| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
*) FastCGI: fixed wrong connection close with fastcgi_keep_conn.
With fastcgi_keep_conn it was possible that connection was closed after
FCGI_STDERR record with zero padding and without any further data read
yet. This happended as f->state was set to ngx_http_fastcgi_st_padding
and then "break" happened, resulting in p->length being set to
f->padding, i.e. 0 (which in turn resulted in connection close).
Fix is to make sure we continue the loop after f->state is set.
*) FastCGI: unconditional state transitions. Checks for f->padding
before state transitions make code hard to follow, remove them and
make sure we always do another loop iteration after f->state is
set to ngx_http_fastcgi_st_padding.
*) FastCGI: proper handling of split fastcgi end request. If fastcgi
end request record was split between several network packets, with
fastcgi_keep_conn it was possible that connection was saved in
incorrect state (e.g. with padding bytes not yet read).
|
|
*) Allow the complex value to be defined as an empty string.
This makes conversion from strings to complex values possible
without the loss of functionality.
*) The "auth_basic" directive gained support of variables.
*) Fixed variable syntax checking in "set", "geo", "limit_conn_zone",
and "perl_set" directives.
*) Added checks that disallow adding a variable with an empty name.
Added variable name syntax checks to "geo" and "map" directives.
*) Variables $pipe, $request_length, $time_iso8601, and $time_local.
Log module counterparts are preserved for efficiency.
Based on patch by Kiril Kalchev.
|
|
*) Resolver: fixed possible memory leak in ngx_resolver_create().
*) Explicitly ignore returned value from unlink() in ngx_open_tempfile().
*) Explicitly ignore returned value from close() in ngx_event_core_init_conf().
*) Added three missing checks for NULL after ngx_array_push() calls.
*) Crypt: fixed handling of corrupted SSHA entries in password file.
*) Mark logically dead code with corresponding comment.
Found by / prodded by Coverity.
|
|
Fastcgi: fixed padding handling on fixed-size records.
Padding was incorrectly ignored on end request, empty stdout and stderr
fastcgi records. This resulted in protocol desynchronization if fastcgi
application used these records with padding for some reason.
Reported by Ilia Vinokurov.
|
|
Added r->state reset on fastcgi/scgi/uwsgi request start.
Failing to do so results in problems if 400 or 414 requests are
redirected to fastcgi/scgi/uwsgi upstream, as well as after invalid
headers got from upstream. This was already fixed for proxy in r3478,
but fastcgi (the only affected protocol at that time) was missed.
Reported by Matthieu Tourne.
|
|
|
|
This resulted in a disclosure of previously freed memory if upstream
server returned specially crafted response, potentially exposing
sensitive information.
Reported by Matthew Daley.
|
|
|
|
|
|
|
|
|
|
|
|
The following problems were fixed:
1. Directive fastcgi_cache affected headers sent to backends in unrelated
servers / locations (see ticket #45).
2. If-Unmodified-Since, If-Match and If-Range headers were sent to backends
if fastcgi_cache was used.
3. Cache-related headers were sent to backends if there were no fastcgi_param
directives and fastcgi_cache was used at server level.
|
|
No functional changes.
|
|
|
|
|
|
By default follow the old behaviour, i.e. FASTCGI_KEEP_CONN flag isn't set
in request and application is responsible for closing connection once request
is done. To keep connections alive fastcgi_keep_conn must be activated.
|
|
The bug had appeared in r3561 (fastcgi), r3638 (scgi), r3567 (uwsgi).
|
|
|
|
is given by expression and refers to a defined upstream
|
|
patch by Maxim Dounin
the bug has been introduced in r3461
|
|
|
|
a limit_except block if no handler was defined for the block
|
|
|
|
|
|
|
|
delete ngx_http_cache(), ngx_http_no_cache_set_slot()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
because it is anyway very seldom case
|
|
|
|
fastcgi_upstream_max_fails, fastcgi_upstream_fail_timeout,
memcached_upstream_max_fails, and memcached_upstream_fail_timeout
directives obsolete since 0.5.0 version
|
|
|
|
|
|
the bug had been introduced in r3461
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
this fixes the erroneous message "upstream prematurely closed connection
while reading response header from upstream"
|
|
internal redirect
|
|
|
