Commit Graph

51 Commits

Author SHA1 Message Date
Jo-Philipp Wich
bcd8d530d1 Fixed: [PATCH 2/3] uhttpd URL-codec enhancements.
My apologies, the 2nd of those patches had a syntax error -- that's what
I get for making a last-minute edit, even to the comments, without
testing! :-p

Here is the corrected patch.

-- David

From d259cff104d2084455476b82e92a3a27524f4263 Mon Sep 17 00:00:00 2001
From: David Favro <openwrt@meta-dynamic.com>
Date: Fri, 27 Apr 2012 14:17:52 -0400
Subject: [PATCH] uhttpd URL-codec enhancements.

* uh_urlencode() and uh_urldecode() now return an error condition for
  buffer-overflow and malformed-encoding rather than normal return with corrupt
  or truncated data.  As HTTP request processing is currently implemented, this
  causes a 404 HTTP status returned to the client, while 400 is more
  appropriate.

* Exposed urlencode() to Lua.

* Lua's uhttpd.urlencode() and .urldecode() now raise an error condition for
  buffer-overflow and malformed-encoding rather than normal return with
  incorrect data.

SVN-Revision: 31570
2016-03-20 20:05:13 +01:00
Jo-Philipp Wich
2bfb1e012a uhttpd URL-codec bug fixes.
* Fixed output-buffer-overflow bug in uh_urlencode() and uh_urldecode() [tested
  input-buffer index against output-buffer length].  In reality, this would not
  typically cause an overflow on decode, where the output string would be
  expected to be shorter than the input string; and uh_urlencode() seems to have
  been unreferenced in the source.

* Fixed bug: uh_urlencode() and uh_urldecode() both read one extra byte from the
  input-string.  While this could manifest in C code, the result was most
  egregious when called from Lua, where it caused an extra null byte to be
  embedded at the end of the output string.

* uh_urlencode() cleanup: removed redundant bitwise-and.

Signed-off-by: David Favro <openwrt@meta-dynamic.com>

SVN-Revision: 31569
2012-05-03 17:19:16 +00:00
Jo-Philipp Wich
80307216f2 uhttpd: reorder compiler flags to fix native build on Ubuntu 11.x
SVN-Revision: 30936
2012-03-13 20:41:31 +00:00
Jo-Philipp Wich
8533636d2d uhttpd: cope with variable number of spaces in header lines (#11079)
SVN-Revision: 30806
2012-03-04 15:53:51 +00:00
Jo-Philipp Wich
215239a470 uhttpd: prevent linking uhttpd binary against crypto libraries
SVN-Revision: 29152
2011-11-15 10:17:59 +00:00
Jo-Philipp Wich
44da6400cd uhttpd: cope with DES crypted passwd entries by not relying on a leading dollar sign to indicate a cipher
SVN-Revision: 28886
2011-11-09 18:55:28 +00:00
Nicolas Thill
75e186832a package/uhttpd: use new service wrapper
SVN-Revision: 28841
2011-11-07 22:59:06 +00:00
Jo-Philipp Wich
8189bd9260 uhttpd: provide rpath-link flag, thanks mazilo
SVN-Revision: 28792
2011-11-07 00:10:52 +00:00
Jo-Philipp Wich
6037187a80 uhttpd: Fix wrong certificate options with multiple words
For instance two word city names will result in weird certificates.
Therefore adding the missing quotations.

