Commit Graph

408 Commits

Author SHA1 Message Date
André Kugland
defc1e8ce9
Custom headers with the CLI option --header (#28)
These changes add a command-line option --header, e.g. --header 'Access-Control-Allow-Origin: *'.

Basic tests are included for this option.

When accepting the argument, a very simple sanitization is made, the string is required to contain ": ", and can’t contain a '\n' character. These checks are far from what is required to truly validate a HTTP header, but will at least detect simple mistakes and forbid the abuse of having arguments that include more than one header, or, worse, that include a body for the response (after "\r\n\r\n").

This should also close the Issue #16 and PR #27, I think, since CORS functionality can be obtained by specifying a custom header.
2022-12-06 21:46:52 +11:00
Emil Mikulic
64b03a032e open_sockets.py: remove unused import. 2022-11-23 11:18:39 +11:00
Emil Mikulic
b5702b4f20 Bump version past release. 2022-11-23 11:17:50 +11:00
Emil Mikulic
976682f161
Create codeql-analysis.yml 2022-10-08 16:18:30 +11:00
Emil Mikulic
a7b8f8fa6e [ darkhttpd 1.14 release ] 2022-10-02 12:29:13 +11:00
Emil Mikulic
a88ecadafe fuzzer: take optional port number from environment variable.
Makes it possible to run multiple fuzzer processes in parallel.
2022-10-02 12:24:17 +11:00
Emil Mikulic
762956f1a8 Set running = 1 before entering the main loop.
This is so the fuzzer can wait for it.
2022-10-02 12:21:33 +11:00
artemis everfree
47920915c7
Update illumos support to the modern era (#24)
* Update Solaris / Illumos support

Old versions of Solaris did not have vasprintf, so darkhttpd defined one
gated behind an ifdef. Oracle Solaris 10 has had vasprintf since 2011.
Oracle Solaris 11 has had it since release. illumos (which also reports
as `__sun`) also has it in all current incarnations. As a result, this
ifdef'd block creates compiler errors due to a second definition of the
function. This commit removes the block.

This commit also adds `-lsendfile` to the Makefile for systems that
report as `SunOS` in `uname` (Solaris and Illumos), which is necessary
to link successfully in current day.

* Comment on manually specifying CC in readme

Some systems, including versions of illumos I use, do not have a `cc`
alias to the system C compiler. Arguably this is a flaw in the
distribution, but as a user, it's perhaps helpful to be reminded that
this is an option.
2022-10-02 11:56:40 +11:00
Emil Mikulic
1eb6daa357 Fix crash when a file has a large (year 10,000+) mtime.
https://bugzilla.redhat.com/show_bug.cgi?id=1893725
https://github.com/emikulic/darkhttpd/issues/21
2022-10-02 11:50:02 +11:00
Emil Mikulic
1f166293b7 Update tests after adding slash to href for directories. 2022-10-02 11:38:12 +11:00
Emil Mikulic
1e4cddb6b6 Disable msan because it's not working.
It looks like parts of dlent are not being unpoisoned.
2022-10-02 11:34:56 +11:00
Daniel Nagy
a981031e6f
Add slash to href for directories (#17)
This allows client side parsers to decide when a link is a directory.

This is needed for example in the rclone http backend.

https://rclone.org/http/
2022-02-09 11:43:03 +11:00
Emil Mikulic
3641c2f50f Dir listing: special-case ".." to come first.
Suggested by: @frogtile

Fixes #14
2022-01-19 20:10:50 +11:00
Emil Mikulic
f0ca481fd1 Make header parsing case insensitive.
This makes darkhttpd more useful behind an HTTP2 reverse proxy,
because the HTTP2 headers are all lowercase.

Suggested by: @Hill-98

Fixes #15
2022-01-19 20:01:32 +11:00
Emil Mikulic
1759a7a7d9 Add tests for --forward-https. 2021-08-22 13:18:36 +10:00
Emil Mikulic
4fd6a1067c Ignore __pycache__ dirs. 2021-08-22 13:04:49 +10:00
Paco Pascal
7145426710 --forward-https has priority over --auth. Therefore, if the server's
running with both options and the client connects via HTTP, a redirect
will occur instead of the authentication being granted or denied.

The code for handling a HTTPS redirect has been moved out of
process_get() and put into redirect_https() and is_https_redirect().
The latter checks if redirect_https() should be called.
2021-08-22 13:01:28 +10:00
Paco Pascal
49baf385e1 Forward to HTTPS if X-Forwarded-Proto is equal to "http". This can be
enabled with "--forward-https".

This might be useful if darkhttpd is behind a reverse proxy that
supports SSL.
2021-08-22 13:01:28 +10:00
Fabrice Fontaine
a8ae2b1de0
Add license file (#10)
Add a license file by copying/pasting text from darkhttpd.c

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2021-07-21 20:41:41 +10:00
Tom Dryer
59b30c5cbc
Fix high CPU usage when timeout is disabled (#8)
When darkhttpd is running with `--timeout 0` (timeout disabled), and any
connection is idle, it will use 100% of the CPU. This happens because
`select` returns immediately when its timeout is zero, causing the main
`httpd_poll` loop to spin.

Fix this by adding a check to `httpd_poll` making `select` always
receive a `NULL` timeout when `timeout_secs` is zero.
2021-06-27 11:41:19 +10:00
Tom Dryer
667edacaa3
Fix hung connection from consecutive requests (#7)
A client making quick consecutive requests with keep-alive, such as `ab`
with `-k`, can cause the connection to become hung.

