update to lighttpd 1.4.30, from Brad (maintainer).
This commit is contained in:
parent
afd57cac30
commit
cbe6df0aac
@ -1,11 +1,10 @@
|
||||
# $OpenBSD: Makefile,v 1.92 2011/12/03 22:26:08 sthen Exp $
|
||||
# $OpenBSD: Makefile,v 1.93 2011/12/20 22:27:28 sthen Exp $
|
||||
|
||||
SHARED_ONLY= Yes
|
||||
|
||||
COMMENT= secure, fast, compliant, and very flexible web-server
|
||||
|
||||
DISTNAME= lighttpd-1.4.29
|
||||
REVISION= 6
|
||||
DISTNAME= lighttpd-1.4.30
|
||||
CATEGORIES= www net
|
||||
MASTER_SITES= http://download.lighttpd.net/lighttpd/releases-1.4.x/
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
MD5 (lighttpd-1.4.29.tar.gz) = QTDSRAd3t5EeYt5qicmKkA==
|
||||
RMD160 (lighttpd-1.4.29.tar.gz) = 9JUO/lJ7U49X3MD7iLare5YAMSg=
|
||||
SHA1 (lighttpd-1.4.29.tar.gz) = IlEkbNZXzXh63Z6VQZQeiDuBvxM=
|
||||
SHA256 (lighttpd-1.4.29.tar.gz) = /59N45AdA7soVjTFsUkZEiPRfxwmmhbIY7rEQjgRnIU=
|
||||
SIZE (lighttpd-1.4.29.tar.gz) = 831201
|
||||
MD5 (lighttpd-1.4.30.tar.gz) = fwu7ZqBQmfY06o9jr5nP7Q==
|
||||
RMD160 (lighttpd-1.4.30.tar.gz) = SCUYwIidY8uTvWuusMftDtXkjxg=
|
||||
SHA1 (lighttpd-1.4.30.tar.gz) = SlnCN/5isGNlrss61BObhZOiGCk=
|
||||
SHA256 (lighttpd-1.4.30.tar.gz) = Wa5VsOxCfDKPp01oPgDrG8mbzCDNGEF3h16baGXeK4s=
|
||||
SIZE (lighttpd-1.4.30.tar.gz) = 834241
|
||||
|
@ -1,41 +0,0 @@
|
||||
$OpenBSD: patch-src_base_h,v 1.6 2011/12/03 22:26:08 sthen Exp $
|
||||
--- src/base.h.orig Sun Mar 13 13:48:23 2011
|
||||
+++ src/base.h Fri Dec 2 04:48:14 2011
|
||||
@@ -277,6 +277,7 @@ typedef struct {
|
||||
buffer *ssl_cipher_list;
|
||||
buffer *ssl_dh_file;
|
||||
buffer *ssl_ec_curve;
|
||||
+ unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
|
||||
unsigned short ssl_use_sslv2;
|
||||
unsigned short ssl_use_sslv3;
|
||||
unsigned short ssl_verifyclient;
|
||||
@@ -284,6 +285,7 @@ typedef struct {
|
||||
unsigned short ssl_verifyclient_depth;
|
||||
buffer *ssl_verifyclient_username;
|
||||
unsigned short ssl_verifyclient_export_cert;
|
||||
+ unsigned short ssl_disable_client_renegotiation;
|
||||
|
||||
unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */
|
||||
unsigned short defer_accept;
|
||||
@@ -437,6 +439,7 @@ typedef struct {
|
||||
# ifndef OPENSSL_NO_TLSEXT
|
||||
buffer *tlsext_server_name;
|
||||
# endif
|
||||
+ unsigned int renegotiations; /* count of SSL_CB_HANDSHAKE_START */
|
||||
#endif
|
||||
/* etag handling */
|
||||
etag_flags_t etag_flags;
|
||||
@@ -647,11 +650,9 @@ typedef struct server {
|
||||
|
||||
fdevent_handler_t event_handler;
|
||||
|
||||
- int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq);
|
||||
- int (* network_backend_read)(struct server *srv, connection *con, int fd, chunkqueue *cq);
|
||||
+ int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
|
||||
#ifdef USE_OPENSSL
|
||||
- int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
|
||||
- int (* network_ssl_backend_read)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
|
||||
+ int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
|
||||
#endif
|
||||
|
||||
uid_t uid;
|
@ -1,79 +0,0 @@
|
||||
$OpenBSD: patch-src_configfile_c,v 1.3 2011/12/03 22:26:08 sthen Exp $
|
||||
--- src/configfile.c.orig Fri Dec 2 04:36:43 2011
|
||||
+++ src/configfile.c Fri Dec 2 04:50:13 2011
|
||||
@@ -105,6 +105,8 @@ static int config_insert(server *srv) {
|
||||
{ "ssl.use-sslv3", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 62 */
|
||||
{ "ssl.dh-file", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 63 */
|
||||
{ "ssl.ec-curve", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 64 */
|
||||
+ { "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
|
||||
+ { "ssl.honor-cipher-order", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 66 */
|
||||
|
||||
{ "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
|
||||
{ "server.docroot", "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
|
||||
@@ -176,6 +178,7 @@ static int config_insert(server *srv) {
|
||||
s->max_write_idle = 360;
|
||||
s->use_xattr = 0;
|
||||
s->is_ssl = 0;
|
||||
+ s->ssl_honor_cipher_order = 1;
|
||||
s->ssl_use_sslv2 = 0;
|
||||
s->ssl_use_sslv3 = 1;
|
||||
s->use_ipv6 = 0;
|
||||
@@ -199,6 +202,7 @@ static int config_insert(server *srv) {
|
||||
s->ssl_verifyclient_username = buffer_init();
|
||||
s->ssl_verifyclient_depth = 9;
|
||||
s->ssl_verifyclient_export_cert = 0;
|
||||
+ s->ssl_disable_client_renegotiation = 1;
|
||||
|
||||
cv[2].destination = s->errorfile_prefix;
|
||||
|
||||
@@ -245,6 +249,8 @@ static int config_insert(server *srv) {
|
||||
cv[62].destination = &(s->ssl_use_sslv3);
|
||||
cv[63].destination = s->ssl_dh_file;
|
||||
cv[64].destination = s->ssl_ec_curve;
|
||||
+ cv[65].destination = &(s->ssl_honor_cipher_order);
|
||||
+
|
||||
cv[49].destination = &(s->etag_use_inode);
|
||||
cv[50].destination = &(s->etag_use_mtime);
|
||||
cv[51].destination = &(s->etag_use_size);
|
||||
@@ -255,6 +261,7 @@ static int config_insert(server *srv) {
|
||||
cv[58].destination = &(s->ssl_verifyclient_depth);
|
||||
