nginx.git/src/http/modules, branch release-1.15.7 nginx Mp4: fixed possible pointer overflow on 32-bit platforms. 2018-11-21T17:23:16+00:00 Maxim Dounin mdounin@mdounin.ru 2018-11-21T17:23:16+00:00 f5708e66c7187c2489a7d0b39918f6d0fe4c6645 On 32-bit platforms mp4->buffer_pos might overflow when a large enough (close to 4 gigabytes) atom is being skipped, resulting in incorrect memory addesses being read further in the code. In most cases this results in harmless errors being logged, though may also result in a segmentation fault if hitting unmapped pages. To address this, ngx_mp4_atom_next() now only increments mp4->buffer_pos up to mp4->buffer_end. This ensures that overflow cannot happen. 
On 32-bit platforms mp4->buffer_pos might overflow when a large
enough (close to 4 gigabytes) atom is being skipped, resulting in
incorrect memory addesses being read further in the code.  In most
cases this results in harmless errors being logged, though may also
result in a segmentation fault if hitting unmapped pages.

To address this, ngx_mp4_atom_next() now only increments mp4->buffer_pos
up to mp4->buffer_end.  This ensures that overflow cannot happen.
Limit req: "delay=" parameter. 2018-11-21T15:56:50+00:00 Maxim Dounin mdounin@mdounin.ru 2018-11-21T15:56:50+00:00 aedc37fb3e7fb4550c17c4ec7aed3d33c73aab43 This parameter specifies an additional "soft" burst limit at which requests become delayed (but not yet rejected as it happens if "burst=" limit is exceeded). Defaults to 0, i.e., all excess requests are delayed. Originally inspired by Vladislav Shabanov (http://mailman.nginx.org/pipermail/nginx-devel/2016-April/008126.html). Further improved based on a patch by Peter Shchuchkin (http://mailman.nginx.org/pipermail/nginx-devel/2018-October/011522.html). 
This parameter specifies an additional "soft" burst limit at which requests
become delayed (but not yet rejected as it happens if "burst=" limit is
exceeded).  Defaults to 0, i.e., all excess requests are delayed.

Originally inspired by Vladislav Shabanov
(http://mailman.nginx.org/pipermail/nginx-devel/2016-April/008126.html).
Further improved based on a patch by Peter Shchuchkin
(http://mailman.nginx.org/pipermail/nginx-devel/2018-October/011522.html).
Limit req: fixed error message wording. 2018-11-21T15:56:44+00:00 Maxim Dounin mdounin@mdounin.ru 2018-11-21T15:56:44+00:00 56dffac3e3a47b4809a1c8007ddd5beb1ca36239 






gRPC: limited allocations due to ping and settings frames.
2018-11-06T13:29:59+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-11-06T13:29:59+00:00

42043b4ef7e60eabed114164f36c1d2314faef1a












Mp4: fixed reading 64-bit atoms.
2018-11-06T13:29:18+00:00

Roman Arutyunyan
arut@nginx.com

2018-11-06T13:29:18+00:00

9cd9526ba68a3dcfc763a3f7693ccb4f48e855fb

Previously there was no validation for the size of a 64-bit atom
in an mp4 file.  This could lead to a CPU hog when the size is 0,
or various other problems due to integer underflow when calculating
atom data size, including segmentation fault or worker process
memory disclosure.





Previously there was no validation for the size of a 64-bit atom
in an mp4 file.  This could lead to a CPU hog when the size is 0,
or various other problems due to integer underflow when calculating
atom data size, including segmentation fault or worker process
memory disclosure.







Upstream: proxy_socket_keepalive and friends.
2018-10-03T11:08:51+00:00

Vladimir Homutov
vl@nginx.com

2018-10-03T11:08:51+00:00

1305b8414d22610b0820f6df5841418bf98fc370

The directives enable the use of the SO_KEEPALIVE option on
upstream connections.  By default, the value is left unchanged.





The directives enable the use of the SO_KEEPALIVE option on
upstream connections.  By default, the value is left unchanged.







