summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* client: fix spurious keepalive connection timeoutsopenwrt-19.07Jo-Philipp Wich2020-11-201-1/+5
| | | | | | | | | | | | | | | | | | When an uhttpd dispatch_handler provides a data_done callback which is synchroneously finishing the request through ops->request_done(), the calling client_poll_post_data() procedure incorrectly resets the resulting client state from CLIENT_STATE_INIT to CLIENT_STATE_DONE which causes the next uh_client_read_cb() invocation to bail out since no callback is available for the CLIENT_STATE_DONE state, effectively discarding the just received inbound request and sending the persistent connection state into a deadlock sitation where the http client waits for a response to its just sent request and uhttpd for further data to read. Fix this issue by only setting CLIENT_STATE_DONE if the data_done callback has not modified the state in the meanwhile. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 0f38b0370718518e66dabeaa5522f546cb459393)
* client: allow keep-alive for POST requestsJo-Philipp Wich2020-05-061-2/+1
| | | | | | | | | | | | | | | | | Allow POST requests via persistent connections to improve performance especially when using HTTPS on older devices. After this change, average page load times in LuCI improve significantly once the TLS connections are initiated. When testing an ar71xx 19.07.2 build on an ethernet connected TL-WR1043nd using luci-ssl-openssl and the ustream-openssl backend, the average page load time for the main status page decreased to 1.3s compared to 4.7s before, the interface and wireless configuration pages loaded in 1.2s seconds each compared to the 4.2s and 4.9s respectively before. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 5e9c23c6f40ff26209ef22cfeeda4904a5918f3d)
* file: poke ustream after starting deferred programJo-Philipp Wich2020-05-061-0/+1
| | | | | | | | | | | | | | | When we're starting a deferred request, the related input ustream might have gone into read_blocked mode because incoming client request data exhausted the ustreams internal buffer space. When this happens, edge triggered uloop read events are "lost" and never re-triggered causing the script input to never complete. In order to avoid that deadlock situation, manually poke the input ustream using ustream_poll() after invoking client_poll_post_data() which should have drained (some) of the buffered input ustream contents. Signed-off-by: Jo-Philipp Wich <jo@mein.io> (cherry picked from commit 2ee323c01079248baa9465969df9e25b5fb68cdf)
* client: fix invalid data access through invalid content-length valuesJo-Philipp Wich2019-12-221-2/+2
| | | | | | | | | | | | | | | | | | | | | An invalid data access can be triggered with an HTTP POST request to a CGI script specifying both `Transfer-Encoding: chunked` and a large negative `Content-Length`. The negative content length is assigned to `r->content_length` in `client_parse_header` and passed as a negative read length to `ustream_consume` in `client_poll_post_data` which will set the internal ustream buffer pointer to an invalid address, causing out of bounds memory reads later on in the code flow. A similar implicit unsigned to signed conversion happens when parsing chunk sizes emitted by a CGI program. Address these issues by rejecting negative values in `r->content_length` after assigning the `strtoul()` result. Reported-by: Jan-Niklas Sohn <jan-niklas.sohn@gmx.de> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* ubus: increase maximum ubus request size to 64KBJo-Philipp Wich2019-08-171-1/+1
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: Fix multiple format string problemsHauke Mehrtens2019-06-163-5/+6
| | | | | | | | | | | | | After format string checks were activated in libubox the compiler started to complain about multiple missuses in uhttpd. This fixes the format strings without changing the behavior. blobmsg_get_string() just checks if the parameter is not NULL and then calls blobmsg_data() and casts the result. I think non of these problem is security relevant. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
* cgi: escape url in 403 error outputJo-Philipp Wich2018-11-281-1/+8
| | | | | | | | | Escape the untrusted request URL input in the permission denied HTML output. This fixes certain XSS vulnerabilities which can be leveraged to further exploit the system. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: fix building without TLS and Lua supportPaul Willoughby2018-11-262-0/+4
| | | | | | Adds ifdefs to fix building without TLS and Lua support Signed-off-by: Paul Willoughby <paulw@spacemonkey.com>
* help: document -A optionKarl Pálsson2018-11-011-0/+1
| | | | | | | It's one of the parameters used by default in LuCI, so it should be included in the help output. Signed-off-by: Karl Palsson <karlp@etactica.com>
* file: fix CPP syntax errorJo-Philipp Wich2018-09-241-1/+1
| | | | | Fixes: 77b774b ("build: avoid redefining _DEFAULT_SOURCE") Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: avoid redefining _DEFAULT_SOURCEJo-Philipp Wich2018-08-232-2/+8
| | | | | | Work around further glibc toolchain annoyances. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lua: support multiple Lua prefixesJo-Philipp Wich2018-08-233-27/+100
| | | | | | | Allow -l / -L arguments to be repeated to register multiple Lua prefix handlers in the same process. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* build: use _DEFAULT_SOURCEJo-Philipp Wich2018-08-212-0/+2
| | | | | | Add _DEFAULT_SOURCE FTM in order to avoid warnings with recent glibc. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: recognize PATCH, PUT and DELETE HTTP methodsJo-Philipp Wich2018-08-213-0/+25