cv[59].destination = s->ssl_verifyclient_username;
|
||||
cv[60].destination = &(s->ssl_verifyclient_export_cert);
|
||||
+ cv[65].destination = &(s->ssl_disable_client_renegotiation);
|
||||
|
||||
srv->config_storage[i] = s;
|
||||
|
||||
@@ -335,6 +342,7 @@ int config_setup_connection(server *srv, connection *c
|
||||
PATCH(ssl_cipher_list);
|
||||
PATCH(ssl_dh_file);
|
||||
PATCH(ssl_ec_curve);
|
||||
+ PATCH(ssl_honor_cipher_order);
|
||||
PATCH(ssl_use_sslv2);
|
||||
PATCH(ssl_use_sslv3);
|
||||
PATCH(etag_use_inode);
|
||||
@@ -346,6 +354,7 @@ int config_setup_connection(server *srv, connection *c
|
||||
PATCH(ssl_verifyclient_depth);
|
||||
PATCH(ssl_verifyclient_username);
|
||||
PATCH(ssl_verifyclient_export_cert);
|
||||
+ PATCH(ssl_disable_client_renegotiation);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -400,6 +409,8 @@ int config_patch_connection(server *srv, connection *c
|
||||
#endif
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
|
||||
PATCH(ssl_ca_file);
|
||||
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.honor-cipher-order"))) {
|
||||
+ PATCH(ssl_honor_cipher_order);
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) {
|
||||
PATCH(ssl_use_sslv2);
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
|
||||
@@ -454,6 +465,8 @@ int config_patch_connection(server *srv, connection *c
|
||||
PATCH(ssl_verifyclient_username);
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.verifyclient.exportcert"))) {
|
||||
PATCH(ssl_verifyclient_export_cert);
|
||||
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) {
|
||||
+ PATCH(ssl_disable_client_renegotiation);
|
||||
}
|
||||
}
|
||||
}
|
@ -1,28 +1,10 @@
|
||||
$OpenBSD: patch-src_connections_c,v 1.18 2011/12/03 22:26:08 sthen Exp $
|
||||
--- src/connections.c.orig Sun Apr 24 11:55:46 2011
|
||||
+++ src/connections.c Fri Dec 2 04:40:01 2011
|
||||
@@ -223,6 +223,12 @@ static int connection_handle_read_ssl(server *srv, con
|
||||
|
||||
len = SSL_read(con->ssl, b->ptr + read_offset, toread);
|
||||
|
||||
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
|
||||
+ connection_set_state(srv, con, CON_STATE_ERROR);
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
if (len > 0) {
|
||||
if (b->used > 0) b->used--;
|
||||
b->used += len;
|
||||
@@ -445,6 +451,7 @@ static int connection_handle_write_prepare(server *srv
|
||||
default:
|
||||
switch(con->http_status) {
|
||||
case 400: /* bad request */
|
||||
+ case 401: /* authorization required */
|
||||
case 414: /* overload request header */
|
||||
case 505: /* unknown protocol */
|
||||
case 207: /* this was webdav */
|
||||
@@ -560,8 +567,10 @@ static int connection_handle_write_prepare(server *srv
|
||||
$OpenBSD: patch-src_connections_c,v 1.19 2011/12/20 22:27:28 sthen Exp $
|
||||
|
||||
let HEAD for 0-byte files return the Content-Length
|
||||
|
||||
--- src/connections.c.orig Wed Nov 30 12:42:45 2011
|
||||
+++ src/connections.c Tue Dec 20 16:33:10 2011
|
||||
@@ -567,8 +567,10 @@ static int connection_handle_write_prepare(server *srv
|
||||
if (NULL != (ds = (data_string*) array_get_element(con->response.headers, "Content-Length"))) {
|
||||
buffer_reset(ds->value); /* Headers with empty values are ignored for output */
|
||||
}
|
||||
@ -35,48 +17,3 @@ $OpenBSD: patch-src_connections_c,v 1.18 2011/12/03 22:26:08 sthen Exp $
|
||||
* a content. Browsers are waiting for a Content otherwise
|
||||
*/
|
||||
buffer_copy_off_t(srv->tmp_buf, qlen);
|
||||
@@ -617,8 +626,9 @@ static int connection_handle_write_prepare(server *srv
|
||||
}
|
||||
|
||||
static int connection_handle_write(server *srv, connection *con) {
|
||||
- switch(network_write_chunkqueue(srv, con, con->write_queue)) {
|
||||
+ switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
|
||||
case 0:
|
||||
+ con->write_request_ts = srv->cur_ts;
|
||||
if (con->file_finished) {
|
||||
connection_set_state(srv, con, CON_STATE_RESPONSE_END);
|
||||
joblist_append(srv, con);
|
||||
@@ -635,6 +645,7 @@ static int connection_handle_write(server *srv, connec
|
||||
joblist_append(srv, con);
|
||||
break;
|
||||
case 1:
|
||||
+ con->write_request_ts = srv->cur_ts;
|
||||
con->is_writable = 0;
|
||||
|
||||
/* not finished yet -> WRITE */
|
||||
@@ -1251,8 +1262,6 @@ static handler_t connection_handle_fdevent(server *srv
|
||||
log_error_write(srv, __FILE__, __LINE__, "ds",
|
||||
con->fd,
|
||||
"handle write failed.");
|
||||
- } else if (con->state == CON_STATE_WRITE) {
|
||||
- con->write_request_ts = srv->cur_ts;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1352,6 +1361,7 @@ connection *connection_accept(server *srv, server_sock
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ con->renegotiations = 0;
|
||||
#ifndef OPENSSL_NO_TLSEXT
|
||||
SSL_set_app_data(con->ssl, con);
|
||||
#endif
|
||||
@@ -1667,8 +1677,6 @@ int connection_state_machine(server *srv, connection *
|
||||
con->fd,
|
||||
"handle write failed.");
|
||||
connection_set_state(srv, con, CON_STATE_ERROR);
|
||||
- } else if (con->state == CON_STATE_WRITE) {
|
