summaryrefslogtreecommitdiff
path: root/src/mod_alias.c
Commit message (Collapse)AuthorAgeFilesLines
* [build] _WIN32 __declspec(dllexport) *_plugin_initGlenn Strauss2023-05-031-0/+1
| | | | _WIN32 __declspec(dllexport) on mod_*_plugin_init()
* [multiple] employ ck_calloc, ck_malloc shared codeGlenn Strauss2022-12-101-1/+1
| | | | | employ ck_calloc(), ck_malloc() shared code to slightly reduce code size (centralize the ck_assert() to check that memory allocation succeeded)
* [multiple] mark mod_*_plugin_init() funcs coldGlenn Strauss2022-12-071-0/+1
|
* [mod_alias] fix typo in config error messageGlenn Strauss2022-10-161-1/+1
|
* [mod_alias] fix use-after-free bug (fixes #3114)Glenn Strauss2021-10-291-2/+4
| | | | | | | | | | (thx LoneFox) bug introduced in 62a874df in lighttpd 1.4.59 x-ref: "Use-after-free bug in mod_alias" https://redmine.lighttpd.net/issues/3114
* [multiple] reduce redundant NULL buffer checksGlenn Strauss2021-08-271-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
* [multiple] buffer_has_slash_suffix()Glenn Strauss2021-03-261-1/+1
| | | | | buffer_has_slash_suffix() buffer_has_pathsep_suffix()
* [mod_alias] modify r->physical.path in placeGlenn Strauss2021-01-161-47/+58
| | | | | | (reduce string copying) split out func mod_alias_remap() from handler func for unit testing
* [mod_alias] validate given order, not sorted orderGlenn Strauss2020-11-111-4/+4
| | | | | | | | (bug on master branch) x-ref: "Debian Bullseye/sid arm64 - lighttp broken after update" https://discussions.flightaware.com/t/debian-bullseye-sid-arm64-lighttp-broken-after-update/70756/20
* [multiple] split con, request (very large change)Glenn Strauss2020-07-081-12/+12
| | | | | | | | | | | | | | | | NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access) NB: request read and write chunkqueues currently point to connection chunkqueues; per-request and per-connection chunkqueues are not distinct from one another con->read_queue == r->read_queue con->write_queue == r->write_queue NB: in the future, a separate connection config may be needed for connection-level module hooks. Similarly, might need to have per-request chunkqueues separate from per-connection chunkqueues. Should probably also have a request_reset() which is distinct from connection_reset().
* [multiple] copy small struct instead of memcpy()Glenn Strauss2020-07-081-1/+2
| | | | when patching config
* [multiple] generic config array type checkingGlenn Strauss2020-07-081-8/+1
|
* [multiple] connection hooks no longer get (srv *)Glenn Strauss2020-07-081-3/+4
| | | | (explicit (server *) not passed; available in con->srv)
* [multiple] plugin.c handles common FREE_FUNC codeGlenn Strauss2020-07-081-12/+0
| | | | (simpler for modules; less boilerplate to cut-n-paste)
* [mod_alias] use config_plugin_values_init()Glenn Strauss2020-05-231-129/+107
|
* [core] const char *name in struct pluginGlenn Strauss2020-05-231-3/+1
| | | | | | | | put void *data (always used) as first member of struct plugin add int nconfig member to PLUGIN_DATA calloc() inits p->data to NULL
* [core] simpler config_check_cond()Glenn Strauss2020-05-231-3/+2
| | | | | | | optimize for common case where condition has been evaluated for the request and a cached result exists (also: begin isolating data_config)
* [core] array a->sorted[] as ptrs rather than posGlenn Strauss2020-05-231-3/+7
| | | | | | | While slightly more memory use in 64-bit (though same memory use as prior versions of lighttpd), avoids bouncing through second array when searching in sorted list. Most use of arrays in lighttpd is to build a list once, and elements are not removed from the list.
