cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update to lighttpd 1.4.30, from Brad (maintainer).

Browse Source
This commit is contained in:
sthen 2011-12-20 22:27:28 +00:00
parent afd57cac30
commit cbe6df0aac
21 changed files with 14 additions and 1108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
www/lighttpd/Makefile
View File

@ -1,11 +1,10 @@
# $OpenBSD: Makefile,v 1.92 2011/12/03 22:26:08 sthen Exp $
# $OpenBSD: Makefile,v 1.93 2011/12/20 22:27:28 sthen Exp $
SHARED_ONLY= Yes
COMMENT= secure, fast, compliant, and very flexible web-server
DISTNAME= lighttpd-1.4.29
REVISION= 6
DISTNAME= lighttpd-1.4.30
CATEGORIES= www net
MASTER_SITES= http://download.lighttpd.net/lighttpd/releases-1.4.x/

10
www/lighttpd/distinfo
View File

@ -1,5 +1,5 @@
MD5 (lighttpd-1.4.29.tar.gz) = QTDSRAd3t5EeYt5qicmKkA==
RMD160 (lighttpd-1.4.29.tar.gz) = 9JUO/lJ7U49X3MD7iLare5YAMSg=
SHA1 (lighttpd-1.4.29.tar.gz) = IlEkbNZXzXh63Z6VQZQeiDuBvxM=
SHA256 (lighttpd-1.4.29.tar.gz) = /59N45AdA7soVjTFsUkZEiPRfxwmmhbIY7rEQjgRnIU=
SIZE (lighttpd-1.4.29.tar.gz) = 831201
MD5 (lighttpd-1.4.30.tar.gz) = fwu7ZqBQmfY06o9jr5nP7Q==
RMD160 (lighttpd-1.4.30.tar.gz) = SCUYwIidY8uTvWuusMftDtXkjxg=
SHA1 (lighttpd-1.4.30.tar.gz) = SlnCN/5isGNlrss61BObhZOiGCk=
SHA256 (lighttpd-1.4.30.tar.gz) = Wa5VsOxCfDKPp01oPgDrG8mbzCDNGEF3h16baGXeK4s=
SIZE (lighttpd-1.4.30.tar.gz) = 834241

41
www/lighttpd/patches/patch-src_base_h
View File

@ -1,41 +0,0 @@
$OpenBSD: patch-src_base_h,v 1.6 2011/12/03 22:26:08 sthen Exp $
--- src/base.h.orig Sun Mar 13 13:48:23 2011
+++ src/base.h Fri Dec 2 04:48:14 2011
@@ -277,6 +277,7 @@ typedef struct {
buffer *ssl_cipher_list;
buffer *ssl_dh_file;
buffer *ssl_ec_curve;
+ unsigned short ssl_honor_cipher_order; /* determine SSL cipher in server-preferred order, not client-order */
unsigned short ssl_use_sslv2;
unsigned short ssl_use_sslv3;
unsigned short ssl_verifyclient;
@@ -284,6 +285,7 @@ typedef struct {
unsigned short ssl_verifyclient_depth;
buffer *ssl_verifyclient_username;
unsigned short ssl_verifyclient_export_cert;
+ unsigned short ssl_disable_client_renegotiation;
unsigned short use_ipv6, set_v6only; /* set_v6only is only a temporary option */
unsigned short defer_accept;
@@ -437,6 +439,7 @@ typedef struct {
# ifndef OPENSSL_NO_TLSEXT
buffer *tlsext_server_name;
# endif
+ unsigned int renegotiations; /* count of SSL_CB_HANDSHAKE_START */
#endif
/* etag handling */
etag_flags_t etag_flags;
@@ -647,11 +650,9 @@ typedef struct server {
fdevent_handler_t event_handler;
- int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq);
- int (* network_backend_read)(struct server *srv, connection *con, int fd, chunkqueue *cq);
+ int (* network_backend_write)(struct server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
#ifdef USE_OPENSSL
- int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
- int (* network_ssl_backend_read)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq);
+ int (* network_ssl_backend_write)(struct server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
#endif
uid_t uid;