||||
- con->write_request_ts = srv->cur_ts;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,15 +0,0 @@
|
||||
$OpenBSD: patch-src_http_auth_c,v 1.3 2011/12/01 12:17:11 gsoares Exp $
|
||||
|
||||
Fixes CVE-2011-4362: out of bounds read due to a signedness error
|
||||
|
||||
--- src/http_auth.c.orig Sun Apr 24 12:44:59 2011
|
||||
+++ src/http_auth.c Wed Nov 30 07:58:31 2011
|
||||
@@ -95,7 +95,7 @@ static unsigned char * base64_decode(buffer *out, cons
|
||||
ch = in[0];
|
||||
/* run through the whole string, converting as we go */
|
||||
for (i = 0; i < in_len; i++) {
|
||||
- ch = in[i];
|
||||
+ ch = (unsigned char) in[i];
|
||||
|
||||
if (ch == '\0') break;
|
||||
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-src_mod_fastcgi_c,v 1.7 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/mod_fastcgi.c.orig Mon Jun 13 07:23:40 2011
|
||||
+++ src/mod_fastcgi.c Wed Aug 24 02:50:41 2011
|
||||
@@ -3075,7 +3075,7 @@ static handler_t fcgi_write_request(server *srv, handl
|
||||
fcgi_set_state(srv, hctx, FCGI_STATE_WRITE);
|
||||
/* fall through */
|
||||
case FCGI_STATE_WRITE:
|
||||
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
|
||||
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
|
||||
|
||||
chunkqueue_remove_finished_chunks(hctx->wb);
|
||||
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-src_mod_proxy_c,v 1.8 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/mod_proxy.c.orig Fri Dec 10 12:41:18 2010
|
||||
+++ src/mod_proxy.c Wed Aug 24 02:50:41 2011
|
||||
@@ -825,7 +825,7 @@ static handler_t proxy_write_request(server *srv, hand
|
||||
|
||||
/* fall through */
|
||||
case PROXY_STATE_WRITE:;
|
||||
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
|
||||
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
|
||||
|
||||
chunkqueue_remove_finished_chunks(hctx->wb);
|
||||
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-src_mod_scgi_c,v 1.3 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/mod_scgi.c.orig Mon Jun 13 07:24:12 2011
|
||||
+++ src/mod_scgi.c Wed Aug 24 02:50:41 2011
|
||||
@@ -2296,7 +2296,7 @@ static handler_t scgi_write_request(server *srv, handl
|
||||
|
||||
/* fall through */
|
||||
case FCGI_STATE_WRITE:
|
||||
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
|
||||
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
|
||||
|
||||
chunkqueue_remove_finished_chunks(hctx->wb);
|
||||
|
@ -1,64 +0,0 @@
|
||||
$OpenBSD: patch-src_mod_staticfile_c,v 1.1 2011/09/06 08:49:51 sthen Exp $
|
||||
--- src/mod_staticfile.c.orig Wed Aug 31 04:14:21 2011
|
||||
+++ src/mod_staticfile.c Wed Aug 31 04:26:21 2011
|
||||
@@ -26,6 +26,7 @@
|
||||
typedef struct {
|
||||
array *exclude_ext;
|
||||
unsigned short etags_used;
|
||||
+ unsigned short disable_pathinfo;
|
||||
} plugin_config;
|
||||
|
||||
typedef struct {
|
||||
@@ -84,6 +85,7 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) {
|
||||
config_values_t cv[] = {
|
||||
{ "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
|
||||
{ "static-file.etags", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
|
||||
+ { "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
|
||||
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
|
||||
};
|
||||
|
||||
@@ -97,9 +99,11 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) {
|
||||
s = calloc(1, sizeof(plugin_config));
|
||||
s->exclude_ext = array_init();
|
||||
s->etags_used = 1;
|
||||
+ s->disable_pathinfo = 0;
|
||||
|
||||
cv[0].destination = s->exclude_ext;
|
||||
cv[1].destination = &(s->etags_used);
|
||||
+ cv[2].destination = &(s->disable_pathinfo);
|
||||
|
||||
p->config_storage[i] = s;
|
||||
|
||||
@@ -119,6 +123,7 @@ static int mod_staticfile_patch_connection(server *srv
|
||||
|
||||
PATCH(exclude_ext);
|
||||
PATCH(etags_used);
|
||||
+ PATCH(disable_pathinfo);
|
||||
|
||||
/* skip the first, the global context */
|
||||
for (i = 1; i < srv->config_context->used; i++) {
|
||||
@@ -136,7 +141,9 @@ static int mod_staticfile_patch_connection(server *srv
|
||||
PATCH(exclude_ext);
|
||||
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
|
||||
PATCH(etags_used);
|
||||
- }
|
||||
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) {
|
||||
+ PATCH(disable_pathinfo);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -377,6 +384,13 @@ URIHANDLER_FUNC(mod_staticfile_subrequest) {
|
||||
mod_staticfile_patch_connection(srv, con, p);
|
||||
|
||||
s_len = con->uri.path->used - 1;
|
||||
+
|
||||
+ if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) {
|
||||
+ if (con->conf.log_request_handling) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "s", "-- NOT handling file as static file, pathinfo forbidden");
|
||||
+ }
|
||||
+ return HANDLER_GO_ON;
|
||||
+ }
|
||||
|
||||
/* ignore certain extensions */
|
||||
for (k = 0; k < p->conf.exclude_ext->used; k++) {
|
@ -1,15 +0,0 @@
|
||||
$OpenBSD: patch-src_mod_status_c,v 1.3 2011/10/07 20:04:39 sthen Exp $
|
||||
|
||||
Fix mod_status bug: always showed "0/0" in the "Read" column for uploads.
