nginx.git/src/http/modules/ngx_http_secure_link_module.c, branch release-1.28.2 nginx Changed complex value slots to use NGX_CONF_UNSET_PTR. 2021-05-05T23:22:03+00:00 Maxim Dounin mdounin@mdounin.ru 2021-05-05T23:22:03+00:00 4faa84085379346fa1cf322907a1f9b6a7fbd583 With this change, it is now possible to use ngx_conf_merge_ptr_value() to merge complex values. This change follows much earlier changes in ngx_conf_merge_ptr_value() and ngx_conf_set_str_array_slot() in 1452:cd586e963db0 (0.6.10) and 1701:40d004d95d88 (0.6.22), and the change in ngx_conf_set_keyval_slot() (7728:485dba3e2a01, 1.19.4). To preserve compatibility with existing 3rd party modules, both NULL and NGX_CONF_UNSET_PTR are accepted for now. 
With this change, it is now possible to use ngx_conf_merge_ptr_value()
to merge complex values.  This change follows much earlier changes in
ngx_conf_merge_ptr_value() and ngx_conf_set_str_array_slot()
in 1452:cd586e963db0 (0.6.10) and 1701:40d004d95d88 (0.6.22), and the
change in ngx_conf_set_keyval_slot() (7728:485dba3e2a01, 1.19.4).

To preserve compatibility with existing 3rd party modules, both NULL
and NGX_CONF_UNSET_PTR are accepted for now.
Secure link: fixed stack buffer overflow. 2017-08-22T18:22:59+00:00 Roman Arutyunyan arut@nginx.com 2017-08-22T18:22:59+00:00 418124e21983aa53db4d99b7fd2eb0eee7ab4be0 When secure link checksum has length of 23 or 24 bytes, decoded base64 value could occupy 17 or 18 bytes which is more than 16 bytes previously allocated for it on stack. The buffer overflow does not have any security implications since only one local variable was corrupted and this variable was not used in this case. The fix is to increase buffer size up to 18 bytes. Useless buffer size initialization is removed as well. 
When secure link checksum has length of 23 or 24 bytes, decoded base64 value
could occupy 17 or 18 bytes which is more than 16 bytes previously allocated
for it on stack.  The buffer overflow does not have any security implications
since only one local variable was corrupted and this variable was not used in
this case.

The fix is to increase buffer size up to 18 bytes.  Useless buffer size
initialization is removed as well.
Secure_link: fixed configuration inheritance. 2013-01-28T14:42:07+00:00 Ruslan Ermilov ru@nginx.com 2013-01-28T14:42:07+00:00 4b46b7fc5b09c8afeb106db3c409cb7ba948fbfa The "secure_link_secret" directive was always inherited from the outer configuration level even when "secure_link" and "secure_link_md5" were specified on the inner level. 
The "secure_link_secret" directive was always inherited from the outer
configuration level even when "secure_link" and "secure_link_md5" were
specified on the inner level.
Copyright updated. 2012-01-18T15:07:43+00:00 Maxim Konovalov maxim@nginx.com 2012-01-18T15:07:43+00:00 f8d59e33f34185c28d1d3c6625a897e214b7ca73 






fix typo
2010-09-13T12:44:43+00:00

Igor Sysoev
igor@sysoev.ru

2010-09-13T12:44:43+00:00

9a62648f7bece8e192085330a6409db7e9580ffa












discard "secure_link_expires on|off"
2010-09-06T14:19:18+00:00

Igor Sysoev
igor@sysoev.ru

2010-09-06T14:19:18+00:00

12f4da469593eaf859502a24ed2af57d006b7d6e












new ngx_http_secure_link_module with secure_link, secure_link_md5, and
2010-09-02T14:37:16+00:00

Igor Sysoev
igor@sysoev.ru

2010-09-02T14:37:16+00:00

94e9aaa8adb3405599f8591f721dd9eb9f58834a

secure_link_expires





secure_link_expires







return NULL instead of NGX_CONF_ERROR on a create conf failure
2009-06-02T16:09:44+00:00

Igor Sysoev
igor@sysoev.ru

2009-06-02T16:09:44+00:00

260c4321d71806f51d124d79cdff8e8e496a4956












allow short secure links
2008-10-21T12:33:23+00:00

Igor Sysoev
igor@sysoev.ru

2008-10-21T12:33:23+00:00

0c689b7498591163dc55db3bffb8ed2664ae1452












ngx_http_secure_link_module
2008-09-27T13:22:10+00:00

Igor Sysoev
igor@sysoev.ru

2008-09-27T13:22:10+00:00

e52991ecbe61464294afe4d40d462fa96ebe3924