| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
The SPDY module doesn't expect timers can be set on stream events for reasons
other than delaying output. But ngx_http_writer() could add timer on write
event if the delayed flag wasn't set and nginx is waiting for AIO completion.
That could cause delays in sending response over SPDY when file AIO was used.
|
|
If a "resolver_timeout" occurs, only the first waiting request
was notified. Other requests may hang forever.
|
|
The "stub_status" directive does not require an argument.
|
|
|
|
|
|
There's no loc_conf in the mail module.
|
|
Reported by Gang Li.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
perl_parse() function expects argv/argc-style argument list,
which according to the C standard must be NULL-terminated,
that is: argv[argc] == NULL.
This change fixes a crash (SIGSEGV) that could happen because
of the buffer overrun during perl module initialization.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
|
|
|
|
|
|
|
|
The bug had appeared in nginx 1.5.6 (04e43d03e153).
Reported by Chris Boulton.
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
|
|
|
|
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
Once error occured, it could lead to use uninitialized variables to log,
even more segmentation fault.
|
|
|
|
LibreSSL developers decided that LibreSSL is OpenSSL-2.0.0, so tests
for OpenSSL-1.0.2+ are now passing, even though the library doesn't
provide functions that are expected from that version of OpenSSL.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
This change adds support for using BoringSSL as a drop-in replacement
for OpenSSL without adding support for any of the BoringSSL-specific
features.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
This is really just a prerequisite for building against BoringSSL,
which doesn't provide either of those features.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
This helps to reduce likelyhood of memory allocations in ngx_readv_chain(),
which are known to lead to noticeable effects in some cases, see
http://mailman.nginx.org/pipermail/nginx/2014-July/044512.html.
|
|
|
|
Timeout may not be set on an upstream connection when we call
ngx_ssl_handshake() in ngx_http_upstream_ssl_init_connection(),
so make sure to arm it if it's not set.
Based on a patch by Yichun Zhang.
|
|
The ngx_http_geoip_city_float_variable and
ngx_http_geoip_city_int_variable functions did not always initialize
all variable fields like "not_found", which could lead to empty values
for those corresponding nginx variables randomly.
|
|
RFC3986 says that, for consistency, URI producers and normalizers
should use uppercase hexadecimal digits for all percent-encodings.
This is also what modern web browsers and other tools use.
Using lowercase hexadecimal digits makes it harder to interact with
those tools in case when use of the percent-encoded URI is required,
for example when $request_uri is part of the cache key.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
The ngx_log_insert() function may invalidate pointer passed to it,
so make sure to don't use it after the ngx_log_insert() call.
|
|
Previously, ngx_http_map_uri_to_path() errors were not checked in
ngx_http_upstream_store(). Moreover, in case of errors temporary
files were not deleted, as u->store was set to 0, preventing cleanup
code in ngx_http_upstream_finalize_request() from removing them. With
this patch, u->store is set to 0 only if there were no errors.
Reported by Feng Gu.
|
|
This ensures that debug logging and the $uri variable (if used in
400 Bad Request processing) will not try to access uninitialized
memory.
Found by Sergey Bobrov.
|
|
DNS request resend on malformed responses was broken in 98876ce2a7fd (1.5.8).
Reported by Pramod Korathota.
|
|
X509_check_host() prototype changed recently:
- http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ced3d91
- http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=297c67f
Bump version requirement, so that OpenSSL-1.0.2-beta1 uses fallback code.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
|
|
|
|
|
|
|
|
Split SPDY header with multiple, NULL-separated values:
cookie: foo\0bar
into two separate HTTP headers with the same name:
cookie: foo
cookie: bar
Even though the logic for this behavior already existed
in the source code, it doesn't look that it ever worked
and SPDY streams with such headers were simply rejected.
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
