nginx.git/src/http, branch release-1.16.1 nginx HTTP/2: limited number of PRIORITY frames. 2019-08-13T12:43:40+00:00 Ruslan Ermilov ru@nginx.com 2019-08-13T12:43:40+00:00 39bb3b9d4a33bd03c8ae0134dedc8a7700ae7b2b Fixed excessive CPU usage caused by a peer that continuously shuffles priority of streams. Fix is to limit the number of PRIORITY frames. 
Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams.  Fix is to limit the number of PRIORITY frames.
HTTP/2: limited number of DATA frames. 2019-08-13T12:43:36+00:00 Ruslan Ermilov ru@nginx.com 2019-08-13T12:43:36+00:00 94c5eb142e58a86f81eb1369fa6fcb96c2f23d6b Fixed excessive memory growth and CPU usage if stream windows are manipulated in a way that results in generating many small DATA frames. Fix is to limit the number of simultaneously allocated DATA frames. 
Fixed excessive memory growth and CPU usage if stream windows are
manipulated in a way that results in generating many small DATA frames.
Fix is to limit the number of simultaneously allocated DATA frames.
HTTP/2: reject zero length headers with PROTOCOL_ERROR. 2019-08-13T12:43:32+00:00 Sergey Kandaurov pluknet@nginx.com 2019-08-13T12:43:32+00:00 dbdd9ffea81d9db46fb88b5eba828f2ad080d388 Fixed uncontrolled memory growth if peer sends a stream of headers with a 0-length header name and 0-length header value. Fix is to reject headers with zero name length. 
Fixed uncontrolled memory growth if peer sends a stream of
headers with a 0-length header name and 0-length header value.
Fix is to reject headers with zero name length.
Multiple addresses in "listen". 2019-03-15T12:45:56+00:00 Roman Arutyunyan arut@nginx.com 2019-03-15T12:45:56+00:00 4e17b93eb6787e99a4023f20f8c391284f86bbf3 Previously only one address was used by the listen directive handler even if host name resolved to multiple addresses. Now a separate listening socket is created for each address. 
Previously only one address was used by the listen directive handler even if
host name resolved to multiple addresses.  Now a separate listening socket is
created for each address.
SSL: moved c->ssl->handshaked check in server name callback. 2019-03-05T13:34:19+00:00 Maxim Dounin mdounin@mdounin.ru 2019-03-05T13:34:19+00:00 0ad4393e30c119d250415cb769e3d8bc8dce5186 Server name callback is always called by OpenSSL, even if server_name extension is not present in ClientHello. As such, checking c->ssl->handshaked before the SSL_get_servername() result should help to more effectively prevent renegotiation in OpenSSL 1.1.0 - 1.1.0g, where neither SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS nor SSL_OP_NO_RENEGOTIATION is available. 
Server name callback is always called by OpenSSL, even
if server_name extension is not present in ClientHello.  As such,
checking c->ssl->handshaked before the SSL_get_servername() result
should help to more effectively prevent renegotiation in
OpenSSL 1.1.0 - 1.1.0g, where neither SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
nor SSL_OP_NO_RENEGOTIATION is available.
SSL: fixed potential leak on memory allocation errors. 2019-03-03T13:48:39+00:00 Maxim Dounin mdounin@mdounin.ru 2019-03-03T13:48:39+00:00 fe43346dc3151e80dae0acd751f0a94314dcb91c If ngx_pool_cleanup_add() fails, we have to clean just created SSL context manually, thus appropriate call added. Additionally, ngx_pool_cleanup_add() moved closer to ngx_ssl_create() in the ngx_http_ssl_module, to make sure there are no leaks due to intermediate code. 
If ngx_pool_cleanup_add() fails, we have to clean just created SSL context
manually, thus appropriate call added.

