summaryrefslogtreecommitdiffhomepage
AgeCommit message (Collapse)Author
2020-09-30acl: fix regression using ipv6 with netmaskrofl0r
introduced in 0ad8904b40d699405f60655606db42475c011b67 closes #327
2020-09-30conf: only treat space and tab as whitespacerofl0r
other characters in the [[:space:]] set can't possibly be encountered, and this speeds up parsing by approximately 10%.
2020-09-30conf: use [0-9] instead of [[:digit:]] for shorter re stringsrofl0r
2020-09-30print linenumber from all conf-emitted warningsrofl0r
2020-09-30log: print timestamps with millisecond precisionrofl0r
this allows easier time measurements for benchmarks.
2020-09-30change loglevel of "Not running as root" message to INFOrofl0r
there's no reason to display this as warning.
2020-09-30conf: remove bogus support for hex literalsrofl0r
the INT regex macro supported a 0x prefix (used e.g. for port numbers), however following that, only digits were accepted, and not the full range of hexdigits. it's unlikely this was used, so remove it. note that the () expression is kept, so we don't have to adjust match number indices all over the place.
2020-09-30speed up build by only including regex.h where neededrofl0r
2020-09-27Release 1.11.0-rc1rofl0r
2020-09-27add conf-tokens.gperf to EXTRA_DISTrofl0r
otherwise it will be missing in `make dist`-generated tarballs.
2020-09-27version.sh: relax regex for release tag detectionrofl0r
this allows to use tag names with a custom suffix too.
2020-09-27version.sh: replace -g with -git-rofl0r
git describe prefixes the sha1 commit hash with -g, which is exactly what we're after. this change gets rid of the confusing "g" in the commit hash and allows tag names that include "-".
2020-09-18transparent: workaround old glibc bug on RHEL7rofl0r
it's been reported[0] that RHEL7 fails to properly set the length parameter of the getsockname() call to the length of the required struct sockaddr type, and always returns the length passed if it is big enough. the SOCKADDR_UNION_* macros originate from my microsocks[1] project, and facilitate handling of the sockaddr mess without nasty casts. [0]: https://github.com/tinyproxy/tinyproxy/issues/45#issuecomment-694594990 [1]: https://github.com/rofl0r/microsocks
2020-09-17child_kill_children(): use method that actually worksrofl0r
it turned out that close()ing an fd behind the back of a thread doesn't actually cause blocking operations to get a read/write event, because the fd will stay valid to in-progress operations.
2020-09-17tune error messages to show select or poll depending on what is usedrofl0r
2020-09-16add autoconf test and fallback code for systems without gperfrofl0r
2020-09-16main: print error when config_init() failsrofl0r
2020-09-16speed up big config parsing by 2x using gperfrofl0r
2020-09-16conf.c: simplify the huge IPV6 regexrofl0r
even though the existing IPV6 regex caught (almost?) all invalid ipv6 addresses, it did so with a huge performance penalty. parsing a file with 32K allow or deny statement took 30 secs in a test setup, after this change less than 3. the new regex is sufficient to recognize all valid ipv6 addresses, and hands down the responsibility to detect corner cases to the system's inet_pton() function, which is e.g. called from insert_acl(), which now causes a warning to be printed in the log if a seemingly valid address is in fact invalid. the new regex has been tested with 486 testcases from http://download.dartware.com/thirdparty/test-ipv6-regex.pl and accepts all valid ones and rejects most of the invalid ones. note that the IPV4 regex already did a similar thing and checked only whether the ip looks like [0-9]+.[0-9]+.[0-9]+.[0-9]+ without pedantry.
2020-09-16acl.c: detect invalid ipv6 stringrofl0r
2020-09-16conf.c: warn when encountering invalid addressrofl0r
2020-09-16conf: use cpp stringification for STDCONF macrorofl0r
2020-09-16conf: merge upstream/upstream_none into single regex/handlerrofl0r
2020-09-16move config reload message to reload_config()rofl0r
move it to before disabling logging, so a message with the correct timestamp is printed if logging was already enabled. also add a message when loading finished, so one can see from the timestamp how long it took. note that this only works on a real config reload triggered by SIGHUP/SIGUSR1, because on startup we don't know yet where to log to.
