nginx.git, branch release-1.27.3 nginx nginx-1.27.3-RELEASE 2024-11-26T15:55:00+00:00 Sergey Kandaurov pluknet@nginx.com 2024-11-26T11:36:52+00:00 e7bd2557458c26839da89e694067017eeb214348 






Mail: handling of LOGIN IMAP command untagged response.
2024-11-26T15:07:17+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-10-23T20:52:21+00:00

ce88b171236de50843dba2c427a8b3e42778f2ca

In particular, an untagged CAPABILITY response as described in the
interim RFC 3501 internet drafts was seen in various IMAP servers.
Previously resulted in a broken connection, now an untagged response
is proxied to client.





In particular, an untagged CAPABILITY response as described in the
interim RFC 3501 internet drafts was seen in various IMAP servers.
Previously resulted in a broken connection, now an untagged response
is proxied to client.







Realip: allowed square brackets with portless IPv6 address.
2024-11-26T14:27:07+00:00

Roman Arutyunyan
arut@nginx.com

2024-11-11T18:28:30+00:00

b2a67d261496555a46b8931935bf822ce9938294

When client address is received, IPv6 address could be specified without
square brackets and without port, as well as both with the brackets and
port.  The change allows IPv6 in square brackets and no port, which was
previously considered an error.  This format conforms to RFC 3986.

The change also affects proxy_bind and friends.





When client address is received, IPv6 address could be specified without
square brackets and without port, as well as both with the brackets and
port.  The change allows IPv6 in square brackets and no port, which was
previously considered an error.  This format conforms to RFC 3986.

The change also affects proxy_bind and friends.







QUIC: got rid of memory copy when initializing constant values.
2024-11-26T13:41:21+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-10-07T14:43:48+00:00

3f755b5a9e7145d5ce6b897d2298d5f6c544acf7












QUIC: constified nonce parameter of crypto functions.
2024-11-26T13:41:21+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-10-07T14:19:24+00:00

9a025219f661fbe2148659cad490c06d5e3283df

This follows OpenSSL and BoringSSL API, and gives a hint to compiler
that this parameter may not be modified.





This follows OpenSSL and BoringSSL API, and gives a hint to compiler
that this parameter may not be modified.







Upstream: disallow empty path in proxy_store and friends.
2024-11-25T13:37:11+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-11-21T08:35:50+00:00

a448dd52ee27ec3a550cb7d03fd27153f4799f0c

Renaming a temporary file to an empty path ("") returns NGX_ENOPATH
with a subsequent ngx_create_full_path() to create the full path.
This function skips initial bytes as part of path separator lookup,
which causes out of bounds access on short strings.

The fix is to avoid renaming a temporary file to an obviously invalid
path, as well as explicitly forbid such syntax for literal values.

Although Coverity reports about potential type underflow, it is not
actually possible because the terminating '\0' is always included.

Notably, the run-time check is sufficient enough for Win32 as well.
Other short invalid values result either in NGX_ENOENT or NGX_EEXIST
and "MoveFile() .. failed" critical log messages, which involves a
separate error handling.

Prodded by Coverity (CID 1605485).





Renaming a temporary file to an empty path ("") returns NGX_ENOPATH
with a subsequent ngx_create_full_path() to create the full path.
This function skips initial bytes as part of path separator lookup,
which causes out of bounds access on short strings.

The fix is to avoid renaming a temporary file to an obviously invalid
path, as well as explicitly forbid such syntax for literal values.

Although Coverity reports about potential type underflow, it is not
actually possible because the terminating '\0' is always included.

Notably, the run-time check is sufficient enough for Win32 as well.
Other short invalid values result either in NGX_ENOENT or NGX_EEXIST
and "MoveFile() .. failed" critical log messages, which involves a
separate error handling.

Prodded by Coverity (CID 1605485).