79
www/lighttpd/patches/patch-src_configfile_c
View File

@ -1,79 +0,0 @@
$OpenBSD: patch-src_configfile_c,v 1.3 2011/12/03 22:26:08 sthen Exp $
--- src/configfile.c.orig Fri Dec 2 04:36:43 2011
+++ src/configfile.c Fri Dec 2 04:50:13 2011
@@ -105,6 +105,8 @@ static int config_insert(server *srv) {
{ "ssl.use-sslv3", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 62 */
{ "ssl.dh-file", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 63 */
{ "ssl.ec-curve", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 64 */
+ { "ssl.disable-client-renegotiation", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER },/* 65 */
+ { "ssl.honor-cipher-order", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 66 */
{ "server.host", "use server.bind instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
{ "server.docroot", "use server.document-root instead", T_CONFIG_DEPRECATED, T_CONFIG_SCOPE_UNSET },
@@ -176,6 +178,7 @@ static int config_insert(server *srv) {
s->max_write_idle = 360;
s->use_xattr = 0;
s->is_ssl = 0;
+ s->ssl_honor_cipher_order = 1;
s->ssl_use_sslv2 = 0;
s->ssl_use_sslv3 = 1;
s->use_ipv6 = 0;
@@ -199,6 +202,7 @@ static int config_insert(server *srv) {
s->ssl_verifyclient_username = buffer_init();
s->ssl_verifyclient_depth = 9;
s->ssl_verifyclient_export_cert = 0;
+ s->ssl_disable_client_renegotiation = 1;
cv[2].destination = s->errorfile_prefix;
@@ -245,6 +249,8 @@ static int config_insert(server *srv) {
cv[62].destination = &(s->ssl_use_sslv3);
cv[63].destination = s->ssl_dh_file;
cv[64].destination = s->ssl_ec_curve;
+ cv[65].destination = &(s->ssl_honor_cipher_order);
+
cv[49].destination = &(s->etag_use_inode);
cv[50].destination = &(s->etag_use_mtime);
cv[51].destination = &(s->etag_use_size);
@@ -255,6 +261,7 @@ static int config_insert(server *srv) {
cv[58].destination = &(s->ssl_verifyclient_depth);
cv[59].destination = s->ssl_verifyclient_username;
cv[60].destination = &(s->ssl_verifyclient_export_cert);
+ cv[65].destination = &(s->ssl_disable_client_renegotiation);
srv->config_storage[i] = s;
@@ -335,6 +342,7 @@ int config_setup_connection(server *srv, connection *c
PATCH(ssl_cipher_list);
PATCH(ssl_dh_file);
PATCH(ssl_ec_curve);
+ PATCH(ssl_honor_cipher_order);
PATCH(ssl_use_sslv2);
PATCH(ssl_use_sslv3);
PATCH(etag_use_inode);
@@ -346,6 +354,7 @@ int config_setup_connection(server *srv, connection *c
PATCH(ssl_verifyclient_depth);
PATCH(ssl_verifyclient_username);
PATCH(ssl_verifyclient_export_cert);
+ PATCH(ssl_disable_client_renegotiation);
return 0;
}
@@ -400,6 +409,8 @@ int config_patch_connection(server *srv, connection *c
#endif
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.ca-file"))) {
PATCH(ssl_ca_file);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.honor-cipher-order"))) {
+ PATCH(ssl_honor_cipher_order);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv2"))) {
PATCH(ssl_use_sslv2);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
@@ -454,6 +465,8 @@ int config_patch_connection(server *srv, connection *c
PATCH(ssl_verifyclient_username);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.verifyclient.exportcert"))) {
PATCH(ssl_verifyclient_export_cert);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.disable-client-renegotiation"))) {
+ PATCH(ssl_disable_client_renegotiation);
}
}
}

77
www/lighttpd/patches/patch-src_connections_c
View File

@ -1,28 +1,10 @@
$OpenBSD: patch-src_connections_c,v 1.18 2011/12/03 22:26:08 sthen Exp $
--- src/connections.c.orig Sun Apr 24 11:55:46 2011
+++ src/connections.c Fri Dec 2 04:40:01 2011
@@ -223,6 +223,12 @@ static int connection_handle_read_ssl(server *srv, con
len = SSL_read(con->ssl, b->ptr + read_offset, toread);
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+ connection_set_state(srv, con, CON_STATE_ERROR);
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+ return -1;
+ }
+
if (len > 0) {
if (b->used > 0) b->used--;
b->used += len;
@@ -445,6 +451,7 @@ static int connection_handle_write_prepare(server *srv
default:
switch(con->http_status) {
case 400: /* bad request */
+ case 401: /* authorization required */
case 414: /* overload request header */
case 505: /* unknown protocol */
case 207: /* this was webdav */
@@ -560,8 +567,10 @@ static int connection_handle_write_prepare(server *srv
$OpenBSD: patch-src_connections_c,v 1.19 2011/12/20 22:27:28 sthen Exp $
let HEAD for 0-byte files return the Content-Length
--- src/connections.c.orig Wed Nov 30 12:42:45 2011
+++ src/connections.c Tue Dec 20 16:33:10 2011
@@ -567,8 +567,10 @@ static int connection_handle_write_prepare(server *srv
if (NULL != (ds = (data_string*) array_get_element(con->response.headers, "Content-Length"))) {
buffer_reset(ds->value); /* Headers with empty values are ignored for output */
}
@ -35,48 +17,3 @@ $OpenBSD: patch-src_connections_c,v 1.18 2011/12/03 22:26:08 sthen Exp $
* a content. Browsers are waiting for a Content otherwise
*/
buffer_copy_off_t(srv->tmp_buf, qlen);
@@ -617,8 +626,9 @@ static int connection_handle_write_prepare(server *srv
}
static int connection_handle_write(server *srv, connection *con) {
- switch(network_write_chunkqueue(srv, con, con->write_queue)) {
+ switch(network_write_chunkqueue(srv, con, con->write_queue, MAX_WRITE_LIMIT)) {
case 0:
+ con->write_request_ts = srv->cur_ts;
if (con->file_finished) {
connection_set_state(srv, con, CON_STATE_RESPONSE_END);
joblist_append(srv, con);
@@ -635,6 +645,7 @@ static int connection_handle_write(server *srv, connec
joblist_append(srv, con);
break;
case 1:
+ con->write_request_ts = srv->cur_ts;
con->is_writable = 0;
/* not finished yet -> WRITE */
@@ -1251,8 +1262,6 @@ static handler_t connection_handle_fdevent(server *srv
log_error_write(srv, __FILE__, __LINE__, "ds",
con->fd,
"handle write failed.");
- } else if (con->state == CON_STATE_WRITE) {
- con->write_request_ts = srv->cur_ts;
}
}
@@ -1352,6 +1361,7 @@ connection *connection_accept(server *srv, server_sock
return NULL;
}
+ con->renegotiations = 0;
#ifndef OPENSSL_NO_TLSEXT
SSL_set_app_data(con->ssl, con);
#endif
@@ -1667,8 +1677,6 @@ int connection_state_machine(server *srv, connection *
con->fd,
"handle write failed.");
connection_set_state(srv, con, CON_STATE_ERROR);
- } else if (con->state == CON_STATE_WRITE) {
- con->write_request_ts = srv->cur_ts;
}
}

