1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

114 commits

Author SHA1 Message Date
Andy Green
9cac58a4c2 lws_spa: avoid reading past table
Didn't check the lenghts of the NUL-terminated header
table properly.

https://github.com/warmcat/libwebsockets/issues/1859
2020-03-14 07:50:05 +00:00
Andy Green
f04d18b5da server vfs: close: cleanup also at just_kill_connection
... and at transaction completion
2019-11-16 08:20:48 +00:00
Andy Green
c450d06413 server: vfs: make sure handle freed if problems while setting up file transfer
https://github.com/warmcat/libwebsockets/issues/1765
2019-11-15 20:14:32 +00:00
Kristján Valur Jónsson
f958c0f03e fix integer conversions from 64 bit 2019-10-27 16:38:54 +00:00
Andy Green
d9dd253021 Coverity fixes 2019-08-17 08:03:47 +01:00
Andy Green
2fc35ef6bd stats: move to pt and improve presentation 2019-08-12 06:18:04 +01:00
Andy Green
a60e60bc29 http: server: support HEAD via mount
Until now we parse HEAD requests but don't properly fulfil them.

This adds enough that if the request pointed to a valid mount,
it will send the headers and complete the transaction without
sending the body.

Test with

$ (echo -n -e "GET / HTTP/1.0\r\nHost: default\r\n\r\n"; sleep 2) | nc  127.0.0.1 7681
2019-08-01 12:56:29 +01:00
Leonard Ricci
1ac744a314 build: change AMAZON_NOART to AMAZON_LINUX 2019-07-13 14:50:58 -07:00
Andy Green
cd56a4b97f COVA12046: make it clear the strdup target cannot be NULL 2019-07-13 13:28:54 -07:00
Andy Green
cbd58fa458 http: body: make sure to consume body before transaction complete
https://github.com/warmcat/libwebsockets/issues/1625

"dead bodies" that were sent but not processed by lws as server
will clog up and destroy transaction tracking if repeated POSTs
with keepalive are sent to nonexistant paths.

This patch introduces a DISCARD_BODY state that follows BODY
except the payload is not signalled to the protocol callback.
Calling transaction_completed() with pending body makes lws
enter DISCARD_BODY and retry transaction completed only after
the pending body is exhausted.
2019-07-05 07:31:38 +01:00
Andy Green
d727c89d79 cmake: miniz: add as option 2019-07-03 19:46:23 +01:00
Ilan Pegoraro
0123b4381f vhost: bind: make failure to bind optionally fatal
When creating a vhost and the port is already bound to another process
this flag would allow the user code to choose to have the
lws_create_vhost function to fail and return a null pointer.
2019-06-29 21:08:36 +01:00
Andy Green
4692c1a7ee rtos: clean warnings where uint32_t is an unsigned long 2019-06-07 11:11:46 +01:00
Chen Xi
892cde2c71 rtos: add support for AMAZON_RTOS 2019-06-05 05:04:17 +01:00
Orgad Shaneh
19049d2f28 Change some struct members to unsigned char
Enables removal of superfluous casts, and fixes strict-aliasing warnings with
GCC 4.1.
2019-05-30 08:21:33 +08:00
Orgad Shaneh
93c35b9712 http: Initialize local variable
GCC 4.1 warns about potential access to uninitialized variable, although
this can't really happen.

Silence it by initializing the variable.
2019-05-30 06:06:41 +08:00
Andy Green
752e19391d no h2: fix unused var warning
https://github.com/warmcat/libwebsockets/issues/1579
2019-05-17 01:24:52 +01:00
Andy Green
173943a405 h2: align h1 upgrade to work same as alpn upgrade
https://github.com/warmcat/libwebsockets/issues/1571

Although the code exists for non-tls h1 upgrade to h2, it hasn't been looked
after since all expected uses for h2 are going to be via h2 / alpn.

This patch aligns its upgrade actions with alpn upgrade path so it works OK
via

$ curl --http2 http://localhost:7681/ -v -w "\n"

ie, without tls.  Operation via tls is unaffected.

To use the non-tls upgrade path, you have to be listening without tls, ie with the
test server without -s.  If you're listening in a way that requires tls, this
can't be used to bypass that (or, eg, client certs) in itself, since you have to be
able to talk to it in h1 in the first place to attempt the upgrade to h2.

The common h2 path has some code to dropping the ah unconditionally it looks
like after the first service... this is too aggressive since the first thing
coming on the upgrade path is WINDOW_UPDATE.  It looks wrong anyway, transaction /
stream completion will drop the ah and should be enough.
2019-05-12 08:01:50 +01:00
Andy Green
f89aa401cc generic-sessions update
Generic sessions has been overdue some love to align it with
the progress in the rest of lws.