|
||||
|
||||
--- src/mod_status.c.orig Fri Oct 7 00:04:52 2011
|
||||
+++ src/mod_status.c Fri Oct 7 00:05:16 2011
|
||||
@@ -487,7 +487,7 @@ static handler_t mod_status_handle_server_status_html(
|
||||
|
||||
buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
|
||||
|
||||
- if (con->request.content_length) {
|
||||
+ if (c->request.content_length) {
|
||||
buffer_append_long(b, c->request_content_queue->bytes_in);
|
||||
buffer_append_string_len(b, CONST_STR_LEN("/"));
|
||||
buffer_append_long(b, c->request.content_length);
|
@ -1,29 +0,0 @@
|
||||
$OpenBSD: patch-src_network_backends_h,v 1.1 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/network_backends.h.orig Mon Feb 1 18:28:20 2010
|
||||
+++ src/network_backends.h Wed Aug 24 02:50:41 2011
|
||||
@@ -47,18 +47,18 @@
|
||||
#include "base.h"
|
||||
|
||||
/* return values:
|
||||
- * >= 0 : chunks completed
|
||||
+ * >= 0 : no error
|
||||
* -1 : error (on our side)
|
||||
* -2 : remote close
|
||||
*/
|
||||
|
||||
-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq);
|
||||
-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq);
|
||||
-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
|
||||
-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
|
||||
-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq);
|
||||
+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
|
||||
+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
|
||||
+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
|
||||
+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
|
||||
+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
|
||||
#ifdef USE_OPENSSL
|
||||
-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq);
|
||||
+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,132 +0,0 @@
|
||||
$OpenBSD: patch-src_network_c,v 1.6 2011/12/03 22:26:08 sthen Exp $
|
||||
--- src/network.c.orig Sun Apr 24 09:02:45 2011
|
||||
+++ src/network.c Fri Dec 2 04:52:34 2011
|
||||
@@ -27,6 +27,19 @@
|
||||
# include <openssl/rand.h>
|
||||
#endif
|
||||
|
||||
+#ifdef USE_OPENSSL
|
||||
+static void ssl_info_callback(const SSL *ssl, int where, int ret) {
|
||||
+ UNUSED(ret);
|
||||
+
|
||||
+ if (0 != (where & SSL_CB_HANDSHAKE_START)) {
|
||||
+ connection *con = SSL_get_app_data(ssl);
|
||||
+ ++con->renegotiations;
|
||||
+ } else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
|
||||
+ ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
|
||||
+ }
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static handler_t network_server_handle_fdevent(server *srv, void *context, int revents) {
|
||||
server_socket *srv_socket = (server_socket *)context;
|
||||
connection *con;
|
||||
@@ -553,6 +566,11 @@ int network_init(server *srv) {
|
||||
/* load SSL certificates */
|
||||
for (i = 0; i < srv->config_context->used; i++) {
|
||||
specific_config *s = srv->config_storage[i];
|
||||
+#ifndef SSL_OP_NO_COMPRESSION
|
||||
+# define SSL_OP_NO_COMPRESSION 0
|
||||
+#endif
|
||||
+ long ssloptions =
|
||||
+ SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
|
||||
|
||||
if (buffer_is_empty(s->ssl_pemfile)) continue;
|
||||
|
||||
@@ -586,6 +604,9 @@ int network_init(server *srv) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ SSL_CTX_set_options(s->ssl_ctx, ssloptions);
|
||||
+ SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);
|
||||
+
|
||||
if (!s->ssl_use_sslv2) {
|
||||
/* disable SSLv2 */
|
||||
if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
|
||||
@@ -611,6 +632,10 @@ int network_init(server *srv) {
|
||||
ERR_error_string(ERR_get_error(), NULL));
|
||||
return -1;
|
||||
}
|
||||
+
|
||||
+ if (s->ssl_honor_cipher_order) {
|
||||
+ SSL_CTX_set_options(s->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
|
||||
+ }
|
||||
}
|
||||
|
||||
/* Support for Diffie-Hellman key exchange */
|
||||
@@ -847,7 +872,7 @@ int network_register_fdevents(server *srv) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq) {
|
||||
+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq, off_t max_bytes) {
|
||||
int ret = -1;
|
||||
off_t written = 0;
|
||||
#ifdef TCP_CORK
|
||||
@@ -855,16 +880,34 @@ int network_write_chunkqueue(server *srv, connection *
|
||||
#endif
|
||||
server_socket *srv_socket = con->srv_socket;
|
||||
|
||||
- if (con->conf.global_kbytes_per_second &&
|
||||
- *(con->conf.global_bytes_per_second_cnt_ptr) > con->conf.global_kbytes_per_second * 1024) {
|
||||
- /* we reached the global traffic limit */
|
||||
+ if (con->conf.global_kbytes_per_second) {
|
||||
+ off_t limit = con->conf.global_kbytes_per_second * 1024 - *(con->conf.global_bytes_per_second_cnt_ptr);
|
||||
+ if (limit <= 0) {
|
||||
+ /* we reached the global traffic limit */
|
||||
|
||||
- con->traffic_limit_reached = 1;
|
||||
- joblist_append(srv, con);
|
||||
+ con->traffic_limit_reached = 1;
|
||||
+ joblist_append(srv, con);
|
||||
|
||||
- return 1;
|
||||
+ return 1;
|
||||
+ } else {
|
||||
+ if (max_bytes > limit) max_bytes = limit;
|
||||
+ }
|
||||
}
|
||||
|
||||
+ if (con->conf.kbytes_per_second) {
|
||||
+ off_t limit = con->conf.kbytes_per_second * 1024 - con->bytes_written_cur_second;
|
||||
+ if (limit <= 0) {
|
||||
+ /* we reached the traffic limit */
|
||||
+
|
||||
+ con->traffic_limit_reached = 1;
|
||||
+ joblist_append(srv, con);
|
||||
+
|
||||
+ return 1;
|
||||
+ } else {
|