15
www/lighttpd/patches/patch-src_http_auth_c
View File

@ -1,15 +0,0 @@
$OpenBSD: patch-src_http_auth_c,v 1.3 2011/12/01 12:17:11 gsoares Exp $
Fixes CVE-2011-4362: out of bounds read due to a signedness error
--- src/http_auth.c.orig Sun Apr 24 12:44:59 2011
+++ src/http_auth.c Wed Nov 30 07:58:31 2011
@@ -95,7 +95,7 @@ static unsigned char * base64_decode(buffer *out, cons
ch = in[0];
/* run through the whole string, converting as we go */
for (i = 0; i < in_len; i++) {
- ch = in[i];
+ ch = (unsigned char) in[i];
if (ch == '\0') break;

12
www/lighttpd/patches/patch-src_mod_fastcgi_c
View File

@ -1,12 +0,0 @@
$OpenBSD: patch-src_mod_fastcgi_c,v 1.7 2011/08/24 21:28:09 sthen Exp $
--- src/mod_fastcgi.c.orig Mon Jun 13 07:23:40 2011
+++ src/mod_fastcgi.c Wed Aug 24 02:50:41 2011
@@ -3075,7 +3075,7 @@ static handler_t fcgi_write_request(server *srv, handl
fcgi_set_state(srv, hctx, FCGI_STATE_WRITE);
/* fall through */
case FCGI_STATE_WRITE:
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
chunkqueue_remove_finished_chunks(hctx->wb);

12
www/lighttpd/patches/patch-src_mod_proxy_c
View File

@ -1,12 +0,0 @@
$OpenBSD: patch-src_mod_proxy_c,v 1.8 2011/08/24 21:28:09 sthen Exp $
--- src/mod_proxy.c.orig Fri Dec 10 12:41:18 2010
+++ src/mod_proxy.c Wed Aug 24 02:50:41 2011
@@ -825,7 +825,7 @@ static handler_t proxy_write_request(server *srv, hand
/* fall through */
case PROXY_STATE_WRITE:;
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
chunkqueue_remove_finished_chunks(hctx->wb);

12
www/lighttpd/patches/patch-src_mod_scgi_c
View File

@ -1,12 +0,0 @@
$OpenBSD: patch-src_mod_scgi_c,v 1.3 2011/08/24 21:28:09 sthen Exp $
--- src/mod_scgi.c.orig Mon Jun 13 07:24:12 2011
+++ src/mod_scgi.c Wed Aug 24 02:50:41 2011
@@ -2296,7 +2296,7 @@ static handler_t scgi_write_request(server *srv, handl
/* fall through */
case FCGI_STATE_WRITE:
- ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb);
+ ret = srv->network_backend_write(srv, con, hctx->fd, hctx->wb, MAX_WRITE_LIMIT);
chunkqueue_remove_finished_chunks(hctx->wb);

64
www/lighttpd/patches/patch-src_mod_staticfile_c
View File

@ -1,64 +0,0 @@
$OpenBSD: patch-src_mod_staticfile_c,v 1.1 2011/09/06 08:49:51 sthen Exp $
--- src/mod_staticfile.c.orig Wed Aug 31 04:14:21 2011
+++ src/mod_staticfile.c Wed Aug 31 04:26:21 2011
@@ -26,6 +26,7 @@
typedef struct {
array *exclude_ext;
unsigned short etags_used;
+ unsigned short disable_pathinfo;
} plugin_config;
typedef struct {
@@ -84,6 +85,7 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) {
config_values_t cv[] = {
{ "static-file.exclude-extensions", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_CONNECTION }, /* 0 */
{ "static-file.etags", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 1 */
+ { "static-file.disable-pathinfo", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 2 */
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
@@ -97,9 +99,11 @@ SETDEFAULTS_FUNC(mod_staticfile_set_defaults) {
s = calloc(1, sizeof(plugin_config));
s->exclude_ext = array_init();
s->etags_used = 1;
+ s->disable_pathinfo = 0;
cv[0].destination = s->exclude_ext;
cv[1].destination = &(s->etags_used);
+ cv[2].destination = &(s->disable_pathinfo);
p->config_storage[i] = s;
@@ -119,6 +123,7 @@ static int mod_staticfile_patch_connection(server *srv
PATCH(exclude_ext);
PATCH(etags_used);
+ PATCH(disable_pathinfo);
/* skip the first, the global context */
for (i = 1; i < srv->config_context->used; i++) {
@@ -136,7 +141,9 @@ static int mod_staticfile_patch_connection(server *srv
PATCH(exclude_ext);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.etags"))) {
PATCH(etags_used);
- }
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("static-file.disable-pathinfo"))) {
+ PATCH(disable_pathinfo);
+ }
}
}
@@ -377,6 +384,13 @@ URIHANDLER_FUNC(mod_staticfile_subrequest) {
mod_staticfile_patch_connection(srv, con, p);
s_len = con->uri.path->used - 1;
+
+ if (p->conf.disable_pathinfo && 0 != con->request.pathinfo->used) {
+ if (con->conf.log_request_handling) {
+ log_error_write(srv, __FILE__, __LINE__, "s", "-- NOT handling file as static file, pathinfo forbidden");
+ }
+ return HANDLER_GO_ON;
+ }
/* ignore certain extensions */
for (k = 0; k < p->conf.exclude_ext->used; k++) {

