload Too Large
before resetting the stream.
2021-05-07 16:39:52 -04:00
Glenn Strauss b288eeafaa [core] http_response_send_file() mark cold paths 2021-05-06 17:35:00 -04:00
Glenn Strauss 2097fe441b [mod_extforward] shared mod_extforward_bad_request 2021-05-06 17:35:00 -04:00
Glenn Strauss 6c40f997b9 [core] merge http_response_send_file 0-size case
merge http_response_send_file 0-sized file special case
(historically was a short-circuit before Range handling,
 but Range handling has been rewritten and moved elsewhere)
2021-05-06 17:35:00 -04:00
Glenn Strauss 4c12d7da08 [core] tighten code in request_check_hostname() 2021-05-06 17:35:00 -04:00
Glenn Strauss 060be714be [mod_auth] include unistd.h for crypt() on Mac OS 2021-05-06 17:35:00 -04:00
Glenn Strauss a473d48c43 [core] consolidate overflow checks in li_to_base64 2021-05-06 17:35:00 -04:00
Glenn Strauss bc572e1c56 [core] base64_charset enum supports only 2 tables 2021-05-06 17:35:00 -04:00
Glenn Strauss 6de4c809c9 [core] buffer_append_base64_encode_opt()
with option to include or omit padding

single func to handle both:
- buffer_append_base64_encode_no_padding
- buffer_append_base64_encode
2021-05-06 17:35:00 -04:00
Glenn Strauss 6f942adfe0 [core] li_to_base64 alt code to add padding 2021-05-06 17:35:00 -04:00
Glenn Strauss 5e39c81ff2 [core] li_base64_decode mark cold code path 2021-05-06 17:35:00 -04:00
Glenn Strauss 099dc83fbe [core] li_base64_decode similar to li_to_base64 2021-05-06 17:35:00 -04:00
Glenn Strauss 871ef50eff [build] --with-nss add test for /usr/include/nspr4
  "nspr header location"
2021-05-06 17:35:00 -04:00
Glenn Strauss 57c8b3287d [mod_staticfile] move cold paths to separate func 2021-05-06 17:35:00 -04:00
Glenn Strauss 9a5e1652be [multiple] static file optimization; reuse cache
reuse cache lookup in common case of serving a static file
rather than repeating the stat_cache_entry lookup
(which is more work than memcmp() to re-check stat_cache_entry match)
2021-05-06 17:35:00 -04:00
Glenn Strauss 7ff6adc44c [core] tolerate dup array config values if match
tolerate duplicated array config values if identical key and value
(still issue warning trace)
2021-05-06 17:35:00 -04:00
Glenn Strauss 92d467b45e [TLS] ALPN h2 policy
HTTP/2 requires that TLS protocol >= TLSv1.2
HTTP/2 requires that TLS record compression be disabled
HTTP/2 requires that TLSv1.2 renegotiation be disabled

HTTP/2 requires that TLS SNI extension be presented with ALPN h2
  (not enforced;
   SNI omitted by client when connecting to IP instead of to name)

RFC 7540 9.2 Use of TLS Features
"Implementations are encouraged to provide defaults that comply,
 but it is recognized that deployments are ultimately responsible
 for compliance."

If TLS record compression or renegotiation are for some reason required
(which is strongly discouraged), then disable HTTP/2 in lighttpd with
  server.feature-flags = ("server.h2proto" => "disable")
2021-05-06 17:34:58 -04:00
Glenn Strauss 9ac307ec14 [mod_authn_file] wipe password/digest after use
slurp password/digest file into memory and then clear after use
(avoid stdio, which buffers by default and does not wipe those buffers)

password/digest files are not expected to be very large
e.g. a password file with 1000 entries is expected to be < 64k
If files are larger, mod_authn_dbi or other mod_authn_* is recommended
2021-04-29 09:19:56 -04:00
Glenn Strauss 13ea2d880b [core] consistent inclusion of sys-time.h 2021-04-28 14:08:29 -04:00
Glenn Strauss a1eba3c89b [core] reuse code to parse backend response
reuse code to parse backend response (http_header_parse_hoff())
2021-04-27 15:13:40 -04:00
Glenn Strauss 3a845f7bec [mod_webdav] quiet pedantic compiler warning 2021-04-27 14:03:06 -04:00
Glenn Strauss 1db8da2fb6 [mod_expire] send only Cache-Control to >=HTTP/1.1
HTTP/1.1 dictates that Cache-Control overrides Expires if both present.
Therefore, send only Cache-Control to HTTP/1.1 requests.  This means
that if an intermediary upgraded the request to HTTP/1.1, and the actual
client sent HTTP/1.0, then the actual client might not understand
Cache-Control when it may have understood Expires.  RFC 2616 HTTP/1.1
was released June 1999, almost 22 years ago (as this comment is written)
If a client today is sending HTTP/1.0, chances are the client does not
cache.  Avoid the overhead of formatting time for Expires to send both
Cache-Control and Expires when the majority of clients are HTTP/1.1 or
HTTP/2 (or later).
2021-04-27 03:04:19 -04:00
Glenn Strauss 6b6252a3ba [core] move timegm() impl inline in sys-time.h
(for systems without timegm())
2021-04-26 12:50:20 -04:00
Glenn Strauss c2feb3e1ad [mod_expire] check for default if mime not found
check for default caching if mime-type not found in expire.mimetypes
2021-04-26 08:59:34 -04:00
Glenn Strauss 885d956edb [core] recognize "enabled"/"disabled" for bool
(in addition to "enable" and "disable")
2021-04-25 15:47:23 -04:00
Glenn Strauss e20e8e4686 [mod_webdav] accept alt syntax in webdav.opts 2021-04-25 15:46:59 -04:00
Glenn Strauss 1d478003d5 [mod_expire] accept time labels without plural 's' 2021-04-25 04:52:41 -04:00
Glenn Strauss a7b95c5b6a [mod_expires,mod_webdav] fix truncated date string
(bug on master branch)
2021-04-24 04:26:07 -04:00
Glenn Strauss 81d18a8e35 [core] discard some HTTP/2 DATA after response (fixes #3078)
(thx oldium)

improve handling of HTTP/2 DATA frames received
a short time after sending response

  "POST request DATA part for non-existing URI closes HTTP/2 connection prematurely"
2021-04-23 07:43:15 -04:00
Glenn Strauss 3392e8fb11 [core] update ls-hpack
LiteSpeed ls-hpack v2.3.0
2021-04-20 22:04:56 -04:00
Glenn Strauss 7d27dd9a72 [mod_nss] define TLSv1_3 as bitflag 2021-04-16 07:07:09 -04:00
Glenn Strauss b2b15d9165 [core] exit 0 upon shutdown if no connections open 2021-04-07 16:31:55 -04:00
Glenn Strauss 84c518ead0 [scons] link lighttpd with pcre for static build 2021-04-07 01:28:51 -04:00