This happens because of an optimization in `http_poll` function. When a
connection state becomes `DONE`, `httpd_poll` recycles the connection
and immediately calls `poll_recv_request`. However, it doesn't handle
this resulting in the connection state becoming `DONE` again. If this
occurs, the state stays in `DONE`, and the further calls to `httpd_poll`
ignore the connection.

Fix this by calling `poll_recv_request` in a loop until the state is no
longer `DONE`.

* Enable TCP_NODELAY optimization

It looks like `TCP_NODELAY` was disabled due to the bug fixed in the
previous commit. Enabling it substantially improves keep-alive
performance with `ab`:

Before:

```
Time per request:       0.272 [ms] (mean)
```

After:

```
Time per request:       0.033 [ms] (mean)
```

* Remove keep-alive optimization from `httpd_poll`

Benchmarking with `ab` shows that bypassing `select` for keep-alive
connections in the `DONE` state doesn't significantly impact
performance. Since this optimization previously caused a bug, remove it.
2021-06-14 11:44:55 +10:00
Solt Budavári
5c0f9babf1
Properly divide list "headers" and lists. (#4)
Since the feature (and security and limitations) list follows the
"Features:" (etc.) line without any empty lines between them,
some Markdown-to-HTML converters (correctly) assume that
they are one paragraph, which causes the list not to
be converted to an actual HTML list. By putting an empty line
between the actual lists and their preceding lines,
the lists will be correctly converted.

(Both lists and paragraphs are block elements,
and they should be "marked down" accordingly.
See https://daringfireball.net/projects/markdown/syntax#block .)
2021-04-08 11:32:56 +10:00
Miles Elam
35c488b95f
Dockerize (#3)
Add static build option to Makefile and create Dockerfile to run it.
2021-04-03 18:08:52 +11:00
Emil Mikulic
9222bbc9d8 Improve make_safe_uri coverage. 2021-03-21 15:31:04 +11:00
Emil Mikulic
f3acb93b93 fuzz_llvm_make_safe_uri: get code from darkhttpd.c 2021-03-21 15:13:44 +11:00
Emil Mikulic
02b9908f71 Retire old developer scripts. 2021-03-21 15:06:57 +11:00
Emil Mikulic
81b491e60a Declare vars outside of for() loop for -std=c90.
Fixes #2.
2021-03-21 15:03:14 +11:00
Emil Mikulic
d576efc9d8 warns: build with -std=c90. 2021-03-21 15:01:17 +11:00
Emil Mikulic
f05413f8df Not using release script anymore, retire it. 2021-02-21 17:20:49 +11:00
Emil Mikulic
505223a9e5 Clean up after fuzzers. 2021-02-21 17:10:18 +11:00
Emil Mikulic
dc0fd7ecdc Don't include URL or method in default_reply. 2021-02-21 17:09:27 +11:00
Emil Mikulic
3058f910d9 File listings: decoded URL in title and heading.
Also HTML-escape title, heading, and file names.
2021-02-21 16:47:14 +11:00
ilmich
2b37151afc Add support for logging with syslog.
The motivation is that with busybox, the implementation of syslog has a
builtin log rotation.

So I don't need an external logrotate for darkhttpd.
2021-02-10 18:51:24 +11:00
Emil Mikulic
f72e8d6afe Bump version past release. 2021-02-10 18:48:57 +11:00
Emil Mikulic
afeb47443a [ darkhttpd 1.13 release ]
And bump copyright year.
2021-01-18 00:50:36 +11:00
Emil Mikulic
1845a4aa93 Update readme: add introduction, markdown. 2021-01-18 00:44:28 +11:00
Emil Mikulic
fdf28d2ede Rename README. 2021-01-18 00:34:04 +11:00
Emil Mikulic
dd49204609 Add a fuzzer that runs the server in the background. 2021-01-18 00:25:02 +11:00
Emil Mikulic
8cca3b6c87 Fix a bug when a range is requested and the request is too large. 2021-01-17 23:00:32 +11:00
Emil Mikulic
c1cd3d0e2d Fix bug in handling of bad requests. 2021-01-17 22:11:54 +11:00
Emil Mikulic
b57eb17d47 More Python 3 updates. 2021-01-17 17:29:23 +11:00
Emil Mikulic
d39cc3849a test_auth: Add test for wrong auth. 2021-01-17 16:55:09 +11:00
Emil Mikulic
7e60a9b731 test_auth.py: Update to Python 3. 2021-01-17 16:52:47 +11:00
Emil Mikulic
3f236fd71b test.py: close sockets, more Python 3 cleanups. 2021-01-17 16:36:26 +11:00
Emil Mikulic
67c506b620 Convert test.py to Python 3.
Unicode was a mistake.
2021-01-17 16:29:41 +11:00
decho
1990aee864 directory listing: Send viewport meta tag 2021-01-05 19:31:16 +11:00
Emil Mikulic
6a82e67772 Avoid file size overflow on 32-bit systems.
Reported by: Mariusz Stokłosa <krokator@gmail.com>
2020-07-01 22:07:12 +10:00
solsTiCe d'Hiver
d777aacd98 Log using Combined Log Format (commonly found in apache log)
Commonly found in Apache log. It adds 2 fields upon the Common Log
Format (referer and user-agent).

https://en.wikipedia.org/wiki/Common_Log_Format

It is just a matter of reordering what your were already logging with a
new date formatting.

* We are cheating because we always assume HTTP/1.1 as the request
  header.

* We assume the user name is unknown.
2020-07-01 21:47:26 +10:00
Andreas Gal
85609c8095 add mp4 mine type 2020-07-01 21:36:04 +10:00
Christian Hesse
3a582f3c57 Honour LDFLAGS.
Signed-off-by: Christian Hesse <mail@eworm.de>
2020-07-01 21:34:23 +10:00