| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
Signed-off-by: John Crispin <blogic@openwrt.org>
|
|
uhttpd modifies the list_head member of the uhttpd_plugin struct when
loading a plugin, therefore we cannot make it const, otherwise we
trigger a security violation if uhttpd is built with RelRO support.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
uhttpd modifies the list_head member of the uhttpd_plugin struct when
loading a plugin, therefore we cannot make it const, otherwise we
trigger a security violation if uhttpd is built with RelRO support.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
scandir() call requires free() of each returned dirent structure
and parent list. Code constructing HTML response of directory
listing is missing a call to free in some cases.
Signed-off-by: Andrej Krpic <ak77@tnode.com>
|
|
.js files are being transferred as text/javascript, which, although
obsolete by RFC 4329 is most backward compatible.
.json and .jsonp are both transferred as application/octet-stream
however, causing warnings on the console for some browsers, even though
it works just fine.
Add the mimetypes for .json as per RFC 4627 and .jsonp as per RFC4329
(As jsonp _is_ javascript)
Signed-off-by: Karl Palsson <karlp@remake.is>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
According to RFC2616 10.2.5 and 10.3.5, 204 and 304 responses MUST NOT contain any
message body, therfore do not emit an EOF chunk for such responses.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Certain response types (notably 204 and 304) require a slightly different
handling like emitting the response body entirely, therfore record the last
code to act on it in the appropriate places.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Reported-by: Sebastian Apel <sebastian.apel@gmx.de>
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Reported-by: Sebastian Apel <sebastian.apel@gmx.de>
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
In order to support cross-domain AJAX requests to the /ubus endpoint
we need to implement the Cross-Origin Resource Sharing (CORS) spec
in the ubus plugin.
- Implement a new option "-X" to enable CORS support in ubus
- Implement rudimentary support for "OPTIONS" HTTP requests
- Implement essential CORS headers the ubus plugin
The current CORS response headers merely reflect the request headers
sent by the client, this way any requesting origin is automatically
allowed. Cross-domain cookies (Access-Control-Allow-Credentials) are
unconditionally enabled.
Restricting permitted origins and toggle the credential accepting can
be made configurable in a future commit to allow more fine grained
control over permitted AJAX clients.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
This ensures that the process will show the correct command line in ps
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
bit of bandwidth
|
|
The ubus plugin calls blocking ubus functions that loop back into
uloop_run. Protect the client data structure with refcounting to ensure
that the outer uloop_run call does not clean up the data that the inner
uloop_run call is still processing.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
session.access
|
|
|
|
injecting different SIDs
|
|
procedure
|
|
information leakage via the post url
|
|
corruption with concurrent requests
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
usage
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
When the relay process has exited, close the connection as soon as no
data can immediately be read from the socket anymore, and the read
buffer has been emptied.
This fixes timeouts with scripts that leave processes lingering around
without closing their fds.
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
Fixes a per-SSL-connection memory leak
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
