nginx.git, branch release-1.17.3 nginx nginx-1.17.3-RELEASE 2019-08-13T12:45:56+00:00 Maxim Dounin mdounin@mdounin.ru 2019-08-13T12:45:56+00:00 88216c6b63758e1365d5ad27ef2314f05d507d00 






HTTP/2: limited number of PRIORITY frames.
2019-08-13T12:43:40+00:00

Ruslan Ermilov
ru@nginx.com

2019-08-13T12:43:40+00:00

5ae726912654da10a9a81b2c8436829f3e94f69f

Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams.  Fix is to limit the number of PRIORITY frames.





Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams.  Fix is to limit the number of PRIORITY frames.







HTTP/2: limited number of DATA frames.
2019-08-13T12:43:36+00:00

Ruslan Ermilov
ru@nginx.com

2019-08-13T12:43:36+00:00

a987f81dd19210bc30b62591db331e31d3d74089

Fixed excessive memory growth and CPU usage if stream windows are
manipulated in a way that results in generating many small DATA frames.
Fix is to limit the number of simultaneously allocated DATA frames.





Fixed excessive memory growth and CPU usage if stream windows are
manipulated in a way that results in generating many small DATA frames.
Fix is to limit the number of simultaneously allocated DATA frames.







HTTP/2: reject zero length headers with PROTOCOL_ERROR.
2019-08-13T12:43:32+00:00

Sergey Kandaurov
pluknet@nginx.com

2019-08-13T12:43:32+00:00

6dfbc8b1c2116f362bb871efebbf9df576738e89

Fixed uncontrolled memory growth if peer sends a stream of
headers with a 0-length header name and 0-length header value.
Fix is to reject headers with zero name length.





Fixed uncontrolled memory growth if peer sends a stream of
headers with a 0-length header name and 0-length header value.
Fix is to reject headers with zero name length.







Mail: fixed duplicate resolving.
2019-08-01T10:50:07+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-08-01T10:50:07+00:00

abe660636c93315b4acb8531b83aec8d309d2eca

When using SMTP with SSL and resolver, read events might be enabled
during address resolving, leading to duplicate ngx_mail_ssl_handshake_handler()
calls if something arrives from the client, and duplicate session
initialization - including starting another resolving.  This can lead
to a segmentation fault if the session is closed after first resolving
finished.  Fix is to block read events while resolving.

Reported by Robert Norris,
http://mailman.nginx.org/pipermail/nginx/2019-July/058204.html.





When using SMTP with SSL and resolver, read events might be enabled
during address resolving, leading to duplicate ngx_mail_ssl_handshake_handler()
calls if something arrives from the client, and duplicate session
initialization - including starting another resolving.  This can lead
to a segmentation fault if the session is closed after first resolving
finished.  Fix is to block read events while resolving.

Reported by Robert Norris,
http://mailman.nginx.org/pipermail/nginx/2019-July/058204.html.







Gzip: fixed "zero size buf" alerts after ac5a741d39cf.
2019-07-31T14:29:00+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-31T14:29:00+00:00

39c40428f93db246a9a27e7a109413fae46e195d

After ac5a741d39cf it is now possible that after zstream.avail_out
reaches 0 and we allocate additional buffer, there will be no more data
to put into this buffer, triggering "zero size buf" alert.  Fix is to
reset b->temporary flag in this case.

Additionally, an optimization added to avoid allocating additional buffer
in this case, by checking if last deflate() call returned Z_STREAM_END.
Note that checking for Z_STREAM_END by itself is not enough to fix alerts,
as deflate() can return Z_STREAM_END without producing any output if the
buffer is smaller than gzip trailer.

Reported by Witold Filipczyk,
http://mailman.nginx.org/pipermail/nginx-devel/2019-July/012469.html.





After ac5a741d39cf it is now possible that after zstream.avail_out
reaches 0 and we allocate additional buffer, there will be no more data
to put into this buffer, triggering "zero size buf" alert.  Fix is to
reset b->temporary flag in this case.

Additionally, an optimization added to avoid allocating additional buffer
in this case, by checking if last deflate() call returned Z_STREAM_END.
Note that checking for Z_STREAM_END by itself is not enough to fix alerts,
as deflate() can return Z_STREAM_END without producing any output if the
buffer is smaller than gzip trailer.

Reported by Witold Filipczyk,
http://mailman.nginx.org/pipermail/nginx-devel/2019-July/012469.html.







Version bump.
2019-07-31T14:28:41+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-31T14:28:41+00:00

6179b98ed537e2ad39eff11ee1689bf4700e59af












release-1.17.2 tag
2019-07-23T12:01:47+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-23T12:01:47+00:00

e957ae888a986290dc789d71d31299fe5463e2fb












nginx-1.17.2-RELEASE
2019-07-23T12:01:47+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-23T12:01:47+00:00

3eb7ef4e203809ebab49e0ae488890b6a901e014












Core: fixed memory leak on error, missed in c3f60d618c17.
2019-07-19T14:50:00+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-19T14:50:00+00:00

c3fd5f7e76343c899747ec58ae703540e7e9e69a

Found by Coverity (CID 1451664).





Found by Coverity (CID 1451664).