15
www/lighttpd/patches/patch-src_mod_status_c
View File

@ -1,15 +0,0 @@
$OpenBSD: patch-src_mod_status_c,v 1.3 2011/10/07 20:04:39 sthen Exp $
Fix mod_status bug: always showed "0/0" in the "Read" column for uploads.
--- src/mod_status.c.orig Fri Oct 7 00:04:52 2011
+++ src/mod_status.c Fri Oct 7 00:05:16 2011
@@ -487,7 +487,7 @@ static handler_t mod_status_handle_server_status_html(
buffer_append_string_len(b, CONST_STR_LEN("</td><td class=\"int\">"));
- if (con->request.content_length) {
+ if (c->request.content_length) {
buffer_append_long(b, c->request_content_queue->bytes_in);
buffer_append_string_len(b, CONST_STR_LEN("/"));
buffer_append_long(b, c->request.content_length);

29
www/lighttpd/patches/patch-src_network_backends_h
View File

@ -1,29 +0,0 @@
$OpenBSD: patch-src_network_backends_h,v 1.1 2011/08/24 21:28:09 sthen Exp $
--- src/network_backends.h.orig Mon Feb 1 18:28:20 2010
+++ src/network_backends.h Wed Aug 24 02:50:41 2011
@@ -47,18 +47,18 @@
#include "base.h"
/* return values:
- * >= 0 : chunks completed
+ * >= 0 : no error
* -1 : error (on our side)
* -2 : remote close
*/
-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq);
-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq);
+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes);
#ifdef USE_OPENSSL
-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq);
+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes);
#endif
#endif

