Commit Graph

719 Commits

Author SHA1 Message Date
Stefan Bühler 2a8f73e7d4 [mod_secdownload] fix buffer overflow in secdl_verify_mac (reported by Fortify Open Review Project)
Impact is probably low on most platforms, as it will probably overwrite
one byte of "HASH HA1" which isn't used afterwards anymore.

Reference: Fortify Open Review Project - lighttpd 1.4.39
    ID 22708159 - Buffer Overflow: Off-by-One

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3096 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-13 14:53:20 +00:00
Stefan Bühler f3606dc539 [mod_dirlisting] dir-listing.hide-dotfiles = "enabled" by default (fixes #1081)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3094 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-04 19:46:29 +00:00
Stefan Bühler f56fe331e5 [mod_proxy] use case-insensitive comparision to filter headers, send Connection: Close to backend (fixes #421)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3093 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-04 19:23:16 +00:00
Glenn Strauss dde7bea99a [mod_cgi] kill CGI if fail to write request body
(clean up potential zombie processes from unreaped children)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3092 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-04 18:54:30 +00:00
Glenn Strauss f2cbd0a3aa [mod_cgi] simplify mod_cgi_handle_subrequest()
wait for CGI to close stdout, so we read EOF on pipe to end CGI response

remove extra call to waitpid() which will occur after process exits
if it has not already been explicitly closed by CGI (and has not been
inherited by CGI forked children)  (If CGI forks, then it should close
its stdout response pipe when response is done, especially if it intends
to perform lengthy post-processing in the background.)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3091 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-04 18:54:28 +00:00
Glenn Strauss e5e66f791f [mod_cgi] consolidate CGI cleanup code
(more consistent behavior)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3090 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-04 18:54:26 +00:00
Glenn Strauss 94647804cf [mod_cgi] send 500 if CGI ends and there is no response (fixes #2542)
(Thx, anomie, who identified and explained problem in above ticket)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3089 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-04 18:54:24 +00:00
Glenn Strauss c80ae9b212 [mod_fastcgi] 404 for X-Sendfile file not found (fixes #2474)
(slightly modified from patch by bert)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3088 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-03-04 15:37:17 +00:00
Stefan Bühler 02594f107a [plugins] don't include dlfcn.h if not needed (fixes #2548)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3087 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-28 12:12:05 +00:00
Glenn Strauss 75e4859a1b [mod_compress] case-insensitive content-codings (fixes #2645)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3086 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-28 11:59:09 +00:00
Stefan Bühler c033a1966e [core] improve conditional enabling (thx Gwenlliana, #2598)
instead of looping over all config blocks for each conditional var that
gets enabled, enable them all and run over them once.

Right now it seems we actually set all variables at once in normal
config handling (SNI only sets a subset); future modifications
might introduce new variables which are activated at a later stage
(physical path related for example).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3083 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-21 18:32:17 +00:00
Stefan Bühler ad65603ec0 [core] fix conditional cache handling
- add new "skip" result to mark conditions that didn't actually get
  evaluated to false but just skipped because the preconditions failed.
- add "local_result" for each cache entry to remember whether the
  condition itself matched (not including the preconditions).
  this can be reused after a cache reset if the condition itself was not
  reset, but the preconditions were
- clear result of subtree (children and else-branches) when clearing a
  condition cache

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3082 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-21 18:32:14 +00:00
Glenn Strauss 1c01a42aa3 [core] never evaluate else branches until the previous branches are aready (fixes #2598)
The first condition which evaluates true in any if-else... condition
chain short-circuits the chain, and any remaining conditions in the
chain are marked false.

Previous conditions in if-else condition chaining must be evaluatable
(to true or false) -- must not remain in unset (not yet evaluatable)
state -- prior to evaluating later conditions.  Since any true
condition short-circuits remaining conditions, all prev conditions
must be false prior to evaluating later conditions.

