summary refs log tree commit diff
Commit message (Collapse)AuthorAgeFilesLines
* send 400 bad request and drop connection on http parse errors HEAD masterLeah Neukirchen2022-02-071-0/+11
| | | | | | Reported by @ellcs. Closes #2.
* Close clients when max clients exceededelx2022-02-071-1/+6
| | | | | | | | After compiling with `-fsanitize=address`, you can see that hittpd would crash with the following commands: ulimit -n 4096; ./hittpd for i in {1..1024}; do (echo ""; sleep 5) > /dev/tcp/127.0.0.1/80 & done
* sig_atomic_t should be used with volatileLeah Neukirchen2022-01-271-1/+1
|
* write_client: when sendfile(2) fails, try pread/write.Leah Neukirchen2022-01-241-9/+15
| | | | | | | Some filesystems don't support sendfile, either due to bugs or other reasons. Found by Érico Nogueira.
* detect and refuse pipeliningLeah Neukirchen2022-01-133-4/+19
| | | | | | | | | | | | | | | | | Previously, two HTTP requests within the same read() would both be parsed by http_parser_execute (and corrupted state). We don't support this, since we distinguish between reading and writing parts of the server action, and there's no way to let poll perform the writing part in this case. Detect pipelining by pausing the parser in on_message_complete and checking if we parsed fewer bytes than we passed. Then handle the first request and drop the connection; a compliant HTTP client must retry without pipelining. Found by @duncaen. Signed-off-by: Leah Neukirchen <leah@vuxu.org>
* getmime: robustness for empty mime tableLeah Neukirchen2021-08-101-1/+2
| | | | Found by Érico Nogueira.
* gather globalsLeah Neukirchen2021-08-101-9/+9
|
* clean up, don't shadow timestampLeah Neukirchen2021-08-101-4/+4
|
* accesslog: clean up, rename buf to logtimestampLeah Neukirchen2021-08-101-3/+4
|
* fix mimetype lookupLeah Neukirchen2021-08-101-12/+26
| | | | | | | Fix overflow on long mime types, found by Érico Nogueira. Allow maximum length of mime types, as per spec, then truncate. Fix mime type lookup when extensions match some mime type.
* Makefile: make incompatible pointer types fatalLeah Neukirchen2021-08-091-1/+1
|
* scan_int64: don't assume long fits 64-bitsLeah Neukirchen2021-08-091-2/+2
|
* fix mimetype for "GET /" requestsÉrico Nogueira2021-08-091-1/+6
| | | | | | | index.html was being sent as "application/octet-stream", which broke it for browsers. using strcat is safe, because we check the length before writing. we can't use strcpy because subdirs can also be requested this way.
* more robustnessLeah Neukirchen2021-06-031-1/+2
|
* detect unsatisfiable empty rangesLeah Neukirchen2021-06-031-0/+5
| | | | This fixes wget -c.
* bump copyright yearsLeah Neukirchen2021-06-032-2/+2
|
* reset stream state in finish_responseLeah Neukirchen2021-06-031-0/+5
| | | | | This fixes wrong partial content answers on keep-alive requests, detected with mobile Chrome 89.
* Partial Content is 206, duhLeah Neukirchen2020-09-251-1/+1
|
* with -P, only list files that will be servedLeah Neukirchen2020-05-231-0/+3
|
* nicer index list, inspired by nginxLeah Neukirchen2020-05-231-14/+39
|
* remove double casting via (void *)Leah Neukirchen2020-05-201-5/+4
|
* explain how to run with CAP_NET_BIND_SERVICELeah Neukirchen2020-05-151-0/+5
|
* fix formattingLeah Neukirchen2020-05-151-19/+19
|
* detect file truncationLeah Neukirchen2020-05-151-2/+6
| | | | We have to close the connection here to notify the client.
* display address hittpd listens onLeah Neukirchen2020-05-151-5/+21
|
* add -R to set SO_REUSEPORTLeah Neukirchen2020-05-101-2/+13
|
* compute timestamp once per iterationLeah Neukirchen2020-05-101-9/+9
|
* ignore peer address when acceptingLeah Neukirchen2020-05-101-5/+3
|
* better error handling in write_clientLeah Neukirchen2020-05-091-7/+11
|
* allow setting default mimetype, default to application/octet-streamLeah Neukirchen2020-05-091-6/+6
|
* allow custom mime typesLeah Neukirchen2020-05-091-2/+7
|
* nicely exit on SIGINT and SIGTERMLeah Neukirchen2020-05-091-3/+28
|
* good morningLeah Neukirchen2020-05-091-3/+3
|
* add -P to only serve world-readable filesLeah Neukirchen2020-05-091-2/+9
| | | | | Note that this does not check intermediate directory traversals, for this u+x is still enough.
* add -I to disable directory indexesLeah Neukirchen2020-05-091-2/+7
|
* send_dir_redirect: send newline tooLeah Neukirchen2020-05-091-1/+1
|
* escape path in accesslogLeah Neukirchen2020-05-091-3/+10
|
* detect too big header generationLeah Neukirchen2020-05-091-1/+12
|
* fix empty Content-Length for HEADLeah Neukirchen2020-05-091-3/+3
|
* send content for 301 responsesLeah Neukirchen2020-05-091-2/+3
|
* refactor response generationLeah Neukirchen2020-05-091-106/+57
|
* send_error: refactorLeah Neukirchen2020-05-091-7/+15
|
* use intmax_t to print off_t valuesLeah Neukirchen2020-05-091-12/+22
|
* add support for listening on unix domain sockets (-u)Leah Neukirchen2020-05-091-31/+50
|
* use AF_UNSPEC if AI_V4MAPPED is not availableLeah Neukirchen2020-05-091-3/+5
| | | | Else we can't listen IPv4 only on these systems.
* Makefile: make work with bmakeLeah Neukirchen2020-05-081-0/+4
|
* rename OPEN_MAX to MAX_CLIENTSLeah Neukirchen2020-05-081-8/+7
|
* use AI_V4MAPPED only if availableLeah Neukirchen2020-05-081-1/+4
|
* add strptime prototype for glibc, use default visibilityLeah Neukirchen2020-05-081-3/+5
|
* simply enable sendfile on linuxLeah Neukirchen2020-05-082-3/+3
|
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-21 12:04:23 +0000