nginx.git/src/core/ngx_hash.c, branch release-1.28.3 nginx Core: removed unnecessary restriction in hash initialization. 2021-08-19T17:51:27+00:00 Alexey Radkov alexey.radkov@gmail.com 2021-08-19T17:51:27+00:00 3253b346fb8b067d68a79ae72e08a376f234b0b3 Hash initialization ignores elements with key.data set to NULL. Nevertheless, the initial hash bucket size check didn't skip them, resulting in unnecessary restrictions on, for example, variables with long names and with the NGX_HTTP_VARIABLE_NOHASH flag. Fix is to update the initial hash bucket size check to skip elements with key.data set to NULL, similarly to how it is done in other parts of the code. 
Hash initialization ignores elements with key.data set to NULL.
Nevertheless, the initial hash bucket size check didn't skip them,
resulting in unnecessary restrictions on, for example, variables with
long names and with the NGX_HTTP_VARIABLE_NOHASH flag.

Fix is to update the initial hash bucket size check to skip elements
with key.data set to NULL, similarly to how it is done in other parts
of the code.
Core: fixed memory leak on error, missed in c3f60d618c17. 2019-07-19T14:50:00+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-19T14:50:00+00:00 c3fd5f7e76343c899747ec58ae703540e7e9e69a Found by Coverity (CID 1451664). 
Found by Coverity (CID 1451664).
Core: fixed segfault with too large bucket sizes (ticket #1806). 2019-07-18T15:27:44+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:44+00:00 551640703a502a252b24c84d1b9e6541ee88de34 To save memory hash code uses u_short to store resulting bucket sizes, so maximum bucket size is limited to 65536 minus ngx_cacheline_size (larger values will be aligned to 65536 which will overflow u_short). However, there were no checks to enforce this, and using larger bucket sizes resulted in overflows and segmentation faults. Appropriate safety checks to enforce this added to ngx_hash_init(). 
To save memory hash code uses u_short to store resulting bucket sizes,
so maximum bucket size is limited to 65536 minus ngx_cacheline_size (larger
values will be aligned to 65536 which will overflow u_short).  However,
there were no checks to enforce this, and using larger bucket sizes
resulted in overflows and segmentation faults.

Appropriate safety checks to enforce this added to ngx_hash_init().
Style. 2016-10-14T16:48:26+00:00 Maxim Dounin mdounin@mdounin.ru 2016-10-14T16:48:26+00:00 71841601d2e98e875512bf626e04866fceb4c04c 






Core: fixed segfault with null in wildcard hash names.
2015-09-11T14:04:40+00:00

Maxim Dounin
mdounin@mdounin.ru

2015-09-11T14:04:40+00:00

2c9691431229bfe33e81c5a03a70792548b28e22

A configuration like

    server { server_name .foo^@; }
    server { server_name .foo; }

resulted in a segmentation fault during construction of server names hash.

Reported by Markus Linnala.
Found with afl-fuzz.





A configuration like

    server { server_name .foo^@; }
    server { server_name .foo; }

resulted in a segmentation fault during construction of server names hash.

Reported by Markus Linnala.
Found with afl-fuzz.







Core: fixed potential division by zero when initializing hash.
2015-08-13T13:27:17+00:00

Sergey Kandaurov
pluknet@nginx.com

2015-08-13T13:27:17+00:00

b7da4f5962d617e59f9dda3c953424df9df57d69

Found by Clang Static Analyzer.





Found by Clang Static Analyzer.







Core: fixed style in the error message.
2015-08-13T13:27:13+00:00

Sergey Kandaurov
pluknet@nginx.com

2015-08-13T13:27:13+00:00

e161b6a46f14a5eaf0e25cf1525114bc03aa2eab












Core: fixed potential buffer overrun when initializing hash.
2015-02-24T15:37:14+00:00

Maxim Dounin
mdounin@mdounin.ru

2015-02-24T15:37:14+00:00

7dd799357d7fd853b488b52ae17f9d0ee3142941

Initial size as calculated from the number of elements may be bigger
than max_size.  If this happens, make sure to set size to max_size.

Reported by Chris West.





Initial size as calculated from the number of elements may be bigger
than max_size.  If this happens, make sure to set size to max_size.

Reported by Chris West.







Core: fixed buffer overrun when hash max_size reached.
2014-10-02T19:00:17+00:00

Yichun Zhang
agentzh@gmail.com

2014-10-02T19:00:17+00:00

52e4dc2f74fd032dace01acbe5eb29ddf7c1ad96












Core: fixed hash to actually try max_size.
2014-03-31T17:40:35+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-03-31T17:40:35+00:00

8877284863950c2a51d5b076a781437b81cd41e1

Previously, maximum size of a hash table built was (max_size - 1).





Previously, maximum size of a hash table built was (max_size - 1).