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3081 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-21 17:56:24 +00:00
Stefan Bühler 431559e5df [configparser] don't continue after parse error (fixes #2717)
only use values in reduce actions when the config is still valid
(ctx->ok).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3080 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-19 15:49:06 +00:00
Glenn Strauss f23a24a263 [mod_cgi] issue trace and exit if execve() fails (closes #2302)
(replace SEGFAULT if execve() fails)

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3079 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-14 11:11:15 +00:00
Glenn Strauss 665cc39b95 [mod_cgi] edge case chdir "/" when docroot "/" (fixes #2460)
From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3077 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-14 10:54:26 +00:00
Glenn Strauss 5cc061bfab [core] do not send SIGHUP to process group unless server.max-workers is used (fixes #2711)
do not propagate sighup if 0 == server.max-workers; reduce impact of
sighup on child processes, such as piped loggers, by not forwarding
sighup signal unless server.max-workers configured

For those configuring server.max-workers, it is recommended that
piped loggers be used to avoid log corruption, and then admins can
avoid sending lighttpd SIGHUP as there is currently no benefit to
doing so with the standard modules (beyond that of log rotation of
non-piped access and error logs).

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3076 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-14 10:44:30 +00:00
Glenn Strauss 3fd80ff8ec [mod_cgi] use MAP_PRIVATE to mmap temporary file instead of MAP_SHARED (fixes #2715)
Flash filesystem JFFS2 does not support mmap PROT_READ MAP_SHARED,
though it does support mmap PROT_READ MAP_PRIVATE

Although MAP_SHARED is preferred, CGI input body is fully collected
prior to handler invoking the CGI, so the temporary file is never
modified after being mapped.  Since the request input body is specific
to request and is temporary file, mmap PROT_READ MAP_PRIVATE works fine.

From: Glenn Strauss <gstrauss@gluelogic.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3075 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-02-10 19:33:57 +00:00
Stefan Bühler 566cf8decb add force_assert for more allocation results
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3072 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-01-30 13:59:07 +00:00
Stefan Bühler f3b577ddee use libmemcached instead of deprecated libmemcache
Differential Revision: https://review.lighttpd.net/D5

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3071 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-01-03 14:48:11 +00:00
Stefan Bühler c354229f42 add handling for lua 5.2 and 5.3 (fixes #2674)
Reviewers: stbuehler

Differential Revision: https://review.lighttpd.net/D4

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3070 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-01-03 14:48:09 +00:00
fbrosson d8e028e069 [mod_ssi] enhance support for ssi vars
Try ssi_vars if ssi_cgi_env does not have a matching var name.
Allow var names to also include digits after the initial letter or underscore.

From: fbrosson <fbrosson@users.noreply.github.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3069 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-01-03 14:48:07 +00:00
Stefan Bühler 3dd2f66d13 - next is 1.4.40
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3068 152afb58-edef-0310-8abb-c4023f1b3aa9
2016-01-03 14:48:04 +00:00
Stefan Bühler 6ef3b709db [chunk] fix use after free / double free (fixes #2700)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3065 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-12-19 08:28:39 +00:00
Stefan Bühler 737d4f0f20 [core] fix memset_s call (fixes #2698)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3064 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-12-18 21:56:59 +00:00
Stefan Bühler 53c4ab8438 - next ist 1.4.39
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3063 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-12-05 14:18:38 +00:00
Kyle J. McKay b37dd77491 [core] show correct crypt support result (fixes #2690)
If the crypt function is available as part of the standard
system library, then HAVE_LIBCRYPT will not be set, but
HAVE_CRYPT or HAVE_CRYPT_R will.

Make server.c test HAVE_CRYPT, HAVE_CRYPT_R  and HAVE_LIBCRYPT
to determine the correct value of crypt support.

Signed-off-by: Kyle J. McKay

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3061 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-12-04 20:53:51 +00:00
Kyle J. McKay 159ca0c15d [network] add darwin-sendfile backend (fixes #2687)
The FreeBSD version of sendfile is already supported.  Starting
with OS X 10.5, Darwin also supports sendfile, but using a
slightly different argument list even though much of the
implementation is likely taken from FreeBSD just like the man
page is.

