nginx.git, branch release-1.17.4 nginx nginx-1.17.4-RELEASE 2019-09-24T15:08:48+00:00 Maxim Dounin mdounin@mdounin.ru 2019-09-24T15:08:48+00:00 88d2cb8a22f6a6e80bcf27399d774224a4f3497d 






Updated OpenSSL used for win32 builds.
2019-09-24T13:30:03+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-09-24T13:30:03+00:00

2079d3c2b27c5fd3eb1c7ba8489ad289d6fe391c












HTTP/2: fixed worker_shutdown_timeout.
2019-09-23T12:45:36+00:00

Ruslan Ermilov
ru@nginx.com

2019-09-23T12:45:36+00:00

6052881a987fc5cd39c8666a9b39ddfeadc895ee












HTTP/2: fixed possible alert about left open socket on shutdown.
2019-09-23T12:45:32+00:00

Ruslan Ermilov
ru@nginx.com

2019-09-23T12:45:32+00:00

f878492af35224a4ade84f6f6c15aca2892d3821

This could happen when graceful shutdown configured by worker_shutdown_timeout
times out and is then followed by another timeout such as proxy_read_timeout.
In this case, the HEADERS frame is added to the output queue, but attempt to
send it fails (due to c->error forcibly set during graceful shutdown timeout).
This triggers request finalization which attempts to close the stream.  But the
stream cannot be closed because there is a frame in the output queue, and the
connection cannot be finalized.  This leaves the connection open without any
timer events leading to alert.

The fix is to post write event when sending output queue fails on c->error.
That will finalize the connection.





This could happen when graceful shutdown configured by worker_shutdown_timeout
times out and is then followed by another timeout such as proxy_read_timeout.
In this case, the HEADERS frame is added to the output queue, but attempt to
send it fails (due to c->error forcibly set during graceful shutdown timeout).
This triggers request finalization which attempts to close the stream.  But the
stream cannot be closed because there is a frame in the output queue, and the
connection cannot be finalized.  This leaves the connection open without any
timer events leading to alert.

The fix is to post write event when sending output queue fails on c->error.
That will finalize the connection.







HTTP/2: traffic-based flood detection.
2019-09-18T17:28:12+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-09-18T17:28:12+00:00

af0e284b967d0ecff1abcdce6558ed4635e3e757

With this patch, all traffic over an HTTP/2 connection is counted in
the h2c->total_bytes field, and payload traffic is counted in
the h2c->payload_bytes field.  As long as total traffic is many times
larger than payload traffic, we consider this to be a flood.





With this patch, all traffic over an HTTP/2 connection is counted in
the h2c->total_bytes field, and payload traffic is counted in
the h2c->payload_bytes field.  As long as total traffic is many times
larger than payload traffic, we consider this to be a flood.







HTTP/2: switched back to RST_STREAM with NO_ERROR.
2019-09-18T17:28:09+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-09-18T17:28:09+00:00

4d4201fafd46bb97c29a9c86733331d8e7479f54

In 8df664ebe037, we've switched to maximizing stream window instead
of sending RST_STREAM.  Since then handling of RST_STREAM with NO_ERROR
was fixed at least in Chrome, hence we switch back to using RST_STREAM.

This allows more effective rejecting of large bodies, and also minimizes
non-payload traffic to be accounted in the next patch.





In 8df664ebe037, we've switched to maximizing stream window instead
of sending RST_STREAM.  Since then handling of RST_STREAM with NO_ERROR
was fixed at least in Chrome, hence we switch back to using RST_STREAM.

This allows more effective rejecting of large bodies, and also minimizes
non-payload traffic to be accounted in the next patch.







SSL: fixed ssl_verify_client error message.
2019-09-16T16:26:42+00:00

Sergey Kandaurov
pluknet@nginx.com

2019-09-16T16:26:42+00:00

555dc61b543bb1fbc50f45b58a422f519d7065ce












Resolver: fixed possible use-after-free while resolving PTR.
2019-09-10T12:42:34+00:00

Sergey Kandaurov
pluknet@nginx.com

2019-09-10T12:42:34+00:00

4cd1dd28ddd91a15720febc491917da5ba16dbe6

Previously, if a response to the PTR request was cached, and ngx_resolver_dup()
failed to allocate memory for the resulting name, then the original node was
freed but left in expire_queue.  A subsequent address resolving would end up
in a use-after-free memory access of the node either in ngx_resolver_expire()
or ngx_resolver_process_ptr(), when accessing it through expire_queue.

The fix is to leave the resolver node intact.





Previously, if a response to the PTR request was cached, and ngx_resolver_dup()
failed to allocate memory for the resulting name, then the original node was
freed but left in expire_queue.  A subsequent address resolving would end up
in a use-after-free memory access of the node either in ngx_resolver_expire()
or ngx_resolver_process_ptr(), when accessing it through expire_queue.

The fix is to leave the resolver node intact.







HTTP/2: close connection on zero WINDOW_UPDATE.
2019-09-10T12:33:38+00:00

Ruslan Ermilov
ru@nginx.com

2019-09-10T12:33:38+00:00

c3f8098712d16e17a6577e203a8c0dc76331a1ee

Don't waste server resources by sending RST_STREAM frames.  Instead,
reject WINDOW_UPDATE frames with invalid zero increment by closing
connection with PROTOCOL_ERROR.





Don't waste server resources by sending RST_STREAM frames.  Instead,
reject WINDOW_UPDATE frames with invalid zero increment by closing
connection with PROTOCOL_ERROR.







HTTP/2: close connection on frames with self-dependency.
2019-09-10T12:33:37+00:00

Ruslan Ermilov
ru@nginx.com

2019-09-10T12:33:37+00:00

456e213904f36765fb638895a1530996cea28954

Don't waste server resources by sending RST_STREAM frames.  Instead,
reject HEADERS and PRIORITY frames with self-dependency by closing
connection with PROTOCOL_ERROR.





Don't waste server resources by sending RST_STREAM frames.  Instead,
reject HEADERS and PRIORITY frames with self-dependency by closing
connection with PROTOCOL_ERROR.