||||
+ if (max_bytes > limit) max_bytes = limit;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
written = cq->bytes_out;
|
||||
|
||||
#ifdef TCP_CORK
|
||||
@@ -879,10 +922,10 @@ int network_write_chunkqueue(server *srv, connection *
|
||||
|
||||
if (srv_socket->is_ssl) {
|
||||
#ifdef USE_OPENSSL
|
||||
- ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq);
|
||||
+ ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq, max_bytes);
|
||||
#endif
|
||||
} else {
|
||||
- ret = srv->network_backend_write(srv, con, con->fd, cq);
|
||||
+ ret = srv->network_backend_write(srv, con, con->fd, cq, max_bytes);
|
||||
}
|
||||
|
||||
if (ret >= 0) {
|
||||
@@ -903,12 +946,5 @@ int network_write_chunkqueue(server *srv, connection *
|
||||
|
||||
*(con->conf.global_bytes_per_second_cnt_ptr) += written;
|
||||
|
||||
- if (con->conf.kbytes_per_second &&
|
||||
- (con->bytes_written_cur_second > con->conf.kbytes_per_second * 1024)) {
|
||||
- /* we reached the traffic limit */
|
||||
-
|
||||
- con->traffic_limit_reached = 1;
|
||||
- joblist_append(srv, con);
|
||||
- }
|
||||
return ret;
|
||||
}
|
@ -1,110 +0,0 @@
|
||||
$OpenBSD: patch-src_network_freebsd_sendfile_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/network_freebsd_sendfile.c.orig Tue Aug 17 05:04:38 2010
|
||||
+++ src/network_freebsd_sendfile.c Wed Aug 24 02:50:41 2011
|
||||
@@ -31,17 +31,16 @@
|
||||
# endif
|
||||
#endif
|
||||
|
||||
-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
|
||||
+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
|
||||
chunk *c;
|
||||
- size_t chunks_written = 0;
|
||||
|
||||
- for(c = cq->first; c; c = c->next, chunks_written++) {
|
||||
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
|
||||
int chunk_finished = 0;
|
||||
|
||||
switch(c->type) {
|
||||
case MEM_CHUNK: {
|
||||
char * offset;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
ssize_t r;
|
||||
|
||||
size_t num_chunks, i;
|
||||
@@ -49,12 +48,10 @@ int network_write_chunkqueue_freebsdsendfile(server *s
|
||||
chunk *tc;
|
||||
size_t num_bytes = 0;
|
||||
|
||||
- /* we can't send more then SSIZE_MAX bytes in one chunk */
|
||||
-
|
||||
/* build writev list
|
||||
*
|
||||
* 1. limit: num_chunks < UIO_MAXIOV
|
||||
- * 2. limit: num_bytes < SSIZE_MAX
|
||||
+ * 2. limit: num_bytes < max_bytes
|
||||
*/
|
||||
for(num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV; num_chunks++, tc = tc->next);
|
||||
|
||||
@@ -69,9 +66,9 @@ int network_write_chunkqueue_freebsdsendfile(server *s
|
||||
chunks[i].iov_base = offset;
|
||||
|
||||
/* protect the return value of writev() */
|
||||
- if (toSend > SSIZE_MAX ||
|
||||
- num_bytes + toSend > SSIZE_MAX) {
|
||||
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
|
||||
+ if (toSend > max_bytes ||
|
||||
+ (off_t) num_bytes + toSend > max_bytes) {
|
||||
+ chunks[i].iov_len = max_bytes - num_bytes;
|
||||
|
||||
num_chunks = i + 1;
|
||||
break;
|
||||
@@ -105,6 +102,7 @@ int network_write_chunkqueue_freebsdsendfile(server *s
|
||||
|
||||
/* check which chunks have been written */
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
|
||||
for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
|
||||
if (r >= (ssize_t)chunks[i].iov_len) {
|
||||
@@ -114,11 +112,10 @@ int network_write_chunkqueue_freebsdsendfile(server *s
|
||||
|
||||
if (chunk_finished) {
|
||||
/* skip the chunks from further touches */
|
||||
- chunks_written++;
|
||||
c = c->next;
|
||||
} else {
|
||||
/* chunks_written + c = c->next is done in the for()*/
|
||||
- chunk_finished++;
|
||||
+ chunk_finished = 1;
|
||||
}
|
||||
} else {
|
||||
/* partially written */
|
||||
@@ -134,7 +131,7 @@ int network_write_chunkqueue_freebsdsendfile(server *s
|
||||
}
|
||||
case FILE_CHUNK: {
|
||||
off_t offset, r;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
stat_cache_entry *sce = NULL;
|
||||
|
||||
if (HANDLER_ERROR == stat_cache_get_entry(srv, con, c->file.name, &sce)) {
|
||||
@@ -144,9 +141,8 @@ int network_write_chunkqueue_freebsdsendfile(server *s
|
||||
}
|
||||
|
||||
offset = c->file.start + c->offset;
|
||||
- /* limit the toSend to 2^31-1 bytes in a chunk */
|
||||
- toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
|
||||
- ((1 << 30) - 1) : c->file.length - c->offset;
|
||||
+ toSend = c->file.length - c->offset;
|
||||
+ if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
if (-1 == c->file.fd) {
|
||||
if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
|
||||
@@ -197,6 +193,7 @@ int network_write_chunkqueue_freebsdsendfile(server *s
|
||||
|
||||
c->offset += r;
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
|
||||
if (c->offset == c->file.length) {
|
||||
chunk_finished = 1;
|
||||
@@ -218,7 +215,7 @@ int network_write_chunkqueue_freebsdsendfile(server *s
|
||||
}
|
||||
}
|
||||
|
||||
- return chunks_written;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#endif
|
@ -1,12 +0,0 @@
|
||||
$OpenBSD: patch-src_network_h,v 1.1 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/network.h.orig Tue Sep 1 14:34:54 2009
|
||||
+++ src/network.h Wed Aug 24 02:50:41 2011
|
||||
@@ -3,7 +3,7 @@
|
||||
|
||||
#include "server.h"
|
||||
|
||||
-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c);
|
||||
+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c, off_t max_bytes);
|
||||
|
||||
int network_init(server *srv);
|