Add support for darwin's sendfile by introducing a new
network_darwin_sendfile.c file that's just a copy of the
network_freebsd_sendfile.c file except with the arguments
adjusted to compensate for the minor API difference (FreeBSD
has separate in and out byte count arguments whereas Darwin
has a combined in/out byte count argument).

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3060 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-12-04 20:48:21 +00:00
Kyle J. McKay b0ecb4d44b [mod_fastcgi/mod_scgi] zero sockaddr structs before use (fixes #2691)
When a sockaddr_un, sockaddr_in or sockaddr_in6 structure
is allocated on the stack or heap, it may contain random
byte values.

The "unused" and "reserved" parts must be zerod otherwise
unexpected failures may occur.  The simplest way to do
this and be compatible with various platforms' struct
layouts is just to memset them to 0.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3059 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-12-04 20:22:42 +00:00
Stefan Bühler bfaa48260a [mod_secdownload] add required algorithm option; old behaviour available as "md5", new options "hmac-sha1" and "hmac-sha256"
Differential Revision: https://review.lighttpd.net/D7

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3054 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-11-22 22:22:22 +00:00
Stefan Bühler 85d8a17575 [core] encode path with ENCODING_REL_URI in redirect to directory (fixes #2661, thx gstrauss)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3052 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-11-07 15:00:18 +00:00
Stefan Bühler 3943de280e [core] add '~' to safe characters in ENCODING_REL_URI/ENCODING_REL_URI_PART encoding
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3051 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-11-07 15:00:15 +00:00
Stefan Bühler a069548370 [core] revert increase of temp file size back to 1MB, provide a configure option "server.upload-temp-file-size" instead (fixes #2680)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3050 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-11-07 12:51:14 +00:00
Stefan Bühler c512345fa2 [config] check config option scope; warn if server option is given in conditional
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3049 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-11-07 12:51:11 +00:00
Stefan Bühler 39add4476f [mod_secdownload] use a hopefully constant time comparison to check hash (fixes #2679)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3048 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-10-27 20:50:53 +00:00
Gaurav 5c5f67a5c7 add force_assert for many allocations and function results
From: Gaurav <g.gupta@samsung.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3047 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-10-16 19:44:06 +00:00
Stefan Bühler f19128086c [core] don't buffer request bodies smaller than 64k on disk
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3046 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-10-13 19:46:04 +00:00
Loganaden Velvindron d7be04beb5 [mod_auth] implement and use safe_memclear, using memset_s or explicit_bzero if available
From: Loganaden Velvindron <logan@elandsys.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3045 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-09-26 10:11:24 +00:00
Gaurav 37bdb250a4 [core] check configparserAlloc() result with force_assert
From: Gaurav <g.gupta@samsung.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3044 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-09-26 10:11:22 +00:00
Stefan Bühler a93be99441 [core] fix search for header end if split across chunks (fixes #2670)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3043 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-09-24 06:03:40 +00:00
Stefan Bühler 3512b5cb77 [core] allocate at least 4k buffer for incoming data
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3042 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-09-24 06:03:38 +00:00
Stefan Bühler 69f890e2c5 [stat-cache] fix handling of collisions, might have returned wrong data (fixes #2669)
- don't remember splay_tree nodes for long (dir_node, file_node) after
  cache lookup; only remember the data they pointed to (sce for file
  entries, fam_node for dir entries)
- unset sce / fam_node when a collision (not matching path) is detected
- check again for collision before splaytree_insert; the entry in
  question is already at the top because it was splayed before. simply
  replace the data on collisions (and release the old data).
- check fam_node for collisions too
- splaytree_size handles NULL nodes too
- enable some force_assert lines (were in #ifdef DEBUG_STAT_CACHE before)

