nginx.git/src/http, branch release-1.1.17

Headers with null character are now rejected.

2012-03-15T11:27:57+00:00

Headers with NUL character aren't allowed by HTTP standard and may cause
various security problems.  They are now unconditionally rejected.

Fixed incorrect ngx_cpystrn() usage in ngx_http_*_process_header().

2012-03-15T11:27:12+00:00

This resulted in a disclosure of previously freed memory if upstream
server returned specially crafted response, potentially exposing
sensitive information.

Reported by Matthew Daley.

Fixed ssi and perl interaction.

2012-03-15T11:23:07+00:00

Embedded perl module assumes there is a space for terminating NUL character,
make sure to provide it in all situations by allocating one extra byte for
value buffer.  Default ssi_value_length is reduced accordingly to
preserve 256 byte allocations.

While here, fixed another one byte value buffer overrun possible in
ssi_quoted_symbol_state.

Reported by Matthew Daley.

Uwsgi: merged r->http_version fixes from scgi module.

2012-03-15T11:21:54+00:00

Fixed incorrect use of r->http_version (r4372).  Removed duplicate function
declaration (r4373).  Removed error if there is no Status header (r4374).

Whitespace fixes.

2012-03-05T18:09:06+00:00

Version bump.

2012-03-05T18:06:15+00:00

Raised simultaneous subrequest limit from 50 to 200.

2012-02-28T14:54:23+00:00

It wasn't enforced for a long time, and there are reports that people
use up to 100 simultaneous subrequests now.  As this is a safety limit
to prevent loops, it's raised accordingly.

Fixed spelling in single-line comments.

2012-02-28T11:31:05+00:00

Fix of rbtree lookup on hash collisions.

2012-02-27T22:15:39+00:00

Previous code incorrectly assumed that nodes with identical keys are linked
together.  This might not be true after tree rebalance.

Patch by Lanshun Zhou.

Disable symlinks: added the "from=" parameter to the "disable_symlinks"

2012-02-27T16:54:10+00:00

directive.