| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
reset upload_temp_file_size in cgi_connection_close if p->tempfile_accum
|
| |
|
|
|
|
| |
lighttpd STDIN_FILENO is reopened to /dev/null at server startup
Let CGI inherit fd STDIN_FILENO when (0 == r->reqbody_length)
|
| |
|
|
| |
(issue in lighttpd 1.4.60 - 1.4.69)
|
| |
|
|
|
| |
collect error handling code for cgi_create_env()
(for code reuse and consistency; also reduces code size)
|
| |
|
|
| |
It is not necessarily an error for CGI to close its input early
|
| |
|
|
|
|
|
| |
.text segment was slightly over (2) 4k pages;
tweak code to be slightly less than (2) 4k pages
(when compiled optimized -O2)
(likely smaller when compiled -Os)
|
| | |
|
| |
|
|
|
|
|
| |
comment code about caching target dirname using stat_cache
In simple performance tests, using stat_cache here makes little
difference, as the overhead of process creation is orders of
magnitude larger.
|
| |
|
|
| |
_WIN32 __declspec(dllexport) on mod_*_plugin_init()
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
_WIN32 select(), WSAPoll() operate only on sockets
|
| | |
|
| | |
|
| |
|
|
| |
(selective implementations; not complete)
|
| |
|
|
| |
Note: behavior under bash.exe might be different than under cmd.exe
|
| |
|
|
| |
wrap fork() and kill()
|
| |
|
|
| |
skip optimistic client read if http version >= HTTP/2
|
| | |
|
| |
|
|
| |
remove the special-case which disabled this for issue in older cygwin
|
| |
|
|
| |
remove issock flag; on _WIN32, select(), WSAPoll() work only on sockets
|
| |
|
|
|
| |
employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
fix dummy Sec-WebSocket-Key value to remove excess '\n'
x-ref:
"Fix websocket HTTP/2 to HTTP/1.1 proxy"
https://github.com/lighttpd/lighttpd1.4/pull/123
github: closes #123
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
manually calculate off_t max for broken cross-compilation systems which
fail to enable large file support (so sizeof(off_t) != sizeof(int64_t))
If sizeof(off_t) != sizeof(int64_t), a negative number could end up in
cq->upload_temp_file_size when it was assigned INTMAX_MAX, leading to
excessive new temporary file creation occurring on each and every write.
x-ref:
"File upload regression with --disable-lfs"
https://redmine.lighttpd.net/issues/3171
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(thx sparlane)
failing error handler produced no output and POLLRDHUP received with
POLLIN.
commit dd23fcb2 changed return value from HANDER_FINISHED to
HANDLER_GO_ON when introducing cgi_process_rd_revents(), and POLLRDHUP
case which previously fell through needed to continue to return
HANDLER_FINISHED after calling cgi_connection_close()
x-ref:
"fall-back with cgi error handler no longer works"
https://redmine.lighttpd.net/issues/3157
|
| | |
|
| |
|
|
|
|
|
|
| |
(thx pegasus)
disable CGI stdin input optimizations if CGI might Upgrade connection,
since if we upgrade protocols, the original Content-Length -- expected
to be 0 for Upgrade -- does not represent the end of the input.
|
| |
|
|
|
|
| |
connect to backend (mod_cgi, mod_proxy, mod_sockproxy, mod_wstunnel)
for streaming request body without waiting for initial data in request
body. Useful for things like websockets when data starts on server-side
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.header += ("upgrade" => "enable")
mod_wstunnel
HTTP/2 CONNECT extension defined in RFC8441 is translated to HTTP/1.1
'Upgrade: websocket' requests to mod_cgi or mod_proxy, and is handled
directly in mod_wstunnel.