Differential Revision: https://review.lighttpd.net/D1

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3039 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-09-16 00:18:11 +00:00
Stefan Bühler d8b5492f5a -next is 1.4.38
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3037 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-09-15 11:52:35 +00:00
Stefan Bühler dd4fe73c47 fix some warnings found by coverity ("leak" in setup phase, not catching too long unix socket paths in mod_proxy)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3034 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-30 10:16:28 +00:00
Stefan Bühler 0b02cd2690 [mmap] handle SIGBUS in network; those get triggered if the file gets smaller during reading
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3031 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-29 12:23:42 +00:00
Stefan Bühler b66fa2cb68 [plugins] when modules are linked statically still only load the modules given in the config
- previously it would load all modules in some fixed order
- also warn when mod_magnet or mod_trigger_b4_dl are compiled without
  needed dependencies
- mod_trigger_b4_dl fails in plugin_init when dependencies are missing

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3029 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-29 09:28:01 +00:00
Stefan Bühler 912533cd68 [mmap] fix mmap alignment
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3028 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-23 12:59:07 +00:00
Stefan Bühler 6d6dbadb14 [mod_cgi] rewrite mmap and generic (post body) send error handling
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3027 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-23 11:53:48 +00:00
Stefan Bühler 9257d7df4f [bsd xattr] fix compile break with BSD extended attributes in stat_cache
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3023 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 23:27:17 +00:00
Stefan Bühler d7cd5b087a [autoconf] define HAVE_CRYPT when crypt() is present
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3022 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 21:39:24 +00:00
Stefan Bühler e57a70174b [kqueue] fix kevent call
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3020 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 21:39:19 +00:00
Stefan Bühler 0508bf674e fix some unchecked return value warnings
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3015 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 16:01:08 +00:00
Stefan Bühler 593599f14a rewrite network (write) backends
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3012 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 16:00:59 +00:00
Stefan Bühler fa8b154628 fix undefined integer shift
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3011 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-22 16:00:56 +00:00
Stefan Bühler 5c5616e3e5 increase upload temporary chunk file size from 1MB to 16MB
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3010 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-13 18:44:30 +00:00
Stefan Bühler 1371c87c34 fix out-of-filedescriptors when uploading "large" files (fixes #2660, thx rmilecki)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3009 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-13 18:44:27 +00:00
Stefan Bühler 47cddfd4f3 [mod_dirlisting] fix dir-listing.set-footer not showing
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3008 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-09 13:03:52 +00:00
Stefan Bühler a80f75e004 [mod_proxy] remove debug log line from error log (fixes #2659)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3007 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-08-03 19:43:06 +00:00
Stefan Bühler 752e501231 - next is 1.4.37
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3006 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-26 13:02:44 +00:00
Stefan Bühler def17b2925 [configfile] fix reading uninitialized variable (found by Willian B.)
- stream_open()-ing an empty file shouldn't return an error (and didn't on my
  system)
- don't try to handle empty file as non-error in config_parse_file;
  this fixes the read of an potentially unitialized variable
- stream_open()-ing an empty file doesn't try to map the file anymore
  and should not result in any errors; return an empty stream instead.
- stream_open(): make sure the returned stream is always initialized
  correctly, and can always be used with stream_close(), whether opening
  was successful or not
- stream_close(): also reset the size member

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3003 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-19 10:03:12 +00:00
Pascal Bach 4a87f75fcf [mod_proxy] add unix domain socket support (fixes #2653)
If the server is set to a path like value (starting with "/")
mod_proxy will try to establish a connection via unix domain socket.

Signed-off-by: Pascal Bach <pascal.bach@siemens.com>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3002 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-11 11:20:18 +00:00
Stefan Bühler 8db141a1b3 mime.conf: add some new mime types, remove .dat, .sha1, .md5, update .vcf
- create-mime.conf.pl: also parse lines with upper case characters
- rerun create-mime.conf.pl with debian mime-support 3.58