Removed bgcolor attribute on body in error pages and autoindex.
2018-09-19T14:26:47+00:00

Nova DasSarma
nova@novalinium.com

2018-09-19T14:26:47+00:00

8117b3f5a06b68afb292ddd19bf6ee6000707232

The bgcolor attribute overrides compatibility settings in browsers
and leads to undesirable behavior when the default font color is set
to white in the browser, since font-color is not also overridden.





The bgcolor attribute overrides compatibility settings in browsers
and leads to undesirable behavior when the default font color is set
to white in the browser, since font-color is not also overridden.







Rewrite: removed r->err_status special handling (ticket #1634).
2018-09-21T12:59:33+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-09-21T12:59:33+00:00

a834b8aa09205922bf11c005b3c737b267be12bb

Trying to look into r->err_status in the "return" directive
makes it behave differently than real errors generated in other
parts of the code, and is an endless source of various problems.
This behaviour was introduced in 726:7b71936d5299 (0.4.4) with
the comment "fix: "return" always overrode "error_page" response code".
It is not clear if there were any real cases this was expected to fix,
but there are several cases which are broken due to this change, some
previously fixed (4147:7f64de1cc2c0).

In ticket #1634, the problem is that when r->err_status is set to
a non-special status code, it is not possible to return a response
by simply returning r->err_status.  If this is the case, the only
option is to return script's e->status instead.  An example
configuration:

    location / {
        error_page 404 =200 /err502;
        return 404;
    }

    location = /err502 {
        return 502;
    }

After the change, such a configuration will properly return
standard 502 error, much like it happens when a 502 error is
generated by proxy_pass.

This also fixes the following configuration to properly close
connection as clearly requested by "return 444":

    location / {
        error_page 404 /close;
        return 404;
    }

    location = /close {
        return 444;
    }

Previously, this required "error_page 404 = /close;" to work
as intended.





Trying to look into r->err_status in the "return" directive
makes it behave differently than real errors generated in other
parts of the code, and is an endless source of various problems.
This behaviour was introduced in 726:7b71936d5299 (0.4.4) with
the comment "fix: "return" always overrode "error_page" response code".
It is not clear if there were any real cases this was expected to fix,
but there are several cases which are broken due to this change, some
previously fixed (4147:7f64de1cc2c0).

In ticket #1634, the problem is that when r->err_status is set to
a non-special status code, it is not possible to return a response
by simply returning r->err_status.  If this is the case, the only
option is to return script's e->status instead.  An example
configuration:

    location / {
        error_page 404 =200 /err502;
        return 404;
    }

    location = /err502 {
        return 502;
    }

After the change, such a configuration will properly return
standard 502 error, much like it happens when a 502 error is
generated by proxy_pass.

This also fixes the following configuration to properly close
connection as clearly requested by "return 444":

    location / {
        error_page 404 /close;
        return 404;
    }

    location = /close {
        return 444;
    }

Previously, this required "error_page 404 = /close;" to work
as intended.







gRPC: disabled keepalive when sending control frames was blocked.
2018-09-03T16:34:02+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-09-03T16:34:02+00:00

07dbfd00fff456d05007cc1f35bd5a5b1349ef08

If sending request body was not completed (u->request_body_sent is not set),
the upstream keepalive module won't save such a connection.  However, it
is theoretically possible (though highly unlikely) that sending of some
control frames can be blocked after the request body was sent.  The
ctx->output_blocked flag introduced to disable keepalive in such cases.





If sending request body was not completed (u->request_body_sent is not set),
the upstream keepalive module won't save such a connection.  However, it
is theoretically possible (though highly unlikely) that sending of some
control frames can be blocked after the request body was sent.  The
ctx->output_blocked flag introduced to disable keepalive in such cases.







gRPC: improved keepalive handling.
2018-09-03T16:34:01+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-09-03T16:34:01+00:00

71e152debe7389574967639114dfa7a7107fec8d

The code is now able to parse additional control frames after
the response is received, and can send control frames as well.
This fixes keepalive problems as observed with grpc-c, which can
send window update and ping frames after the response, see
http://mailman.nginx.org/pipermail/nginx/2018-August/056620.html.





The code is now able to parse additional control frames after
the response is received, and can send control frames as well.
This fixes keepalive problems as observed with grpc-c, which can
send window update and ping frames after the response, see
http://mailman.nginx.org/pipermail/nginx/2018-August/056620.html.