nginx.git/src/http, branch release-1.13.2 nginx Range filter: allowed ranges on empty files (ticket #1031). 2017-06-26T21:53:46+00:00 Maxim Dounin mdounin@mdounin.ru 2017-06-26T21:53:46+00:00 774f179a9b523cff2233846283dc35a5582aa1d1 As per RFC 2616 / RFC 7233, any range request to an empty file is expected to result in 416 Range Not Satisfiable response, as there cannot be a "byte-range-spec whose first-byte-pos is less than the current length of the entity-body". On the other hand, this makes use of byte-range requests inconvenient in some cases, as reported for the slice module here: http://mailman.nginx.org/pipermail/nginx-devel/2017-June/010177.html This commit changes range filter to instead return 200 if the file is empty and the range requested starts at 0. 
As per RFC 2616 / RFC 7233, any range request to an empty file
is expected to result in 416 Range Not Satisfiable response, as
there cannot be a "byte-range-spec whose first-byte-pos is less
than the current length of the entity-body".  On the other hand,
this makes use of byte-range requests inconvenient in some cases,
as reported for the slice module here:

http://mailman.nginx.org/pipermail/nginx-devel/2017-June/010177.html

This commit changes range filter to instead return 200 if the file
is empty and the range requested starts at 0.
Upstream: introduced ngx_http_upstream_ssl_handshake_handler(). 2017-06-22T18:09:06+00:00 Maxim Dounin mdounin@mdounin.ru 2017-06-22T18:09:06+00:00 6433c841a0b66614e3ee448e14e1b32463c7106d This change reworks 13a5f4765887 to only run posted requests once, with nothing on stack. Running posted requests with other request functions on stack may result in use-after-free in case of errors, similar to the one reported in #788. To only run posted request once, a separate function was introduced to be used as ssl handshake handler in c->ssl->handler, ngx_http_upstream_ssl_handshake_handler(). The ngx_http_run_posted_requests() is only called in this function, and not in ngx_http_upstream_ssl_handshake() which may be called directly on stack. Additionaly, ngx_http_upstream_ssl_handshake_handler() now does appropriate debug logging of the current subrequest, similar to what is done in other event handlers. 
This change reworks 13a5f4765887 to only run posted requests once,
with nothing on stack.  Running posted requests with other request
functions on stack may result in use-after-free in case of errors,
similar to the one reported in #788.

To only run posted request once, a separate function was introduced
to be used as ssl handshake handler in c->ssl->handler,
ngx_http_upstream_ssl_handshake_handler().  The ngx_http_run_posted_requests()
is only called in this function, and not in ngx_http_upstream_ssl_handshake()
which may be called directly on stack.

Additionaly, ngx_http_upstream_ssl_handshake_handler() now does appropriate
debug logging of the current subrequest, similar to what is done in other
event handlers.
Upstream: fixed running posted requests (ticket #788). 2017-06-14T17:13:41+00:00 Roman Arutyunyan arut@nginx.com 2017-06-14T17:13:41+00:00 efa61f42c10355263fd883e53f3e690fe01770a0 Previously, the upstream resolve handler always called ngx_http_run_posted_requests() to run posted requests after processing the resolver response. However, if the handler was called directly from the ngx_resolve_name() function (for example, if the resolver response was cached), running posted requests from the handler could lead to the following errors: - If the request was scheduled for termination, it could actually be terminated in the resolve handler. Upper stack frames could reference the freed request object in this case. - If a significant number of requests were posted, and for each of them the resolve handler was called directly from the ngx_resolve_name() function, posted requests could be run recursively and lead to stack overflow. Now ngx_http_run_posted_requests() is only called from asynchronously invoked resolve handlers. 
Previously, the upstream resolve handler always called
ngx_http_run_posted_requests() to run posted requests after processing the
resolver response.  However, if the handler was called directly from the
ngx_resolve_name() function (for example, if the resolver response was cached),
running posted requests from the handler could lead to the following errors:

- If the request was scheduled for termination, it could actually be terminated
in the resolve handler.  Upper stack frames could reference the freed request
object in this case.

- If a significant number of requests were posted, and for each of them the
resolve handler was called directly from the ngx_resolve_name() function,
posted requests could be run recursively and lead to stack overflow.