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3001 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-07 17:12:48 +00:00
Stefan Bühler 2bd89370fc fix segfault when temp file for upload couldn't be created (found by coverity)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2999 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-05 22:00:17 +00:00
Stefan Bühler c5737093db [mod_magnet] fix segfault when accessing not existing lighty.req_env[] entry (found by coverity)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2998 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-05 22:00:14 +00:00
Stefan Bühler c31bf21f97 fix memory leak in mod_status when no counters are set (found by coverity)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2996 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-05 21:34:07 +00:00
Stefan Bühler 9f05b61ab4 parse If-None-Match for ETag validation (fixes #2578)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2994 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-05 16:59:01 +00:00
Stefan Bühler 71b5c53a0a show extforward re-run warning only with debug.log-request-handling (fixes #2561)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2993 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-05 16:48:27 +00:00
Stefan Bühler 572681c9f1 fix hex escape in accesslog (fixes #2559)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2992 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-07-05 16:01:16 +00:00
Stefan Bühler 427120b41a escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2989 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-05-28 15:47:14 +00:00
Stefan Bühler 33cebeb0f7 fix segfaults in many plugins if they failed configuration
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2988 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-05-14 09:38:33 +00:00
Stefan Bühler df87b3ef98 fix error message for T_CONFIG_ARRAY config values if an entry value is not a string
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2987 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-05-14 09:38:30 +00:00
Stefan Bühler c92496720d [mod_auth] use crypt_r instead of crypt if available
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2986 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-02-12 06:39:39 +00:00
Stefan Bühler 6afad87d2e fix buffer, chunk and http_chunk API
* remove unused structs and functions
    (buffer_array, read_buffer)
  * change return type from int to void for many functions,
    as the return value (indicating error/success) was never checked,
    and the function would only fail on programming errors and not on
    invalid input; changed functions to use force_assert instead of
    returning an error.
  * all "len" parameters now are the real size of the memory to be read.
    the length of strings is given always without the terminating 0.
  * the "buffer" struct still counts the terminating 0 in ->used,
    provide buffer_string_length() to get the length of a string in a
    buffer.
    unset config "strings" have used == 0, which is used in some places
    to distinguish unset values from "" (empty string) values.
  * most buffer usages should now use it as string container.
  * optimise some buffer copying by "moving" data to other buffers
  * use (u)intmax_t for generic int-to-string functions
  * remove unused enum values: UNUSED_CHUNK, ENCODING_UNSET
  * converted BUFFER_APPEND_SLASH to inline function (no macro feature
    needed)
  * refactor: create chunkqueue_steal: moving (partial) chunks into another
    queue
  * http_chunk: added separate function to terminate chunked body instead of
    magic handling in http_chunk_append_mem().
    http_chunk_append_* now handle empty chunks, and never terminate the
    chunked body.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2975 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-02-08 12:37:10 +00:00
Stefan Bühler 3521be8b85 print backtrace in assert logging with libunwind
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2974 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-02-07 13:32:56 +00:00
Stefan Bühler d00e1e79b9 [connections] fix bug in connection state handling
if a request was finished (con->file_finished = 1) and the state
  machine was triggered, but the write queue was empty, it didn't
  actually finish the request.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2973 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-02-07 13:32:54 +00:00
Stefan Bühler b0a632f253 [network] fix compile break in calculation of sockaddr_un size if SUN_LEN is not defined (fixes #2609)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2972 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-02-07 11:33:30 +00:00
Stefan Bühler 76870cfef1 add NEWS entry for previous commit
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2971 152afb58-edef-0310-8abb-c4023f1b3aa9
2015-02-07 11:33:28 +00:00
Stefan Bühler 084df7e99a [ssl] disable SSL3.0 by default
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2969 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-10-16 17:52:14 +00:00
Stefan Bühler 4a6838103d [mod_dirlisting,mod_redirect,mod_rewrite] abort config parsing if pcre-compile fails or isn't available
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2968 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-10-16 17:52:12 +00:00
Stefan Bühler c4f214584a [build] use fortify flags with "extra-warnings"
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2967 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-10-16 17:52:10 +00:00
Moritz Wilhelmy 4d55d4ada3 add support for (Free)BSD extended attributes
enable with `./configure --with-attr` and `mimetype.use-xattr =
"enable"` in the config.

