nginx.git/src/http/modules, branch release-1.15.8 nginx Autoindex: fixed possible integer overflow on 32-bit systems. 2018-12-25T09:59:24+00:00 Vladimir Homutov vl@nginx.com 2018-12-25T09:59:24+00:00 910f330ad0caa49fe901e9426ef00d95d45ba32c 






Win32: removed NGX_DIR_MASK concept.
2018-12-24T18:07:05+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-12-24T18:07:05+00:00

aa741f87273f2137d9a52080593c5fe6f1d1b0ea

Previous interface of ngx_open_dir() assumed that passed directory name
has a room for NGX_DIR_MASK at the end (NGX_DIR_MASK_LEN bytes).  While all
direct users of ngx_dir_open() followed this interface, this also implied
similar requirements for indirect uses - in particular, via ngx_walk_tree().

Currently none of ngx_walk_tree() uses provides appropriate space, and
fixing this does not look like a right way to go.  Instead, ngx_dir_open()
interface was changed to not require any additional space and use
appropriate allocations instead.





Previous interface of ngx_open_dir() assumed that passed directory name
has a room for NGX_DIR_MASK at the end (NGX_DIR_MASK_LEN bytes).  While all
direct users of ngx_dir_open() followed this interface, this also implied
similar requirements for indirect uses - in particular, via ngx_walk_tree().

Currently none of ngx_walk_tree() uses provides appropriate space, and
fixing this does not look like a right way to go.  Instead, ngx_dir_open()
interface was changed to not require any additional space and use
appropriate allocations instead.







Userid: using stub for AF_UNIX addresses.
2018-12-24T16:55:00+00:00

Sergey Kandaurov
pluknet@nginx.com

2018-12-24T16:55:00+00:00

499bb2655ee16e4659d571b413b1ea54fd19dcd1

Previously, AF_UNIX addresses misbehaved as AF_INET, which typically resulted
in $uid_set composed from the middle of sun_path.





Previously, AF_UNIX addresses misbehaved as AF_INET, which typically resulted
in $uid_set composed from the middle of sun_path.







Geo: fixed handling of AF_UNIX client addresses (ticket #1684).
2018-12-14T15:11:06+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-12-14T15:11:06+00:00

ce4a23d144762cfa27c0e4b13f74cada2f7486a8

Previously, AF_UNIX client addresses were handled as AF_INET, leading
to unexpected results.





Previously, AF_UNIX client addresses were handled as AF_INET, leading
to unexpected results.







Mp4: fixed possible pointer overflow on 32-bit platforms.
2018-11-21T17:23:16+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-11-21T17:23:16+00:00

f5708e66c7187c2489a7d0b39918f6d0fe4c6645

On 32-bit platforms mp4->buffer_pos might overflow when a large
enough (close to 4 gigabytes) atom is being skipped, resulting in
incorrect memory addesses being read further in the code.  In most
cases this results in harmless errors being logged, though may also
result in a segmentation fault if hitting unmapped pages.

To address this, ngx_mp4_atom_next() now only increments mp4->buffer_pos
up to mp4->buffer_end.  This ensures that overflow cannot happen.





On 32-bit platforms mp4->buffer_pos might overflow when a large
enough (close to 4 gigabytes) atom is being skipped, resulting in
incorrect memory addesses being read further in the code.  In most
cases this results in harmless errors being logged, though may also
result in a segmentation fault if hitting unmapped pages.

To address this, ngx_mp4_atom_next() now only increments mp4->buffer_pos
up to mp4->buffer_end.  This ensures that overflow cannot happen.







Limit req: "delay=" parameter.
2018-11-21T15:56:50+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-11-21T15:56:50+00:00

aedc37fb3e7fb4550c17c4ec7aed3d33c73aab43

This parameter specifies an additional "soft" burst limit at which requests
become delayed (but not yet rejected as it happens if "burst=" limit is
exceeded).  Defaults to 0, i.e., all excess requests are delayed.

Originally inspired by Vladislav Shabanov
(http://mailman.nginx.org/pipermail/nginx-devel/2016-April/008126.html).
Further improved based on a patch by Peter Shchuchkin
(http://mailman.nginx.org/pipermail/nginx-devel/2018-October/011522.html).





This parameter specifies an additional "soft" burst limit at which requests
become delayed (but not yet rejected as it happens if "burst=" limit is
exceeded).  Defaults to 0, i.e., all excess requests are delayed.

Originally inspired by Vladislav Shabanov
(http://mailman.nginx.org/pipermail/nginx-devel/2016-April/008126.html).
Further improved based on a patch by Peter Shchuchkin
(http://mailman.nginx.org/pipermail/nginx-devel/2018-October/011522.html).







Limit req: fixed error message wording.
2018-11-21T15:56:44+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-11-21T15:56:44+00:00

56dffac3e3a47b4809a1c8007ddd5beb1ca36239












gRPC: limited allocations due to ping and settings frames.
2018-11-06T13:29:59+00:00

Maxim Dounin
mdounin@mdounin.ru

2018-11-06T13:29:59+00:00

42043b4ef7e60eabed114164f36c1d2314faef1a












Mp4: fixed reading 64-bit atoms.
2018-11-06T13:29:18+00:00

Roman Arutyunyan
arut@nginx.com

2018-11-06T13:29:18+00:00

9cd9526ba68a3dcfc763a3f7693ccb4f48e855fb

Previously there was no validation for the size of a 64-bit atom
in an mp4 file.  This could lead to a CPU hog when the size is 0,
or various other problems due to integer underflow when calculating
atom data size, including segmentation fault or worker process
memory disclosure.





Previously there was no validation for the size of a 64-bit atom
in an mp4 file.  This could lead to a CPU hog when the size is 0,
or various other problems due to integer underflow when calculating
atom data size, including segmentation fault or worker process
memory disclosure.







Upstream: proxy_socket_keepalive and friends.
2018-10-03T11:08:51+00:00

Vladimir Homutov
vl@nginx.com

2018-10-03T11:08:51+00:00

1305b8414d22610b0820f6df5841418bf98fc370

The directives enable the use of the SO_KEEPALIVE option on
upstream connections.  By default, the value is left unchanged.





The directives enable the use of the SO_KEEPALIVE option on
upstream connections.  By default, the value is left unchanged.