[core] path-info in debug trace may be unset

path-info in debug trace (debug.log-request-handling) may be unset

[core] http_response_body_clear clears body flags

http_response_body_clear() clears body flags
r->resp_body_started
r->resp_body_finished

[core] check r->http_status before handling Range

(thx atw717)

check r->http_status before handling Range so that error handling is
(re-)invoked only if Range handling returns an error status.

x-r

[core] check r->http_status before handling Range

(thx atw717)

check r->http_status before handling Range so that error handling is
(re-)invoked only if Range handling returns an error status.

x-ref:
"No setenv.add-response-header lines when http status code is 404"
https://redmine.lighttpd.net/boards/2/topics/10583

show more ...

[core] delay response to http auth invalid creds

server.feature-flags += ("auth.delay-invalid-creds" => "enable")

The default is enabled. This feature delays a response to bad http auth
(invalid u

[core] delay response to http auth invalid creds

server.feature-flags += ("auth.delay-invalid-creds" => "enable")

The default is enabled. This feature delays a response to bad http auth
(invalid username or password) to the next second, so up to 1 sec delay.
Delaying the response greatly reduces the efficiency of brute force
password attacks, limiting tries to one-per-second per connection.
Limiting the number of client connections allowed by lighttpd with
server.max-connections sets an upper bound on password tries per second,
but also makes it easier for an attacker to DoS (denial of service) the
server. Therefore, while this mitigation is enabled by default, it can
be disabled with
server.feature-flags += ("auth.delay-invalid-creds" => "disable")

show more ...

[multiple] recognize HTTP QUERY method

x-ref:
https://www.ietf.org/id/draft-ietf-httpbis-safe-method-w-body-02.html

[multiple] WebSockets over HTTP/2 (fixes #3151)

Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.head

[multiple] WebSockets over HTTP/2 (fixes #3151)

Add support for WebSockets over HTTP/2 to lighttpd core and to
mod_cgi w/ config: cgi.upgrade = "enable"
mod_proxy w/ config: proxy.header += ("upgrade" => "enable")
mod_wstunnel

HTTP/2 CONNECT extension defined in RFC8441 is translated to HTTP/1.1
'Upgrade: websocket' requests to mod_cgi or mod_proxy, and is handled
directly in mod_wstunnel.

x-ref:
WebSockets over HTTP/2
https://redmine.lighttpd.net/issues/3151
Bootstrapping WebSockets with HTTP/2
https://datatracker.ietf.org/doc/html/rfc8441

show more ...

[core] isolate plugins_*() funcs to main server

(future: might rename plugin.c -> plugins.c since the functions
contained within are all plugins_*())

[core] disable keep-alive if forcing HTTP/1.0 resp

If an HTTP/1.1 request is configured to force an HTTP/1.0 response
(server.protocol-http11 = "disable"), then also disable keep-alive
(which is ena

[core] disable keep-alive if forcing HTTP/1.0 resp

If an HTTP/1.1 request is configured to force an HTTP/1.0 response
(server.protocol-http11 = "disable"), then also disable keep-alive
(which is enabled by default in HTTP/1.1). This overrides the
request header Connection: keep-alive (not re-validated), which is
unlikely to be sent with an HTTP/1.1 request.

show more ...

[multiple] remove buffer_init_buffer()

remove (minor) convenience func; easy to replace

Like buffer_init_string(), buffer_init_buffer() was used in only a few
places at startup or in cold funcs, so

[multiple] remove buffer_init_buffer()

remove (minor) convenience func; easy to replace

Like buffer_init_string(), buffer_init_buffer() was used in only a few
places at startup or in cold funcs, so better off removed from buffer.c

show more ...

[core] quiet coverity noise

[core] consolidate request restart loop check

HANDLER_COMEBACK now handled in http_response_handler()
and noinline marked on some routines so that http_response_handler()
has simpler asm for repeate

[core] consolidate request restart loop check

HANDLER_COMEBACK now handled in http_response_handler()
and noinline marked on some routines so that http_response_handler()
has simpler asm for repeated calls by dynamic handlers to generate
content and return HANDLER_WAIT_FOR_EVENT

show more ...