set attribute with:

    setextattr user Content-Type text/plain path/to/www/file

From: Moritz Wilhelmy <mw@barfooze.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2966 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-05-22 08:30:13 +00:00
Stefan Bühler 059a5a67dd fix typo in NEWS entry for #2579
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2965 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-05-13 13:04:35 +00:00
Stefan Bühler 3b23130ea2 add more mime types and a script to generate mime.conf (fxies #2579)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2964 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-05-13 10:34:46 +00:00
Stefan Bühler f8f3351506 fix bad shift in conditional netmask ".../0" handling
config conditionals like $HTTP["remoteip"] == "a.b.c.d/0" (or completely
broken netmasks) triggered bad shifts. Matching against "/0" is not very
useful though - it is always true.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2963 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-04-14 16:12:11 +00:00
Stefan Bühler 3605a3bec3 use keep-alive timeout while waiting for HTTP headers; use always the read timeout while waiting for the HTTP body
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2962 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-04-02 10:04:11 +00:00
Stefan Bühler e1b1c52028 - next is 1.4.36
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2961 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-04-02 10:04:09 +00:00
Stefan Bühler d1a2356916 fix SQL injection / host name validation (thx Jann Horn)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2959 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-03-12 12:03:55 +00:00
Stefan Bühler efc41b2bb1 check length of unix domain socket filenames
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2958 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-16 13:08:43 +00:00
Stefan Bühler 8e31e18b8e [mod_webdav] fix logic error in handling file creation error
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2955 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-16 13:08:36 +00:00
Stefan Bühler 57c661c191 fix unchecked return values from stream_open/stat_cache_get_entry
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2954 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-16 13:08:34 +00:00
Stefan Bühler b106513e58 [network] check return value of lseek()
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2953 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-16 13:08:32 +00:00
Stefan Bühler 9f2be4882d force assertion: setting FD_CLOEXEC must work (if available)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2952 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-16 13:08:29 +00:00
Stefan Bühler ef0b353fee [mod_cml_lua] fix null pointer dereference
a local lua script could trigger it by not sending any files and not
  setting a last-modified header, leading to zero mtime and a buffer
  ptr = NULL which was used in http_response_handle_cachable

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2951 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-16 13:08:27 +00:00
Stefan Bühler 07dd0bd0a5 add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2948 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-16 13:08:20 +00:00
Stefan Bühler fba7dd6f43 fix resource leaks in error cases on config parsing and other initializations
None of this matters - lighttpd will terminate anyway. Still helps the
  code to get cleaner, and makes reviewing output of static analyzers
  easier.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2947 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:19 +00:00
Stefan Bühler bf10267807 [buffer] fix length check in buffer_is_equal_right_len
buffer_is_equal_right_len didn't check the length of the second
  buffer. as all calls in lighttpd used the length of the second buffer
  as length parameter those calls were not broken.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2946 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:16 +00:00
Stefan Bühler bcd35cc264 remove logical dead code
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2945 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:14 +00:00
Stefan Bühler 29a1070299 add comments for switch fall throughs
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2944 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:12 +00:00
Stefan Bühler b239e7734a [mod_magnet] fix memory leak
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2943 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:10 +00:00
Stefan Bühler b461e031f5 [mod_fastcgi,mod_scgi] fix resource leaks on spawning backends
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2942 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:07 +00:00
Stefan Bühler d59c910d6a [mod_dirlisting] fix memory leak if pcre fails
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2941 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:05 +00:00
Stefan Bühler 0aaf939e5e [mod_rrdtool] fix invalid read (string not null terminated)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2940 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:03 +00:00
Stefan Bühler fc3a060a04 [mod_fastcgi] fix use after free (only triggered if fastcgi debug is active)
If a new fastcgi packet is expected, but the currently available
  data doesn't fill the header and debug is active an invalid
  read is triggerd.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2939 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:06:00 +00:00
Stefan Bühler b8a1835093 NEWS entry for previous commit
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2938 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-14 21:05:58 +00:00
Stefan Bühler 0d855be97e - next is 1.4.35
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2935 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-20 14:20:06 +00:00
Stefan Bühler 24994e113a [mod_webdav] fix fd leak found with parfait (fixes #2530, thx kukackajiri)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2930 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:06 +00:00
Stefan Bühler 657566828e [mod_mysql_vhost] fix memory leak on config init (#2530)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2929 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:04 +00:00
Stefan Bühler e346794d59 [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533)
On platforms that support linking modules with undefined symbols we
actually do it; so most of the time -no-undefined should result in an
error.
On platforms that don't support it, it will result in an error sooner or
later anyway (on those it should build a shared libary with the core
code to link the modules against).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2928 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:05:02 +00:00
Stefan Bühler f0e5c1415d [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2927 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:04:59 +00:00
Stefan Bühler 17762fad01 maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2926 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-01-10 12:04:57 +00:00
Stefan Bühler c8fbc16985 [ssl] fix regression from CVE-2013-4508 (client-cert sessions were broken)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2925 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 17:18:39 +00:00
Stefan Bühler 99cddff73a [core] check success of setuid,setgid,setgroups (CVE-2013-4559)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2923 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:33 +00:00
Stefan Bühler d8b363c1d1 [stat-cache] fix FAM cleanup/fdevent handling
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2922 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:31 +00:00
Stefan Bühler ae1335503a [stat-cache] FAM: fix use after free (CVE-2013-4560)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2921 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:28 +00:00
Stefan Bühler 6b7240f2d8 NEWS entry for previous commit
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2919 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-13 11:43:23 +00:00
Stefan Bühler 1af871fcef [ssl] fix SNI handling; only use key+cert+verify-client from SNI specific config (fixes #2525, CVE-2013-4508)
pull all ssl.ca-file values into all SSL_CTXs, but use only the local
ssl.ca-file for verify-client; correct SNI name is no requirement,
so enforcing verification for a subset of SNI names doesn't actually
protect those.

