nginx.git/src/http, branch release-1.17.2 nginx Xslt: fixed potential buffer overflow with null character. 2019-07-18T15:27:54+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:54+00:00 2187586207e1465d289ae64cedc829719a048a39 Due to shortcomings of the ccv->zero flag implementation in complex value interface, length of the resulting string from ngx_http_complex_value() might either not include terminating null character or include it, so the only safe way to work with the result is to use it as a null-terminated string. Reported by Patrick Wollgast. 
Due to shortcomings of the ccv->zero flag implementation in complex value
interface, length of the resulting string from ngx_http_complex_value()
might either not include terminating null character or include it,
so the only safe way to work with the result is to use it as a
null-terminated string.

Reported by Patrick Wollgast.
SSI: avoid potential buffer overflow. 2019-07-18T15:27:53+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:53+00:00 ad42d70fed67c1e7098055fb25721ab904db2389 When "-" follows a parameter of maximum length, a single byte buffer overflow happens, since the error branch does not check parameter length. Fix is to avoid saving "-" to the parameter key, and instead use an error message with "-" explicitly written. The message is mostly identical to one used in similar cases in the preequal state. Reported by Patrick Wollgast. 
When "-" follows a parameter of maximum length, a single byte buffer
overflow happens, since the error branch does not check parameter length.
Fix is to avoid saving "-" to the parameter key, and instead use an error
message with "-" explicitly written.  The message is mostly identical to
one used in similar cases in the preequal state.

Reported by Patrick Wollgast.
Upstream: fixed EOF handling in unbuffered and upgraded modes. 2019-07-18T15:27:52+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:52+00:00 20c8c4fe35d290abe298cea9a4f1756fcfec19f4 With level-triggered event methods it is important to specify the NGX_CLOSE_EVENT flag to ngx_handle_read_event(), otherwise the event won't be removed, resulting in CPU hog. Reported by Patrick Wollgast. 
With level-triggered event methods it is important to specify
the NGX_CLOSE_EVENT flag to ngx_handle_read_event(), otherwise
the event won't be removed, resulting in CPU hog.

Reported by Patrick Wollgast.
HTTP/2: return error on output on closed stream. 2019-07-18T15:27:50+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:50+00:00 36dfa020f256dfc5beed3366be099d99543ad5b2 Without this, an (incorrect) output on a closed stream could result in a socket leak. 
Without this, an (incorrect) output on a closed stream could result in
a socket leak.
Perl: removed unused variable, forgotten in 975d7ab37b39. 2019-07-17T14:00:57+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-17T14:00:57+00:00 676d1a0e947c8f39e2606997a3628ec6bdea177d 






Gzip: use zlib to write header and trailer.
2019-07-12T10:43:08+00:00

Ilya Leoshkevich
iii@linux.ibm.com

2019-07-12T10:43:08+00:00

cfa1316368dcc6dc1aa82e3d0b67ec0d1cf7eebb

When nginx is used with zlib patched with [1], which provides
integration with the future IBM Z hardware deflate acceleration, it ends
up computing CRC32 twice: one time in hardware, which always does this,
and one time in software by explicitly calling crc32().

crc32() calls were added in changesets 133:b27548f540ad ("nginx-0.0.1-
2003-09-24-23:51:12 import") and 134:d57c6835225c ("nginx-0.0.1-
2003-09-26-09:45:21 import") as part of gzip wrapping feature - back
then zlib did not support it.

However, since then gzip wrapping was implemented in zlib v1.2.0.4,
and it's already being used by nginx for log compression.

This patch replaces hand-written gzip wrapping with the one provided by
zlib. It simplifies the code, and makes it avoid computing CRC32 twice
when using hardware acceleration.

[1] https://github.com/madler/zlib/pull/410





When nginx is used with zlib patched with [1], which provides
integration with the future IBM Z hardware deflate acceleration, it ends
up computing CRC32 twice: one time in hardware, which always does this,
and one time in software by explicitly calling crc32().

crc32() calls were added in changesets 133:b27548f540ad ("nginx-0.0.1-
2003-09-24-23:51:12 import") and 134:d57c6835225c ("nginx-0.0.1-
2003-09-26-09:45:21 import") as part of gzip wrapping feature - back
then zlib did not support it.

However, since then gzip wrapping was implemented in zlib v1.2.0.4,
and it's already being used by nginx for log compression.

This patch replaces hand-written gzip wrapping with the one provided by
zlib. It simplifies the code, and makes it avoid computing CRC32 twice
when using hardware acceleration.

[1] https://github.com/madler/zlib/pull/410







Perl: named locations in $r->internal_redirect().
2019-07-12T12:39:28+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-12T12:39:28+00:00

29fea7d9ec7b18d9f3c2e77bddd873dafbd10842












Perl: expect escaped URIs in $r->internal_redirect().
2019-07-12T12:39:26+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-12T12:39:26+00:00

8df08b02b89c151e4bf04bc3c7c9a37e9ebcba9d

Similarly to the change in 5491:74bfa803a5aa (1.5.9), we should accept
properly escaped URIs and unescape them as needed, else it is not possible
to handle URIs with question marks.





Similarly to the change in 5491:74bfa803a5aa (1.5.9), we should accept
properly escaped URIs and unescape them as needed, else it is not possible
to handle URIs with question marks.







Perl: additional ctx->header_sent checks.
2019-07-12T12:39:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-12T12:39:25+00:00

9e883a2e48ff8e55fcfb091284b44d8fa66fc007

As we now have ctx->header_sent flag, it is further used to prevent
duplicate $r->send_http_header() calls, prevent output before sending
header, and $r->internal_redirect() after sending header.

Further, $r->send_http_header() protected from calls after
$r->internal_redirect().





As we now have ctx->header_sent flag, it is further used to prevent
duplicate $r->send_http_header() calls, prevent output before sending
header, and $r->internal_redirect() after sending header.

Further, $r->send_http_header() protected from calls after
$r->internal_redirect().







Perl: avoid returning 500 if header was already sent.
2019-07-12T12:39:25+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-07-12T12:39:25+00:00

78b39bd631fc18fd5778090183776f5275005e21

Returning NGX_HTTP_INTERNAL_SERVER_ERROR if a perl code died after
sending header will lead to a "header already sent" alert.  To avoid
it, we now check if header was already sent, and return NGX_ERROR
instead if it was.





Returning NGX_HTTP_INTERNAL_SERVER_ERROR if a perl code died after
sending header will lead to a "header already sent" alert.  To avoid
it, we now check if header was already sent, and return NGX_ERROR
instead if it was.