Commit Graph

4005 Commits

Author SHA1 Message Date
Glenn Strauss 6836a32c4f [core] omit fdevent select() code if poll() avail
omit fdevent select() code if poll() avail
translate server.event-handler = "select" to "poll" when poll available
2021-05-17 23:28:32 -04:00
Glenn Strauss 7b5ba32a12 [core] tighter OS event poll loops (better asm)
slightly reorganize some code for better asm
2021-05-17 22:43:58 -04:00
Glenn Strauss bac34c1a66 [tests] quite coverity warning in test_request.c 2021-05-17 02:52:03 -04:00
Glenn Strauss 80848d3708 [core] store int* ptr to common gw status counters
(avoid repeated table lookups)
2021-05-16 21:42:17 -04:00
Pavel Gulchuk 2d6c511d23 [core] fix kill workers and shutdown by signal
github: closes #105
2021-05-15 22:00:48 -04:00
Glenn Strauss 0532d67639 [core] document error edge case for HTTP/1.0
When lighttpd is not configured to stream the response body,
lighttpd sends partial content with an incorrect Content-Length
to an HTTP/1.0 client if a backend sends Transfer-Encoding: chunked
in response to lighttpd HTTP/1.1 request (to backend), and the response
from the backend ends up truncated.

lighttpd could instead send an HTTP/1.0 502 Bad Gateway, but the
current implementation chooses to send the partial content.  After all,
an HTTP/1.0 client is, well, HTTP/1.0, and so of limited intelligence.
2021-05-14 20:45:59 -04:00
Glenn Strauss 5ff9e2f6eb [core] remove some (now) unused http_chunk APIs
remove http_chunk_append_file() and http_chunk_append_file_range()

callers should choose to use stat_cache_entry_open() for caching
or should open file and check sizes and ranges
2021-05-14 03:43:41 -04:00
Glenn Strauss 1ce8220947 [core] range chk http_chunk_append_file_ref_range
add range sanity check in http_chunk_append_file_ref_range()
(before potentially sending HTTP/1.1 chunked header)
2021-05-14 03:43:18 -04:00
Glenn Strauss f0da8dd910 [mod_magnet] use http_chunk_append_file_ref_range 2021-05-14 02:39:40 -04:00
Glenn Strauss 1d9fe2a3d6 [mod_flv_streaming] check range before sending FLV
check range before sending FLV header
2021-05-14 02:29:24 -04:00
Glenn Strauss 2663bda37c [core] add option to read config file from stdin
add option to read config file from stdin using: -f -
(with "-" indicating to read config file from stdin)

This was already been possible using temporary files, unlinked and
passed to lighttpd as -f /proc/self/fd/XX (with XX as fd number)
on systems (or containers) in which /proc/self/fd/ is available

Note: using -f - is incompatible with one-shot mode (-1)
since one-shot mode expects stdin to be connected to the client
2021-05-13 20:35:38 -04:00
Glenn Strauss fd0cc46833 [core] remove HANDLER_UNSET enum value 2021-05-13 15:15:20 -04:00
Glenn Strauss bedfd8a78e [mod_*_dbi] fix sqlite3_dbdir spelling in comments
The sqlite3 option is "sqlite3_dbdir"
2021-05-13 13:48:24 -04:00
Glenn Strauss 302d82a59c [core] accept in network_server_handle_fdevent()
merge connection_accept() into network_server_handle_fdevent()

(possible since connection_accepted() was split out from
 connection_accept() a long time ago)
2021-05-13 02:10:58 -04:00
Glenn Strauss 924d3c9bd6 [multiple] mark con->srv_socket a const ptr 2021-05-13 02:09:48 -04:00
Glenn Strauss c964568e25 [core] remove redundant check for max_conns
network_server_handle_fdevent() checks max_conns and is the only
callers of connection_accept(), so connection_accept() does not
need to repeat the check.
2021-05-13 01:04:57 -04:00
Glenn Strauss 7b0bc1298a [core] reorder hook enum for better mem locality 2021-05-12 05:25:38 -04:00
Glenn Strauss 0afab29cfb [core] merge uri_raw and uri_clean hooks
hooks are run consecutively in http_response_prepare()

merge uri_raw before uri_clean to preserve existing ordering
2021-05-12 05:23:28 -04:00
Glenn Strauss 3a9a3716c4 [core] adjust r->http_host ptr caching
faster to use http_header_request_set_ptr() and buffer_copy_string_len()
than to use http_header_request_set() and http_header_request_get()

check r->http_host for NULL instead of relying on buffer_copy_* to do so
2021-05-10 20:20:28 -04:00
Glenn Strauss 01a9e31227 [cmake] update src/config.h.cmake 2021-05-08 19:50:05 -04:00
Glenn Strauss 21539ec69e [cmake] improve cmake detection of timegm 2021-05-08 18:53:04 -04:00
Glenn Strauss 7a15bfcf04 [mod_auth] include unistd.h for crypt() on *nix
(needed by *BSD in addition to Mac OS)
2021-05-08 18:44:25 -04:00
Glenn Strauss 22e8f600f5 [core] quiet coverity noise 2021-05-08 18:32:14 -04:00
Glenn Strauss f8914ac381 [core] remove excess assertions in buffer_commit()
buffer_commit() is called by routines which preallocate for operations
like read().  The caller must properly manage the memory.  The checks
removed from buffer_commit() are too late.
2021-05-08 16:51:28 -04:00
Glenn Strauss 980554bc70 [core] simplify buffer_path_simplify() 2021-05-08 14:34:05 -04:00
Glenn Strauss b2f4c00784 [core] mark some likely hot paths (better asm)
slightly reorganize some code for better asm
2021-05-08 01:16:46 -04:00
Glenn Strauss 17d9733f6e [core] http_response_prepare() OPTIONS *, CONNECT
special-case OPTIONS * and CONNECT in http_response_prepare()

http_response_prepare() is no longer revisited if r->handler_module
is set, so it is no longer necessary to fill r->physical.path for
2021-05-07 21:29:02 -04:00
Glenn Strauss 325690b039 [core] mark cold paths in http_response_config
HTTP/1.1 is not typically disabled

