nginx.git/src/http, branch release-1.17.3 nginx HTTP/2: limited number of PRIORITY frames. 2019-08-13T12:43:40+00:00 Ruslan Ermilov ru@nginx.com 2019-08-13T12:43:40+00:00 5ae726912654da10a9a81b2c8436829f3e94f69f Fixed excessive CPU usage caused by a peer that continuously shuffles priority of streams. Fix is to limit the number of PRIORITY frames. 
Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams.  Fix is to limit the number of PRIORITY frames.
HTTP/2: limited number of DATA frames. 2019-08-13T12:43:36+00:00 Ruslan Ermilov ru@nginx.com 2019-08-13T12:43:36+00:00 a987f81dd19210bc30b62591db331e31d3d74089 Fixed excessive memory growth and CPU usage if stream windows are manipulated in a way that results in generating many small DATA frames. Fix is to limit the number of simultaneously allocated DATA frames. 
Fixed excessive memory growth and CPU usage if stream windows are
manipulated in a way that results in generating many small DATA frames.
Fix is to limit the number of simultaneously allocated DATA frames.
HTTP/2: reject zero length headers with PROTOCOL_ERROR. 2019-08-13T12:43:32+00:00 Sergey Kandaurov pluknet@nginx.com 2019-08-13T12:43:32+00:00 6dfbc8b1c2116f362bb871efebbf9df576738e89 Fixed uncontrolled memory growth if peer sends a stream of headers with a 0-length header name and 0-length header value. Fix is to reject headers with zero name length. 
Fixed uncontrolled memory growth if peer sends a stream of
headers with a 0-length header name and 0-length header value.
Fix is to reject headers with zero name length.
Gzip: fixed "zero size buf" alerts after ac5a741d39cf. 2019-07-31T14:29:00+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-31T14:29:00+00:00 39c40428f93db246a9a27e7a109413fae46e195d After ac5a741d39cf it is now possible that after zstream.avail_out reaches 0 and we allocate additional buffer, there will be no more data to put into this buffer, triggering "zero size buf" alert. Fix is to reset b->temporary flag in this case. Additionally, an optimization added to avoid allocating additional buffer in this case, by checking if last deflate() call returned Z_STREAM_END. Note that checking for Z_STREAM_END by itself is not enough to fix alerts, as deflate() can return Z_STREAM_END without producing any output if the buffer is smaller than gzip trailer. Reported by Witold Filipczyk, http://mailman.nginx.org/pipermail/nginx-devel/2019-July/012469.html. 
After ac5a741d39cf it is now possible that after zstream.avail_out
reaches 0 and we allocate additional buffer, there will be no more data
to put into this buffer, triggering "zero size buf" alert.  Fix is to
reset b->temporary flag in this case.

Additionally, an optimization added to avoid allocating additional buffer
in this case, by checking if last deflate() call returned Z_STREAM_END.
Note that checking for Z_STREAM_END by itself is not enough to fix alerts,
as deflate() can return Z_STREAM_END without producing any output if the
buffer is smaller than gzip trailer.

Reported by Witold Filipczyk,
http://mailman.nginx.org/pipermail/nginx-devel/2019-July/012469.html.
Xslt: fixed potential buffer overflow with null character. 2019-07-18T15:27:54+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:54+00:00 2187586207e1465d289ae64cedc829719a048a39 Due to shortcomings of the ccv->zero flag implementation in complex value interface, length of the resulting string from ngx_http_complex_value() might either not include terminating null character or include it, so the only safe way to work with the result is to use it as a null-terminated string. Reported by Patrick Wollgast. 
Due to shortcomings of the ccv->zero flag implementation in complex value
interface, length of the resulting string from ngx_http_complex_value()
might either not include terminating null character or include it,
so the only safe way to work with the result is to use it as a
null-terminated string.