2020-09-16remove vector remainsrofl0r
2020-09-16log_message_storage: use sblistrofl0r
2020-09-16tests: add some AddHeader directivesrofl0r
2020-09-16listen_addrs: use sblistrofl0r
2020-09-16basicauth: use sblistrofl0r
2020-09-16connect_ports: use sblistrofl0r
2020-09-16add_header: use sblistrofl0r
note that the old code inserted added headers at the beginning of the list, reasoning unknown. this seems counter-intuitive as the headers would end up in the request in the reverse order they were added, but this was irrelevant, as the headers were originally first put into the hashmap hashofheaders before sending it to the client. since the hashmap didn't preserve ordering, the headers would appear in random order anyway.
2020-09-16listen_fds: use sblistrofl0r
2020-09-15run_tests_valgrind: use tougher valgrind settingsrofl0r
2020-09-15free a mem leak by statically allocating global statsbufrofl0r
2020-09-15main: include loop headerrofl0r
2020-09-15free() loop records toorofl0r
2020-09-15use poll() where availablerofl0r
2020-09-15prepare transition to poll()rofl0r
usage of select() is inefficient (because a huge fd_set array has to be initialized on each call) and insecure (because an fd >= FD_SETSIZE will cause out-of-bounds accesses using the FD_*SET macros, and a system can be set up to allow more than that number of fds using ulimit). for the moment we prepared a poll-like wrapper that still runs select() to test for regressions, and so we have fallback code for systems without poll().
2020-09-15refactor conns.[ch], put conn_s into child structrofl0r
this allows to access the conn member from the main thread handling the childs, plus simplifies the code.
2020-09-15hsearch: add seed to prevent another CVE-2012-3505 instancerofl0r
2020-09-15replace leftover users of hashmap with htabrofl0r
also fixes a bug where the ErrorFile directive would create a new hashmap on every added item, effectively allowing only the use of the last specified errornumber, and producing memory leaks on each config reload.
2020-09-15save headers in an ordered dictionaryrofl0r
due to the usage of a hashmap to store headers, when relaying them to the other side the order was not prevented. even though correct from a standards point-of-view, this caused issues with various programs, and it allows to fingerprint the use of tinyproxy. to implement this, i imported the MIT-licensed hsearch.[ch] from https://github.com/rofl0r/htab which was originally taken from musl libc. it's a simple and efficient hashtable implementation with far better performance characteristic than the one previously used by tinyproxy. additionally it has an API much more well-suited for this purpose. orderedmap.[ch] was implemented from scratch to address this issue. behind the scenes it uses an sblist to store string values, and a htab to store keys and the indices into the sblist. this allows us to iterate linearly over the sblist and then find the corresponding key in the hash table, so the headers can be reproduced in the order they were received. closes #73
2020-09-15fix free()ing of config itemsrofl0r
- we need to free the config after it has been succesfully loaded, not unconditionally before reloading. - we also need to free them before exiting from the main program to have clean valgrind output.
2020-09-15shutdown: free children from right placerofl0r
2020-09-15Revert "childs.c: fix minor memory leak"rofl0r
This reverts commit 6dd3806f7d1a337fb89e335e986e1fa4eab8340c.
2020-09-15childs.c: fix minor memory leakrofl0r
this would leak only once on program termination, so it's no big deal apart from having spurious reachable memory in valgrind logs.
2020-09-14main: orderly shutdown on SIGINT toorofl0r
the appropriate code in the signal handler was already set up, but for some reason the signal itself not being handled.
2020-09-14run_tests: make travis happy, use signal nr instead of namerofl0r
2020-09-14conf.c: include common.hrofl0r
2020-09-13run_tests: do some more extensive testingrofl0r
1) force a config reload after some initial tests. this will allow to identify memleaks using the valgrind test, as this will free all structures allocated for the config, and recreate them. 2) test ErrorFile directive by adding several of them. this should help catch regressions such as the one fixed in 4847d8cdb3bfd9b30a10bfed848174250475a69b. it will also test memleaks in the related code paths. 3) test some scenarios that should produce errors and use the configured ErrorFile directives.