Commit Graph

4262 Commits

Author SHA1 Message Date
Glenn Strauss d361f9cca0 [core] clean up fdlog_st and log_error_st decls
typedef redefinitions may cause issues with older compilers

(The intention behind the decls and defines were done to reduce the
 number of unrelated lines modified for the transition to fdlog_st)

2021-10-29 10:15:02 -04:00
Glenn Strauss 584a69c4ae [mod_alias] fix use-after-free bug (fixes #3114)
(thx LoneFox)

bug introduced in 62a874df in lighttpd 1.4.59

  "Use-after-free bug in mod_alias"
2021-10-29 08:15:41 -04:00
Glenn Strauss 1540fdeab9 - next is 1.4.62 2021-10-28 19:29:08 -04:00
Glenn Strauss 3cf695d34b [doc] NEWS 2021-10-28 18:56:50 -04:00
Glenn Strauss e8eac0c2ad [core] chunkqueue_small_resp_optim() comment 2021-10-28 17:58:06 -04:00
Glenn Strauss 90f062cb07 [core] add HTTP/2 check resp finished w/ empty cq (#3111)
connection_handle_write_state() call to subrequest handler might set
r->resp_body_finished, but we need to check if r->write_queue is empty
before changing state from CON_STATE_WRITE to CON_STATE_RESPONSE_END

(If r->write_queue was already empty when the subrequest handler marked
 resp_body_finished, connection_state_machine_h2() could miss changing
 the request state to CON_STATE_RESPONSE_END)

  "HTTP/2 requests sometimes take very long (missing last chunk)"
  "Slow request handling in Lighttpd 1.4.60"
2021-10-28 02:03:22 -04:00
Glenn Strauss ac9c9935a2 [multiple] add assert after malloc in two spots
add missing assert after malloc in two spots to detect malloc failure
2021-10-27 18:04:20 -04:00
Glenn Strauss 7edb1956f3 [mod_auth] clear crypt() output if len >= 13
crypt() static output buffer is cleared upon next call to crypt(),
but clear output buffer anyway since next call to crypt() might be
much later.  Only clear crypt() output if length >= 13, since if
there is an error in crypt(), 'man crypt' warns:

"Some implementations of crypt, upon error, return an invalid hash that
is stored in a read-only location or only initialized once, which means
that it is only safe to erase the buffer pointed to by the crypt return
value if an error did not occur."
2021-10-27 17:59:13 -04:00
Glenn Strauss a067d99fa0 [core] chunkqueue_small_resp_optim if resp < 16k
(adjusted down from 32k after some basic benchmarking using weighttp)
2021-10-27 04:16:38 -04:00
Glenn Strauss 9a442b5555 [core] tighten chunkqueue_small_resp_optim() 2021-10-27 04:16:38 -04:00
Glenn Strauss 92cdf84951 [doc] uncomment mod_auth load in conf.d/auth.conf
uncomment mod_auth load in conf.d/auth.conf to match other conf.d/*
2021-10-27 04:16:38 -04:00
Glenn Strauss 41564a7e92 [core] tighten chunkqueue_mark_written; better asm
chunkqueue_mark_written() also removes finished chunks from beginning of
chunkqueue instead of separate call to chunkqueue_remove_finished_chunks
2021-10-27 04:16:38 -04:00
Glenn Strauss 3964a6ac39 [core] pwritev w/ chunkqueue_steal_with_tempfiles
use pwritev(), where available, with chunkqueue_steal_with_tempfiles()

The initial write to tempfiles (when response initially grows too
large in memory) can be multiple MEM_CHUNKs, so attempt to use
single pwritev() syscall
2021-10-27 04:16:38 -04:00
Glenn Strauss 5c18891a94 [build] check for preadv(), pwritev() 2021-10-27 04:16:38 -04:00
Glenn Strauss 907ec27737 [core] tighten chunkqueue_steal* code; better asm 2021-10-27 04:16:38 -04:00
Glenn Strauss 9466afd909 [core] remove redundant checks in same context 2021-10-27 04:16:38 -04:00
Glenn Strauss f71b048160 [multiple] warn deprecated mods slated for removal
issue warning to error log for deprecated modules slated for removal
2021-10-27 04:16:38 -04:00
Glenn Strauss fe055165d8 [mod_ajp13,mod_fastcgi] recv_parse smaller funcs
break *_recv_parse() into a pair of slightly smaller funcs
2021-10-27 04:16:38 -04:00
Glenn Strauss c22a56fe3b [core] restart dead proc on connect error if local
restart dead proc on connect error only if proc started by lighttpd
2021-10-27 04:16:38 -04:00
Glenn Strauss 18ed51f06d [mod_proxy] Length Req if proxy forcing HTTP/1.0
return 411 Length Required if mod_proxy configured to force HTTP/1.0
to backend and configured to stream request body, and client request
has a request body but did not provide Content-Length.
2021-10-27 04:16:38 -04:00
Glenn Strauss 1acf9db7d3 [mod_ajp13,mod_fastcgi] check resp w/ content len
limit response body from mod_ajp13 and mod_fastcgi to Content-Length,
if Content-Length is provided in response headers; discard excess
2021-10-27 04:16:38 -04:00
Glenn Strauss e78cd76511 [core] combine more dup header processing code
(pedantically, repeating HTTP_HEADER_HTTP2_SETTINGS should be an error,
 but ignore the duplicate if it matches the value of the first one seen)
2021-10-27 04:16:38 -04:00
Glenn Strauss 7daafadb9d [core] allow debug.log-state-handling in condition
allow debug.log-state-handling to be enabled in config conditions,
even though the connection and request may already have begun
(and therefore not logging state changes which already occurred)

