nginx.git/src/http, branch release-1.11.3 nginx Fixed regex captures handling without PCRE. 2016-07-06T11:33:40+00:00 Vladimir Homutov vl@nginx.com 2016-07-06T11:33:40+00:00 161fcf4bddca789b15dcf22b1e1d80cdabc24114 If PCRE is disabled, captures were treated as normal variables in ngx_http_script_compile(), while code calculating flushes array length in ngx_http_compile_complex_value() did not account captures as variables. This could lead to write outside of the array boundary when setting last element to -1. Found with AddressSanitizer. 
If PCRE is disabled, captures were treated as normal variables in
ngx_http_script_compile(), while code calculating flushes array length in
ngx_http_compile_complex_value() did not account captures as variables.
This could lead to write outside of the array boundary when setting
last element to -1.

Found with AddressSanitizer.
HTTP/2: flushing of the SSL buffer in transition to the idle state. 2016-07-19T17:34:17+00:00 Valentin Bartenev vbart@nginx.com 2016-07-19T17:34:17+00:00 a85edfeef6cdf4094e6e12b663b7371271cb610f It fixes potential connection leak if some unsent data was left in the SSL buffer. Particularly, that could happen when a client canceled the stream after the HEADERS frame has already been created. In this case no other frames might be produced and the HEADERS frame alone didn't flush the buffer. 
It fixes potential connection leak if some unsent data was left in the SSL
buffer.  Particularly, that could happen when a client canceled the stream
after the HEADERS frame has already been created.  In this case no other
frames might be produced and the HEADERS frame alone didn't flush the buffer.
HTTP/2: refactored ngx_http_v2_send_output_queue(). 2016-07-19T17:34:02+00:00 Valentin Bartenev vbart@nginx.com 2016-07-19T17:34:02+00:00 3c81c08ceae2c22cf5d2ba1b637d685e397a68f2 Now it returns NGX_AGAIN if there's still data to be sent. 
Now it returns NGX_AGAIN if there's still data to be sent.
HTTP/2: fixed send timer handling. 2016-07-19T17:31:09+00:00 Valentin Bartenev vbart@nginx.com 2016-07-19T17:31:09+00:00 3b2f54bc2ea0d9d34b3e181f1221a050824e1c1a Checking for return value of c->send_chain() isn't sufficient since there are data can be left in the SSL buffer. Now the wew->ready flag is used instead. In particular, this fixed a connection leak in cases when all streams were closed, but there's still some data to be sent in the SSL buffer and the client forgot about the connection. 
Checking for return value of c->send_chain() isn't sufficient since there
are data can be left in the SSL buffer.  Now the wew->ready flag is used
instead.

In particular, this fixed a connection leak in cases when all streams were
closed, but there's still some data to be sent in the SSL buffer and the
client forgot about the connection.
HTTP/2: avoid sending output queue if there's nothing to send. 2016-07-19T17:30:21+00:00 Valentin Bartenev vbart@nginx.com 2016-07-19T17:30:21+00:00 ce6eb33d15f1efd3c418ce7688ed6de3af81cae9 Particularly this fixes alerts on OS X and NetBSD systems when HTTP/2 is configured over plain TCP sockets. On these systems calling writev() with no data leads to EINVAL errors being logged as "writev() failed (22: Invalid argument) while processing HTTP/2 connection". 
Particularly this fixes alerts on OS X and NetBSD systems when HTTP/2 is
configured over plain TCP sockets.

On these systems calling writev() with no data leads to EINVAL errors
being logged as "writev() failed (22: Invalid argument) while processing
HTTP/2 connection".
HTTP/2: always handle streams in error state. 2016-07-19T17:22:44+00:00 Valentin Bartenev vbart@nginx.com 2016-07-19T17:22:44+00:00 da852aa468db80f9e5138aea81a1bebb90e0be51 Previously, a stream could be closed by timeout if it was canceled while its send window was exhausted. 
Previously, a stream could be closed by timeout if it was canceled
while its send window was exhausted.
HTTP/2: prevented output of the HEADERS frame for canceled streams. 2016-07-19T17:22:44+00:00 Valentin Bartenev vbart@nginx.com 2016-07-19T17:22:44+00:00 19de85a4d75e7eada6afb8f59ce6d5de0ec10d5c It's useless to generate HEADERS if the stream has been canceled already. 
It's useless to generate HEADERS if the stream has been canceled already.
HTTP/2: always send GOAWAY while worker is shutting down. 2016-07-19T17:22:44+00:00 Valentin Bartenev vbart@nginx.com 2016-07-19T17:22:44+00:00 ab5401d204f9cd638204dcabf45152e32920d021 Previously, if the worker process exited, GOAWAY was sent to connections in idle state, but connections with active streams were closed without GOAWAY. 
Previously, if the worker process exited, GOAWAY was sent to connections in
idle state, but connections with active streams were closed without GOAWAY.
HTTP/2: avoid left-shifting signed integer into the sign bit. 2016-07-07T18:03:21+00:00 Sergey Kandaurov pluknet@nginx.com 2016-07-07T18:03:21+00:00 586ef968f98c379153fea0e7e80119b149380dc8 On non-aligned platforms, properly cast argument before left-shifting it in ngx_http_v2_parse_uint32 that is used with u_char. Otherwise it propagates to int to hold the value and can step over the sign bit. Usually, on known compilers, this results in negation. Furthermore, a subsequent store into a wider type, that is ngx_uint_t on 64-bit platforms, results in sign-extension. In practice, this can be observed in debug log as a very large exclusive bit value, when client sent PRIORITY frame with exclusive bit set: : *14 http2 PRIORITY frame sid:5 on 1 excl:8589934591 weight:17 Found with UndefinedBehaviorSanitizer. 
On non-aligned platforms, properly cast argument before left-shifting it in
ngx_http_v2_parse_uint32 that is used with u_char.  Otherwise it propagates
to int to hold the value and can step over the sign bit.  Usually, on known
compilers, this results in negation.  Furthermore, a subsequent store into a
wider type, that is ngx_uint_t on 64-bit platforms, results in sign-extension.

In practice, this can be observed in debug log as a very large exclusive bit
value, when client sent PRIORITY frame with exclusive bit set:

: *14 http2 PRIORITY frame sid:5 on 1 excl:8589934591 weight:17

Found with UndefinedBehaviorSanitizer.
Avoid left-shifting integers into the sign bit, which is undefined. 2016-07-07T18:02:28+00:00 Sergey Kandaurov pluknet@nginx.com 2016-07-07T18:02:28+00:00 6299f5e9149483251bbbcc8ad26cf29b6109e75c Found with UndefinedBehaviorSanitizer. 
Found with UndefinedBehaviorSanitizer.