GET/HEAD are typically the most frequent request types
  and request body is not typically present for GET/HEAD
2021-05-07 16:39:52 -04:00
Glenn Strauss f7bcc83355 [core] buffer_is_equal_string -> buffer_eq_slen 2021-05-07 16:39:52 -04:00
Glenn Strauss 1aae63af62 [core] remove buffer_is_equal_right_len()
(not widely used or widely useful)
2021-05-07 16:39:52 -04:00
Glenn Strauss e0a4a7849f [core] check for Upgrade before h2 upgrade check
(short-circuit if Upgrade header not present)
2021-05-07 16:39:52 -04:00
Glenn Strauss e2bd776f8f [tests] disable secdownload HMAC tests for NSS
NSS crypto lib does not expose interfaces to HMAC funcs
2021-05-07 16:39:52 -04:00
Glenn Strauss 28f1d010d2 [core] improve HTTP/2 behavior w/ max-request-size
improve HTTP/2 behavior when server.max-request-size reached

accept slightly more data than max-request-size if END_STREAM flag recvd

reduce rwin so that client may exceed server.max-request-size, but not
by much.  (client might ignore and might send a firehose of data anyway)
accept up to 64k more data to potentially sink data that was in-flight
beyond the rwin, in order to allow server to send 413 Payload Too Large
before resetting the stream.
2021-05-07 16:39:52 -04:00
Glenn Strauss b288eeafaa [core] http_response_send_file() mark cold paths 2021-05-06 17:35:00 -04:00
Glenn Strauss 2097fe441b [mod_extforward] shared mod_extforward_bad_request 2021-05-06 17:35:00 -04:00
Glenn Strauss 6c40f997b9 [core] merge http_response_send_file 0-size case
merge http_response_send_file 0-sized file special case
(historically was a short-circuit before Range handling,
 but Range handling has been rewritten and moved elsewhere)
2021-05-06 17:35:00 -04:00
Glenn Strauss 4c12d7da08 [core] tighten code in request_check_hostname() 2021-05-06 17:35:00 -04:00
Glenn Strauss 060be714be [mod_auth] include unistd.h for crypt() on Mac OS 2021-05-06 17:35:00 -04:00
Glenn Strauss a473d48c43 [core] consolidate overflow checks in li_to_base64 2021-05-06 17:35:00 -04:00
Glenn Strauss bc572e1c56 [core] base64_charset enum supports only 2 tables 2021-05-06 17:35:00 -04:00
Glenn Strauss 6de4c809c9 [core] buffer_append_base64_encode_opt()
with option to include or omit padding

single func to handle both:
- buffer_append_base64_encode_no_padding
- buffer_append_base64_encode
2021-05-06 17:35:00 -04:00
Glenn Strauss 6f942adfe0 [core] li_to_base64 alt code to add padding 2021-05-06 17:35:00 -04:00
Glenn Strauss 5e39c81ff2 [core] li_base64_decode mark cold code path 2021-05-06 17:35:00 -04:00
Glenn Strauss 099dc83fbe [core] li_base64_decode similar to li_to_base64 2021-05-06 17:35:00 -04:00
Glenn Strauss 871ef50eff [build] --with-nss add test for /usr/include/nspr4
  "nspr header location"
2021-05-06 17:35:00 -04:00
Glenn Strauss 57c8b3287d [mod_staticfile] move cold paths to separate func 2021-05-06 17:35:00 -04:00
Glenn Strauss 9a5e1652be [multiple] static file optimization; reuse cache
reuse cache lookup in common case of serving a static file
rather than repeating the stat_cache_entry lookup
(which is more work than memcmp() to re-check stat_cache_entry match)
2021-05-06 17:35:00 -04:00
Glenn Strauss 7ff6adc44c [core] tolerate dup array config values if match
tolerate duplicated array config values if identical key and value
(still issue warning trace)
2021-05-06 17:35:00 -04:00
Glenn Strauss 92d467b45e [TLS] ALPN h2 policy
HTTP/2 requires that TLS protocol >= TLSv1.2
HTTP/2 requires that TLS record compression be disabled
HTTP/2 requires that TLSv1.2 renegotiation be disabled

HTTP/2 requires that TLS SNI extension be presented with ALPN h2
  (not enforced;
   SNI omitted by client when connecting to IP instead of to name)

RFC 7540 9.2 Use of TLS Features
"Implementations are encouraged to provide defaults that comply,
 but it is recognized that deployments are ultimately responsible
 for compliance."

If TLS record compression or renegotiation are for some reason required
(which is strongly discouraged), then disable HTTP/2 in lighttpd with
  server.feature-flags = ("server.h2proto" => "disable")
2021-05-06 17:34:58 -04:00
Glenn Strauss 9ac307ec14 [mod_authn_file] wipe password/digest after use
slurp password/digest file into memory and then clear after use
(avoid stdio, which buffers by default and does not wipe those buffers)

password/digest files are not expected to be very large
e.g. a password file with 1000 entries is expected to be < 64k
If files are larger, mod_authn_dbi or other mod_authn_* is recommended
2021-04-29 09:19:56 -04:00