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* client: flush buffered SSL output when tearing down client ustreamJo-Philipp Wich2018-06-261-0/+6
| | | | | | | | | | | | | | | | | When the outer SSL ustream triggers a change notification due to encountering EOF, the inner connection ustream might still have pending data buffered. Previously, such a condition led to truncated files delivered by uhttpd via HTTPS and could be triggered by requesting large resources via slow network links. Mitigate the problem by propagating the EOF status indicator from the outer ustream to the inner one and by deferring the client connection shutdown until the inner ustream output buffer has been completely drained. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* proc: expose HTTP Origin header in process environmentJo-Philipp Wich2018-04-241-0/+2
| | | | | | | Map the "Origin:" header as $HTTP_ORIGIN environment variable for use by request handling processes. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* file: escape strings in HTML outputJo-Philipp Wich2018-04-042-15/+41
| | | | | | | | | | Escape untrusted input like the request URL or filesystem paths in HTML outputs such as the directory listing or 404 error messages. This fixes certain XSS vulnerabilities which can be leveraged to further exploit the system. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* utils: add uh_htmlescape() helperJo-Philipp Wich2018-04-042-0/+43
| | | | | | | | The uh_htmlescape() function returns a copy of the given string with the HTML special characters `<`, `>`, `"` and `'` replaced by HTML entities in hexadecimal notation. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* Revert "proc: avoid stdio deadlocks"Jo-Philipp Wich2018-04-041-5/+1
| | | | This reverts commit ccd9717ba5d501b45fda957f0ea41c4660ef414c.
* proc: avoid stdio deadlocksJo-Philipp Wich2018-01-251-1/+5
| | | | | | | | | | | | | | | | | When a request handler accepting post data is too slow in consuming stdin, uhttpd might deadlock with the master process stuck in a blocking write() to the child and the child stuck with a blocking write() to the master. Avoid this issue by putting the master side write end of the child pipe into nonblocking mode right away and by raising the data_blocked flag when attempts to write to the child yield EAGAIN. Setting the flag ensures that client_poll_post_data() does not immediately trigger a write attempt again, which effectively yields the master write cycle so that the relay ustream has a chance to consume output of the client process, thus solving the deadlock. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* lua: honour size argument in recv() functionJo-Philipp Wich2018-01-241-2/+4
| | | | | | | | | | | The existing implementation incorrectly attempted to read the entire stdin instead of fetching at most the given amount of bytes. While we're at it, also make the size argument optional and let it default to Luas internal buffer size. Suggested-by: Bryan Mayland <bmayland+lede@capnbry.net> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* file: fix query string handlingJo-Philipp Wich2017-11-041-1/+6
| | | | | | | | | | | | | | | | | | Instead of storing a pointer to the beginning of the query string within the request url, store a copy in a static buffer instead. This aligns handling the query string portion of the url with other elements like physical path or path info information. Since the URL is usually kept in the per-client blob buffer which might change its memory location due to reallocations triggered by blobmsg_add_*, it is not safe to point to it early in the request life cycle. This fixes invalid memory access usually manifesting itself as corrupted query string data in CGI scripts. Reported-by: P. Wassi <p.wassi@gmx.at> Suggested-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: add manifest supportAdrian Panella2017-08-191-2/+4
| | | | | | | Add "text/cache-manifest" mimetype support to enable the possibility of using Application Cache. Signed-off-by: Adrian Panella <ianchi74@outlook.com>
* file: fix basic auth regressionJo-Philipp Wich2017-07-091-8/+9
| | | | | | | | | Previous refactoring of the basic auth handling code broke the logic in such a way that basic auth was only performed if a client sent an Authorization header in its request, but it was never prompted for by the server. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* file: remove unused "auth" member from struct path_infoJo-Philipp Wich2017-07-022-4/+2
| | | | Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* proc: expose HTTP_AUTH_USER and HTTP_AUTH_PASSJo-Philipp Wich2017-07-021-1/+5
| | | | | | | | | | Mimic other web servers like Nginx or Apache and expose the parsed basic auth information as HTTP_AUTH_USER and HTTP_AUTH_PASS environment variables to CGI processes. This also restores login-from-basic-auth functionality in LuCI. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* auth: store parsed username and passwordJo-Philipp Wich2017-07-023-11/+31
| | | | | | | Store the parsed username and password information as HTTP headers in the clients header blob buffer for later use by proc.c Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* proc: do not declare empty process variablesJo-Philipp Wich2017-07-021-1/+1
| | | | | | | | If a HTTP header variable has no corresponding value, then do not set it to the empty string but to NULL, so that cgi.c will later skip it when setting up the process environment. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* uhttpd: Add TCP_FASTOPEN supportRosen Penev2017-01-261-1/+3