1) Strict Content Security Policy
2) http2 compatibility
3) fixes and additions for use in a separate process via unix domain socket
4) work on ws and http proxying in lws
5) add minimal example
2019-05-06 10:24:51 +01:00
pavelxdd
575b96e32e http: refactor and fixes in lws_get_mimetype
- prioritize user-defined mimetypes over predefined server mimetypes.
- fix accessing memory out of string bounds.
- prefer case-insensitive comparison for extension matching.
- other minor fixes and improvements.
2019-04-09 16:21:55 +01:00
Andy Green
6d45e6c5b1 spa: add info args and stride
This is aimed at allowing a stride to optionally be
given for the parameter name array... this will allow
use of lws_struct metadata as the parameter name
array.


Also introduce the option to put all allocations in
an lwsac instead of via lws_mallocs.
2019-04-06 07:34:36 +08:00
pavelxdd
0bfb172a9e http: basic auth: fix delay on Firefox
Firefox sends HTTP requests with "Connection: keep-alive" header.
When LWS responds with 401 and WWW-Authenticate header, Firefox
doesn't show an authentication dialog until connection is closed.
Adding "Content-Length: 0" solves the problem.
2019-04-03 17:00:15 +08:00
Andy Green
1062370f07 unix skt: allow control over skt user:group
If you're providing a unix socket service that will be proxied / served by another
process on the same machine, the unix fd permissions on the listening unix socket fd
have to be managed so only something running under the server credentials
can open the listening unix socket.
2019-03-26 14:54:49 +08:00
Andy Green
ce1f395ead context: add info members to drop privileges using user and group name strings
Up until now if you wanted to drop privs, a numeric uid and gid had to be
given in info to control post-init permissions... this adds info.username
and info.groupname where you can do the same using user and group names.

The internal plat helper lws_plat_drop_app_privileges() is updated to directly use
context instead of info both ways it can be called, and to be able to return fatal
errors.

All failures to lookup non-0 or -1 uid or gid names from uid, or to look up
uid or gid from username or groupnames given, get an err message and fatal exit.
2019-03-26 14:54:49 +08:00
Andy Green
588cf0b8db lws_spa: add CLOSE callback
This should ease the situation where there was creation done in the
callback for LWS_UFS_OPEN
2019-03-22 16:55:51 +08:00
Andy Green
da3d8cb593 http proxy: support POST 2019-03-22 11:25:22 +08:00
Andy Green
f7860b6ac6 spa: allow instantiation with no parse array
If you just want a "file" in multipart, don't care about the length or
anything else, then you don't need any params tables and associated
allocations.
2019-03-22 11:23:06 +08:00
Andy Green
d1d313b4bf ws proxy: also proxy h1 ws to h1 and h2
lws has been able to proxy h2 or h1 inbound connections to an
h1 onward connection for a while now.  It's simple to use just
build with LWS_WITH_HTTP_PROXY and make a mount where the origin
is the onward connection details.  Unix sockets can also be
used as the onward connection.

This patch extends the support to be able to also do the same for
inbound h2 or h1 ws upgrades to an h1 ws onward connection as well.

This allows you to offer completely different services in a
common URL space, including ones that connect back by ws / wss.
2019-03-21 10:26:47 +08:00
Andy Green
4c3146c27c glibc: if malloc_trim() exists, call it periodically 2019-03-16 08:10:47 +08:00
Andy Green
119aa5c0ad lws_dir: wrap dir scanning backend and convert lejp-conf
We use POSIX dir scanning apis normally, but for windows, we require libuv
to do it for us.

Formalize that into a wrapper lws_dir() that hides the backend code.

Make it configurable, ON by default and forced on with lejp-conf that
depends on it.
2019-03-14 20:06:25 +08:00
Andy Green
6a88483f02 lejp: integrate error strings and api to core lejp
lejp-conf isn't the only user that needs to generate human-readable
JSON parsing error stacks.

Build it in with lejp and introduce an error code -> string api
2019-03-12 11:57:43 +08:00
Andy Green
0079099f10 vhost: add pprotocols to vhost info
info.protocols works okay, but it has an annoying problem... you have to know
the type for each protocol's pss at the top level of the code, so you can set
the struct lws_protocols user_data size for it.

Lws already rewrites the protocol tables for a vhost in the case of runtime
protocol plugins... this adapts that already-existing code slightly to give
a new optional way to declare the protocol array.

Everything works as before by default, but now info.protocols may be NULL and
info.pprotocols defined instead (if that's also NULL, as it will be if you
just ignore it after memsetting to 0, then it continues to fall back to the
dummy protocol handler as before).

info.pprotocols is a NULL-termined array of pointers to lws_protocol
structs.  This can be composed at the top level of your code without knowing
anything except the name of the externally-defined lws_protocol struct(s).

