nginx.git/src/http, branch release-1.5.11 nginx SPDY: fixed potential integer overflow while parsing headers. 2014-03-03T15:24:55+00:00 Valentin Bartenev vbart@nginx.com 2014-03-03T15:24:55+00:00 0c05e5b55fe799bb0d6330bcf75dbde370bf0ba6 Previously r->header_size was used to store length for a part of value that represents an individual already parsed HTTP header, while r->header_end pointed to the end of the whole value. Instead of storing length of a following name or value as pointer to a potential end address (r->header_name_end and r->header_end) that might be overflowed, now r->lowercase_index counter is used to store remaining length of a following unparsed field. It also fixes incorrect $body_bytes_sent value if a request is closed while parsing of the request header. Since r->header_size is intended for counting header size, thus abusing it for header parsing purpose was certainly a bad idea. 
Previously r->header_size was used to store length for a part of
value that represents an individual already parsed HTTP header,
while r->header_end pointed to the end of the whole value.

Instead of storing length of a following name or value as pointer
to a potential end address (r->header_name_end and r->header_end)
that might be overflowed, now r->lowercase_index counter is used
to store remaining length of a following unparsed field.

It also fixes incorrect $body_bytes_sent value if a request is
closed while parsing of the request header.  Since r->header_size
is intended for counting header size, thus abusing it for header
parsing purpose was certainly a bad idea.
SPDY: constant number of preallocated structures for headers. 2014-03-03T15:24:54+00:00 Valentin Bartenev vbart@nginx.com 2014-03-03T15:24:54+00:00 3925c1b110ef13a3e4130e95a06cc85594bc4494 






Request body: avoid potential overflow.
2014-03-03T13:39:53+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-03-03T13:39:53+00:00

a2a26a7ce19ba8308cef5381456070fe599d0eb7












Gzip static: fixed NGX_CONF_FLAG misuse.
2014-03-03T13:17:25+00:00

Valentin Bartenev
vbart@nginx.com

2014-03-03T13:17:25+00:00

2c0defac9b301293babf2520c0575d4a70aeee71












Disabled redirects to named locations if URI is not set.
2014-02-27T16:36:35+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-02-27T16:36:35+00:00

96af3e9dfb1d890bbbbc78d88be8bb34a6e4d7a7

If something like "error_page 400 @name" is used in a configuration,
a request could be passed to a named location without URI set, and this
in turn might result in segmentation faults or other bad effects
as most of the code assumes URI is set.

With this change nginx will catch such configuration problems in
ngx_http_named_location() and will stop request processing if URI
is not set, returning 500.





If something like "error_page 400 @name" is used in a configuration,
a request could be passed to a named location without URI set, and this
in turn might result in segmentation faults or other bad effects
as most of the code assumes URI is set.

With this change nginx will catch such configuration problems in
ngx_http_named_location() and will stop request processing if URI
is not set, returning 500.







Upstream: fixed error message wording.
2014-02-20T09:48:40+00:00

Konstantin Pavlov
thresh@nginx.com

2014-02-20T09:48:40+00:00

c539aaf352f5bf557d9f437105384c5589ec611a












Access: supplemented the obfuscated code with a comment.
2014-02-19T17:45:27+00:00

Ruslan Ermilov
ru@nginx.com

2014-02-19T17:45:27+00:00

3da53f339d37f03aaf5c60119898b235ee466a48












Upstream: ngx_post_event() instead of upgraded call (ticket #503).
2014-02-18T13:30:40+00:00

Maxim Dounin
mdounin@mdounin.ru

2014-02-18T13:30:40+00:00

5ec277847e8ff5a0990c03b93794d2e5d581f8e3

If a request is finalized in the first call to the
ngx_http_upstream_process_upgraded() function, e.g., because upstream
server closed the connection for some reason, in the second call
the u->peer.connection pointer will be null, resulting in segmentation
fault.

Fix is to avoid second direct call, and post event instead.  This ensures
that ngx_http_upstream_process_upgraded() won't be called again if
a request is finalized.





If a request is finalized in the first call to the
ngx_http_upstream_process_upgraded() function, e.g., because upstream
server closed the connection for some reason, in the second call
the u->peer.connection pointer will be null, resulting in segmentation
fault.

Fix is to avoid second direct call, and post event instead.  This ensures
that ngx_http_upstream_process_upgraded() won't be called again if
a request is finalized.







Mp4: remove useless leading stsc entry in result mp4.
2014-02-14T11:14:48+00:00

Roman Arutyunyan
arut@nginx.com

2014-02-14T11:14:48+00:00

1dc1b0785b89743d637fa18e6d78a4999e2cf54c

The fix removes useless stsc entry in result mp4.
If start_sample == n then current stsc entry should be skipped
and the result stsc should start with the next entry.
The reason for that is start_sample starts from 0, not 1.





The fix removes useless stsc entry in result mp4.
If start_sample == n then current stsc entry should be skipped
and the result stsc should start with the next entry.
The reason for that is start_sample starts from 0, not 1.







SPDY: fixed reversed priority order in window waiting queue.
2014-02-12T17:02:29+00:00

Valentin Bartenev
vbart@nginx.com

2014-02-12T17:02:29+00:00

b20af091b7b656ad2d991ee1f8b81c72a1743cfa