nginx.git/src, branch release-1.28.1 nginx Proxy: fixed segfault in URI change. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-11-24T11:57:09+00:00 eec047c936347bb1ebb6266a4c83f31fa9c78e24 If request URI was shorter than location prefix, as after replacement with try_files, location length was used to copy the remaining URI part leading to buffer overread. The fix is to replace full request URI in this case. In the following configuration, request "/123" is changed to "/" when sent to backend. location /1234 { try_files /123 =404; proxy_pass http://127.0.0.1:8080/; } Closes #983 on GitHub. 
If request URI was shorter than location prefix, as after replacement
with try_files, location length was used to copy the remaining URI part
leading to buffer overread.

The fix is to replace full request URI in this case.  In the following
configuration, request "/123" is changed to "/" when sent to backend.

    location /1234 {
        try_files /123 =404;
        proxy_pass http://127.0.0.1:8080/;
    }

Closes #983 on GitHub.
HTTP/2: extended guard for NULL buffer and zero length. 2025-12-23T18:40:33+00:00 Sergey Kandaurov pluknet@nginx.com 2025-11-14T14:14:18+00:00 2b502468588835e479fcd76a2cc0d00394f2c32c In addition to moving memcpy() under the length condition in 15bf6d8cc, which addressed a reported UB due to string function conventions, this is repeated for advancing an input buffer, to make the resulting code more clean and readable. Additionally, although considered harmless for both string functions and additive operators, as previously discussed in GitHub PR 866, this fixes the main source of annoying sanitizer reports in the module. Prodded by UndefinedBehaviorSanitizer (pointer-overflow). 
In addition to moving memcpy() under the length condition in 15bf6d8cc,
which addressed a reported UB due to string function conventions, this
is repeated for advancing an input buffer, to make the resulting code
more clean and readable.

Additionally, although considered harmless for both string functions and
additive operators, as previously discussed in GitHub PR 866, this fixes
the main source of annoying sanitizer reports in the module.

Prodded by UndefinedBehaviorSanitizer (pointer-overflow).
OCSP: fixed invalid type for the 'ssl_ocsp' directive. 2025-12-23T18:40:33+00:00 Roman Semenov r.semenov@f5.com 2025-10-22T18:24:27+00:00 366b5c65ad4b520525865f19bf74e4ee69ca15df 






SSL: fixed "key values mismatch" with object cache inheritance.
2025-12-23T18:40:33+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-05-29T13:49:48+00:00

592bda7bb6c202e48da8e4181de936f70edff58e

In rare cases, it was possible to get into this error state on reload
with improperly updated file timestamps for certificate and key pairs.

The fix is to retry on X509_R_KEY_VALUES_MISMATCH, similar to 5d5d9adcc.
Additionally, loading SSL certificate is updated to avoid certificates
discarded on retry to appear in ssl->certs and in extra chain.





In rare cases, it was possible to get into this error state on reload
with improperly updated file timestamps for certificate and key pairs.

The fix is to retry on X509_R_KEY_VALUES_MISMATCH, similar to 5d5d9adcc.
Additionally, loading SSL certificate is updated to avoid certificates
discarded on retry to appear in ssl->certs and in extra chain.







Mail: xtext encoding (RFC 3461) in XCLIENT LOGIN.
2025-12-23T18:40:33+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-09-11T14:23:10+00:00

aa714a1e87bfd0f6807f4333a5b354de583e7e92

The XCLIENT command uses xtext encoding for attribute values,
as specified in https://www.postfix.org/XCLIENT_README.html.

Reported by Igor Morgenstern of Aisle Research.





The XCLIENT command uses xtext encoding for attribute values,
as specified in https://www.postfix.org/XCLIENT_README.html.

Reported by Igor Morgenstern of Aisle Research.







Upstream: overflow detection in Cache-Control delta-seconds.
2025-12-23T18:40:33+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-09-10T14:39:52+00:00

40aff4f241422084b57c27e38f700bc4f4503f6a

Overflowing calculations are now aligned to the greatest positive integer
as specified in RFC 9111, Section 1.2.2.





Overflowing calculations are now aligned to the greatest positive integer
as specified in RFC 9111, Section 1.2.2.







Fixed inaccurate index directive error report.
2025-12-23T18:40:33+00:00

willmafh
willmafh@hotmail.com

2025-09-08T14:03:30+00:00

ffad76677c1a3a96b0daed4dd4df0bd9e9e6aa65












Mail: reset stale auth credentials with "smtp_auth none;".
2025-12-23T18:40:33+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-07-07T19:48:44+00:00

144a911e2b337578926513826cb8cc2c6678f104

They might be reused in a session if an SMTP client proceeded
unauthenticated after previous invalid authentication attempts.
This could confuse an authentication server when passing stale
credentials along with "Auth-Method: none".

The condition to send the "Auth-Salt" header is similarly refined.





They might be reused in a session if an SMTP client proceeded
unauthenticated after previous invalid authentication attempts.
This could confuse an authentication server when passing stale
credentials along with "Auth-Method: none".

The condition to send the "Auth-Salt" header is similarly refined.







Mail: improved error handling in plain/login/cram-md5 auth methods.
2025-12-23T18:40:33+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-08-12T11:55:02+00:00

fbbbf189dadf3bd59c2462af68c16f2c2874d4ee

Previously, login and password storage could be left in inconsistent
state in a session after decoding errors.





Previously, login and password storage could be left in inconsistent
state in a session after decoding errors.







Auth basic: fixed file descriptor leak on memory allocation error.
2025-12-23T18:40:33+00:00

Sergey Kandaurov
pluknet@nginx.com

2025-08-08T15:44:27+00:00

95b81d1c2080ca826267b593a4434151064bed4e

Found by Coverity (CID 1662016).





Found by Coverity (CID 1662016).