nginx.git/src/http/modules, branch release-1.23.0 nginx Perl: removed unused variables, forgotten in ef6a3a99a81a. 2022-06-14T06:39:58+00:00 Sergey Kandaurov pluknet@nginx.com 2022-06-14T06:39:58+00:00 21506a2f851c9dbff4bee67fe5b6d199c83c799a 






Mp4: fixed potential overflow in ngx_http_mp4_crop_stts_data().
2022-06-07T18:58:52+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-06-07T18:58:52+00:00

80fc2ddf57558ec43b94220ce2d3d88e2e470c75

Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow.  It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.

Found by Coverity (CID 1499904).





Both "count" and "duration" variables are 32-bit, so their product might
potentially overflow.  It is used to reduce 64-bit start_time variable,
and with very large start_time this can result in incorrect seeking.

Found by Coverity (CID 1499904).







Upstream: handling of certificates specified as an empty string.
2022-06-07T16:08:57+00:00

Sergey Kandaurov
pluknet@nginx.com

2022-06-07T16:08:57+00:00

f08dbefadf083b8546423e35d8d12ba27e46efa8

Now, if the directive is given an empty string, such configuration cancels
loading of certificates, in particular, if they would be otherwise inherited
from the previous level.  This restores previous behaviour, before variables
support in certificates was introduced (3ab8e1e2f0f7).





Now, if the directive is given an empty string, such configuration cancels
loading of certificates, in particular, if they would be otherwise inherited
from the previous level.  This restores previous behaviour, before variables
support in certificates was introduced (3ab8e1e2f0f7).







Headers filter: improved memory allocation error handling.
2022-05-30T18:25:57+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-05-30T18:25:57+00:00

887d51938ff8ce853e76f746e6a080a18005f6d3












Auth request: multiple WWW-Authenticate headers (ticket #485).
2022-05-30T18:25:54+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-05-30T18:25:54+00:00

911c95bfd3a17632c6f3d8c2f261055520278cc7

When using auth_request with an upstream server which returns 401
(Unauthorized), multiple WWW-Authenticate headers from the upstream server
response are now properly copied to the response.





When using auth_request with an upstream server which returns 401
(Unauthorized), multiple WWW-Authenticate headers from the upstream server
response are now properly copied to the response.







Upstream: header handlers can now return parsing errors.
2022-05-30T18:25:48+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-05-30T18:25:48+00:00

d22157fade0c3dc05b860be8d7e3eff4a56cb7d3

With this change, duplicate Content-Length and Transfer-Encoding headers
are now rejected.  Further, responses with invalid Content-Length or
Transfer-Encoding headers are now rejected, as well as responses with both
Content-Length and Transfer-Encoding.





With this change, duplicate Content-Length and Transfer-Encoding headers
are now rejected.  Further, responses with invalid Content-Length or
Transfer-Encoding headers are now rejected, as well as responses with both
Content-Length and Transfer-Encoding.







Upstream: all known headers in u->headers_in are linked lists now.
2022-05-30T18:25:46+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-05-30T18:25:46+00:00

268f0cba8887ba77b6a2c97a8732df2784fe6001












All known output headers can be linked lists now.
2022-05-30T18:25:45+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-05-30T18:25:45+00:00

e59c2096ae9d561997ad2d64d61094503e6be4c3

The h->next pointer properly provided as NULL in all cases where known
output headers are added.

Note that there are 3rd party modules which might not do this, and it
might be risky to rely on this for arbitrary headers.





The h->next pointer properly provided as NULL in all cases where known
output headers are added.

Note that there are 3rd party modules which might not do this, and it
might be risky to rely on this for arbitrary headers.







Perl: combining unknown headers during $r->header_in() lookup.
2022-05-30T18:25:38+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-05-30T18:25:38+00:00

1d22d0f56bd1ff7ab49ce92e197056ea7f2e6523












Perl: all known input headers are handled identically.
2022-05-30T18:25:36+00:00

Maxim Dounin
mdounin@mdounin.ru

2022-05-30T18:25:36+00:00

dab1b086ef6702811196f317b39623ad81eac505

As all known input headers are now linked lists, these are now handled
identically.  In particular, this makes it possible to access properly
combined values of headers not specifically handled previously, such
as "Via" or "Connection".





As all known input headers are now linked lists, these are now handled
identically.  In particular, this makes it possible to access properly
combined values of headers not specifically handled previously, such
as "Via" or "Connection".