132
www/lighttpd/patches/patch-src_network_c
View File

@ -1,132 +0,0 @@
$OpenBSD: patch-src_network_c,v 1.6 2011/12/03 22:26:08 sthen Exp $
--- src/network.c.orig Sun Apr 24 09:02:45 2011
+++ src/network.c Fri Dec 2 04:52:34 2011
@@ -27,6 +27,19 @@
# include <openssl/rand.h>
#endif
+#ifdef USE_OPENSSL
+static void ssl_info_callback(const SSL *ssl, int where, int ret) {
+ UNUSED(ret);
+
+ if (0 != (where & SSL_CB_HANDSHAKE_START)) {
+ connection *con = SSL_get_app_data(ssl);
+ ++con->renegotiations;
+ } else if (0 != (where & SSL_CB_HANDSHAKE_DONE)) {
+ ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+ }
+}
+#endif
+
static handler_t network_server_handle_fdevent(server *srv, void *context, int revents) {
server_socket *srv_socket = (server_socket *)context;
connection *con;
@@ -553,6 +566,11 @@ int network_init(server *srv) {
/* load SSL certificates */
for (i = 0; i < srv->config_context->used; i++) {
specific_config *s = srv->config_storage[i];
+#ifndef SSL_OP_NO_COMPRESSION
+# define SSL_OP_NO_COMPRESSION 0
+#endif
+ long ssloptions =
+ SSL_OP_ALL | SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION | SSL_OP_NO_COMPRESSION;
if (buffer_is_empty(s->ssl_pemfile)) continue;
@@ -586,6 +604,9 @@ int network_init(server *srv) {
return -1;
}
+ SSL_CTX_set_options(s->ssl_ctx, ssloptions);
+ SSL_CTX_set_info_callback(s->ssl_ctx, ssl_info_callback);
+
if (!s->ssl_use_sslv2) {
/* disable SSLv2 */
if (!(SSL_OP_NO_SSLv2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_SSLv2))) {
@@ -611,6 +632,10 @@ int network_init(server *srv) {
ERR_error_string(ERR_get_error(), NULL));
return -1;
}
+
+ if (s->ssl_honor_cipher_order) {
+ SSL_CTX_set_options(s->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+ }
}
/* Support for Diffie-Hellman key exchange */
@@ -847,7 +872,7 @@ int network_register_fdevents(server *srv) {
return 0;
}
-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq) {
+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *cq, off_t max_bytes) {
int ret = -1;
off_t written = 0;
#ifdef TCP_CORK
@@ -855,16 +880,34 @@ int network_write_chunkqueue(server *srv, connection *
#endif
server_socket *srv_socket = con->srv_socket;
- if (con->conf.global_kbytes_per_second &&
- *(con->conf.global_bytes_per_second_cnt_ptr) > con->conf.global_kbytes_per_second * 1024) {
- /* we reached the global traffic limit */
+ if (con->conf.global_kbytes_per_second) {
+ off_t limit = con->conf.global_kbytes_per_second * 1024 - *(con->conf.global_bytes_per_second_cnt_ptr);
+ if (limit <= 0) {
+ /* we reached the global traffic limit */
- con->traffic_limit_reached = 1;
- joblist_append(srv, con);
+ con->traffic_limit_reached = 1;
+ joblist_append(srv, con);
- return 1;
+ return 1;
+ } else {
+ if (max_bytes > limit) max_bytes = limit;
+ }
}
+ if (con->conf.kbytes_per_second) {
+ off_t limit = con->conf.kbytes_per_second * 1024 - con->bytes_written_cur_second;
+ if (limit <= 0) {
+ /* we reached the traffic limit */
+
+ con->traffic_limit_reached = 1;
+ joblist_append(srv, con);
+
+ return 1;
+ } else {
+ if (max_bytes > limit) max_bytes = limit;
+ }
+ }
+
written = cq->bytes_out;
#ifdef TCP_CORK
@@ -879,10 +922,10 @@ int network_write_chunkqueue(server *srv, connection *
if (srv_socket->is_ssl) {
#ifdef USE_OPENSSL
- ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq);
+ ret = srv->network_ssl_backend_write(srv, con, con->ssl, cq, max_bytes);
#endif
} else {
- ret = srv->network_backend_write(srv, con, con->fd, cq);
+ ret = srv->network_backend_write(srv, con, con->fd, cq, max_bytes);
}
if (ret >= 0) {
@@ -903,12 +946,5 @@ int network_write_chunkqueue(server *srv, connection *
*(con->conf.global_bytes_per_second_cnt_ptr) += written;
- if (con->conf.kbytes_per_second &&
- (con->bytes_written_cur_second > con->conf.kbytes_per_second * 1024)) {
- /* we reached the traffic limit */
-
- con->traffic_limit_reached = 1;
- joblist_append(srv, con);
- }
return ret;
}

110
www/lighttpd/patches/patch-src_network_freebsd_sendfile_c
View File

@ -1,110 +0,0 @@
$OpenBSD: patch-src_network_freebsd_sendfile_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
--- src/network_freebsd_sendfile.c.orig Tue Aug 17 05:04:38 2010
+++ src/network_freebsd_sendfile.c Wed Aug 24 02:50:41 2011
@@ -31,17 +31,16 @@
# endif
#endif
-int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_freebsdsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next, chunks_written++) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
size_t num_chunks, i;
@@ -49,12 +48,10 @@ int network_write_chunkqueue_freebsdsendfile(server *s
chunk *tc;
size_t num_bytes = 0;
- /* we can't send more then SSIZE_MAX bytes in one chunk */
-
/* build writev list
*
* 1. limit: num_chunks < UIO_MAXIOV
- * 2. limit: num_bytes < SSIZE_MAX
+ * 2. limit: num_bytes < max_bytes
*/
for(num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV; num_chunks++, tc = tc->next);
@@ -69,9 +66,9 @@ int network_write_chunkqueue_freebsdsendfile(server *s
chunks[i].iov_base = offset;
/* protect the return value of writev() */
- if (toSend > SSIZE_MAX ||
- num_bytes + toSend > SSIZE_MAX) {
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
+ if (toSend > max_bytes ||
+ (off_t) num_bytes + toSend > max_bytes) {
+ chunks[i].iov_len = max_bytes - num_bytes;
num_chunks = i + 1;
break;
@@ -105,6 +102,7 @@ int network_write_chunkqueue_freebsdsendfile(server *s
/* check which chunks have been written */
cq->bytes_out += r;
+ max_bytes -= r;
for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
if (r >= (ssize_t)chunks[i].iov_len) {
@@ -114,11 +112,10 @@ int network_write_chunkqueue_freebsdsendfile(server *s
if (chunk_finished) {
/* skip the chunks from further touches */
- chunks_written++;
c = c->next;
} else {
/* chunks_written + c = c->next is done in the for()*/
- chunk_finished++;
+ chunk_finished = 1;
}
} else {
/* partially written */
@@ -134,7 +131,7 @@ int network_write_chunkqueue_freebsdsendfile(server *s
}
case FILE_CHUNK: {
off_t offset, r;
- size_t toSend;
+ off_t toSend;
stat_cache_entry *sce = NULL;
if (HANDLER_ERROR == stat_cache_get_entry(srv, con, c->file.name, &sce)) {
@@ -144,9 +141,8 @@ int network_write_chunkqueue_freebsdsendfile(server *s
}
offset = c->file.start + c->offset;
- /* limit the toSend to 2^31-1 bytes in a chunk */
- toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
- ((1 << 30) - 1) : c->file.length - c->offset;
+ toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
if (-1 == c->file.fd) {
if (-1 == (c->file.fd = open(c->file.name->ptr, O_RDONLY))) {
@@ -197,6 +193,7 @@ int network_write_chunkqueue_freebsdsendfile(server *s
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -218,7 +215,7 @@ int network_write_chunkqueue_freebsdsendfile(server *s
}
}
- return chunks_written;
+ return 0;
}
#endif