Now ngx_http_run_posted_requests() is only called from asynchronously invoked
resolve handlers.
Headers filter: added "add_trailer" directive. 2017-03-24T10:37:34+00:00 Piotr Sikora piotrsikora@google.com 2017-03-24T10:37:34+00:00 8310d81dc7751c23ad9693908a593c9f0ff3b196 Trailers added using this directive are evaluated after response body is processed by output filters (but before it's written to the wire), so it's possible to use variables calculated from the response body as the trailer value. Signed-off-by: Piotr Sikora <piotrsikora@google.com> 
Trailers added using this directive are evaluated after response body
is processed by output filters (but before it's written to the wire),
so it's possible to use variables calculated from the response body
as the trailer value.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
HTTP/2: added support for trailers in HTTP responses. 2017-03-24T10:37:34+00:00 Piotr Sikora piotrsikora@google.com 2017-03-24T10:37:34+00:00 d85f2f9e927c2f6db51cca824ed83ff6657c2c92 Signed-off-by: Piotr Sikora <piotrsikora@google.com> 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Added support for trailers in HTTP responses. 2017-03-24T10:37:34+00:00 Piotr Sikora piotrsikora@google.com 2017-03-24T10:37:34+00:00 cfdce50657cb8d25058de3d677f03cdef0d5de51 Example: ngx_table_elt_t *h; h = ngx_list_push(&r->headers_out.trailers); if (h == NULL) { return NGX_ERROR; } ngx_str_set(&h->key, "Fun"); ngx_str_set(&h->value, "with trailers"); h->hash = ngx_hash_key_lc(h->key.data, h->key.len); The code above adds "Fun: with trailers" trailer to the response. Modules that want to emit trailers must set r->expect_trailers = 1 in header filter, otherwise they might not be emitted for HTTP/1.1 responses that aren't already chunked. This change also adds $sent_trailer_* variables. Signed-off-by: Piotr Sikora <piotrsikora@google.com> 
Example:

   ngx_table_elt_t  *h;

   h = ngx_list_push(&r->headers_out.trailers);
   if (h == NULL) {
       return NGX_ERROR;
   }

   ngx_str_set(&h->key, "Fun");
   ngx_str_set(&h->value, "with trailers");
   h->hash = ngx_hash_key_lc(h->key.data, h->key.len);

The code above adds "Fun: with trailers" trailer to the response.

Modules that want to emit trailers must set r->expect_trailers = 1
in header filter, otherwise they might not be emitted for HTTP/1.1
responses that aren't already chunked.

This change also adds $sent_trailer_* variables.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Gzip: fixed style in $gzip_ratio variable handler. 2017-06-14T09:49:20+00:00 Ruslan Ermilov ru@nginx.com 2017-06-14T09:49:20+00:00 fa0992ed295ba83f711ca3d1ba8fc1baaa5760ca The current style in variable handlers returning NGX_OK is to either set v->not_found to 1, or to initialize the entire ngx_http_variable_value_t structure. In theory, always setting v->valid = 1 for NGX_OK would be useful, which would mean that the value was computed and is thus valid, including the special case of v->not_found = 1. But currently that's not the case and causes the (v->valid || v->not_found) check to access an uninitialized v->valid value, which is safe only because its value doesn't matter when v->not_found is set. 
The current style in variable handlers returning NGX_OK is to either set
v->not_found to 1, or to initialize the entire ngx_http_variable_value_t
structure.

In theory, always setting v->valid = 1 for NGX_OK would be useful, which
would mean that the value was computed and is thus valid, including the
special case of v->not_found = 1.  But currently that's not the case and
causes the (v->valid || v->not_found) check to access an uninitialized
v->valid value, which is safe only because its value doesn't matter when
v->not_found is set.
HTTP/2: reject HTTP/2 requests without ":scheme" pseudo-header. 2017-06-13T14:01:08+00:00 Piotr Sikora piotrsikora@google.com 2017-06-13T14:01:08+00:00 13f49b0013d7a01421925ba7e86624eae8fcf2e7 Signed-off-by: Piotr Sikora <piotrsikora@google.com> 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Userid: ngx_http_get_indexed_variable() error handling. 2017-06-07T15:46:36+00:00 Sergey Kandaurov pluknet@nginx.com 2017-06-07T15:46:36+00:00 aa04b091aecd11e97563f4835fc3b4a353deedf8 When evaluating a mapped $reset_uid variable in the userid filter, if get_handler set to ngx_http_map_variable() returned an error, this previously resulted in a NULL pointer dereference. 
When evaluating a mapped $reset_uid variable in the userid filter,
if get_handler set to ngx_http_map_variable() returned an error,
this previously resulted in a NULL pointer dereference.
Fixed segfault in try_files with nested location. 2017-06-07T15:46:35+00:00 Sergey Kandaurov pluknet@nginx.com 2017-06-07T15:46:35+00:00 b0de3d70130658436afba69d07d68712834deccb If memory allocation of a new r->uri.data storage failed, reset its length as well. Request URI is used in ngx_http_finalize_request() for debug logging. 
If memory allocation of a new r->uri.data storage failed, reset its length as
well.  Request URI is used in ngx_http_finalize_request() for debug logging.