(also, minor additional structure cleanups made in the vicinity)
2021-10-27 04:16:38 -04:00
Glenn Strauss 23b94856b1 [mod_nss] quiet trace for PR_END_OF_FILE_ERROR
quiet trace for PR_END_OF_FILE_ERROR
unless debug.log-ssl-noise = "enable"

2021-10-27 04:16:38 -04:00
Glenn Strauss 6fd98f89fa [core] clear shared log buffer after writes
avoid repeating error trace when all fdlog_t are periodically flushed
2021-10-27 04:16:38 -04:00
Glenn Strauss 92f2ac9b3f [core] thwart h2 request tunnelling
Existing behavior: strict header parsing, strict host parsing, and
basic url normalization are enabled by default in lighttpd, and
protect against h2 request tunnelling attempts using invalid chars
in headers.

Keeping strict parsing settings enabled is strongly recommended.

If any are explicitly disabled in lighttpd.conf, then this patch takes
steps to thwart h2 request tunnelling.

  "HTTP/2: The Sequel is Always Worse"
2021-10-27 04:16:38 -04:00
Glenn Strauss 438dadde52 [core] separate funcs to check for valid chars
separate funcs to check for valid chars in headers
2021-10-27 04:16:38 -04:00
Glenn Strauss e8a6ed6e35 [core] thwart h2c smuggling when Upgrade enabled
Existing behavior: mod_proxy *does not* forward Upgrade header
unless explicitly enabled in lighttpd.conf (default: not enabled)
  (proxy.header += ("upgrade" => "enable"))

mod_cgi previously used to forward Upgrade request header, but would
remove Upgrade response header if cgi.upgrade was not explicitly enabled
  (cgi.upgrade = "enable")

This patch thwarts h2c smuggling when lighttpd.conf has also been
explicitly configured to pass "Upgrade" request header

  "h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)"
2021-10-27 04:16:38 -04:00
Glenn Strauss 97eed364ff [mod_auth] revert adjustment to auth passwd cache (#3112)
revert b1d1202a which is no longer needed with recent update to

  "mod_auth cache password doesn't match"
2021-10-27 04:16:38 -04:00
Glenn Strauss 9d05b648ee [core] make ck_memeq_const_time() more generic (#3112)
make ck_memeq_const_time() more generically reusable

remove implementation requirements that strings be '\0' terminated,
or at least have an initialized byte following each string (s[len])

  "mod_auth cache password doesn't match"
2021-10-27 04:16:38 -04:00
Glenn Strauss 14b8d90288 [core] separate func for gw_authorizer_ok() 2021-10-27 04:16:38 -04:00
Glenn Strauss 47201bbb2e [core] resched HTTP/2 streams w/ pending data (#3111)
reschedule HTTP/2 streams w/ pending data if con->write_queue is empty

reschedule to read deferred (and pending) HTTP/2 frames when
MAX_CONCURRENT_STREAMS are active and a stream completes.

  "HTTP/2 requests sometimes take very long (missing last chunk)"
2021-10-27 04:16:38 -04:00
Glenn Strauss 0757d71e14 [core] short-circuit if response body recv w/ hdrs (fixes #3111)
short-circuit if response body completely received with response headers

  "HTTP/2 requests sometimes take very long (missing last chunk)"
2021-10-27 04:16:38 -04:00
Glenn Strauss 71544129f9 [core] expose chunkqueue_remove_empty_chunks()
expose chunkqueue_remove_empty_chunks() for use in error recovery
when aborting a chunkqueue_append_buffer_open*()
2021-10-27 04:16:14 -04:00
Glenn Strauss 44b47fc271 [core] accept up to 5 digit port num in host cond
(thx zebul66)

accept up to 5 digit port num in $HTTP["host"] condition match

  "Alls page and subdomain returns 404 with 1.4.60"
2021-10-16 19:56:27 -04:00
Glenn Strauss 69c2b2b207 [core] add comment to ck_memeq_const_time()
add comment to ck_memeq_const_time() with some implementation details
2021-10-16 02:05:19 -04:00
Glenn Strauss cf5644e0c2 [mod_webdav] ignore PROPFIND Depth for files
(thx meeb5)

ignore PROPFIND "Depth" request header for files (non-collections)

RFC4918 10.2. Depth Header
"If a resource does not have internal members, then the Depth header MUST be ignored."