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2913 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-11-05 15:29:07 +00:00
Stefan Bühler 268c054c40 [mod_extforward] fix compilation without IPv6, (not) using undefined var (fixes #2515, thx mm)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2911 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-10-13 11:34:55 +00:00
Stefan Bühler 9b0d54d7cc [mod_auth] explicitly link ssl for SHA1 (fixes #2517)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2910 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-10-13 11:16:55 +00:00
Stefan Bühler 32199a7bdf - next is 1.4.34
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2909 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-09-27 20:22:12 +00:00
Stefan Bühler 29ff92d9ba [core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes #2502)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2901 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 15:46:13 +00:00
Stefan Bühler 9cfc080ab7 [core] allow files to be used as document-root (fixes #2475)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2900 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 15:02:44 +00:00
Stefan Bühler c26b0f9617 [mod_accesslog] add accesslog.syslog-level option (fixes #2480)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2899 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 14:13:43 +00:00
Stefan Bühler f0e5b84c27 [mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2898 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:15:03 +00:00
Stefan Bühler 92567b8b8f [core] check whether server.chroot exists
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2896 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:59 +00:00
Stefan Bühler 916cf7cfc0 [core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2895 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:57 +00:00
Stefan Bühler f9d58670d5 [auth] new method "extern" to use already present REMOTE_USER (from magnet, ssl, ...) (fixes #2436)
can be combined with ssl:
    ssl.verifyclient.username = "SSL_CLIENT_S_DN_UID"
	auth.require = ("/" => ( "require" => "valid-user", "method" => "extern") )

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2894 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:56 +00:00
Stefan Bühler 559b198f86 [auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes #2495)
From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2892 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:52 +00:00
Stefan Bühler 93fd9ea7a4 [ssl] add option ssl.empty-fragments, defaulting to disabled (fixes #2492)
if ssl.empty-fragments is set to enabled, but the openssl version used
  to compile lighttpd doesn't support empty fragments, a warning is
  displayed (it might still work).