||||
int network_close(server *srv);
|
@ -1,106 +0,0 @@
|
||||
$OpenBSD: patch-src_network_linux_sendfile_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/network_linux_sendfile.c.orig Tue Aug 17 05:04:38 2010
|
||||
+++ src/network_linux_sendfile.c Wed Aug 24 02:50:41 2011
|
||||
@@ -27,17 +27,16 @@
|
||||
/* on linux 2.4.29 + debian/ubuntu we have crashes if this is enabled */
|
||||
#undef HAVE_POSIX_FADVISE
|
||||
|
||||
-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
|
||||
+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
|
||||
chunk *c;
|
||||
- size_t chunks_written = 0;
|
||||
|
||||
- for(c = cq->first; c; c = c->next, chunks_written++) {
|
||||
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
|
||||
int chunk_finished = 0;
|
||||
|
||||
switch(c->type) {
|
||||
case MEM_CHUNK: {
|
||||
char * offset;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
ssize_t r;
|
||||
|
||||
size_t num_chunks, i;
|
||||
@@ -45,12 +44,10 @@ int network_write_chunkqueue_linuxsendfile(server *srv
|
||||
chunk *tc;
|
||||
size_t num_bytes = 0;
|
||||
|
||||
- /* we can't send more then SSIZE_MAX bytes in one chunk */
|
||||
-
|
||||
/* build writev list
|
||||
*
|
||||
* 1. limit: num_chunks < UIO_MAXIOV
|
||||
- * 2. limit: num_bytes < SSIZE_MAX
|
||||
+ * 2. limit: num_bytes < max_bytes
|
||||
*/
|
||||
for (num_chunks = 0, tc = c;
|
||||
tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV;
|
||||
@@ -67,9 +64,9 @@ int network_write_chunkqueue_linuxsendfile(server *srv
|
||||
chunks[i].iov_base = offset;
|
||||
|
||||
/* protect the return value of writev() */
|
||||
- if (toSend > SSIZE_MAX ||
|
||||
- num_bytes + toSend > SSIZE_MAX) {
|
||||
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
|
||||
+ if (toSend > max_bytes ||
|
||||
+ (off_t) num_bytes + toSend > max_bytes) {
|
||||
+ chunks[i].iov_len = max_bytes - num_bytes;
|
||||
|
||||
num_chunks = i + 1;
|
||||
break;
|
||||
@@ -100,6 +97,7 @@ int network_write_chunkqueue_linuxsendfile(server *srv
|
||||
|
||||
/* check which chunks have been written */
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
|
||||
for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
|
||||
if (r >= (ssize_t)chunks[i].iov_len) {
|
||||
@@ -109,11 +107,10 @@ int network_write_chunkqueue_linuxsendfile(server *srv
|
||||
|
||||
if (chunk_finished) {
|
||||
/* skip the chunks from further touches */
|
||||
- chunks_written++;
|
||||
c = c->next;
|
||||
} else {
|
||||
/* chunks_written + c = c->next is done in the for()*/
|
||||
- chunk_finished++;
|
||||
+ chunk_finished = 1;
|
||||
}
|
||||
} else {
|
||||
/* partially written */
|
||||
@@ -130,13 +127,12 @@ int network_write_chunkqueue_linuxsendfile(server *srv
|
||||
case FILE_CHUNK: {
|
||||
ssize_t r;
|
||||
off_t offset;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
stat_cache_entry *sce = NULL;
|
||||
|
||||
offset = c->file.start + c->offset;
|
||||
- /* limit the toSend to 2^31-1 bytes in a chunk */
|
||||
- toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
|
||||
- ((1 << 30) - 1) : c->file.length - c->offset;
|
||||
+ toSend = c->file.length - c->offset;
|
||||
+ if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
/* open file if not already opened */
|
||||
if (-1 == c->file.fd) {
|
||||
@@ -215,6 +211,7 @@ int network_write_chunkqueue_linuxsendfile(server *srv
|
||||
|
||||
c->offset += r;
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
|
||||
if (c->offset == c->file.length) {
|
||||
chunk_finished = 1;
|
||||
@@ -243,7 +240,7 @@ int network_write_chunkqueue_linuxsendfile(server *srv
|
||||
}
|
||||
}
|
||||
|
||||
- return chunks_written;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#endif
|
@ -1,108 +0,0 @@
|
||||
$OpenBSD: patch-src_network_openssl_c,v 1.4 2011/12/03 22:26:08 sthen Exp $
|
||||
--- src/network_openssl.c.orig Tue Aug 17 05:04:38 2010
|
||||
+++ src/network_openssl.c Fri Dec 2 04:44:24 2011
|
||||
@@ -27,10 +27,9 @@
|
||||
# include <openssl/ssl.h>
|
||||
# include <openssl/err.h>
|
||||
|
||||
-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) {
|
||||
+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes) {
|
||||
int ssl_r;
|
||||
chunk *c;
|
||||
- size_t chunks_written = 0;
|
||||
|
||||
/* this is a 64k sendbuffer
|
||||
*
|
||||
@@ -59,13 +58,13 @@ int network_write_chunkqueue_openssl(server *srv, conn
|
||||
SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
|
||||
}
|
||||
|
||||
- for(c = cq->first; c; c = c->next) {
|
||||
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
|
||||
int chunk_finished = 0;
|
||||
|
||||
switch(c->type) {
|
||||
case MEM_CHUNK: {
|
||||
char * offset;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
ssize_t r;
|
||||
|
||||
if (c->mem->used == 0 || c->mem->used == 1) {
|
||||
@@ -75,6 +74,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
|
||||
|
||||
offset = c->mem->ptr + c->offset;
|
||||
toSend = c->mem->used - 1 - c->offset;
|
||||
+ if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
/**
|
||||
* SSL_write man-page
|
||||
@@ -87,7 +87,14 @@ int network_write_chunkqueue_openssl(server *srv, conn
|
||||
*/
|
||||
|
||||
ERR_clear_error();
|
||||
- if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
|
||||
+ r = SSL_write(ssl, offset, toSend);
|
||||
+
|
||||
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (r <= 0) {
|
