lighttpd1.4/src
Stefan Bühler ef0b353fee [mod_cml_lua] fix null pointer dereference
a local lua script could trigger it by not sending any files and not
  setting a last-modified header, leading to zero mtime and a buffer
  ptr = NULL which was used in http_response_handle_cachable

From: Stefan Bühler <stbuehler@web.de>

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2951 152afb58-edef-0310-8abb-c4023f1b3aa9
2014-02-16 13:08:27 +00:00
..
CMakeLists.txt [cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add -Wl,--as-needed to extra warnings (fixes #2448) 2013-06-29 09:45:23 +00:00
Makefile.am [auto* build] remove -no-undefined from linker flags, as we actually link modules with undefined symbols (fixes #2533) 2014-01-10 12:05:02 +00:00
SConscript Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331) 2011-07-30 09:16:03 +00:00
array.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
array.h Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
base.h [stat-cache] fix FAM cleanup/fdevent handling 2013-11-13 11:43:31 +00:00
bitset.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
bitset.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
buffer.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
buffer.h add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
chunk.c Append to previous buffer in con read (fixes #2147, found by liming, CVE-2010-0295) 2010-02-01 23:28:50 +00:00
chunk.h Include mmap.h from chunk.h to fix some problems with #define mmap mmap64 (fixes #1923) 2009-04-09 17:39:20 +00:00
config.h.cmake add libev fdevent handler: server.event-handler = "libev" 2010-08-07 10:46:34 +00:00
configfile-glue.c fix :port handling in $HTTP["host"] checks (fixes #2135. thx liming) 2012-11-07 14:23:00 +00:00
configfile.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
configfile.h fixed aggressive caching of conditionals (#41) 2007-08-18 09:27:11 +00:00
configparser.y add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
connections-glue.c Fix some problems with more strict compilers (#1923) 2009-03-07 13:54:10 +00:00
connections.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
connections.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
crc32.c fixed crc32c on 64bit platforms (fixes crc errors) 2005-09-26 12:26:37 +00:00
crc32.h Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
data_array.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
data_config.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
data_count.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
data_fastcgi.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
data_integer.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
data_string.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
etag.c Fix etag formatting 2010-07-04 07:45:17 +00:00
etag.h Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
fastcgi.h - white space cleanup part 2 this time 1.4 ;) 2006-10-04 13:26:23 +00:00
fdevent.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
fdevent.h Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373) 2011-12-25 15:35:01 +00:00
fdevent_freebsd_kqueue.c Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373) 2011-12-25 15:35:01 +00:00
fdevent_libev.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
fdevent_linux_sysepoll.c Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373) 2011-12-25 15:35:01 +00:00
fdevent_poll.c Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373) 2011-12-25 15:35:01 +00:00
fdevent_select.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
fdevent_solaris_devpoll.c Move fdevent subsystem includes to implementation files to reduce conflicts (fixes #2373) 2011-12-25 15:35:01 +00:00
fdevent_solaris_port.c fdevent: add solaris eventports (fixes #2171) 2011-06-13 17:34:57 +00:00
http-header-glue.c [ssl] Fix $HTTP["scheme"] conditional, could be "http" for ssl connections if the ssl $SERVER["socket"] conditional was nested (fixes #2501) 2013-07-31 20:23:21 +00:00
http_auth.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
http_auth.h [mod_auth] some cleanup, only search for matching auth.require path once 2013-08-30 13:14:54 +00:00
http_chunk.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
http_chunk.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
inet_ntop_cache.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
inet_ntop_cache.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
joblist.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
joblist.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
keyvalue.c [core] recognize more http methods to forward to backends (fixes #2346) 2013-06-29 10:53:24 +00:00
keyvalue.h [core] recognize more http methods to forward to backends (fixes #2346) 2013-06-29 10:53:24 +00:00
lemon.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
lempar.c Use NULL instead of 0 where pointers are expected. 2012-08-31 14:11:43 +00:00
lighttpd-angel.c [lighttpd-angel] Remove unused variable. 2012-08-31 14:11:46 +00:00
log.c [mod_fastcgi,log] support multi line logging (fixes #2252) 2013-03-25 17:22:32 +00:00
log.h add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
md5.c [md5] Fix non-ANSI function definitions. 2012-08-31 14:11:42 +00:00
md5.h [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269) 2011-04-24 16:02:52 +00:00
mod_access.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_accesslog.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_alias.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_auth.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_auth.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