Additionally, ngx_pool_cleanup_add() moved closer to ngx_ssl_create() in
the ngx_http_ssl_module, to make sure there are no leaks due to intermediate
code.
SSL: server name callback changed to return fatal errors. 2019-03-03T13:48:06+00:00 Maxim Dounin mdounin@mdounin.ru 2019-03-03T13:48:06+00:00 99d7bb690924e60e9e03096ac5e507111f7c182d Notably this affects various allocation errors, and should generally improve things if an allocation error actually happens during a callback. Depending on the OpenSSL version, returning an error can result in either SSL_R_CALLBACK_FAILED or SSL_R_CLIENTHELLO_TLSEXT error from SSL_do_handshake(), so both errors were switched to the "info" level. 
Notably this affects various allocation errors, and should generally
improve things if an allocation error actually happens during a callback.

Depending on the OpenSSL version, returning an error can result in
either SSL_R_CALLBACK_FAILED or SSL_R_CLIENTHELLO_TLSEXT error from
SSL_do_handshake(), so both errors were switched to the "info" level.
SSL: server name callback changed to return SSL_TLSEXT_ERR_OK. 2019-03-03T13:47:44+00:00 Maxim Dounin mdounin@mdounin.ru 2019-03-03T13:47:44+00:00 fd97b2a80f678b9bf372d9a6537e5d4db51188ae OpenSSL 1.1.1 does not save server name to the session if server name callback returns anything but SSL_TLSEXT_ERR_OK, thus breaking the $ssl_server_name variable in resumed sessions. Since $ssl_server_name can be used even if we've selected the default server and there are no other servers, it looks like the only viable solution is to always return SSL_TLSEXT_ERR_OK regardless of the actual result. To fix things in the stream module as well, added a dummy server name callback which always returns SSL_TLSEXT_ERR_OK. 
OpenSSL 1.1.1 does not save server name to the session if server name
callback returns anything but SSL_TLSEXT_ERR_OK, thus breaking
the $ssl_server_name variable in resumed sessions.

Since $ssl_server_name can be used even if we've selected the default
server and there are no other servers, it looks like the only viable
solution is to always return SSL_TLSEXT_ERR_OK regardless of the actual
result.

To fix things in the stream module as well, added a dummy server name
callback which always returns SSL_TLSEXT_ERR_OK.
SSL: fixed possible segfault with dynamic certificates. 2019-02-25T18:16:26+00:00 Maxim Dounin mdounin@mdounin.ru 2019-02-25T18:16:26+00:00 1a30d79c429cb1d4438d592db62cbe701e3b4360 A virtual server may have no SSL context if it does not have certificates defined, so we have to use config of the ngx_http_ssl_module from the SSL context in the certificate callback. To do so, it is now passed as the argument of the callback. The stream module doesn't really need any changes, but was modified as well to match http code. 
A virtual server may have no SSL context if it does not have certificates
defined, so we have to use config of the ngx_http_ssl_module from the
SSL context in the certificate callback.  To do so, it is now passed as
the argument of the callback.

The stream module doesn't really need any changes, but was modified as
well to match http code.
SSL: adjusted session id context with dynamic certificates. 2019-02-25T13:42:54+00:00 Maxim Dounin mdounin@mdounin.ru 2019-02-25T13:42:54+00:00 ecfab06cb20959219c9aadc2ef59507488e4fa99 Dynamic certificates re-introduce problem with incorrect session reuse (AKA "virtual host confusion", CVE-2014-3616), since there are no server certificates to generate session id context from. To prevent this, session id context is now generated from ssl_certificate directives as specified in the configuration. This approach prevents incorrect session reuse in most cases, while still allowing sharing sessions across multiple machines with ssl_session_ticket_key set as long as configurations are identical. 
Dynamic certificates re-introduce problem with incorrect session
reuse (AKA "virtual host confusion", CVE-2014-3616), since there are
no server certificates to generate session id context from.

To prevent this, session id context is now generated from ssl_certificate
directives as specified in the configuration.  This approach prevents
incorrect session reuse in most cases, while still allowing sharing
sessions across multiple machines with ssl_session_ticket_key set as
long as configurations are identical.