12
www/lighttpd/patches/patch-src_network_h
View File

@ -1,12 +0,0 @@
$OpenBSD: patch-src_network_h,v 1.1 2011/08/24 21:28:09 sthen Exp $
--- src/network.h.orig Tue Sep 1 14:34:54 2009
+++ src/network.h Wed Aug 24 02:50:41 2011
@@ -3,7 +3,7 @@
#include "server.h"
-int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c);
+int network_write_chunkqueue(server *srv, connection *con, chunkqueue *c, off_t max_bytes);
int network_init(server *srv);
int network_close(server *srv);

106
www/lighttpd/patches/patch-src_network_linux_sendfile_c
View File

@ -1,106 +0,0 @@
$OpenBSD: patch-src_network_linux_sendfile_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
--- src/network_linux_sendfile.c.orig Tue Aug 17 05:04:38 2010
+++ src/network_linux_sendfile.c Wed Aug 24 02:50:41 2011
@@ -27,17 +27,16 @@
/* on linux 2.4.29 + debian/ubuntu we have crashes if this is enabled */
#undef HAVE_POSIX_FADVISE
-int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_linuxsendfile(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next, chunks_written++) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
size_t num_chunks, i;
@@ -45,12 +44,10 @@ int network_write_chunkqueue_linuxsendfile(server *srv
chunk *tc;
size_t num_bytes = 0;
- /* we can't send more then SSIZE_MAX bytes in one chunk */
-
/* build writev list
*
* 1. limit: num_chunks < UIO_MAXIOV
- * 2. limit: num_bytes < SSIZE_MAX
+ * 2. limit: num_bytes < max_bytes
*/
for (num_chunks = 0, tc = c;
tc && tc->type == MEM_CHUNK && num_chunks < UIO_MAXIOV;
@@ -67,9 +64,9 @@ int network_write_chunkqueue_linuxsendfile(server *srv
chunks[i].iov_base = offset;
/* protect the return value of writev() */
- if (toSend > SSIZE_MAX ||
- num_bytes + toSend > SSIZE_MAX) {
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
+ if (toSend > max_bytes ||
+ (off_t) num_bytes + toSend > max_bytes) {
+ chunks[i].iov_len = max_bytes - num_bytes;
num_chunks = i + 1;
break;
@@ -100,6 +97,7 @@ int network_write_chunkqueue_linuxsendfile(server *srv
/* check which chunks have been written */
cq->bytes_out += r;
+ max_bytes -= r;
for(i = 0, tc = c; i < num_chunks; i++, tc = tc->next) {
if (r >= (ssize_t)chunks[i].iov_len) {
@@ -109,11 +107,10 @@ int network_write_chunkqueue_linuxsendfile(server *srv
if (chunk_finished) {
/* skip the chunks from further touches */
- chunks_written++;
c = c->next;
} else {
/* chunks_written + c = c->next is done in the for()*/
- chunk_finished++;
+ chunk_finished = 1;
}
} else {
/* partially written */
@@ -130,13 +127,12 @@ int network_write_chunkqueue_linuxsendfile(server *srv
case FILE_CHUNK: {
ssize_t r;
off_t offset;
- size_t toSend;
+ off_t toSend;
stat_cache_entry *sce = NULL;
offset = c->file.start + c->offset;
- /* limit the toSend to 2^31-1 bytes in a chunk */
- toSend = c->file.length - c->offset > ((1 << 30) - 1) ?
- ((1 << 30) - 1) : c->file.length - c->offset;
+ toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
/* open file if not already opened */
if (-1 == c->file.fd) {
@@ -215,6 +211,7 @@ int network_write_chunkqueue_linuxsendfile(server *srv
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -243,7 +240,7 @@ int network_write_chunkqueue_linuxsendfile(server *srv
}
}
- return chunks_written;
+ return 0;
}
#endif

