nginx.git, branch release-1.1.15 nginx nginx-1.1.15-RELEASE 2012-02-15T13:26:06+00:00 Maxim Dounin mdounin@mdounin.ru 2012-02-15T13:26:06+00:00 3cf5ad94e988a83311ddeaea1a9239394eb7b878 






Disable symlinks: fixed edge cases of path handling.
2012-02-15T12:18:55+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-02-15T12:18:55+00:00

32b000bad7df8f0303d74a5c02fbd62e9241d17b

This includes non-absolute pathnames, multiple slashes and trailing
slashes.  In collaboration with Valentin Bartenev.





This includes non-absolute pathnames, multiple slashes and trailing
slashes.  In collaboration with Valentin Bartenev.







Disable symlinks: cleanup error handling.
2012-02-15T12:17:24+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-02-15T12:17:24+00:00

04015a48ca657ac7649401ca75a9414e1b733d63

Notably this fixes NGX_INVALID_FILE/NGX_FILE_ERROR mess, and adds
logging of close() errors.  In collaboration with Valentin Bartenev.





Notably this fixes NGX_INVALID_FILE/NGX_FILE_ERROR mess, and adds
logging of close() errors.  In collaboration with Valentin Bartenev.







Support for disable_symlinks in various modules.
2012-02-13T16:32:21+00:00

Andrey Belov
defan@nginx.com

2012-02-13T16:32:21+00:00

8ce8f6667f3f14c004148138c0aec3dff79c350b












Added disable_symlinks directive.
2012-02-13T16:29:04+00:00

Andrey Belov
defan@nginx.com

2012-02-13T16:29:04+00:00

bd1e719bf9c4bc58076e7b52e87be645c9b803f5

To completely disable symlinks (disable_symlinks on)
we use openat(O_NOFOLLOW) for each path component
to avoid races.

To allow symlinks with the same owner (disable_symlinks if_not_owner),
use openat() (followed by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW),
and then compare uids between fstat() and fstatat().

As there is a race between openat() and fstatat() we don't
know if openat() in fact opened symlink or not.  Therefore,
we have to compare uids even if fstatat() reports the opened
component isn't a symlink (as we don't know whether it was
symlink during openat() or not).

Default value is off, i.e. symlinks are allowed.





To completely disable symlinks (disable_symlinks on)
we use openat(O_NOFOLLOW) for each path component
to avoid races.

To allow symlinks with the same owner (disable_symlinks if_not_owner),
use openat() (followed by fstat()) and fstatat(AT_SYMLINK_NOFOLLOW),
and then compare uids between fstat() and fstatat().

As there is a race between openat() and fstatat() we don't
know if openat() in fact opened symlink or not.  Therefore,
we have to compare uids even if fstatat() reports the opened
component isn't a symlink (as we don't know whether it was
symlink during openat() or not).

Default value is off, i.e. symlinks are allowed.







Changed ngx_open_and_stat_file() to use ngx_str_t.
2012-02-13T16:16:45+00:00

Andrey Belov
defan@nginx.com

2012-02-13T16:16:45+00:00

32c8df44d5f53026d92ec24bcf4c864359395e55

No functional changes.





No functional changes.







Added openat()/fstatat().
2012-02-13T16:13:21+00:00

Andrey Belov
defan@nginx.com

2012-02-13T16:13:21+00:00

71205c3fbc530ec810e18b0cfb6f8db5bb8d1cd1












Time parsing cleanup.
2012-02-13T15:41:11+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-02-13T15:41:11+00:00

9f38b20db50a22b434d35c9bf3c5b08d5ddfbd8b

Nuke NGX_PARSE_LARGE_TIME, it's not used since 0.6.30.  The only error
ngx_parse_time() can currently return is NGX_ERROR, check it explicitly
and make sure to cast it to appropriate type (either time_t or ngx_msec_t)
to avoid signedness warnings on platforms with unsigned time_t (notably QNX).





Nuke NGX_PARSE_LARGE_TIME, it's not used since 0.6.30.  The only error
ngx_parse_time() can currently return is NGX_ERROR, check it explicitly
and make sure to cast it to appropriate type (either time_t or ngx_msec_t)
to avoid signedness warnings on platforms with unsigned time_t (notably QNX).







Fixed build with embedded perl and --with-openssl.
2012-02-13T15:38:48+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-02-13T15:38:48+00:00

8cb7134f49bcdded469b3e72415b96794190257e












Core: protection from cycles with named locations and post_action.
2012-02-13T15:35:48+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-02-13T15:35:48+00:00

7dff998495d527041dbd7f48770dfc395ddabaee

Now redirects to named locations are counted against normal uri changes
limit, and post_action respects this limit as well.  As a result at least
the following (bad) configurations no longer trigger infinite cycles:

1. Post action which recursively triggers post action:

    location / {
        post_action /index.html;
    }

2. Post action pointing to nonexistent named location:

    location / {
        post_action @nonexistent;
    }

3. Recursive error page for 500 (Internal Server Error) pointing to
   a nonexistent named location:

    location / {
        recursive_error_pages on;
        error_page 500 @nonexistent;
        return 500;
    }





Now redirects to named locations are counted against normal uri changes
limit, and post_action respects this limit as well.  As a result at least
the following (bad) configurations no longer trigger infinite cycles:

1. Post action which recursively triggers post action:

    location / {
        post_action /index.html;
    }

2. Post action pointing to nonexistent named location:

    location / {
        post_action @nonexistent;
    }

3. Recursive error page for 500 (Internal Server Error) pointing to
   a nonexistent named location:

    location / {
        recursive_error_pages on;
        error_page 500 @nonexistent;
        return 500;
    }