[mod_cgi] cygwin supports CGI file I/O redirection

remove the special-case which disabled this for issue in older cygwin

[core] pass fdn to fdevent_sched_close,_unregister

remove issock flag; on _WIN32, select(), WSAPoll() work only on sockets

[multiple] employ ck_calloc, ck_malloc shared code

employ ck_calloc(), ck_malloc() shared code to slightly reduce code size
(centralize the ck_assert() to check that memory allocation succeeded)

[multiple] mark mod_*_plugin_init() funcs cold

[mod_proxy,mod_cgi] fix dummy Sec-WebSocket-Key

fix dummy Sec-WebSocket-Key value to remove excess '\n'

x-ref:
"Fix websocket HTTP/2 to HTTP/1.1 proxy"
https://github.com/lighttpd/lighttpd1.4/p

[mod_proxy,mod_cgi] fix dummy Sec-WebSocket-Key

fix dummy Sec-WebSocket-Key value to remove excess '\n'

x-ref:
"Fix websocket HTTP/2 to HTTP/1.1 proxy"
https://github.com/lighttpd/lighttpd1.4/pull/123

github: closes #123

show more ...

[core] manually calculate off_t max (fixes #3171)

manually calculate off_t max for broken cross-compilation systems which
fail to enable large file support (so sizeof(off_t) != sizeof(int64_t))

If

[core] manually calculate off_t max (fixes #3171)

manually calculate off_t max for broken cross-compilation systems which
fail to enable large file support (so sizeof(off_t) != sizeof(int64_t))

If sizeof(off_t) != sizeof(int64_t), a negative number could end up in
cq->upload_temp_file_size when it was assigned INTMAX_MAX, leading to
excessive new temporary file creation occurring on each and every write.

x-ref:
"File upload regression with --disable-lfs"
https://redmine.lighttpd.net/issues/3171

show more ...

[mod_cgi] fix detection of failing error handler (fixes #3157)

(thx sparlane)

failing error handler produced no output and POLLRDHUP received with
POLLIN.

commit dd23fcb2 changed return value from

[mod_cgi] fix detection of failing error handler (fixes #3157)

(thx sparlane)

failing error handler produced no output and POLLRDHUP received with
POLLIN.

commit dd23fcb2 changed return value from HANDER_FINISHED to
HANDLER_GO_ON when introducing cgi_process_rd_revents(), and POLLRDHUP
case which previously fell through needed to continue to return
HANDLER_FINISHED after calling cgi_connection_close()

x-ref:
"fall-back with cgi error handler no longer works"
https://redmine.lighttpd.net/issues/3157

show more ...

[mod_cgi] immed start CGI if Upgrade

[mod_cgi] disable input optim if might Upgrade

(thx pegasus)

disable CGI stdin input optimizations if CGI might Upgrade connection,
since if we upgrade protocols, the original Content-Length -- exp

[mod_cgi] disable input optim if might Upgrade

(thx pegasus)

disable CGI stdin input optimizations if CGI might Upgrade connection,
since if we upgrade protocols, the original Content-Length -- expected
to be 0 for Upgrade -- does not represent the end of the input.

show more ...

[multiple] immed connect to backend for streaming

connect to backend (mod_cgi, mod_proxy, mod_sockproxy, mod_wstunnel)
for streaming request body without waiting for initial data in request
body. U

[multiple] immed connect to backend for streaming

connect to backend (mod_cgi, mod_proxy, mod_sockproxy, mod_wstunnel)
for streaming request body without waiting for initial data in request
body. Useful for things like websockets when data starts on server-side

show more ...

[multiple] WebSockets over HTTP/2 (fixes #3151)

Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.head

[multiple] WebSockets over HTTP/2 (fixes #3151)

Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.header += ("upgrade" => "enable")
mod_wstunnel

HTTP/2 CONNECT extension defined in RFC8441 is translated to HTTP/1.1
'Upgrade: websocket' requests to mod_cgi or mod_proxy, and is handled
directly in mod_wstunnel.

x-ref:
WebSockets over HTTP/2
https://redmine.lighttpd.net/issues/3151
Bootstrapping WebSockets with HTTP/2
https://datatracker.ietf.org/doc/html/rfc8441

show more ...