[core] http_response_has_error_handler()

separate cold function to check/setup error handler for request

[core] http_response_write_prepare optimization

handle catchall in http_response_prepare() instead of in
http_response_write_prepare()

[core] chunkqueue_small_resp_optim if resp < 16k

(adjusted down from 32k after some basic benchmarking using weighttp)

[core] fix chunked decoding from backend (#3044, #3046)

(fix typo missed in merge of 8e6dc4fe)

[core] fix chunked decoding from backend (#3044, #3046)

fix edge case for initial chunked data
(bug introduced in lighttpd 1.4.56)

If chunked header received without data before response headers se

[core] fix chunked decoding from backend (#3044, #3046)

fix edge case for initial chunked data
(bug introduced in lighttpd 1.4.56)

If chunked header received without data before response headers sent,
then initial chunked data might be sent to client without chunked header
if client made an HTTP/1.1 request and the response is Transfer-Encoding
chunked and lighttpd is configured to stream the response (non-zero
value for server.stream-response-body). This might occur if lighttpd
backend is connected via a unix domain socket and the initial chunk is
large and coming from a temporary file. It may be sent in a separate
packet since lighttpd does not use TCP_CORK on unix domain sockets.

x-ref:
"Failure on second request in http proxy backend"
https://redmine.lighttpd.net/issues/3046
"Socket errors after update to version 1.4.56"
https://redmine.lighttpd.net/issues/3044

show more ...

[core] log_error_multiline()

rename log_error_multiline_buffer() to log_error_multiline()
and take (char *)ptr and (size_t)len instead of (buffer *)b

When debug printing request and response header

[core] log_error_multiline()

rename log_error_multiline_buffer() to log_error_multiline()
and take (char *)ptr and (size_t)len instead of (buffer *)b

When debug printing request and response headers,
print each header on separate line for readability
and omit '\r' if "\r\n" ends line

show more ...

[core] remove HANDLER_WAIT_FOR_FD

If a system call returns EMFILE, then admin should increase
server.max-fds and check/increase rlimits for num files (ulimit -Hn)

Alternatively, the admin might dec

[core] remove HANDLER_WAIT_FOR_FD

If a system call returns EMFILE, then admin should increase
server.max-fds and check/increase rlimits for num files (ulimit -Hn)

Alternatively, the admin might decrease server.max-connections to limit
the number of connections served in parallel.

show more ...

[multiple] Y2038 32-bit signed time_t mitigations

Most OS platforms have already provided solutions to
Y2038 32-bit signed time_t 5 - 10 years ago (or more!)
Notable exceptions are Linux i686 and Fr

[multiple] Y2038 32-bit signed time_t mitigations

Most OS platforms have already provided solutions to
Y2038 32-bit signed time_t 5 - 10 years ago (or more!)
Notable exceptions are Linux i686 and FreeBSD i386.

Since 32-bit systems tend to be embedded systems,
and since many distros take years to pick up new software,
this commit aims to provide Y2038 mitigations for lighttpd
running on 32-bit systems with Y2038-unsafe 32-bit signed time_t

* Y2038: lighttpd 1.4.60 and later report Y2038 safety
$ lighttpd -V
+ Y2038 support # Y2038-SAFE
$ lighttpd -V
- Y2038 support (unsafe 32-bit signed time_t) # Y2038-UNSAFE

* Y2038: general platform info
* Y2038-SAFE: lighttpd 64-bit builds on platforms using 64-bit time_t
- all major 64-bit platforms (known to this author) use 64-bit time_t
* Y2038-SAFE: lighttpd 32-bit builds on platforms using 64-bit time_t
- Linux x32 ABI (different from i686)
- FreeBSD all 32-bit and 64-bit architectures *except* 32-bit i386
- NetBSD 6.0 (released Oct 2012) all 32-bit and 64-bit architectures
- OpenBSD 5.5 (released May 2014) all 32-bit and 64-bit architectures
- Microsoft Windows XP and Visual Studio 2005 (? unsure ?)
Another reference suggests Visual Studio 2015 defaults to 64-bit time_t
- MacOS 10.15 Catalina (released 2019) drops support for 32-bit apps
* Y2038-SAFE: lighttpd 32-bit builds on platforms using 32-bit unsigned time_t
- e.g. OpenVMS (unknown if lighttpd builds on this platform)
* Y2038-UNSAFE: lighttpd 32-bit builds on platforms using 32-bit signed time_t
- Linux 32-bit (including i686)
- glibc 32-bit library support not yet available for 64-bit time_t
- https://sourceware.org/glibc/wiki/Y2038ProofnessDesign
- Linux kernel 5.6 on 32-bit platforms does support 64-bit time_t
https://itsubuntu.com/linux-kernel-5-6-to-fix-the-year-2038-issue-unix-y2k/
- https://www.gnu.org/software/libc/manual/html_node/64_002dbit-time-symbol-handling.html
"Note: at this point, 64-bit time support in dual-time
configurations is work-in-progress, so for these
configurations, the public API only makes the 32-bit time
support available. In a later change, the public API will
allow user code to choose the time size for a given
compilation unit."
- compiling with -D_TIME_BITS=64 currently has no effect
- glibc recent (Jul 2021) mailing list discussion
- https://public-inbox.org/bug-gnulib/[email protected]/T/
- FreeBSD i386
- DragonFlyBSD 32-bit