108
www/lighttpd/patches/patch-src_network_openssl_c
View File

@ -1,108 +0,0 @@
$OpenBSD: patch-src_network_openssl_c,v 1.4 2011/12/03 22:26:08 sthen Exp $
--- src/network_openssl.c.orig Tue Aug 17 05:04:38 2010
+++ src/network_openssl.c Fri Dec 2 04:44:24 2011
@@ -27,10 +27,9 @@
# include <openssl/ssl.h>
# include <openssl/err.h>
-int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq) {
+int network_write_chunkqueue_openssl(server *srv, connection *con, SSL *ssl, chunkqueue *cq, off_t max_bytes) {
int ssl_r;
chunk *c;
- size_t chunks_written = 0;
/* this is a 64k sendbuffer
*
@@ -59,13 +58,13 @@ int network_write_chunkqueue_openssl(server *srv, conn
SSL_set_shutdown(ssl, SSL_RECEIVED_SHUTDOWN);
}
- for(c = cq->first; c; c = c->next) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
if (c->mem->used == 0 || c->mem->used == 1) {
@@ -75,6 +74,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
offset = c->mem->ptr + c->offset;
toSend = c->mem->used - 1 - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
/**
* SSL_write man-page
@@ -87,7 +87,14 @@ int network_write_chunkqueue_openssl(server *srv, conn
*/
ERR_clear_error();
- if ((r = SSL_write(ssl, offset, toSend)) <= 0) {
+ r = SSL_write(ssl, offset, toSend);
+
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+ return -1;
+ }
+
+ if (r <= 0) {
unsigned long err;
switch ((ssl_r = SSL_get_error(ssl, r))) {
@@ -139,6 +146,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
} else {
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
}
if (c->offset == (off_t)c->mem->used - 1) {
@@ -168,6 +176,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
do {
off_t offset = c->file.start + c->offset;
off_t toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
if (toSend > LOCAL_SEND_BUFSIZE) toSend = LOCAL_SEND_BUFSIZE;
@@ -190,7 +199,14 @@ int network_write_chunkqueue_openssl(server *srv, conn
close(ifd);
ERR_clear_error();
- if ((r = SSL_write(ssl, s, toSend)) <= 0) {
+ r = SSL_write(ssl, s, toSend);
+
+ if (con->renegotiations > 1 && con->conf.ssl_disable_client_renegotiation) {
+ log_error_write(srv, __FILE__, __LINE__, "s", "SSL: renegotiation initiated by client");
+ return -1;
+ }
+
+ if (r <= 0) {
unsigned long err;
switch ((ssl_r = SSL_get_error(ssl, r))) {
@@ -243,6 +259,7 @@ int network_write_chunkqueue_openssl(server *srv, conn
} else {
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
}
if (c->offset == c->file.length) {
@@ -263,11 +280,9 @@ int network_write_chunkqueue_openssl(server *srv, conn
break;
}
-
- chunks_written++;
}
- return chunks_written;
+ return 0;
}
#endif

86
www/lighttpd/patches/patch-src_network_solaris_sendfilev_c
View File

@ -1,86 +0,0 @@
$OpenBSD: patch-src_network_solaris_sendfilev_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
--- src/network_solaris_sendfilev.c.orig Tue Aug 17 05:04:38 2010
+++ src/network_solaris_sendfilev.c Wed Aug 24 02:50:41 2011
@@ -38,17 +38,16 @@
*/
-int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_solarissendfilev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next, chunks_written++) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
size_t num_chunks, i;
@@ -77,9 +76,9 @@ int network_write_chunkqueue_solarissendfilev(server *
chunks[i].iov_base = offset;
/* protect the return value of writev() */
- if (toSend > SSIZE_MAX ||
- num_bytes + toSend > SSIZE_MAX) {
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
+ if (toSend > max_bytes ||
+ (off_t) num_bytes + toSend > max_bytes) {
+ chunks[i].iov_len = max_bytes - num_bytes;
num_chunks = i + 1;
break;
@@ -119,11 +118,10 @@ int network_write_chunkqueue_solarissendfilev(server *
if (chunk_finished) {
/* skip the chunks from further touches */
- chunks_written++;
c = c->next;
} else {
/* chunks_written + c = c->next is done in the for()*/
- chunk_finished++;
+ chunk_finished = 1;
}
} else {
/* partially written */
@@ -139,8 +137,8 @@ int network_write_chunkqueue_solarissendfilev(server *
}
case FILE_CHUNK: {
ssize_t r;
- off_t offset;
- size_t toSend, written;
+ off_t offset, toSend;
+ size_t written;
sendfilevec_t fvec;
stat_cache_entry *sce = NULL;
int ifd;
@@ -153,6 +151,7 @@ int network_write_chunkqueue_solarissendfilev(server *
offset = c->file.start + c->offset;
toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
if (offset > sce->st.st_size) {
log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
@@ -186,6 +185,7 @@ int network_write_chunkqueue_solarissendfilev(server *
close(ifd);
c->offset += written;
cq->bytes_out += written;
+ max_bytes -= written;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -207,7 +207,7 @@ int network_write_chunkqueue_solarissendfilev(server *
}
}
- return chunks_written;
+ return 0;
}
#endif

80
www/lighttpd/patches/patch-src_network_write_c
View File

@ -1,80 +0,0 @@
$OpenBSD: patch-src_network_write_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
--- src/network_write.c.orig Tue Aug 17 05:04:38 2010
+++ src/network_write.c Wed Aug 24 02:50:41 2011
@@ -24,17 +24,16 @@
# include <sys/resource.h>
#endif
-int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_write(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
if (c->mem->used == 0) {
@@ -44,6 +43,8 @@ int network_write_chunkqueue_write(server *srv, connec
offset = c->mem->ptr + c->offset;
toSend = c->mem->used - 1 - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
+
#ifdef __WIN32
if ((r = send(fd, offset, toSend, 0)) < 0) {
/* no error handling for windows... */
@@ -72,6 +73,7 @@ int network_write_chunkqueue_write(server *srv, connec
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == (off_t)c->mem->used - 1) {
chunk_finished = 1;
@@ -85,7 +87,7 @@ int network_write_chunkqueue_write(server *srv, connec
#endif
ssize_t r;
off_t offset;
- size_t toSend;
+ off_t toSend;
stat_cache_entry *sce = NULL;
int ifd;
@@ -98,6 +100,8 @@ int network_write_chunkqueue_write(server *srv, connec
offset = c->file.start + c->offset;
toSend = c->file.length - c->offset;
+ if (toSend > max_bytes) toSend = max_bytes;
+
if (offset > sce->st.st_size) {
log_error_write(srv, __FILE__, __LINE__, "sb", "file was shrinked:", c->file.name);
@@ -181,6 +185,7 @@ int network_write_chunkqueue_write(server *srv, connec
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -200,11 +205,9 @@ int network_write_chunkqueue_write(server *srv, connec
break;
}
-
- chunks_written++;
}
- return chunks_written;
+ return 0;
}
#if 0

