nginx.git/src/http/modules, branch release-1.17.4 nginx SSL: fixed ssl_verify_client error message. 2019-09-16T16:26:42+00:00 Sergey Kandaurov pluknet@nginx.com 2019-09-16T16:26:42+00:00 555dc61b543bb1fbc50f45b58a422f519d7065ce 






Gzip: fixed "zero size buf" alerts after ac5a741d39cf.
2019-07-31T14:29:00+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-31T14:29:00+00:00

39c40428f93db246a9a27e7a109413fae46e195d

After ac5a741d39cf it is now possible that after zstream.avail_out
reaches 0 and we allocate additional buffer, there will be no more data
to put into this buffer, triggering "zero size buf" alert.  Fix is to
reset b->temporary flag in this case.

Additionally, an optimization added to avoid allocating additional buffer
in this case, by checking if last deflate() call returned Z_STREAM_END.
Note that checking for Z_STREAM_END by itself is not enough to fix alerts,
as deflate() can return Z_STREAM_END without producing any output if the
buffer is smaller than gzip trailer.

Reported by Witold Filipczyk,
http://mailman.nginx.org/pipermail/nginx-devel/2019-July/012469.html.





After ac5a741d39cf it is now possible that after zstream.avail_out
reaches 0 and we allocate additional buffer, there will be no more data
to put into this buffer, triggering "zero size buf" alert.  Fix is to
reset b->temporary flag in this case.

Additionally, an optimization added to avoid allocating additional buffer
in this case, by checking if last deflate() call returned Z_STREAM_END.
Note that checking for Z_STREAM_END by itself is not enough to fix alerts,
as deflate() can return Z_STREAM_END without producing any output if the
buffer is smaller than gzip trailer.

Reported by Witold Filipczyk,
http://mailman.nginx.org/pipermail/nginx-devel/2019-July/012469.html.







Xslt: fixed potential buffer overflow with null character.
2019-07-18T15:27:54+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-18T15:27:54+00:00

2187586207e1465d289ae64cedc829719a048a39

Due to shortcomings of the ccv->zero flag implementation in complex value
interface, length of the resulting string from ngx_http_complex_value()
might either not include terminating null character or include it,
so the only safe way to work with the result is to use it as a
null-terminated string.

Reported by Patrick Wollgast.





Due to shortcomings of the ccv->zero flag implementation in complex value
interface, length of the resulting string from ngx_http_complex_value()
might either not include terminating null character or include it,
so the only safe way to work with the result is to use it as a
null-terminated string.

Reported by Patrick Wollgast.







SSI: avoid potential buffer overflow.
2019-07-18T15:27:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-18T15:27:53+00:00

ad42d70fed67c1e7098055fb25721ab904db2389

When "-" follows a parameter of maximum length, a single byte buffer
overflow happens, since the error branch does not check parameter length.
Fix is to avoid saving "-" to the parameter key, and instead use an error
message with "-" explicitly written.  The message is mostly identical to
one used in similar cases in the preequal state.

Reported by Patrick Wollgast.





When "-" follows a parameter of maximum length, a single byte buffer
overflow happens, since the error branch does not check parameter length.
Fix is to avoid saving "-" to the parameter key, and instead use an error
message with "-" explicitly written.  The message is mostly identical to
one used in similar cases in the preequal state.

Reported by Patrick Wollgast.







Perl: removed unused variable, forgotten in 975d7ab37b39.
2019-07-17T14:00:57+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-17T14:00:57+00:00

676d1a0e947c8f39e2606997a3628ec6bdea177d












Gzip: use zlib to write header and trailer.
2019-07-12T10:43:08+00:00

Ilya Leoshkevich
iii@linux.ibm.com

2019-07-12T10:43:08+00:00

cfa1316368dcc6dc1aa82e3d0b67ec0d1cf7eebb

When nginx is used with zlib patched with [1], which provides
integration with the future IBM Z hardware deflate acceleration, it ends
up computing CRC32 twice: one time in hardware, which always does this,
and one time in software by explicitly calling crc32().

crc32() calls were added in changesets 133:b27548f540ad ("nginx-0.0.1-
2003-09-24-23:51:12 import") and 134:d57c6835225c ("nginx-0.0.1-
2003-09-26-09:45:21 import") as part of gzip wrapping feature - back
then zlib did not support it.

However, since then gzip wrapping was implemented in zlib v1.2.0.4,
and it's already being used by nginx for log compression.

This patch replaces hand-written gzip wrapping with the one provided by
zlib. It simplifies the code, and makes it avoid computing CRC32 twice
when using hardware acceleration.

[1] https://github.com/madler/zlib/pull/410





When nginx is used with zlib patched with [1], which provides
integration with the future IBM Z hardware deflate acceleration, it ends
up computing CRC32 twice: one time in hardware, which always does this,
and one time in software by explicitly calling crc32().

crc32() calls were added in changesets 133:b27548f540ad ("nginx-0.0.1-
2003-09-24-23:51:12 import") and 134:d57c6835225c ("nginx-0.0.1-
2003-09-26-09:45:21 import") as part of gzip wrapping feature - back
then zlib did not support it.

However, since then gzip wrapping was implemented in zlib v1.2.0.4,
and it's already being used by nginx for log compression.

This patch replaces hand-written gzip wrapping with the one provided by
zlib. It simplifies the code, and makes it avoid computing CRC32 twice
when using hardware acceleration.

[1] https://github.com/madler/zlib/pull/410







Perl: named locations in $r->internal_redirect().
2019-07-12T12:39:28+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-12T12:39:28+00:00

29fea7d9ec7b18d9f3c2e77bddd873dafbd10842












Perl: expect escaped URIs in $r->internal_redirect().
2019-07-12T12:39:26+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-12T12:39:26+00:00

8df08b02b89c151e4bf04bc3c7c9a37e9ebcba9d

Similarly to the change in 5491:74bfa803a5aa (1.5.9), we should accept
properly escaped URIs and unescape them as needed, else it is not possible
to handle URIs with question marks.





Similarly to the change in 5491:74bfa803a5aa (1.5.9), we should accept
properly escaped URIs and unescape them as needed, else it is not possible
to handle URIs with question marks.







Perl: additional ctx->header_sent checks.
2019-07-12T12:39:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-12T12:39:25+00:00

9e883a2e48ff8e55fcfb091284b44d8fa66fc007

As we now have ctx->header_sent flag, it is further used to prevent
duplicate $r->send_http_header() calls, prevent output before sending
header, and $r->internal_redirect() after sending header.

Further, $r->send_http_header() protected from calls after
$r->internal_redirect().





As we now have ctx->header_sent flag, it is further used to prevent
duplicate $r->send_http_header() calls, prevent output before sending
header, and $r->internal_redirect() after sending header.

Further, $r->send_http_header() protected from calls after
$r->internal_redirect().







Perl: avoid returning 500 if header was already sent.
2019-07-12T12:39:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-12T12:39:25+00:00

78b39bd631fc18fd5778090183776f5275005e21

Returning NGX_HTTP_INTERNAL_SERVER_ERROR if a perl code died after
sending header will lead to a "header already sent" alert.  To avoid
it, we now check if header was already sent, and return NGX_ERROR
instead if it was.





Returning NGX_HTTP_INTERNAL_SERVER_ERROR if a perl code died after
sending header will lead to a "header already sent" alert.  To avoid
it, we now check if header was already sent, and return NGX_ERROR
instead if it was.