* Y2038 mitigations attempted on Y2038-UNSAFE platforms (32-bit signed time_t)
* lighttpd prefers system monotonic clock instead of realtime clock
in places where realtime clock is not required
* lighttpd treats negative time_t values as after 19 Jan 2038 03:14:07 GMT
* (lighttpd presumes that lighttpd will not encounter dates before 1970
during normal operation.)
* lighttpd casts struct stat st.st_mtime (and st.st_*time) through uint64_t
to convert negative timestamps for comparisions with 64-bit timestamps
(treating negative timestamp values as after 19 Jan 2038 03:14:07 GMT)
* lighttpd provides unix_time64_t (int64_t) and
* lighttpd provides struct unix_timespec64 (unix_timespec64_t)
(struct timespec equivalent using unix_time64_t tv_sec member)
* lighttpd provides gmtime64_r() and localtime64_r() wrappers
for platforms 32-bit platforms using 32-bit time_t and
lighttpd temporarily shifts the year in order to use
gmtime_r() and localtime_r() (or gmtime() and localtime())
from standard libraries, before readjusting year and passing
struct tm to formatting functions such as strftime()
* lighttpd provides TIME64_CAST() macro to cast signed 32-bit time_t to
unsigned 32-bit and then to unix_time64_t

* Note: while lighttpd tries handle times past 19 Jan 2038 03:14:07 GMT
on 32-bit platforms using 32-bit signed time_t, underlying libraries and
underlying filesystems might not behave properly after 32-bit signed time_t
overflows (19 Jan 2038 03:14:08 GMT). If a given 32-bit OS does not work
properly using negative time_t values, then lighttpd likely will not work
properly on that system.

* Other references and blogs
- https://en.wikipedia.org/wiki/Year_2038_problem
- https://en.wikipedia.org/wiki/Time_formatting_and_storage_bugs
- http://www.lieberbiber.de/2017/03/14/a-look-at-the-year-20362038-problems-and-time-proofness-in-various-systems/

show more ...

[core] construct file path after docroot hook

also remove some excess/duplicative trace during request processing

[multiple] buffer_copy_string_len_lc()

convenience wrapper combining
buffer_copy_string_len()
buffer_to_lower()
and making a single pass over string

[core] request_config_reset()

move configfile.c:config_reset_config()
to reqpool.c:request_config_reset()

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot co

[multiple] reduce redundant NULL buffer checks

This commit is a large set of code changes and results in removal of
hundreds, perhaps thousands, of CPU instructions, a portion of which
are on hot code paths.

Most (buffer *) used by lighttpd are not NULL, especially since buffers
were inlined into numerous larger structs such as request_st and chunk.

In the small number of instances where that is not the case, a NULL
check is often performed earlier in a function where that buffer is
later used with a buffer_* func. In the handful of cases that remained,
a NULL check was added, e.g. with r->http_host and r->conf.server_tag.

- check for empty strings at config time and set value to NULL if blank
string will be ignored at runtime; at runtime, simple pointer check
for NULL can be used to check for a value that has been set and is not
blank ("")
- use buffer_is_blank() instead of buffer_string_is_empty(),
and use buffer_is_unset() instead of buffer_is_empty(),
where buffer is known not to be NULL so that NULL check can be skipped
- use buffer_clen() instead of buffer_string_length() when buffer is
known not to be NULL (to avoid NULL check at runtime)
- use buffer_truncate() instead of buffer_string_set_length() to
truncate string, and use buffer_extend() to extend

Examples where buffer known not to be NULL:
- cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL
(though we might set it to NULL if buffer_is_blank(cpv->v.b))
- address of buffer is arg (&foo)
(compiler optimizer detects this in most, but not all, cases)
- buffer is checked for NULL earlier in func
- buffer is accessed in same scope without a NULL check (e.g. b->ptr)

internal behavior change:
callers must not pass a NULL buffer to some funcs.
- buffer_init_buffer() requires non-null args
- buffer_copy_buffer() requires non-null args
- buffer_append_string_buffer() requires non-null args
- buffer_string_space() requires non-null arg

show more ...

[core] tweaks writing response header (better asm)

[core] merge uri_raw and uri_clean hooks

hooks are run consecutively in http_response_prepare()

merge uri_raw before uri_clean to preserve existing ordering