||||
unsigned long err;
|
||||
|
||||
switch ((ssl_r = SSL_get_error(ssl, r))) {
|
||||
@@ -139,6 +146,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
|
||||
} else {
|
||||
c->offset += r;
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
}
|
||||
|
||||
if (c->offset == (off_t)c->mem->used - 1) {
|
||||
@@ -168,6 +176,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
|
||||
do {
|
||||
off_t offset = c->file.start + c->offset;
|
||||
off_t toSend = c->file.length - c->offset;
|
||||
+ if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
if (toSend > LOCAL_SEND_BUFSIZE) toSend = LOCAL_SEND_BUFSIZE;
|
||||
|
||||
@@ -190,7 +199,14 @@ int network_write_chunkqueue_openssl(server *srv, conn
|
||||
close(ifd);
|
||||
|
||||
ERR_clear_error();
|
||||
- if ((r = SSL_write(ssl, s, toSend)) <= 0) {
|
||||
+ r = SSL_write(ssl, s, toSend);
|
||||
+
|
||||
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
|
||||
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ if (r <= 0) {
|
||||
unsigned long err;
|
||||
|
||||
switch ((ssl_r = SSL_get_error(ssl, r))) {
|
||||
@@ -243,6 +259,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
|
||||
} else {
|
||||
c->offset += r;
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
}
|
||||
|
||||
if (c->offset == c->file.length) {
|
||||
@@ -263,11 +280,9 @@ int network_write_chunkqueue_openssl(server *srv, conn
|
||||
|
||||
break;
|
||||
}
|
||||
-
|
||||
- chunks_written++;
|
||||
}
|
||||
|
||||
- return chunks_written;
|
||||
+ return 0;
|
||||
}
|
||||
#endif
|
||||
|
@ -1,86 +0,0 @@
|
||||
$OpenBSD: patch-src_network_solaris_sendfilev_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/network_solaris_sendfilev.c.orig Tue Aug 17 05:04:38 2010
|
||||
+++ src/network_solaris_sendfilev.c Wed Aug 24 02:50:41 2011
|
||||
@@ -38,17 +38,16 @@
|
||||
*/
|
||||
|
||||
|
||||
-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq) {
|
||||
+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
|
||||
chunk *c;
|
||||
- size_t chunks_written = 0;
|
||||
|
||||
- for(c = cq->first; c; c = c->next, chunks_written++) {
|
||||
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
|
||||
int chunk_finished = 0;
|
||||
|
||||
switch(c->type) {
|
||||
case MEM_CHUNK: {
|
||||
char * offset;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
ssize_t r;
|
||||
|
||||
size_t num_chunks, i;
|
||||
@@ -77,9 +76,9 @@ int network_write_chunkqueue_solarissendfilev(server *
|
||||
chunks[i].iov_base = offset;
|
||||
|
||||
/* protect the return value of writev() */
|
||||
- if (toSend > SSIZE_MAX ||
|
||||
- num_bytes + toSend > SSIZE_MAX) {
|
||||
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
|
||||
+ if (toSend > max_bytes ||
|
||||
+ (off_t) num_bytes + toSend > max_bytes) {
|
||||
+ chunks[i].iov_len = max_bytes - num_bytes;
|
||||
|
||||
num_chunks = i + 1;
|
||||
break;
|
||||
@@ -119,11 +118,10 @@ int network_write_chunkqueue_solarissendfilev(server *
|
||||
|
||||
if (chunk_finished) {
|
||||
/* skip the chunks from further touches */
|
||||
- chunks_written++;
|
||||
c = c->next;
|
||||
} else {
|
||||
/* chunks_written + c = c->next is done in the for()*/
|
||||
- chunk_finished++;
|
||||
+ chunk_finished = 1;
|
||||
}
|
||||
} else {
|
||||
/* partially written */
|
||||
@@ -139,8 +137,8 @@ int network_write_chunkqueue_solarissendfilev(server *
|
||||
}
|
||||
case FILE_CHUNK: {
|
||||
ssize_t r;
|
||||
- off_t offset;
|
||||
- size_t toSend, written;
|
||||
+ off_t offset, toSend;
|
||||
+ size_t written;
|
||||
sendfilevec_t fvec;
|
||||
stat_cache_entry *sce = NULL;
|
||||
int ifd;
|
||||
@@ -153,6 +151,7 @@ int network_write_chunkqueue_solarissendfilev(server *
|
||||
|
||||
offset = c->file.start + c->offset;
|
||||
toSend = c->file.length - c->offset;
|
||||
+ if (toSend > max_bytes) toSend = max_bytes;
|
||||
|
||||
if (offset > sce->st.st_size) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
|
||||
@@ -186,6 +185,7 @@ int network_write_chunkqueue_solarissendfilev(server *
|
||||
close(ifd);
|
||||
c->offset += written;
|
||||
cq->bytes_out += written;
|
||||
+ max_bytes -= written;
|
||||
|
||||
if (c->offset == c->file.length) {
|
||||
chunk_finished = 1;
|
||||
@@ -207,7 +207,7 @@ int network_write_chunkqueue_solarissendfilev(server *
|
||||
}
|
||||
}
|
||||
|
||||
- return chunks_written;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#endif
|
@ -1,80 +0,0 @@
|
||||
$OpenBSD: patch-src_network_write_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/network_write.c.orig Tue Aug 17 05:04:38 2010
|
||||
+++ src/network_write.c Wed Aug 24 02:50:41 2011
|
||||
@@ -24,17 +24,16 @@
|
||||
# include <sys/resource.h>
|
||||
#endif
|
||||
|
||||
-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq) {
|
||||
+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
|
||||
chunk *c;
|
||||
- size_t chunks_written = 0;
|
||||
|
||||
- for(c = cq->first; c; c = c->next) {
|
||||
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
|
||||
int chunk_finished = 0;
|
||||
|
||||
switch(c->type) {
|
||||
case MEM_CHUNK: {
|
||||
char * offset;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
ssize_t r;
|
||||
|
||||
if (c->mem->used == 0) {
|
||||
@@ -44,6 +43,8 @@ int network_write_chunkqueue_write(server *srv, connec
|
||||
|
||||
offset = c->mem->ptr + c->offset;
|
||||
toSend = c->mem->used - 1 - c->offset;