* [core] keep a->data[] sorted (REVERT)Glenn Strauss2020-02-241-3/+3
| | | | | | | This reverts commit 2260a8062ee599ecf28d9b52b981603fd2084aff. original ordering of array elements is significant e.g. in lighttpd.conf lists where first match to request is applied
* [core] inline buffer as part of data_string valueGlenn Strauss2020-02-241-4/+4
| | | | (instead of value being (buffer *))
* [core] inline buffer key for *_patch_connection()Glenn Strauss2020-02-241-1/+1
| | | | | handle buffer key as part of DATA_UNSET in *_patch_connection() (instead of key being (buffer *))
* [core] inline buffer as part of DATA_UNSET keyGlenn Strauss2020-02-241-4/+4
| | | | (instead of key being (buffer *))
* [core] keep a->data[] sorted; remove a->sorted[]Glenn Strauss2020-02-241-3/+3
|
* [multiple] cleaner calloc use in SETDEFAULTS_FUNCMohammed Sadiq2019-04-201-1/+1
| | | | | | | | github: closes #99 x-ref: "cleaner calloc use in SETDEFAULTS_FUNC" https://github.com/lighttpd/lighttpd1.4/pull/99
* [multiple] code reuse: employ array_match_*()Glenn Strauss2018-09-231-19/+11
|
* [mod_alias] security: potential path traversal with specific configsGlenn Strauss2018-08-121-0/+15
| | | | | | | | | | | | | | | | | | | Security: potential path traversal of a single directory above the alias target with a specific mod_alias config where the alias which is matched does not end in '/', but alias target filesystem path does end in '/'. e.g. server.docroot = "/srv/www/host/HOSTNAME/docroot" alias.url = ( "/img" => "/srv/www/hosts/HOSTNAME/images/" ) If a malicious URL "/img../" were passed, the request would be for directory "/srv/www/hosts/HOSTNAME/images/../" which would resolve to "/srv/www/hosts/HOSTNAME/". If mod_dirlisting were enabled, which is not the default, this would result in listing the contents of the directory above the alias. An attacker might also try to directly access files anywhere under that path, which is one level above the intended aliased path. credit: Orange Tsai(@orange_8361) from DEVCORE
* [core] remove some unused header includesGlenn Strauss2017-03-281-2/+0
| | | | remove exposure of stdio.h in buffer.h for print_backtrace(), now static
* [config] more specific checks for array listsGlenn Strauss2017-03-081-0/+7
| | | | | | | | | | | | | More specific checks on contents of array lists. Each module using lists now does better checking on the types of values in the list (strings, integers, arrays/lists) This helps prevent misconfiguration of things like cgi.assign, fastcgi.server, and scgi.server, where source code might be served as static files if parenthesis are misplaced. x-ref: https://redmine.lighttpd.net/boards/2/topics/6571
* consistent inclusion of config.h at top of files (fixes #2073)Glenn Strauss2016-03-191-0/+2
| | | | | | From: Glenn Strauss <gstrauss@gluelogic.com> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3113 152afb58-edef-0310-8abb-c4023f1b3aa9
* [config] check config option scope; warn if server option is given in ↵Stefan Bühler2015-11-071-1/+2
| | | | | | | | conditional From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3049 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix segfaults in many plugins if they failed configurationStefan Bühler2015-05-141-1/+1
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2988 152afb58-edef-0310-8abb-c4023f1b3aa9
* Use buffer API to read and modify "used" memberStefan Bühler2015-02-081-7/+7
| | | | | | | | | | | | | | | | | | | | | | | - a lot of code tried to handle manually adding terminating zeroes and keeping track of the correct "used" count. Replaced all "external" usages with simple wrapper functions: * buffer_string_is_empty (used <= 1), buffer_is_empty (used == 0); prefer buffer_string_is_empty * buffer_string_set_length * buffer_string_length * CONST_BUF_LEN() macro - removed "static" buffer hacks (buffers pointing to constant/stack memory instead of malloc()ed data) - buffer_append_strftime(): refactor buffer+strftime uses - li_tohex(): no need for a buffer for binary-to-hex conversion: the output data length is easy to predict - remove "-Winline" from extra warnings: the "inline" keyword just supresses the warning about unused but defined (static) functions; don't care whether it actually gets inlined or not. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2979 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix buffer, chunk and http_chunk APIStefan Bühler2015-02-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * remove unused structs and functions (buffer_array, read_buffer) * change return type from int to void for many functions, as the return value (indicating error/success) was never checked, and the function would only fail on programming errors and not on invalid input; changed functions to use force_assert instead of returning an error. * all "len" parameters now are the real size of the memory to be read. the length of strings is given always without the terminating 0. * the "buffer" struct still counts the terminating 0 in ->used, provide buffer_string_length() to get the length of a string in a buffer. unset config "strings" have used == 0, which is used in some places to distinguish unset values from "" (empty string) values. * most buffer usages should now use it as string container. * optimise some buffer copying by "moving" data to other buffers * use (u)intmax_t for generic int-to-string functions * remove unused enum values: UNUSED_CHUNK, ENCODING_UNSET * converted BUFFER_APPEND_SLASH to inline function (no macro feature needed) * refactor: create chunkqueue_steal: moving (partial) chunks into another queue * http_chunk: added separate function to terminate chunked body instead of magic handling in http_chunk_append_mem(). http_chunk_append_* now handle empty chunks, and never terminate the chunked body. From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2975 152afb58-edef-0310-8abb-c4023f1b3aa9
* fix/silence bugs reported by ccc-analyzer (clang)Stefan Bühler2013-11-131-1/+1
| | | | | | | | | | | | | | | | | | | | | These should all be non critical: * memory leaks on startup in error cases (which lead to immediate shutdowns anyway) * http_auth/ldap: passing uninitialized "ret" to ldap_err2string * sizeof(T) not matching the target pointer in malloc/calloc calls; those cases were either: * T being the wrong pointer type - shouldn't matter as long as all pointers have same size * T being larger than the type needed * mod_accesslog: direct use after free in cleanup (server shutdown); could crash before "clean" shutdown * some false positives (mod_compress, mod_expire) * assert(srv->config_context->used > 0); - this is always the case, as there is always a global config block From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2920 152afb58-edef-0310-8abb-c4023f1b3aa9
* [core] allow files to be used as document-root (fixes #2475)Stefan Bühler2013-08-301-1/+2
| | | | | | From: Stefan Bühler <stbuehler@web.de> git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2900 152afb58-edef-0310-8abb-c4023f1b3aa9
* Fix header inclusion order, always include "config.h" before any system headerStefan Bühler2009-10-111-5/+5
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2624 152afb58-edef-0310-8abb-c4023f1b3aa9
* Added some extra warning options in cmake and fix the resulting warnings ↵Stefan Bühler2009-03-071-0/+1
| | | | | | (unused/static functions) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2414 152afb58-edef-0310-8abb-c4023f1b3aa9
* mod_alias: use log_error_write instead of fprintfStefan Bühler2008-10-161-3/+2
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2350 152afb58-edef-0310-8abb-c4023f1b3aa9
* - dont crash if the mod_alias config cant be parsed properlyMarcus Rückert2007-08-281-0/+2
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1974 152afb58-edef-0310-8abb-c4023f1b3aa9
* - white space cleanup part 2 this time 1.4 ;)Marcus Rückert2006-10-041-42/+42
| | | | | | i hope it helps with merging stuff back to 1.5 git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
* fixed typoJan Kneschke2006-03-011-1/+1
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@1010 152afb58-edef-0310-8abb-c4023f1b3aa9
* lowercase filenames support, fixed #543mOo2006-02-241-1/+3
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@1007 152afb58-edef-0310-8abb-c4023f1b3aa9
* either remove include config.h or covered it in HAVE_CONFIG_HJan Kneschke2005-09-241-3/+0
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@733 152afb58-edef-0310-8abb-c4023f1b3aa9
* fixed possible uninit variables of the config-parser fails (merged [183])Jan Kneschke2005-08-161-2/+2
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@551 152afb58-edef-0310-8abb-c4023f1b3aa9
* added include_shell option to configfiles (merged the rest of the trunk ↵Jan Kneschke2005-08-091-0/+26
| | | | | | changesets) git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@530 152afb58-edef-0310-8abb-c4023f1b3aa9
* removed setup_connection (merged [295])Jan Kneschke2005-08-081-22/+7
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@512 152afb58-edef-0310-8abb-c4023f1b3aa9
* let mod_alias handle directories and files (merged [284], [294])Jan Kneschke2005-08-081-8/+14
| | | | git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@504 152afb58-edef-0310-8abb-c4023f1b3aa9
* moved everything below trunk/ and added branches/ and tags/Jan Kneschke2005-02-201-0/+185
git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@30 152afb58-edef-0310-8abb-c4023f1b3aa9
View Lorry Controller Status