mod_cgi.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_cml.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_cml.h - white space cleanup part 2 this time 1.4 ;) 2006-10-04 13:26:23 +00:00
mod_cml_funcs.c Always use our 'own' md5 implementation, fixes linking issues on MacOS (fixes #2331) 2011-07-30 09:16:03 +00:00
mod_cml_funcs.h Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
mod_cml_lua.c [mod_cml_lua] fix null pointer dereference 2014-02-16 13:08:27 +00:00
mod_compress.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_dirlisting.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_evasive.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_evhost.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_expire.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_extforward.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_fastcgi.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_flv_streaming.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_indexfile.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_magnet.c fix r2943 (added invalid read after free) 2014-02-16 13:08:22 +00:00
mod_magnet_cache.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_magnet_cache.h lua_State has to be put into the #ifdef too 2006-09-15 15:32:18 +00:00
mod_mysql_vhost.c [mod_mysql_vhost] fix memory leak on config init (#2530) 2014-01-10 12:05:04 +00:00
mod_proxy.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_redirect.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_rewrite.c [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) 2014-01-10 12:04:59 +00:00
mod_rrdtool.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_scgi.c [mod_scgi] use goto error for all error cases in mod_scgi_set_defaults 2014-02-16 13:08:24 +00:00
mod_secure_download.c maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places 2014-01-10 12:04:57 +00:00
mod_setenv.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_simple_vhost.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
mod_skeleton.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_ssi.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_ssi.h Add ssi.content-type option (default text/html, fixes #615) 2009-06-10 14:50:42 +00:00
mod_ssi_expr.c Fix non-ANSI function declarations. 2012-08-31 14:11:41 +00:00
mod_ssi_expr.h [mod_ssi] fix "ssi_val_init" prototype 2013-11-13 17:18:35 +00:00
mod_ssi_exprparser.y Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
mod_staticfile.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_status.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_trigger_b4_dl.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_uploadprogress.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_userdir.c maintain physical.basedir (the "acting" doc-root as prefix of physical.path) in more places 2014-01-10 12:04:57 +00:00
mod_usertrack.c fix/silence bugs reported by ccc-analyzer (clang) 2013-11-13 11:43:26 +00:00
mod_webdav.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
network.c fix resource leaks in error cases on config parsing and other initializations 2014-02-14 21:06:19 +00:00
network.h Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. 2011-08-22 15:12:28 +00:00
network_backends.h Disable mmap by default (fixes #2391) 2012-02-24 18:34:20 +00:00
network_freebsd_sendfile.c Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. 2011-08-22 15:12:28 +00:00
network_linux_sendfile.c Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. 2011-08-22 15:12:28 +00:00
network_openssl.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
network_solaris_sendfilev.c Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. 2011-08-22 15:12:28 +00:00
network_write.c Limit amount of bytes we send in one go; fixes stalling in one connection and timeouts on slow systems. 2011-08-22 15:12:28 +00:00
network_writev.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
plugin.c Only print a warning for now if you try to load a module twice 2010-08-11 21:10:15 +00:00
plugin.h Fix non-ANSI function declarations. 2012-08-31 14:11:41 +00:00
proc_open.c fix some bugs found with canalyze (fixes #2484, thx Zhenbo Xu) 2013-05-15 10:31:07 +00:00
proc_open.h Fix leaving zombie process with include_shell (#1777) 2008-09-30 19:42:29 +00:00
request.c add comments for switch fall throughs 2014-02-14 21:06:12 +00:00
request.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
response.c [core] decode URL before rewrite, enabling it to work in $HTTP["url"] conditionals (fixes #2526) 2014-01-10 12:04:59 +00:00
response.h Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
server.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
server.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
settings.h add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
splaytree.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
splaytree.h - white space cleanup part 2 this time 1.4 ;) 2006-10-04 13:26:23 +00:00
stat_cache.c add force_assert() to enforce assertions as simple assert()s are disabled by -DNDEBUG (fixes #2546) 2014-02-16 13:08:20 +00:00
stat_cache.h cleanup fdevent code, removed linux-rtsig handler, replaced some fprintf calls 2010-08-06 21:57:15 +00:00
status_counter.c Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
status_counter.h Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00
stream.c Use NULL instead of 0 where pointers are expected. 2012-08-31 14:11:43 +00:00
stream.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
sys-mmap.h moved everything below trunk/ and added branches/ and tags/ 2005-02-20 14:27:00 +00:00
sys-socket.h ECONNABORTED is not known on cygwin (fixes #863) 2007-04-09 20:31:03 +00:00
version.h Fix header inclusion order, always include "config.h" before any system header 2009-10-11 14:31:42 +00:00