nginx.git, branch release-1.1.17 nginx nginx-1.1.17-RELEASE 2012-03-15T11:32:18+00:00 Maxim Dounin mdounin@mdounin.ru 2012-03-15T11:32:18+00:00 cbdec4e7f3abeee0c2b3537ec26bc465e2464ccf 






Headers with null character are now rejected.
2012-03-15T11:27:57+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-03-15T11:27:57+00:00

d1ed97b18bc3a7115c060a688be415fdc078bb76

Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems.  They are now unconditionally rejected.





Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems.  They are now unconditionally rejected.







Fixed incorrect ngx_cpystrn() usage in ngx_http_*_process_header().
2012-03-15T11:27:12+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-03-15T11:27:12+00:00

eb526b7d7d9ee413b624a78373562183ececa738

This resulted in a disclosure of previously freed memory if upstream
server returned specially crafted response, potentially exposing
sensitive information.

Reported by Matthew Daley.





This resulted in a disclosure of previously freed memory if upstream
server returned specially crafted response, potentially exposing
sensitive information.

Reported by Matthew Daley.







Fixed ssi and perl interaction.
2012-03-15T11:23:07+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-03-15T11:23:07+00:00

030e235ec70868469cb6aaf01f25fc29d579e028

Embedded perl module assumes there is a space for terminating NUL character,
make sure to provide it in all situations by allocating one extra byte for
value buffer.  Default ssi_value_length is reduced accordingly to
preserve 256 byte allocations.

While here, fixed another one byte value buffer overrun possible in
ssi_quoted_symbol_state.

Reported by Matthew Daley.





Embedded perl module assumes there is a space for terminating NUL character,
make sure to provide it in all situations by allocating one extra byte for
value buffer.  Default ssi_value_length is reduced accordingly to
preserve 256 byte allocations.

While here, fixed another one byte value buffer overrun possible in
ssi_quoted_symbol_state.

Reported by Matthew Daley.







Uwsgi: merged r->http_version fixes from scgi module.
2012-03-15T11:21:54+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-03-15T11:21:54+00:00

205394e6f90c8aa2aac000e46d4b7a1eff5bbfd2

Fixed incorrect use of r->http_version (r4372).  Removed duplicate function
declaration (r4373).  Removed error if there is no Status header (r4374).





Fixed incorrect use of r->http_version (r4372).  Removed duplicate function
declaration (r4373).  Removed error if there is no Status header (r4374).







Updated OpenSSL and PCRE used for win32 builds.
2012-03-15T01:57:09+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-03-15T01:57:09+00:00

de964a9a27197f41b398b1ed18468d9cc9e44f07












Mentioned the NGINX environment variable.
2012-03-12T12:29:56+00:00

Ruslan Ermilov
ru@nginx.com

2012-03-12T12:29:56+00:00

51e926fc4fac2863d0333f4dfb82103b69c2d20c












Added scgi_temp and uwsgi_temp to svn:ignore.
2012-03-11T13:33:03+00:00

Ruslan Ermilov
ru@nginx.com

2012-03-11T13:33:03+00:00

9eff0e6508050ccf400f31760bc4880a1aabaf7c












- Applied some of the OpenBSD changes.
2012-03-06T06:54:48+00:00

Ruslan Ermilov
ru@nginx.com

2012-03-06T06:54:48+00:00

098c7b6aa6deb6c1f5112b97e76f370772a6f1e3

- Expanded contractions.
- Fixed some markup.
- Updated URL of official documentation.





- Expanded contractions.
- Fixed some markup.
- Updated URL of official documentation.







Whitespace fixes.
2012-03-05T18:09:06+00:00

Maxim Dounin
mdounin@mdounin.ru

2012-03-05T18:09:06+00:00

ee187436afcaaeef4bb8bcb65b3f5f815920761e