Signed-off-by: Linus Lüssing <linus.luessing@web.de>

SVN-Revision: 28776
2011-11-06 15:44:42 +00:00
Jo-Philipp Wich
fcea88e3b5 uhttpd: fix Makefiles and linking of tls plugin
SVN-Revision: 28769
2011-11-05 17:36:47 +00:00
Jo-Philipp Wich
3c96dee342 uhttpd: bump version
SVN-Revision: 28762
2011-11-05 03:19:29 +00:00
Jo-Philipp Wich
3d035a6f6a uhttpd: rework CyaSSL and OpenSSL integration; move protected recv() and send() operations below the ssl layer - fixes hangs when accessing via https
SVN-Revision: 28761
2011-11-05 03:19:07 +00:00
Jo-Philipp Wich
32ae896d00 uhttpd: fix bad pointer use in previous commit
SVN-Revision: 28257
2011-09-18 23:34:25 +00:00
Jo-Philipp Wich
12bbe8b2af uhttpd: fix possible CGI header line parsing beyound the empty line, thanks Linus Luessing for spotting it
SVN-Revision: 28254
2011-09-18 22:30:20 +00:00
Jo-Philipp Wich
a6c02f8912 uhttpd: properly match mimetype entries which cover the whole filename (#8236)
SVN-Revision: 28160
2011-09-04 10:21:05 +00:00
Jo-Philipp Wich
7fce085a97 uhttpd: add "application/x-ns-proxy-autoconfig" mime type (#8236)
SVN-Revision: 28149
2011-09-02 13:28:29 +00:00
Jo-Philipp Wich
9c606eb4c5 uhttpd: pass feature flags (#9742)
SVN-Revision: 27689
2011-07-19 06:59:47 +00:00
Jo-Philipp Wich
6576d110d2 uhttpd: support building against openssl instead of cyassl, minor cleanups (#7827)
SVN-Revision: 27686
2011-07-18 14:18:31 +00:00
Jo-Philipp Wich
53a5beaca8 uhttpd: unblock signals in CGI childs, solves hanging ssh logout after server restart from within LuCI and similar problems
SVN-Revision: 27628
2011-07-17 07:18:59 +00:00
Daniel Dickinson
9e4843d0e3 uhttpd: Moved uhttpd to Network|Web Servers/Proxies submenu, just like all the other web serves and proxies from the packages feed
SVN-Revision: 26062
2011-03-12 04:47:02 +00:00
Jo-Philipp Wich
3b3e5b7a49 uhttpd: substitute "+" with space when using the -d flag, lazyload tls support
SVN-Revision: 25220
2011-01-28 19:50:33 +00:00
Jo-Philipp Wich
f38a320e69 uhttpd: protect tcp receive operations with select, make tcp keep-alive optional (#8272)
SVN-Revision: 24952
2011-01-09 23:35:45 +00:00
Jo-Philipp Wich
f5b3f741ce uhttpd: allow lowercase http header fields (#8513)
SVN-Revision: 24823
2010-12-24 22:03:34 +00:00
Jo-Philipp Wich
5931a158a4 uhttpd: redirect to same location with trailing slash appended if directories are requested
SVN-Revision: 23952
2010-11-10 20:52:30 +00:00
Jo-Philipp Wich
fa644368ed uhttpd: make it work without shadow password support
SVN-Revision: 23897
2010-11-06 16:19:04 +00:00
Jo-Philipp Wich
817566a5be uhttpd: revert unrelated change in previous commit
SVN-Revision: 23261
2010-10-05 19:35:38 +00:00
Jo-Philipp Wich
88db961cf0 uhttpd: add /etc/uhttpd.key and /etc/uhttpd.crt to conffile hints
SVN-Revision: 23260
2010-10-05 19:34:22 +00:00
Jo-Philipp Wich
1cb2abca8e add maintainer information
SVN-Revision: 23159
2010-09-30 10:48:37 +00:00
Jo-Philipp Wich
70dff7070e uhttpd: break tight loop when receiving eof during header reading (#7904)
SVN-Revision: 22988
2010-09-09 20:15:02 +00:00
Jo-Philipp Wich
93c38f2b86 uhttpd: fix segfault triggered by Basic Auth checking
SVN-Revision: 22805
2010-08-25 21:38:48 +00:00
Jo-Philipp Wich
cbdeb30a1b uhttpd: - fix parsing of interpreter entries in the config file, fixes serving of static files as .cgi with X-Wrt - better cope with connection aborts, especially during header transfer - fix return value checking of TLS reads and writes, solves some blocking issues