The minimal example http-server-dynamic is changed to use the new scheme as
an example.
2019-03-10 08:02:02 +08:00
Andy Green
b31ab02786 ipv6: force ipv4 if iface bind uses ipv4 address 2019-03-10 08:02:02 +08:00
Andy Green
986bb37c88 ah: custom headers for h1
Until now lws only parses headers it knows at build-time from its
prebuilt lexical analyzer.

This adds an on-by-default cmake option and a couple of apis
to also store and query "custom", ie, unknown-to-lws headers.

A minimal example is also provided.

At the moment it only works on h1, h2 support needs improvements
to the hpack implementation.

Since it bloats ah memory usage compared to without it if custom
headers are present, the related code and ah footprint can be
disabled with the cmake option LWS_WITH_CUSTOM_HEADERS, but it's
on by default normally.  ESP32 platform disables it.

https://github.com/warmcat/libwebsockets/pull/1499
2019-03-10 08:02:02 +08:00
Andy Green
3a31c47fcd ws: setting default protocol index to an illegal index disables default ws binding
On lwsws, incoming ws connections to the default vhost
are not rejected by the dummy protocol handler and not
really serviced either, leading to bots connecting to it to
get immortal, idle ws connections with no timeout (since it's an
established ws connection).

Rejecting these connections by default by adding a handler
for ESTABLISHED in the dummy handler will solve it nicely,
but it will break an unknown number of dumb. protocol-less
user implementations that rely on this behaviour by using
break; from their own ESTABLISHED handler and calling
through to the currently NOP dummy handler one.

Add support to assertively disable the default protocol
index used for subprotocol-less ws connections instead.
2019-03-10 08:02:02 +08:00
Andy Green
572ffb4a7c http: log ws upgrades 2019-03-10 08:02:02 +08:00
pblemel
39e19c85f1 qnx: qnx6.5 compatibility 2019-01-11 17:14:14 +08:00
Andy Green
c8987a14bc adaptations 2019-01-11 13:13:19 +08:00
Andy Green
eda102e397 jwe 2018-12-27 06:45:32 +08:00
Andy Green
08b5ad9299 role: raw-proxy 2018-12-01 11:05:59 +08:00
Andy Green
b318877cd9 adopt: allow associated accepted vhost connections to specific role
Normalize the vhost options around optionally handling noncompliant
traffic at the listening socket for both non-tls and tls cases.

By default everything is as before.

However it's now possible to tell the vhost to allow noncompliant
connects to fall back to a specific role and protocol, both set
by name in the vhost creation info struct.

The original vhost flags allowing http redirect to https and
direct http serving from https server (which is a security
downgrade if enabled) are cleaned up and tested.

A minimal example minimal-raw-fallback-http-server is added with
switches to confirm operation of all the valid possibilities (see
the readme on that).
2018-12-01 11:05:59 +08:00
Andy Green
531ad7ee2b minimal example deaddrop 2018-12-01 11:05:59 +08:00
Andy Green
a74a966fbf ws: support basic auth
Until now basic auth only protected http actions in the protected
mount.

This extends the existing basic auth scheme to also be consulted for
ws upgrades if a "basic-auth" pvo exists on the selected protocol for
the vhost.  The value of the pvo is the usual basic auth credentials
file same as for the http case.
2018-11-28 15:06:10 +08:00
Andy Green
9bed6d6fc6 clean: general whitespace cleanup 2018-11-23 08:47:56 +08:00
Andy Green
cdd8ad702c bind: treat EADDRINUSE as fatal
The retry stuff for bind failures is actually aimed at the scenarios the interface
either doesn't exist yet, or is not configured enough (having an IP) to be bindable yet.

This patch treats EADDRINUSE as fatal at vhost init.
2018-11-22 17:58:30 +08:00
Andy Green
3eb329bb32 reverse proxy: correct scan length so NUL goes in right place 2018-11-15 20:16:54 +08:00
Andy Green
b2b58b5b14 smp: lws_timed_callback_vh_protocol: request sets handler tsi and other fixes 2018-11-15 16:37:55 +08:00
Wei Zhang
8750582fc6 lws_hdr_total_length: match lws_hdr_copy actual length also for COOKIE 2018-11-15 16:37:53 +08:00
Andy Green
3fc4be005d hdr frag conacatenation already has separator for COOKIE 2018-11-14 06:42:35 +08:00
Andy Green
59837cdf06 coverity 192911/2: set NUL on access log after malloc fail check 2018-11-13 17:20:34 +08:00