| | | | | | Provides a small speedup when resuming the connection. Signed-off by: Rosen Penev <rosenp@gmail.com>
* lua: ensure that PATH_INFO starts with a slashJo-Philipp Wich2016-10-251-0/+4
| | | | | | | | | | | When calculating the matching prefix length, make sure to not take the trailing slash into account in order to ensure that the resulting PATH_INFO string always starts with a slash. This ensures that an url like "/foo" against the matching prefix "/" or "/foo/bar" against "/foo/" result in "/foo" and "/bar" respectively. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* utils: add proper handling of "/" special case in uh_path_match()Jo-Philipp Wich2016-10-251-0/+4
| | | | | | | | | | | The special prefix of "/" should match any url by definition but the final assertion which ensures that the matched prefix ends in '\0' or '/' is causing matches against the "/" prefix to fail. Add some extra code to handle this special case to implemented the expected behaviour. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* cgi: allow conf.cgi_docroot_path to be NULLJo-Philipp Wich2016-10-251-1/+5
| | | | | | | | | The check_cgi_path() function would segfault if we ever support running uhttpd without any CGI prefix. Add a check to prevent running uh_patch_match() when the prefix is unset. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
* file: re-run json handler script after file fallback redirectFelix Fietkau2016-10-061-3/+8
| | | | | | | This allows the request handler to add extra headers to the response even in the redirect case. Signed-off-by: Felix Fietkau <nbd@nbd.name>
* cmake: Find libubox/usock.hFlorian Fainelli2016-07-271-0/+3
| | | | | | | | Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for libubox/usock.h. Some external toolchains which do not include standard locations would fail to find the header otherwise. Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
* file: add support for disabling cache related precondition checks via handlersFelix Fietkau2016-06-163-5/+16
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* uhttpd: add support for adding arbitrary headers via handler scriptsFelix Fietkau2016-06-164-1/+30
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* file: on redirect, only send content-length header when not using chunked ↵Felix Fietkau2015-11-081-1/+2
| | | | | | transfer Signed-off-by: Felix Fietkau <nbd@openwrt.org>
* handler: only send content-length header when not using chunked transferFelix Fietkau2015-11-081-1/+2
| | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org>
* handler: add support for overriding redirect status code + messageFelix Fietkau2015-11-081-7/+17
| | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org>
* handler: rename set_uri to rewriteFelix Fietkau2015-11-081-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org>
* add support for handling redirects via a scriptFelix Fietkau2015-11-085-5/+245
| | | | | | | | In a json_script file you can specify rules for rewriting the URL or redirecting the browser either unconditionally, or as a fallback where it would otherwise print a 404 error Signed-off-by: Felix Fietkau <nbd@openwrt.org>
* main: sort getopt charactersFelix Fietkau2015-11-061-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org>
* fix the alias supportJohn Crispin2015-10-201-1/+1
| | | | | | the path compare return code was not honoured properly Signed-off-by: John Crispin <blogic@openwrt.org>
* add a -y parameter for cgi-bin redirectsJohn Crispin2015-10-173-2/+69
| | | | | | | | this allows an alias entry inside the root folder point at a cgi-bin script -y foo=bar will redirect /foo to /cgi-bin/bar Signed-off-by: John Crispin <blogic@openwrt.org>
* fix chunked transfer encoding in keepalive modeJo-Philipp Wich2015-10-084-10/+8
| | | | | | | | | | | | | | | | | | | | | | | | | The two commits 5162e3b0ee7bd1d0fd6e75e1ca7993a1834b5291 "allow request handlers to disable chunked reponses" and 618493e378e2239f0d30902e47adfa134e649fdc "file: disable chunked encoding for file responses" broke the chunked transfer encoding handling for proc responses in keep-alive connections that followed a file response with http status 204 or 304. The effect of this bug is that cgi responses following a 204 or 304 one where sent neither in chunked encoding nor with a content-length header, causing browsers to stall until the keep alive timeout was reached. Fix the logic flaw by inverting the chunk prevention flag in the client state and by testing the chunked encoding preconditions every time instead of once upon client (re-)initialization. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
* uhttpd: fix wrong header file inclusion for PRI* constant definitionsAndrej Krpic2015-09-241-1/+1
| | | | Signed-off-by: Andrej Krpic <ak77@tnode.com>
* file: fix processing POST data for deferred requestsFelix Fietkau2015-09-071-1/+5
| | | | | | Fixes https://dev.openwrt.org/ticket/20458 Signed-off-by: Felix Fietkau <nbd@openwrt.org>
* cgi: Support passing X-HTTP-Method-Override header.Karl Palsson2015-08-171-1/+3
| | | | | | | | | | As uhttpd doesn't currently support PUT/DELETE/PATCH, allow passing the commonly used X-HTTP-Method-Override header to CGI scripts. This is an optional "protocol specific metadata" variable as per rfc 3875 section 4.1.18. Signed-off-by: Karl Palsson <karlp@remake.is>
* client: use 307 instead of 302 for HTTPS redirectsJo-Philipp Wich2015-05-301-1/+1
| | | | | | Use the 307 code to force agents to retain the original request method. Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
* proc: add HTTPS environment variableJo-Philipp Wich2015-05-301-0/+3
| | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
View Lorry Controller Status