| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Previously, it could result when left-shifting signed integer due to implicit
integer promotion, such that the most significant bit appeared on the sign bit.
In practice, though, this results in the same left value as with an explicit
cast, at least on known compilers, such as GCC and Clang. The reason is that
in_addr_t, which is equivalent to uint32_t and same as "unsigned int" in ILP32
and LP64 data type models, has the same type width as the intermediate after
integer promotion, so there's no side effects such as sign-extension. This
explains why adding an explicit cast does not change object files in practice.
Found with UndefinedBehaviorSanitizer (shift).
Based on a patch by Piotr Sikora.
|
|
While copying ngx_http_variable_value_t structures to geo binary base
in ngx_http_geo_copy_values(), and similarly in the stream module,
uninitialized parts of these structures are copied as well. These
include the "escape" field and possible holes. Calculating crc32 of
this data triggers uninitialized memory access.
Found with MemorySanitizer.
Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
|
|
Multi headers are now using linked lists instead of arrays. Notably,
the following fields were changed: r->headers_in.cookies (renamed
to r->headers_in.cookie), r->headers_in.x_forwarded_for,
r->headers_out.cache_control, r->headers_out.link, u->headers_in.cache_control
u->headers_in.cookies (renamed to u->headers_in.set_cookie).
The r->headers_in.cookies and u->headers_in.cookies fields were renamed
to r->headers_in.cookie and u->headers_in.set_cookie to match header names.
The ngx_http_parse_multi_header_lines() and ngx_http_parse_set_cookie_lines()
functions were changed accordingly.
With this change, multi headers are now essentially equivalent to normal
headers, and following changes will further make them equivalent.
|
|
Previously, AF_UNIX client addresses were handled as AF_INET, leading
to unexpected results.
|
|
If the geo block parser has failed, doing more things is pointless.
|
|
If during configuration parsing of the geo directive the memory
allocation has failed, pool used to parse configuration inside
the block, and sometimes the temporary pool were not destroyed.
|
|
Pass NGX_FILE_OPEN to ngx_open_file() to fix "The parameter is incorrect"
error on win32 when using the ssl_session_ticket_key directive or loading
a binary geo base. On UNIX, this change is a no-op.
|
|
|
|
|
|
geo $geo {
ranges;
10.0.0.0-10.0.0.255 test;
delete 10.0.1.0-10.0.1.255; # should warn
delete 10.0.0.0-10.0.0.255;
delete 10.0.0.0-10.0.0.255; # should warn
}
|
|
|
|
If the range includes two or more /16 networks and does
not start at the /16 boundary, the last subrange was not
removed (see 91cff7f97a50 for details).
|
|
|
|
Previously, in "ranges" mode when all added ranges were deleted,
the ctx.high.low[i] was left pointing to a temporary array.
|
|
Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
|
|
While ngx_get_full_name() might have a bit more descriptive arguments,
the ngx_conf_full_name() is generally easier to use when parsing
configuration and limits exposure of cycle->prefix / cycle->conf_prefix
details.
|
|
The ngx_get_full_name() function takes more readable arguments list.
|
|
|
|
|
|
|
|
Previously, "default" was equivalent to specifying 0.0.0.0/0, now
it's equivalent to specifying both 0.0.0.0/0 and ::/0 (if support
for IPv6 is enabled) with the same value.
|
|
|
|
The "ranges" mode is still limited to IPv4 only.
|
|
|
|
If 0.0.0.0/32 entry was present and there was no explicit "default",
we failed to add an empty string as a default value.
|
|
|
|
Added variable name syntax checks to "geo" and "map" directives.
|
|
The following configuration returned an empty value for $geo:
geo $geo {
ranges;
default default;
}
|
|
|
|
and "perl_set" directives.
|
|
(closes #201).
|
|
The bug had appeared in 0.8.43 (r3653). Patch by Weibin Yao.
|
|
user visible part.
|
|
The module now supports recursive search of client address through
the chain of trusted proxies, controlled by the "proxy_recursive"
directive in the "geo" block. It also gets partial IPv6 support:
now proxies may be specified with IPv6 addresses.
Example:
geo $test {
...
proxy 127.0.0.1;
proxy ::1;
proxy_recursive;
}
There's also a slight change in behavior. When original client
address (as specified by the "geo" directive) is one of the
trusted proxies, and the value of the X-Forwarded-For request
header cannot not be parsed as a valid address, an original client
address will be used for lookup. Previously, 255.255.255.255 was
used in this case.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
this change saves about 70K/140K on 32/64-bit platforms
|
|
|
|
|
|
|
|
and does not begin at /16 network boundary
|
