nginx.git/src/core, branch release-1.13.7 nginx Core: free shared memory zones only after reconfiguration. 2017-10-17T16:52:16+00:00 Maxim Dounin mdounin@mdounin.ru 2017-10-17T16:52:16+00:00 9cb9ce78b1d81ccdbcd123ccc3dab295b836a174 This is what usually happens for zones no longer used in the new configuration, but zones where size or tag were changed were freed when creating new memory zones. If reconfiguration failed (for example, due to a conflicting listening socket), this resulted in a segmentation fault in the master process. Reported by Zhihua Cao, http://mailman.nginx.org/pipermail/nginx-devel/2017-October/010536.html. 
This is what usually happens for zones no longer used in the new
configuration, but zones where size or tag were changed were freed
when creating new memory zones.  If reconfiguration failed (for
example, due to a conflicting listening socket), this resulted in a
segmentation fault in the master process.

Reported by Zhihua Cao,
http://mailman.nginx.org/pipermail/nginx-devel/2017-October/010536.html.
Fixed type of ngx_conf_t.handler_conf. 2017-10-12T21:32:26+00:00 Ruslan Ermilov ru@nginx.com 2017-10-12T21:32:26+00:00 77c7875a7b18ccca1ebae1757b9246c9b3b55bf9 The type should have been changed in c9b243802a17 along with changing ngx_conf_handler_pt. 
The type should have been changed in c9b243802a17 along with
changing ngx_conf_handler_pt.
Version bump. 2017-10-11T19:04:11+00:00 Ruslan Ermilov ru@nginx.com 2017-10-11T19:04:11+00:00 211d20a23021a3d45608c6075a92c73319715620 






Fixed build without IPv6, broken by 874171c3c71a.
2017-10-05T13:50:35+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-10-05T13:50:35+00:00

3a2ca34548ab5d260d9d3de710ff652cf00cc0f5












Fixed handling of non-null-terminated unix sockets.
2017-10-04T18:19:38+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-10-04T18:19:38+00:00

cba23f88ec6740b7f8d6a1383254708a91d37625

At least FreeBSD, macOS, NetBSD, and OpenBSD can return unix sockets
with non-null-terminated sun_path.  Additionally, the address may become
non-null-terminated if it does not fit into the buffer provided and was
truncated (may happen on macOS, NetBSD, and Solaris, which allow unix socket
addresess larger than struct sockaddr_un).  As such, ngx_sock_ntop() might
overread the sockaddr provided, as it used "%s" format and thus assumed
null-terminated string.

To fix this, the ngx_strnlen() function was introduced, and it is now used
to calculate correct length of sun_path.





At least FreeBSD, macOS, NetBSD, and OpenBSD can return unix sockets
with non-null-terminated sun_path.  Additionally, the address may become
non-null-terminated if it does not fit into the buffer provided and was
truncated (may happen on macOS, NetBSD, and Solaris, which allow unix socket
addresess larger than struct sockaddr_un).  As such, ngx_sock_ntop() might
overread the sockaddr provided, as it used "%s" format and thus assumed
null-terminated string.

To fix this, the ngx_strnlen() function was introduced, and it is now used
to calculate correct length of sun_path.







Fixed buffer overread with unix sockets after accept().
2017-10-04T18:19:33+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-10-04T18:19:33+00:00

2e1e65a5c0a9f8ba5b7b3ce848176482ba4da654

Some OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses
larger than struct sockaddr_un.  Moreover, some of them (macOS, Solaris)
return socklen of the socket address before it was truncated to fit the
buffer provided.  As such, on these systems socklen must not be used without
additional check that it is within the buffer provided.

Appropriate checks added to ngx_event_accept() (after accept()),
ngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets()
(after getsockname()).

We also obtain socket addresses via getsockname() in
ngx_connection_local_sockaddr(), but it does not need any checks as
it is only used for INET and INET6 sockets (as there can be no
wildcard unix sockets).





Some OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses
larger than struct sockaddr_un.  Moreover, some of them (macOS, Solaris)
return socklen of the socket address before it was truncated to fit the
buffer provided.  As such, on these systems socklen must not be used without
additional check that it is within the buffer provided.

Appropriate checks added to ngx_event_accept() (after accept()),
ngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets()
(after getsockname()).

We also obtain socket addresses via getsockname() in
ngx_connection_local_sockaddr(), but it does not need any checks as
it is only used for INET and INET6 sockets (as there can be no
wildcard unix sockets).







Fixed the NGX_UNIX_ADDRSTRLEN macro.
2017-09-25T12:19:24+00:00

Ruslan Ermilov
ru@nginx.com

2017-09-25T12:19:24+00:00

316a34951ab3a2528a97cde1b0a5d095480152a5












Introduced time truncation to December 31, 9999 (ticket #1368).
2017-09-13T12:53:19+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-09-13T12:53:19+00:00

b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b

Various buffers are allocated in an assumption that there would be
no more than 4 year digits.  This might not be true on platforms
with 64-bit time_t, as 64-bit time_t is able to represent more than that.
Such dates with more than 4 year digits hardly make sense though, as
various date formats in use do not allow them anyway.

As such, all dates are now truncated by ngx_gmtime() to December 31, 9999.
This should have no effect on valid dates, though will prevent potential
buffer overflows on invalid ones.





Various buffers are allocated in an assumption that there would be
no more than 4 year digits.  This might not be true on platforms
with 64-bit time_t, as 64-bit time_t is able to represent more than that.
Such dates with more than 4 year digits hardly make sense though, as
various date formats in use do not allow them anyway.

As such, all dates are now truncated by ngx_gmtime() to December 31, 9999.
This should have no effect on valid dates, though will prevent potential
buffer overflows on invalid ones.







Fixed ngx_gmtime() on 32-bit platforms with 64-bit time_t.
2017-09-13T12:52:01+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-09-13T12:52:01+00:00

0206ebe76f748bb39d9de4dd4b3fce777fdfdccf

In ngx_gmtime(), instead of casting to ngx_uint_t we now work with
time_t directly.  This allows using dates after 2038 on 32-bit platforms
which use 64-bit time_t, notably NetBSD and OpenBSD.

As the code is not able to work with negative time_t values, argument
is now set to 0 for negative values.  As a positive side effect, this
results in Epoch being used for such values instead of a date in distant
future.





In ngx_gmtime(), instead of casting to ngx_uint_t we now work with
time_t directly.  This allows using dates after 2038 on 32-bit platforms
which use 64-bit time_t, notably NetBSD and OpenBSD.

As the code is not able to work with negative time_t values, argument
is now set to 0 for negative values.  As a positive side effect, this
results in Epoch being used for such values instead of a date in distant
future.







Fixed reference to time parsing code after 8b6fa4842133.
2017-09-13T12:51:58+00:00

Maxim Dounin
mdounin@mdounin.ru

2017-09-13T12:51:58+00:00

53bea399a006054350e9068b3a23f3dea89b1c0e