x-ref:
WebSockets over HTTP/2
https://redmine.lighttpd.net/issues/3151
Bootstrapping WebSockets with HTTP/2
https://datatracker.ietf.org/doc/html/rfc8441
|
| |
|
|
|
|
|
| |
cgi.local-redir call plugins_request_reset through fn ptr
(isolate plugins_* funcs to server;
should not be called directly from plugins/modules)
|
| |
|
|
| |
remove (minor) convenience func; easy to replace
|
| |
|
|
| |
sanity check
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Existing behavior: mod_proxy *does not* forward Upgrade header
unless explicitly enabled in lighttpd.conf (default: not enabled)
(proxy.header += ("upgrade" => "enable"))
mod_cgi previously used to forward Upgrade request header, but would
remove Upgrade response header if cgi.upgrade was not explicitly enabled
(cgi.upgrade = "enable")
This patch thwarts h2c smuggling when lighttpd.conf has also been
explicitly configured to pass "Upgrade" request header
x-ref:
"h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)"
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c
|
| |
|
|
|
| |
mark and temporarily defer event handling of backend events in order
to handle at same time as the associated front-end connection events
|
| |
|
|
|
| |
config_feature_bool()
config_feature_int()
|
| |
|
|
|
|
| |
Note: Under _WIN32, serious limitation in Windows APIs:
select() and WSAPoll() operate only on sockets (not pipes)
(directly affects mod_cgi; not currently handled)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
separate internal control for backend max_per_read
When not streaming, large reads will be flushed to temp files on disk.
When streaming, use a smaller buffer to help reduce memory usage.
When not streaming, attempt to read and empty kernel socket bufs.
(e.g. MAX_READ_LIMIT 256k)
When writing to sockets (or pipes) attempt to fill kernel socket bufs.
(e.g. MAX_WRITE_LIMIT 256k)
|
| |
|
|
|
|
|
|
| |
de-dup file and piped loggers for error logs and access logs
x-ref:
"RFE: de-dup file and piped loggers"
https://redmine.lighttpd.net/issues/3101
|
| | |
|
| |
|
|
|
|
|
| |
cgi.limits += ("tcp-fin-propagate" => "<signal>") (e.g. "SIGTERM")
send specified signal to CGI if TCP FIN is received from client
(default: do not send signal to CGI)
|
| |
|
|
|
|
| |
previously undocumented server.upload-temp-file-size in lighttpd 1.4.38
preceded introduction of lighttpd streaming options in lighttpd 1.4.40
(server.stream-request-body and server.stream-response-body)
|
| |
|
|
|
|
|
|
|
|
|
| |
improve CGI offloading when not streaming request body
If not streaming request body, collect request body into single tempfile
and use fd to tempfile as stdin to CGI (in lieu of input pipe()).
For prior behavior, set the following config option, enabled by default:
server.feature-flags += ("cgi.tempfile-accum" => "disable")
If there is no request body, open /dev/null instead of creating pipe().
|
| |
|
|
|
| |
(avoids persistent memory allocation for list struct)
(reduce possibility of long-term memory fragmentation due to mod_cgi)
|
| |
|
|
|
| |
reuse chunk buffers rather than persistent allocated memory
(reduce possibility of long-term memory fragmentation due to mod_cgi)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
merge connection_list_append() into connection_fdwaitqueue_append()
(not converted to singly-linked-list since fdwaitqueue is not expected
to be used during normal operation (except extreme overload condition),
so use allocated list of pointers (allocated when needed) instead of
adding ptr member to (every) allocated struct connection)
remove connections-glue.c
remove inclusion of connections.h by non-base files
|
| |
|
|
|
|
|
|
|
|
|
| |
implement write(), read() timeouts for CGI
"write-timeout"
"read-timeout"
x-ref:
"sockets disabled, out-of-fds with proxy module"
https://redmine.lighttpd.net/issues/3086
|
| |
|
|
|
|
|
|
|
|
| |
cast away signedness warning in request_check_hostname()
mod_gnutls https_add_ssl_client_entries crts allocated if crt_size != 0
(which is already checked earlier in routine)
report from FaceBook Infer static analysis tool (https://fbinfer.com/)
- quiet dead store warnings
- check return != NULL from allocation funcs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.
Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.
In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.
- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend
Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)
internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg
|
