nginx.git/src/core, branch release-1.21.1 nginx Core: escaping of chars not allowed in URIs per RFC 3986. 2021-06-28T15:01:11+00:00 Maxim Dounin mdounin@mdounin.ru 2021-06-28T15:01:11+00:00 fee09fc49d510de0078f9bc7fc18dc179cceb62b Per RFC 3986 only the following characters are allowed in URIs unescaped: unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@" sub-delims = "!" / "$" / "&" / "'" / "(" / ")" / "*" / "+" / "," / ";" / "=" And "%" can appear as a part of escaping itself. The following characters are not allowed and need to be escaped: %00-%1F, %7F-%FF, " ", """, "<", ">", "\", "^", "`", "{", "|", "}". Not escaping ">" is known to cause problems at least with MS Exchange (see http://nginx.org/pipermail/nginx-ru/2010-January/031261.html) and in Tomcat (ticket #2191). The patch adds escaping of the following chars in all URI parts: """, "<", ">", "\", "^", "`", "{", "|", "}". Note that comments are mostly preserved to outline important characters being escaped. 
Per RFC 3986 only the following characters are allowed in URIs unescaped:

unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"
gen-delims    = ":" / "/" / "?" / "#" / "[" / "]" / "@"
sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
              / "*" / "+" / "," / ";" / "="

And "%" can appear as a part of escaping itself.  The following
characters are not allowed and need to be escaped: %00-%1F, %7F-%FF,
" ", """, "<", ">", "\", "^", "`", "{", "|", "}".

Not escaping ">" is known to cause problems at least with MS Exchange (see
http://nginx.org/pipermail/nginx-ru/2010-January/031261.html) and in
Tomcat (ticket #2191).

The patch adds escaping of the following chars in all URI parts: """, "<",
">", "\", "^", "`", "{", "|", "}".  Note that comments are mostly preserved
to outline important characters being escaped.
Core: fixed comment about escaping in arguments. 2021-06-28T15:01:09+00:00 Maxim Dounin mdounin@mdounin.ru 2021-06-28T15:01:09+00:00 31d1c34b394ee30b30084ff160133708d0d3b030 After 4954530db2af, the ";" character is escaped by ngx_escape_uri(NGX_ESCAPE_ARGS). 
After 4954530db2af, the ";" character is escaped by
ngx_escape_uri(NGX_ESCAPE_ARGS).
Core: added the ngx_rbtree_data() macro. 2021-06-21T06:42:43+00:00 Vladimir Homutov vl@nginx.com 2021-06-21T06:42:43+00:00 8b927107287094f018cc6f5addc543e79f88ec74 






Core: disabled SO_REUSEADDR on UDP sockets while testing config.
2021-05-31T13:36:51+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-05-31T13:36:51+00:00

52cde89586caa3fffc677e7665f4765f7e7b0a2d

On Linux, SO_REUSEADDR allows completely duplicate UDP sockets, so using
SO_REUSEADDR when testing configuration results in packets being dropped
if there is an existing traffic on the sockets being tested (ticket #2187).
While dropped packets are expected with UDP, it is better to avoid this
when possible.

With this change, SO_REUSEADDR is no longer set on datagram sockets when
testing configuration.





On Linux, SO_REUSEADDR allows completely duplicate UDP sockets, so using
SO_REUSEADDR when testing configuration results in packets being dropped
if there is an existing traffic on the sockets being tested (ticket #2187).
While dropped packets are expected with UDP, it is better to avoid this
when possible.

With this change, SO_REUSEADDR is no longer set on datagram sockets when
testing configuration.







Version bump.
2021-05-31T13:36:12+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-05-31T13:36:12+00:00

427cfff79b6e41b26d3b34c3018432839a272d1e












Resolver: explicit check for compression pointers in question.
2021-05-25T12:17:50+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-05-25T12:17:50+00:00

e860ecce82f1ee9cffb228d29d3ad61375b29aff

Since nginx always uses exactly one entry in the question section of
a DNS query, and never uses compression pointers in this entry, parsing
of a DNS response in ngx_resolver_process_response() does not expect
compression pointers to appear in the question section of the DNS
response.  Indeed, compression pointers in the first name of a DNS response
hardly make sense, do not seem to be allowed by RFC 1035 (which says
"a pointer to a prior occurance of the same name", note "prior"), and
were never observed in practice.

Added an explicit check to ngx_resolver_process_response()'s parsing
of the question section to properly report an error if compression pointers
nevertheless appear in the question section.





Since nginx always uses exactly one entry in the question section of
a DNS query, and never uses compression pointers in this entry, parsing
of a DNS response in ngx_resolver_process_response() does not expect
compression pointers to appear in the question section of the DNS
response.  Indeed, compression pointers in the first name of a DNS response
hardly make sense, do not seem to be allowed by RFC 1035 (which says
"a pointer to a prior occurance of the same name", note "prior"), and
were never observed in practice.

Added an explicit check to ngx_resolver_process_response()'s parsing
of the question section to properly report an error if compression pointers
nevertheless appear in the question section.







Resolver: simplified ngx_resolver_copy().
2021-05-25T12:17:45+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-05-25T12:17:45+00:00

f85d7016949b34119b5f4c53ddbfac4f199b4343

Instead of checking on each label if we need to place a dot or not,
now it always adds a dot after a label, and reduces the resulting
length afterwards.





Instead of checking on each label if we need to place a dot or not,
now it always adds a dot after a label, and reduces the resulting
length afterwards.







Resolver: reworked ngx_resolver_copy() copy loop.
2021-05-25T12:17:43+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-05-25T12:17:43+00:00

f1dd1d50e090b32a765295daea5f167f1077d706

To make the code easier to read, reworked the ngx_resolver_copy()
copy loop to match the one used to calculate length.  No functional
changes.





To make the code easier to read, reworked the ngx_resolver_copy()
copy loop to match the one used to calculate length.  No functional
changes.







Resolver: fixed label types handling in ngx_resolver_copy().
2021-05-25T12:17:41+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-05-25T12:17:41+00:00

bbd403a7ab3810fe82ecd1d6ebca9fc34d68126a

Previously, anything with any of the two high bits set were interpreted
as compression pointers.  This is incorrect, as RFC 1035 clearly states
that "The 10 and 01 combinations are reserved for future use".  Further,
the 01 combination is actually allocated for EDNS extended label type
(see RFC 2671 and RFC 6891), not really used though.

Fix is to reject unrecognized label types rather than misinterpreting
them as compression pointers.





Previously, anything with any of the two high bits set were interpreted
as compression pointers.  This is incorrect, as RFC 1035 clearly states
that "The 10 and 01 combinations are reserved for future use".  Further,
the 01 combination is actually allocated for EDNS extended label type
(see RFC 2671 and RFC 6891), not really used though.

Fix is to reject unrecognized label types rather than misinterpreting
them as compression pointers.







Resolver: fixed off-by-one read in ngx_resolver_copy().
2021-05-25T12:17:38+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-05-25T12:17:38+00:00

077a890a76fff4f071776184aed881b5f314c98a

It is believed to be harmless, and in the worst case it uses some
uninitialized memory as a part of the compression pointer length,
eventually leading to the "name is out of DNS response" error.





It is believed to be harmless, and in the worst case it uses some
uninitialized memory as a part of the compression pointer length,
eventually leading to the "name is out of DNS response" error.