102
www/lighttpd/patches/patch-src_network_writev_c
View File

@ -1,102 +0,0 @@
$OpenBSD: patch-src_network_writev_c,v 1.1 2011/08/24 21:28:09 sthen Exp $
--- src/network_writev.c.orig Tue Aug 17 05:04:38 2010
+++ src/network_writev.c Wed Aug 24 02:50:41 2011
@@ -30,17 +30,16 @@
#define LOCAL_BUFFERING 1
#endif
-int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq) {
+int network_write_chunkqueue_writev(server *srv, connection *con, int fd, chunkqueue *cq, off_t max_bytes) {
chunk *c;
- size_t chunks_written = 0;
- for(c = cq->first; c; c = c->next) {
+ for(c = cq->first; (max_bytes > 0) && (NULL != c); c = c->next) {
int chunk_finished = 0;
switch(c->type) {
case MEM_CHUNK: {
char * offset;
- size_t toSend;
+ off_t toSend;
ssize_t r;
size_t num_chunks, i;
@@ -65,12 +64,10 @@ int network_write_chunkqueue_writev(server *srv, conne
#error "sysconf() doesnt return _SC_IOV_MAX ..., check the output of 'man writev' for the EINVAL error and send the output to jan@kneschke.de"
#endif
- /* we can't send more then SSIZE_MAX bytes in one chunk */
-
/* build writev list
*
* 1. limit: num_chunks < max_chunks
- * 2. limit: num_bytes < SSIZE_MAX
+ * 2. limit: num_bytes < max_bytes
*/
for (num_chunks = 0, tc = c; tc && tc->type == MEM_CHUNK && num_chunks < max_chunks; num_chunks++, tc = tc->next);
@@ -87,9 +84,9 @@ int network_write_chunkqueue_writev(server *srv, conne
chunks[i].iov_base = offset;
/* protect the return value of writev() */
- if (toSend > SSIZE_MAX ||
- num_bytes + toSend > SSIZE_MAX) {
- chunks[i].iov_len = SSIZE_MAX - num_bytes;
+ if (toSend > max_bytes ||
+ (off_t) num_bytes + toSend > max_bytes) {
+ chunks[i].iov_len = max_bytes - num_bytes;
num_chunks = i + 1;
break;
@@ -121,6 +118,7 @@ int network_write_chunkqueue_writev(server *srv, conne
}
cq->bytes_out += r;
+ max_bytes -= r;
/* check which chunks have been written */
@@ -132,11 +130,10 @@ int network_write_chunkqueue_writev(server *srv, conne
if (chunk_finished) {
/* skip the chunks from further touches */
- chunks_written++;
c = c->next;
} else {
/* chunks_written + c = c->next is done in the for()*/
- chunk_finished++;
+ chunk_finished = 1;
}
} else {
/* partially written */
@@ -284,6 +281,8 @@ int network_write_chunkqueue_writev(server *srv, conne
assert(toSend < 0);
}
+ if (toSend > max_bytes) toSend = max_bytes;
+
#ifdef LOCAL_BUFFERING
start = c->mem->ptr;
#else
@@ -309,6 +308,7 @@ int network_write_chunkqueue_writev(server *srv, conne
c->offset += r;
cq->bytes_out += r;
+ max_bytes -= r;
if (c->offset == c->file.length) {
chunk_finished = 1;
@@ -334,11 +334,9 @@ int network_write_chunkqueue_writev(server *srv, conne
break;
}
-
- chunks_written++;
}
- return chunks_written;
+ return 0;
}
#endif

15
www/lighttpd/patches/patch-src_settings_h
View File

@ -1,15 +0,0 @@
$OpenBSD: patch-src_settings_h,v 1.1 2011/08/24 21:28:09 sthen Exp $
--- src/settings.h.orig Mon Feb 1 18:28:20 2010
+++ src/settings.h Wed Aug 24 02:50:41 2011
@@ -21,7 +21,10 @@
* 64kB (no real reason, just a guess)
*/
#define BUFFER_MAX_REUSE_SIZE (4 * 1024)
-#define MAX_READ_LIMIT (4*1024*1024)
+
+/* both should be way smaller than SSIZE_MAX :) */
+#define MAX_READ_LIMIT (256*1024)
+#define MAX_WRITE_LIMIT (256*1024)
/**
* max size of the HTTP request header