[mod_cgi] cgi.local-redir request_reset thru fnptr

cgi.local-redir call plugins_request_reset through fn ptr

(isolate plugins_* funcs to server;
should not be called directly from plugins/modules)

[multiple] remove buffer_init_string()

remove (minor) convenience func; easy to replace

[mod_cgi] check fd-to-cgi not -1 before close

sanity check

[core] thwart h2c smuggling when Upgrade enabled

Existing behavior: mod_proxy *does not* forward Upgrade header
unless explicitly enabled in lighttpd.conf (default: not enabled)
(proxy.header += (

[core] thwart h2c smuggling when Upgrade enabled

Existing behavior: mod_proxy *does not* forward Upgrade header
unless explicitly enabled in lighttpd.conf (default: not enabled)
(proxy.header += ("upgrade" => "enable"))

mod_cgi previously used to forward Upgrade request header, but would
remove Upgrade response header if cgi.upgrade was not explicitly enabled
(cgi.upgrade = "enable")

This patch thwarts h2c smuggling when lighttpd.conf has also been
explicitly configured to pass "Upgrade" request header

x-ref:
"h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)"
https://labs.bishopfox.com/tech-blog/h2c-smuggling-request-smuggling-via-http/2-cleartext-h2c

show more ...

[mod_cgi] improve chunk buffer reuse from backends

mark and temporarily defer event handling of backend events in order
to handle at same time as the associated front-end connection events

[multiple] check feature flags funcs; code reuse

config_feature_bool()
config_feature_int()

[multiple] _WIN32 fdevent_pipe_cloexec()

Note: Under _WIN32, serious limitation in Windows APIs:
select() and WSAPoll() operate only on sockets (not pipes)
(directly affects mod_cgi; not current

[multiple] _WIN32 fdevent_pipe_cloexec()

Note: Under _WIN32, serious limitation in Windows APIs:
select() and WSAPoll() operate only on sockets (not pipes)
(directly affects mod_cgi; not currently handled)

show more ...

[multiple] internal control for backend read bytes

separate internal control for backend max_per_read

When not streaming, large reads will be flushed to temp files on disk.
When streaming, use a sm

[multiple] internal control for backend read bytes

separate internal control for backend max_per_read

When not streaming, large reads will be flushed to temp files on disk.
When streaming, use a smaller buffer to help reduce memory usage.

When not streaming, attempt to read and empty kernel socket bufs.
(e.g. MAX_READ_LIMIT 256k)

When writing to sockets (or pipes) attempt to fill kernel socket bufs.
(e.g. MAX_WRITE_LIMIT 256k)

show more ...

[multiple] de-dup file and piped loggers (fixes #3101)

de-dup file and piped loggers for error logs and access logs

x-ref:
"RFE: de-dup file and piped loggers"
https://redmine.lighttpd.net/issu

[multiple] de-dup file and piped loggers (fixes #3101)

de-dup file and piped loggers for error logs and access logs

x-ref:
"RFE: de-dup file and piped loggers"
https://redmine.lighttpd.net/issues/3101

show more ...

[multiple] quiet coverity warnings

[mod_cgi] cgi.limits "tcp-fin-propagate" => "SIG"

cgi.limits += ("tcp-fin-propagate" => "<signal>") (e.g. "SIGTERM")

send specified signal to CGI if TCP FIN is received from client
(default: do no

[mod_cgi] cgi.limits "tcp-fin-propagate" => "SIG"

cgi.limits += ("tcp-fin-propagate" => "<signal>") (e.g. "SIGTERM")

send specified signal to CGI if TCP FIN is received from client
(default: do not send signal to CGI)

show more ...

[core] remove server.upload-temp-file-size limit

previously undocumented server.upload-temp-file-size in lighttpd 1.4.38
preceded introduction of lighttpd streaming options in lighttpd 1.4.40
(serve

[core] remove server.upload-temp-file-size limit

previously undocumented server.upload-temp-file-size in lighttpd 1.4.38
preceded introduction of lighttpd streaming options in lighttpd 1.4.40
(server.stream-request-body and server.stream-response-body)

show more ...

[mod_cgi] improve CGI offloading

improve CGI offloading when not streaming request body

If not streaming request body, collect request body into single tempfile
and use fd to tempfile as stdin to C

[mod_cgi] improve CGI offloading

improve CGI offloading when not streaming request body

If not streaming request body, collect request body into single tempfile
and use fd to tempfile as stdin to CGI (in lieu of input pipe()).
For prior behavior, set the following config option, enabled by default:
server.feature-flags += ("cgi.tempfile-accum" => "disable")

If there is no request body, open /dev/null instead of creating pipe().

show more ...

[mod_cgi] use linked list for process list

(avoids persistent memory allocation for list struct)
(reduce possibility of long-term memory fragmentation due to mod_cgi)