SVN-Revision: 22692
2010-08-18 00:04:52 +00:00
Jo-Philipp Wich
f2b534d341 uhttpd: - more robust handling of network failures on static file serving - support unlimited amount of authentication realms, listener and client sockets - support for interpreters (.php => /usr/bin/php-cgi)
SVN-Revision: 22630
2010-08-14 00:54:24 +00:00
Jo-Philipp Wich
4847198093 uhttpd: fix segmentation fault triggered by invalid header line
SVN-Revision: 22607
2010-08-12 10:56:41 +00:00
Jo-Philipp Wich
2d175dcdce uhttpd: - abort file serving if client connection is lost (#7742) - don't send bad request headers twice
SVN-Revision: 22602
2010-08-11 23:44:30 +00:00
Jo-Philipp Wich
5bc74fcb6f uhttpd: make init script less verbose
SVN-Revision: 22593
2010-08-11 13:30:47 +00:00
Jo-Philipp Wich
3d99f03082 uhttpd: add option to reject requests from RFC1918 IPs to public server IPs (DNS rebinding countermeasure)
SVN-Revision: 22589
2010-08-11 00:05:34 +00:00
Jo-Philipp Wich
39e013d003 uhttpd: fix build dependencies (#7674)
SVN-Revision: 22404
2010-07-27 21:19:28 +00:00
Jo-Philipp Wich
b688fcaa5c uhttpd: - fix a compile warning - support custom index file names - support custom error pages (or cgi handler) - add option to disable directory listings - add REDIRECT_STATUS for CGI requests, fixes php-cgi
SVN-Revision: 22366
2010-07-23 13:15:22 +00:00
Jo-Philipp Wich
585ffa4941 uhttpd: - fix incorrect parsing of multiple listen options (#7458) - support PEM certificates for SSL
SVN-Revision: 21762
2010-06-12 12:58:11 +00:00
Nicolas Thill
338f1af5f3 bump release number for packages ahead of backfire in trunk
SVN-Revision: 21556
2010-05-23 21:55:40 +00:00
Jo-Philipp Wich
51cae701b6 uhttpd: use uci_get() wrapper (#7312)
SVN-Revision: 21492
2010-05-17 19:35:15 +00:00
Jo-Philipp Wich
3df8df720a uhttpd: - ignore authentication realms that refer to user accounts with no password set yet (X-Wrt compatibility) - fix off-by-one in CGI header parsing, fixes cgi programs that emit bad header lines (AsteriskGUI compatibility) - bump version
SVN-Revision: 21121
2010-04-24 11:07:41 +00:00
Jo-Philipp Wich
14428874ae uhttpd: fix bug in path canonization introduced by r20883
SVN-Revision: 20885
2010-04-15 20:08:56 +00:00
Jo-Philipp Wich
20ef055c2f uhttpd: - make network timeout configurable, increase default to 30 seconds (#7067) - follow symlinks in docroot and add option to disable that - fix mimetype detection for files with combined extensions (.tar.gz, ...)
SVN-Revision: 20883
2010-04-15 19:46:35 +00:00
Jo-Philipp Wich
a0a6400034 uhttpd: - cope with options instead of lists in uci config - fix compilation without tls (#7050) - bump to rev 7
SVN-Revision: 20668
2010-04-03 13:09:10 +00:00
Jo-Philipp Wich
b95360d5bc uhttpd: fix a signal related race condition exposed by LuCI on fast machines
SVN-Revision: 20573
2010-03-29 09:26:02 +00:00
Jo-Philipp Wich
4bc74807e4 uhttpd: fix parameter parsing issue on avr32 and most likely ixp4xx
SVN-Revision: 20532
2010-03-28 02:35:45 +00:00
Jo-Philipp Wich
4172149f89 uhttpd: block SIGCHLD until it is expected (#6957)
SVN-Revision: 20513
2010-03-27 14:31:35 +00:00
Jo-Philipp Wich
161325ac4f uhttpd: clear script timeout as soon as data is received from the child
SVN-Revision: 20501
2010-03-27 01:47:36 +00:00
Jo-Philipp Wich
8c9b818a24 uhttpd: - make script timeout configurable - catch SIGCHLD to properly interrupt select() - flag listen and client sockets as close-on-exec
SVN-Revision: 20500
2010-03-27 00:00:33 +00:00