QUIC: prevented BIO leak in case of error.
2024-11-25T12:22:40+00:00

Roman Arutyunyan
arut@nginx.com

2024-11-22T07:38:06+00:00

0864cca4d74e215acdcab20a68e025c6e3ee9efa












SSL: a new macro to set default protocol versions.
2024-11-22T09:47:22+00:00

Sergey Kandaurov
pluknet@nginx.com

2024-11-18T09:39:13+00:00

476d6526b2e8297025c608425f4cad07b4f65990

This simplifies merging protocol values after ea15896 and ebd18ec.

Further, as outlined in ebd18ec18, for libraries preceeding TLSv1.2+
support, only meaningful versions TLSv1 and TLSv1.1 are set by default.

While here, fixed indentation.





This simplifies merging protocol values after ea15896 and ebd18ec.

Further, as outlined in ebd18ec18, for libraries preceeding TLSv1.2+
support, only meaningful versions TLSv1 and TLSv1.1 are set by default.

While here, fixed indentation.







Mp4: prevent chunk index underflow.
2024-11-21T12:08:48+00:00

Roman Arutyunyan
arut@nginx.com

2024-10-22T14:34:13+00:00

569948aa12409773f27572fca3d2c8e18c9c657f

When cropping stsc atom, it's assumed that chunk index is never 0.
Based on this assumption, start_chunk and end_chunk are calculated
by subtracting 1 from it.  If chunk index is zero, start_chunk or
end_chunk may underflow, which will later trigger
"start/end time is out mp4 stco chunks" error.  The change adds an
explicit check for zero chunk index to avoid underflow and report
a proper error.

Zero chunk index is explicitly banned in ISO/IEC 14496-12, 8.7.4
Sample To Chunk Box.  It's also implicitly banned in QuickTime File
Format specification.  Description of chunk offset table references
"Chunk 1" as the first table element.





When cropping stsc atom, it's assumed that chunk index is never 0.
Based on this assumption, start_chunk and end_chunk are calculated
by subtracting 1 from it.  If chunk index is zero, start_chunk or
end_chunk may underflow, which will later trigger
"start/end time is out mp4 stco chunks" error.  The change adds an
explicit check for zero chunk index to avoid underflow and report
a proper error.

Zero chunk index is explicitly banned in ISO/IEC 14496-12, 8.7.4
Sample To Chunk Box.  It's also implicitly banned in QuickTime File
Format specification.  Description of chunk offset table references
"Chunk 1" as the first table element.







Mp4: unordered stsc chunks error for the final chunk.
2024-11-21T12:08:48+00:00

Roman Arutyunyan
arut@nginx.com

2024-10-02T12:22:15+00:00

d1a02451c3c5767b5d0f23e138db98a9f7801335

Currently an error is triggered if any of the chunk runs in stsc are
unordered.  This however does not include the final chunk run, which
ends with trak->chunks + 1.  The previous chunk index can be larger
leading to a 32-bit overflow.  This could allow to skip the validity
check "if (start_sample > n)".  This could later lead to a large
trak->start_chunk/trak->end_chunk, which would be caught later in
ngx_http_mp4_update_stco_atom() or ngx_http_mp4_update_co64_atom().

While there are no implications of the validity check being avoided,
the change still adds a check to ensure the final chunk run is ordered,
to produce a meaningful error and avoid a potential integer overflow.





Currently an error is triggered if any of the chunk runs in stsc are
unordered.  This however does not include the final chunk run, which
ends with trak->chunks + 1.  The previous chunk index can be larger
leading to a 32-bit overflow.  This could allow to skip the validity
check "if (start_sample > n)".  This could later lead to a large
trak->start_chunk/trak->end_chunk, which would be caught later in
ngx_http_mp4_update_stco_atom() or ngx_http_mp4_update_co64_atom().

While there are no implications of the validity check being avoided,
the change still adds a check to ensure the final chunk run is ordered,
to produce a meaningful error and avoid a potential integer overflow.