| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
remove deprecated modules:
mod_evasive
mod_secdownload
mod_uploadprogress
mod_usertrack
These scheduled lighttpd behavior changes have been announced over
the past year:
* Continue gradual deprecation of "mini-application" lighttpd modules
for which mod_magnet lua implementations are better and more flexible.
Please post on lighttpd forums to share feedback if you use these modules.
Forums: https://redmine.lighttpd.net/projects/lighttpd/boards
* Deprecated: mod_evasive has been removed.
mod_evasive can be replaced by mod_magnet and a few lines of lua:
Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_evasive
https://wiki.lighttpd.net/AbsoLUAtion#Fight-DDoS
https://wiki.lighttpd.net/AbsoLUAtion#Mod_Security
* Deprecated: mod_secdownload has been removed.
mod_secdownload can be replaced by mod_magnet and a few lines of lua:
Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_secdownload
mod_secdownload historically uses insecure MD5 though SHA1, SHA256 available
* Deprecated: mod_uploadprogress has been removed.
mod_uploadprogress can be replaced by mod_magnet and a few lines of lua:
Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_uploadprogress
* Deprecated: mod_usertrack has been removed.
mod_usertrack can be replaced by mod_magnet and a few lines of lua:
Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_usertrack
mod_usertrack historically uses insecure MD5.
|
|
|
|
|
| |
update comment to add references to other modules and mechanisms
available in lighttpd to enforce security policy
|
| |
|
|
|
|
| |
avoids separate memory allocation for list of pointers
|
|
|
|
|
| |
(mod_extforward recently changed to use buffer_move() to save addr
instead of swapping pointers)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.
Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.
In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.
- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend
Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)
internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NB: r->tmp_buf == srv->tmp_buf (pointer is copied for quicker access)
NB: request read and write chunkqueues currently point to connection
chunkqueues; per-request and per-connection chunkqueues are
not distinct from one another
con->read_queue == r->read_queue
con->write_queue == r->write_queue
NB: in the future, a separate connection config may be needed for
connection-level module hooks. Similarly, might need to have
per-request chunkqueues separate from per-connection chunkqueues.
Should probably also have a request_reset() which is distinct from
connection_reset().
|
|
|
|
| |
when patching config
|
|
|
|
| |
store pointer to module in handler_module instead of con->mode id
|
|
|
|
|
| |
NB: in the future, a separate connection state may be needed for
connection-level state (different from request state)
|
| |
|
|
|
|
| |
(explicit (server *) not passed; available in con->srv)
|
|
|
|
|
|
|
|
| |
convert all log_error_write() to log_error() and pass (log_error_st *)
use con->errh in preference to srv->errh (even though currently same)
avoid passing (server *) when previously used only for logging (errh)
|
|
|
|
| |
(simpler for modules; less boilerplate to cut-n-paste)
|
| |
|
|
|
|
|
|
|
|
| |
put void *data (always used) as first member of struct plugin
add int nconfig member to PLUGIN_DATA
calloc() inits p->data to NULL
|
|
|
|
|
|
|
| |
optimize for common case where condition has been evaluated for
the request and a cached result exists
(also: begin isolating data_config)
|
|
|
|
|
| |
handle buffer key as part of DATA_UNSET in *_patch_connection()
(instead of key being (buffer *))
|
|
|
|
|
|
|
| |
even 2 billion is way larger than even extreme operating values
expected for the members in base.h
include some structs directly in struct server, rather than by ptr
|
|
|
|
|
|
|
|
| |
github: closes #99
x-ref:
"cleaner calloc use in SETDEFAULTS_FUNC"
https://github.com/lighttpd/lighttpd1.4/pull/99
|
|
|
|
|
|
| |
http_header.[ch]
convert existing calls to manip request/response headers
convert existing calls to manip environment array (often header-related)
|
| |
|
|
|
|
| |
use con->dst_addr_buf over inet_ntop_cache_get_ip(srv, &(con->dst_addr))
|
|
|
|
| |
remove exposure of stdio.h in buffer.h for print_backtrace(), now static
|
|
|
|
|
|
| |
x-ref:
"[mod_evasive] redirect if maximum connections exceeded"
https://redmine.lighttpd.net/issues/2199
|
|
|
|
|
|
| |
From: Glenn Strauss <gstrauss@gluelogic.com>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3113 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
|
|
| |
conditional
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@3049 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2988 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- a lot of code tried to handle manually adding terminating zeroes and
keeping track of the correct "used" count.
Replaced all "external" usages with simple wrapper functions:
* buffer_string_is_empty (used <= 1), buffer_is_empty (used == 0);
prefer buffer_string_is_empty
* buffer_string_set_length
* buffer_string_length
* CONST_BUF_LEN() macro
- removed "static" buffer hacks (buffers pointing to constant/stack
memory instead of malloc()ed data)
- buffer_append_strftime(): refactor buffer+strftime uses
- li_tohex(): no need for a buffer for binary-to-hex conversion:
the output data length is easy to predict
- remove "-Winline" from extra warnings: the "inline" keyword just
supresses the warning about unused but defined (static) functions;
don't care whether it actually gets inlined or not.
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2979 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These should all be non critical:
* memory leaks on startup in error cases (which lead to
immediate shutdowns anyway)
* http_auth/ldap: passing uninitialized "ret" to ldap_err2string
* sizeof(T) not matching the target pointer in malloc/calloc calls;
those cases were either:
* T being the wrong pointer type - shouldn't matter as long as all
pointers have same size
* T being larger than the type needed
* mod_accesslog: direct use after free in cleanup (server shutdown);
could crash before "clean" shutdown
* some false positives (mod_compress, mod_expire)
* assert(srv->config_context->used > 0); - this is always the case,
as there is always a global config block
From: Stefan Bühler <stbuehler@web.de>
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2920 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2624 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2505 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2481 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
(unused/static functions)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2414 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2408 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
same request if they shouldn't (#631)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2271 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2222 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
| |
i hope it helps with merging stuff back to 1.5
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@1371 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
|
|
|
| |
- ignore connections from the count which are not yet initialized
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@919 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
|
|
| |
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@897 152afb58-edef-0310-8abb-c4023f1b3aa9
|
|
(<w1zzard@techpowerup.com>)
git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@896 152afb58-edef-0310-8abb-c4023f1b3aa9
|