Reported by Patrick Wollgast.
SSI: avoid potential buffer overflow. 2019-07-18T15:27:53+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:53+00:00 ad42d70fed67c1e7098055fb25721ab904db2389 When "-" follows a parameter of maximum length, a single byte buffer overflow happens, since the error branch does not check parameter length. Fix is to avoid saving "-" to the parameter key, and instead use an error message with "-" explicitly written. The message is mostly identical to one used in similar cases in the preequal state. Reported by Patrick Wollgast. 
When "-" follows a parameter of maximum length, a single byte buffer
overflow happens, since the error branch does not check parameter length.
Fix is to avoid saving "-" to the parameter key, and instead use an error
message with "-" explicitly written.  The message is mostly identical to
one used in similar cases in the preequal state.

Reported by Patrick Wollgast.
Upstream: fixed EOF handling in unbuffered and upgraded modes. 2019-07-18T15:27:52+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:52+00:00 20c8c4fe35d290abe298cea9a4f1756fcfec19f4 With level-triggered event methods it is important to specify the NGX_CLOSE_EVENT flag to ngx_handle_read_event(), otherwise the event won't be removed, resulting in CPU hog. Reported by Patrick Wollgast. 
With level-triggered event methods it is important to specify
the NGX_CLOSE_EVENT flag to ngx_handle_read_event(), otherwise
the event won't be removed, resulting in CPU hog.

Reported by Patrick Wollgast.
HTTP/2: return error on output on closed stream. 2019-07-18T15:27:50+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-18T15:27:50+00:00 36dfa020f256dfc5beed3366be099d99543ad5b2 Without this, an (incorrect) output on a closed stream could result in a socket leak. 
Without this, an (incorrect) output on a closed stream could result in
a socket leak.
Perl: removed unused variable, forgotten in 975d7ab37b39. 2019-07-17T14:00:57+00:00 Maxim Dounin mdounin@mdounin.ru 2019-07-17T14:00:57+00:00 676d1a0e947c8f39e2606997a3628ec6bdea177d 






Gzip: use zlib to write header and trailer.
2019-07-12T10:43:08+00:00

Ilya Leoshkevich
iii@linux.ibm.com

2019-07-12T10:43:08+00:00

cfa1316368dcc6dc1aa82e3d0b67ec0d1cf7eebb

When nginx is used with zlib patched with [1], which provides
integration with the future IBM Z hardware deflate acceleration, it ends
up computing CRC32 twice: one time in hardware, which always does this,
and one time in software by explicitly calling crc32().

crc32() calls were added in changesets 133:b27548f540ad ("nginx-0.0.1-
2003-09-24-23:51:12 import") and 134:d57c6835225c ("nginx-0.0.1-
2003-09-26-09:45:21 import") as part of gzip wrapping feature - back
then zlib did not support it.

However, since then gzip wrapping was implemented in zlib v1.2.0.4,
and it's already being used by nginx for log compression.

This patch replaces hand-written gzip wrapping with the one provided by
zlib. It simplifies the code, and makes it avoid computing CRC32 twice
when using hardware acceleration.

[1] https://github.com/madler/zlib/pull/410





When nginx is used with zlib patched with [1], which provides
integration with the future IBM Z hardware deflate acceleration, it ends
up computing CRC32 twice: one time in hardware, which always does this,
and one time in software by explicitly calling crc32().

crc32() calls were added in changesets 133:b27548f540ad ("nginx-0.0.1-
2003-09-24-23:51:12 import") and 134:d57c6835225c ("nginx-0.0.1-
2003-09-26-09:45:21 import") as part of gzip wrapping feature - back
then zlib did not support it.

However, since then gzip wrapping was implemented in zlib v1.2.0.4,
and it's already being used by nginx for log compression.

This patch replaces hand-written gzip wrapping with the one provided by
zlib. It simplifies the code, and makes it avoid computing CRC32 twice
when using hardware acceleration.

[1] https://github.com/madler/zlib/pull/410