nginx.git/src/http, branch release-1.17.8 nginx gRPC: variables support in the "grpc_pass" directive. 2020-01-17T09:13:02+00:00 Vladimir Homutov vl@nginx.com 2020-01-17T09:13:02+00:00 0e3b3b57357e37c80794fb0bcb4b929be96c9537 






HTTP/2: removed ngx_debug_point() call.
2020-01-14T11:20:08+00:00

Daniil Bondarev
bondarev@amazon.com

2020-01-14T11:20:08+00:00

60f648f035fa05667b9ccbbea1b3a60d83534d9a

    
With the recent change to prevent frames flood in d4448892a294,
nginx will finalize the connection with NGX_HTTP_V2_INTERNAL_ERROR
whenever flood is detected, causing nginx aborting or stopping if
the debug_points directive is used in nginx config.





    
With the recent change to prevent frames flood in d4448892a294,
nginx will finalize the connection with NGX_HTTP_V2_INTERNAL_ERROR
whenever flood is detected, causing nginx aborting or stopping if
the debug_points directive is used in nginx config.







HTTP/2: introduced separate handler to retry stream close.
2019-12-23T18:25:21+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-12-23T18:25:21+00:00

810559665a704957431b387572af99a82039162a

When ngx_http_v2_close_stream_handler() is used to retry stream close
after queued frames are sent, client timeouts on the stream can be
logged multiple times and/or in addition to already happened errors.
To resolve this, separate ngx_http_v2_retry_close_stream_handler()
was introduced, which does not try to log timeouts.





When ngx_http_v2_close_stream_handler() is used to retry stream close
after queued frames are sent, client timeouts on the stream can be
logged multiple times and/or in addition to already happened errors.
To resolve this, separate ngx_http_v2_retry_close_stream_handler()
was introduced, which does not try to log timeouts.







HTTP/2: fixed socket leak with queued frames (ticket #1689).
2019-12-23T18:25:17+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-12-23T18:25:17+00:00

49709f75b262c483550cc826471839f624765ab1

If a stream is closed with queued frames, it is possible that no further
write events will occur on the stream, leading to the socket leak.
To fix this, the stream's fake connection read handler is set to
ngx_http_v2_close_stream_handler(), to make sure that finalizing the
connection with ngx_http_v2_finalize_connection() will be able to
close the stream regardless of the current number of queued frames.

Additionally, the stream's fake connection fc->error flag is explicitly
set, so ngx_http_v2_handle_stream() will post a write event when queued
frames are finally sent even if stream flow control window is exhausted.





If a stream is closed with queued frames, it is possible that no further
write events will occur on the stream, leading to the socket leak.
To fix this, the stream's fake connection read handler is set to
ngx_http_v2_close_stream_handler(), to make sure that finalizing the
connection with ngx_http_v2_finalize_connection() will be able to
close the stream regardless of the current number of queued frames.

Additionally, the stream's fake connection fc->error flag is explicitly
set, so ngx_http_v2_handle_stream() will post a write event when queued
frames are finally sent even if stream flow control window is exhausted.







Dav: added checks for chunked to body presence conditions.
2019-12-23T17:39:27+00:00

Maxim Dounin
mdounin@mdounin.ru

2019-12-23T17:39:27+00:00

5e5fa2e9e57b713e445b1737005ff6a202bda8ad

These checks were missed when chunked support was introduced.  And also
added an explicit error message to ngx_http_dav_copy_move_handler()
(it was missed for some reason, in contrast to DELETE and MKCOL handlers).





These checks were missed when chunked support was introduced.  And also
added an explicit error message to ngx_http_dav_copy_move_handler()
(it was missed for some reason, in contrast to DELETE and MKCOL handlers).







Discard request body when redirecting to a URL via error_page.
2019-12-23T12:45:46+00:00

Ruslan Ermilov
ru@nginx.com

2019-12-23T12:45:46+00:00

c1be55f97211d38b69ac0c2027e6812ab8b1b94e

Reported by Bert JW Regeer and Francisco Oca Gonzalez.





Reported by Bert JW Regeer and Francisco Oca Gonzalez.







Rewrite: disallow empty replacements.
2019-12-16T12:19:01+00:00

Ruslan Ermilov
ru@nginx.com

2019-12-16T12:19:01+00:00

4c031f9a6a879bcc4e86f5b7d4177996c9bca4cd

While empty replacements were caught at run-time, parsing code
of the "rewrite" directive expects that a minimum length of the
"replacement" argument is 1.





While empty replacements were caught at run-time, parsing code
of the "rewrite" directive expects that a minimum length of the
"replacement" argument is 1.







Tolerate '\0' in URI when mapping URI to path.
2019-12-16T12:19:01+00:00

Ruslan Ermilov
ru@nginx.com

2019-12-16T12:19:01+00:00

a5895eb502747f396d3901a948834cd87d5fb0c3

If a rewritten URI has the null character, only a part of URI was
copied to a memory buffer allocated for path.  In some setups this
could be exploited to expose uninitialized memory via the Location
header.





If a rewritten URI has the null character, only a part of URI was
copied to a memory buffer allocated for path.  In some setups this
could be exploited to expose uninitialized memory via the Location
header.







Rewrite: fixed segfault with rewritten URI and "alias".
2019-12-16T12:19:01+00:00

Ruslan Ermilov
ru@nginx.com

2019-12-16T12:19:01+00:00

af8ea176a743e97d767b3e1439d549b52dd0367a

The "alias" directive cannot be used in the same location where URI
was rewritten.  This has been detected in the "rewrite ... break"
case, but not when the standalone "break" directive was used.

This change also fixes proxy_pass with URI component in a similar
case:

       location /aaa/ {
           rewrite ^ /xxx/yyy;
           break;
           proxy_pass http://localhost:8080/bbb/;
       }

Previously, the "/bbb/yyy" would be sent to a backend instead of
"/xxx/yyy".  And if location's prefix was longer than the rewritten
URI, a segmentation fault might occur.





The "alias" directive cannot be used in the same location where URI
was rewritten.  This has been detected in the "rewrite ... break"
case, but not when the standalone "break" directive was used.

This change also fixes proxy_pass with URI component in a similar
case:

       location /aaa/ {
           rewrite ^ /xxx/yyy;
           break;
           proxy_pass http://localhost:8080/bbb/;
       }

Previously, the "/bbb/yyy" would be sent to a backend instead of
"/xxx/yyy".  And if location's prefix was longer than the rewritten
URI, a segmentation fault might occur.







Fixed request finalization in ngx_http_index_handler().
2019-12-16T12:19:01+00:00

Ruslan Ermilov
ru@nginx.com

2019-12-16T12:19:01+00:00

48086f79ad7d9ac08943312f59215533330617d0

Returning 500 instead of NGX_ERROR is preferable here because
header has not yet been sent to the client.





Returning 500 instead of NGX_ERROR is preferable here because
header has not yet been sent to the client.