  "Webdav + rclone backup"
2021-10-16 01:58:37 -04:00
Glenn Strauss 8d13233b69 [mod_ajp13,mod_fastcgi] comment: no response body
add comment for handling of streaming with no response body

add commented-out code to disable streaming to wait for backend protocol
to signal end of response (prevent http_response_write_prepare() from
short-circuiting and finishing responses without response body)

  "FastCGI premature socket close with response streaming and 204 status"
2021-10-16 01:58:37 -04:00
Glenn Strauss b1d1202af8 [mod_auth] fix Basic auth passwd cache (fixes #3112)
(thx manfred)

Basic auth passwd cache might fail to match when it should have
matched (false negative) when comparing an uninitialized byte.
That bug "fails closed" and does not use the cache when it could.
This patch allows for proper match in the cache when it should match.

  "mod_auth cache password doesn't match"
2021-10-16 01:57:50 -04:00
Glenn Strauss f5b5537ef1 [core] fix HTTP/2 upload > 64k w/ max-request-size (fixes #3108)
fix HTTP/2 upload > 64k with server.max-request-size > 0

(regression present only in lighttpd 1.4.60)

(thx SM)

  "File upload is broken after upgrade from 1.4.59 to 1.4.60"
2021-10-14 16:16:36 -04:00
Glenn Strauss 0e093d66ba [mod_extforward] keep remote IP thru request reset
preserve remote IP until request reset

(historical IP restore in request_done hook was obsoleted by
 commit fea5bdc8 in which request plugin context was split from
 connection plugin context, and by much older commits which
 ensured that request_reset hook was always run)

  "Remote address behind reverse proxy not logged"
2021-10-12 22:21:42 -04:00
Glenn Strauss 16f16dbfd5 [doc] update INSTALL 2021-10-12 16:13:51 -04:00
Glenn Strauss a5581b0319 [core] avoid repeated typedef for fdlog_st
  "Lighttpd 1.4.60 make error typedef fdlog_st redefinition"
2021-10-12 11:12:34 -04:00
Glenn Strauss a2bfccd1be [tests] force Fcntl::F_SETFD() autovivification (#3110)
  "RPM build fails at"
2021-10-10 18:28:01 -04:00
Glenn Strauss 1c41faaebc [mod_dirlisting] sort "../" to top (fixes #3109)
(thx otovalek)

  "mod_dirlisting javascript sort of ".." entries is broken"
2021-10-10 15:25:43 -04:00
Glenn Strauss 78eb0e3945 [tests] force POSIX::WNOHANG() autovivification (fixes #3110)
  "RPM build fails at"
2021-10-10 15:19:05 -04:00
Glenn Strauss 2a3cca7c56 [core] earlier macOS need define for errno_t (fixes #3107)
Earlier macOS need _DARWIN_C_SOURCE defined for errno_t from sys/types.h

Alternatively, define __STDC_WANT_LIB_EXT1__ >= 1 before include errno.h

  "error: unknown type name 'errno_t' (macOS 10.13.6)"
2021-10-10 14:09:12 -04:00
Glenn Strauss 124543bbe1 [mod_magnet] prefer lua_newuserdatauv() w/ lua 5.4
lua_newuserdata() -> lua_newuserdatauv() w/ lua 5.4
2021-10-07 19:10:26 -04:00
Glenn Strauss 07c8a6f056 [core] bounds check while url-decoding
(thx helmut)

do not read-ahead past '\0' while url-decoding

lighttpd 1.4.60 could previously have read one byte of potentially
uninitialized data.  lighttpd detects the '\0' so there is no exposure
of data.  This also can not cause a crash in lighttpd 1.4.60 due to how
lighttpd 1.4.60 allocates memory for buffers in sizes (power-2 + 1),
and typical system malloc alignment of 4- or 8- bytes.
2021-10-06 15:15:20 -04:00
Glenn Strauss 575665ad88 [multiple] __attribute_nonnull__ now takes params
define __attribute_nonnull__(params) with params to match
recent changes in glibc development (targetting glibc 2.35 in Feb 2022)

  new __attribute_nonnull__(params) conflicts with third-party
2021-10-05 19:12:23 -04:00