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2891 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:50 +00:00
Stefan Bühler 6d4d2118c3 [ssl] accept ssl renegotiations if they are not disabled (fixes #2491)
* don't fiddle with ssl internals
 * renegotiations should be safe with recent openssl versions,
   openssl itself should reject unsafe renegotiations

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2890 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-08-30 13:14:48 +00:00
Stefan Bühler 05858f6cf2 [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501)
con->conf.is_ssl got removed and replaced by:
 * con->conf.ssl_enabled for the config var "ssl.engine" - it is only
   used to determine which server-sockets should use ssl. (usually not
   needed as it is mandatory and enough to set ssl.pemfile anyway)
 * con->srv_socket->is_ssl to detect the actual ssl status of the
   bound socket, which is the same as the ssl status of the connection
 * con->uri.scheme for the actual $HTTP["scheme"] value, also used for
   the CGI "HTTPS=ON" variable. This defaults to "https" if the
   connection uses ssl, but can be changed for example by mod_extforward
   if X-Forwarded-Proto: is set to either "http" or "https" (other values
   are ignored right now)

Also removed the broken srv_socket->is_proxy_ssl as it was a connection
value in a server_socket struct...

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2887 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-07-31 20:23:21 +00:00
Stefan Bühler 25a3f2e826 [network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes #2470)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2885 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 12:46:02 +00:00
Stefan Bühler 6cdb46587c [ssl] use DH only if openssl supports it (fixes #2479)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2884 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 12:46:00 +00:00
Stefan Bühler 3df2ec9248 [core] recognize more http methods to forward to backends (fixes #2346)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2883 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 10:53:24 +00:00
Stefan Bühler 9b36534752 [core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2882 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 10:53:22 +00:00
Stefan Bühler 12c4a40b28 [mod_userdir] add userdir.active option, "enabled" by default
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2880 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 10:07:43 +00:00
Stefan Bühler a6b42cc61e [auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes #2490)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2878 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 09:45:29 +00:00
Stefan Bühler c008fd7ec8 [mod_auth] fix invalid read in digest qop=auth-int handling (fixes #2478)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2877 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 09:45:27 +00:00
Stefan Bühler 680b714543 [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2875 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-06-29 09:45:23 +00:00
Stefan Bühler a0e93c678b fix undefined stuff found with clang
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2873 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-05-15 10:31:09 +00:00
Stefan Bühler 661efa3f37 fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2872 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-05-15 10:31:07 +00:00
Stefan Bühler ce4bc0c0f7 [mod_auth] fix base64_decode (#2484)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2871 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-05-15 10:31:04 +00:00
Stefan Bühler c26b50d9ad [mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn't use any salt, md5 with salt is probably better.
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2870 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-04-29 13:08:25 +00:00
Stefan Bühler 0342dfef1d [mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes #2483)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2869 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-04-29 13:08:23 +00:00
Stefan Bühler b5da12c008 reject non ASCII characters in HTTP header names
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2868 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-03-25 17:22:36 +00:00
Stefan Bühler 25a2d665aa call ERR_clear_error only for ssl connections in CON_STATE_ERROR
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2867 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-03-25 17:22:34 +00:00
Stefan Bühler 0e48ef6acb [mod_fastcgi,log] support multi line logging (fixes #2252)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2866 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-03-25 17:22:32 +00:00
Stefan Bühler 543bd249fb fix handling of If-Modified-Since if If-None-Match is present (don't return 412 for date parsing errors); follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
See:
 http://tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-21#section-5
 > it makes sense to ignore the If-Modified-Since when entity tags are
 > understood and available for the selected representation.

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2865 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-01-22 13:08:21 +00:00
Stefan Bühler 9cd8faa1b6 mod_fastcgi: fix mix up of "mode" => "authorizer" in other fastcgi configs (fixes #2465, thx peex)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2864 152afb58-edef-0310-8abb-c4023f1b3aa9
2013-01-04 13:54:38 +00:00
Stefan Bühler 5aef370a2d - next is 1.4.33
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2863 152afb58-edef-0310-8abb-c4023f1b3aa9
2012-11-21 12:34:49 +00:00
Stefan Bühler 79fed4ec04 remove whitespace at end of header keys
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2861 152afb58-edef-0310-8abb-c4023f1b3aa9
2012-11-21 12:01:46 +00:00