|
||||
+ if (toSend > max_bytes) toSend = max_bytes;
|
||||
+
|
||||
#ifdef __WIN32
|
||||
if ((r = send(fd, offset, toSend, 0)) < 0) {
|
||||
/* no error handling for windows... */
|
||||
@@ -72,6 +73,7 @@ int network_write_chunkqueue_write(server *srv, connec
|
||||
|
||||
c->offset += r;
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
|
||||
if (c->offset == (off_t)c->mem->used - 1) {
|
||||
chunk_finished = 1;
|
||||
@@ -85,7 +87,7 @@ int network_write_chunkqueue_write(server *srv, connec
|
||||
#endif
|
||||
ssize_t r;
|
||||
off_t offset;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
stat_cache_entry *sce = NULL;
|
||||
int ifd;
|
||||
|
||||
@@ -98,6 +100,8 @@ int network_write_chunkqueue_write(server *srv, connec
|
||||
offset = c->file.start + c->offset;
|
||||
toSend = c->file.length - c->offset;
|
||||
|
||||
+ if (toSend > max_bytes) toSend = max_bytes;
|
||||
+
|
||||
if (offset > sce->st.st_size) {
|
||||
log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
|
||||
|
||||
@@ -181,6 +185,7 @@ int network_write_chunkqueue_write(server *srv, connec
|
||||
|
||||
c->offset += r;
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
|
||||
if (c->offset == c->file.length) {
|
||||
chunk_finished = 1;
|
||||
@@ -200,11 +205,9 @@ int network_write_chunkqueue_write(server *srv, connec
|
||||
|
||||
break;
|
||||
}
|
||||
-
|
||||
- chunks_written++;
|
||||
}
|
||||
|
||||
- return chunks_written;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#if 0
|
@ -1,102 +0,0 @@
|
||||
$OpenBSD: patch-src_network_writev_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/network_writev.c.orig Tue Aug 17 05:04:38 2010
|
||||
+++ src/network_writev.c Wed Aug 24 02:50:41 2011
|
||||
@@ -30,17 +30,16 @@
|
||||
#define LOCAL_BUFFERING 1
|
||||
#endif
|
||||
|
||||
-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq) {
|
||||
+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
|
||||
chunk *c;
|
||||
- size_t chunks_written = 0;
|
||||
|
||||
- for(c = cq->first; c; c = c->next) {
|
||||
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
|
||||
int chunk_finished = 0;
|
||||
|
||||
switch(c->type) {
|
||||
case MEM_CHUNK: {
|
||||
char * offset;
|
||||
- size_t toSend;
|
||||
+ off_t toSend;
|
||||
ssize_t r;
|
||||
|
||||
size_t num_chunks, i;
|
||||
@@ -65,12 +64,10 @@ int network_write_chunkqueue_writev(server *srv, conne
|
||||
#error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan@kneschke.de"
|
||||
#endif
|
||||
|
||||
- /* we can't send more then SSIZE_MAX bytes in one chunk */
|
||||
-
|
||||
/* build writev list
|
||||
*
|
||||
* 1. limit: num_chunks < max_chunks
|
||||
- * 2. limit: num_bytes < SSIZE_MAX
|
||||
+ * 2. limit: num_bytes < max_bytes
|
||||
*/
|
||||
for (num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < max_chunks; num_chunks++, tc = tc->next);
|
||||
|
||||
@@ -87,9 +84,9 @@ int network_write_chunkqueue_writev(server *srv, conne
|
||||
chunks[i].iov_base = offset;
|
||||
|
||||
/* protect the return value of writev() */
|
||||
- if (toSend > SSIZE_MAX ||
|
||||
- num_bytes + toSend > SSIZE_MAX) {
|
||||
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
|
||||
+ if (toSend > max_bytes ||
|
||||
+ (off_t) num_bytes + toSend > max_bytes) {
|
||||
+ chunks[i].iov_len = max_bytes - num_bytes;
|
||||
|
||||
num_chunks = i + 1;
|
||||
break;
|
||||
@@ -121,6 +118,7 @@ int network_write_chunkqueue_writev(server *srv, conne
|
||||
}
|
||||
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
|
||||
/* check which chunks have been written */
|
||||
|
||||
@@ -132,11 +130,10 @@ int network_write_chunkqueue_writev(server *srv, conne
|
||||
|
||||
if (chunk_finished) {
|
||||
/* skip the chunks from further touches */
|
||||
- chunks_written++;
|
||||
c = c->next;
|
||||
} else {
|
||||
/* chunks_written + c = c->next is done in the for()*/
|
||||
- chunk_finished++;
|
||||
+ chunk_finished = 1;
|
||||
}
|
||||
} else {
|
||||
/* partially written */
|
||||
@@ -284,6 +281,8 @@ int network_write_chunkqueue_writev(server *srv, conne
|
||||
assert(toSend < 0);
|
||||
}
|
||||
|
||||
+ if (toSend > max_bytes) toSend = max_bytes;
|
||||
+
|
||||
#ifdef LOCAL_BUFFERING
|
||||
start = c->mem->ptr;
|
||||
#else
|
||||
@@ -309,6 +308,7 @@ int network_write_chunkqueue_writev(server *srv, conne
|
||||
|
||||
c->offset += r;
|
||||
cq->bytes_out += r;
|
||||
+ max_bytes -= r;
|
||||
|
||||
if (c->offset == c->file.length) {
|
||||
chunk_finished = 1;
|
||||
@@ -334,11 +334,9 @@ int network_write_chunkqueue_writev(server *srv, conne
|
||||
|
||||
break;
|
||||
}
|
||||
-
|
||||
- chunks_written++;
|
||||
}
|
||||
|
||||
- return chunks_written;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#endif
|
@ -1,15 +0,0 @@
|
||||
$OpenBSD: patch-src_settings_h,v 1.1 2011/08/24 21:28:09 sthen Exp $
|
||||
--- src/settings.h.orig Mon Feb 1 18:28:20 2010
|
||||
+++ src/settings.h Wed Aug 24 02:50:41 2011
|
||||
@@ -21,7 +21,10 @@
|
||||
* 64kB (no real reason, just a guess)
|
||||
*/
|
||||
#define BUFFER_MAX_REUSE_SIZE (4 * 1024)
|
||||
-#define MAX_READ_LIMIT (4*1024*1024)
|
||||
+
|
||||
+/* both should be way smaller than SSIZE_MAX :) */
|
||||
+#define MAX_READ_LIMIT (256*1024)
|
||||
+#define MAX_WRITE_LIMIT (256*1024)
|
||||
|
||||
/**
|
||||
* max size of the HTTP request header
|
Loading…
Reference in New Issue
Block a user