| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
After introduction of chunked request body reading support in 1.3.9 (r4931),
the rb->bufs wasn't set if request body was fully preread while calling the
ngx_http_read_client_request_body() function.
Reported by Yichun Zhang (agentzh).
|
|
If write events are not blocked, an extra write event might happen for
various reasons (e.g. as a result of a http pipelining), resulting in
incorrect body being passed to a post handler.
The problem manifested itself with the dav module only, as this is
the only module which reads the body from a content phase handler (in
contrast to exclusive content handlers like proxy). Additionally, dav
module used to dump core in such situations due to ticket #238.
See reports here:
http://mailman.nginx.org/pipermail/nginx-devel/2012-November/002981.html
http://serverfault.com/questions/449195/nginx-webdav-server-with-auth-request
|
|
Negative rb->rest can't happen with current code, but it's good to have
it handled anyway.
Found by Coverity (CID 744846, 744847, 744848).
|
|
While discarding chunked request body in some cases after detecting
request body corruption no error was returned, while it was possible
to correctly return 400 Bad Request. If error is detected too late,
make sure to properly close connection.
Additionally, in ngx_http_special_response_handler() don't return body
of 500 Internal Server Error to a client if ngx_http_discard_request_body()
fails, but disable keepalive and continue.
|
|
Even if there is no preread data, make sure to always call
ngx_http_discard_request_body_filter() in case of chunked request
body to initialize r->headers_in.content_length_n for later use.
|
|
|
|
|
|
An attempt to call ngx_handle_read_event() before actually reading
data from a socket might result in read event being disabled, which is
wrong. Catched by body.t test on Solaris.
|
|
The r->main->count reference counter was always incremented in
ngx_http_read_client_request_body(), while it is only needs to be
incremented on positive returns.
|
|
The r->request_body_in_file_only with empty body case is now handled in
ngx_http_write_request_body().
|
|
|
|
|
|
Read event should be blocked after reading body, else undefined behaviour
might occur on additional client activity. This fixes segmentation faults
observed with proxy_ignore_client_abort set.
|
|
If there were preread data and request body was big enough first part
of the request body was duplicated.
See report here:
http://mailman.nginx.org/pipermail/nginx/2011-July/027756.html
|
|
Previously all available data was used as body, resulting in garbage after
real body e.g. in case of pipelined requests. Make sure to use only as many
bytes as request's Content-Length specifies.
|
|
ngx_http_test_reading(), the bug was introduced in r3050
|
|
|
|
|
|
ngx_http_set_lingering_close() while request cleanup
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
in one packet and connection went to keep-alive state
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
and introduce "client_body_in_file_only clean"
introduce ngx_pool_delete_file() to not break a possible third-party
ngx_pool_cleanup_file() usage that may lead to an removal of the useful files
delete unnecessary ngx_http_finalize_request_body()
|
|
|
|
the body will be written to file
|
|
|
|
|
|
|
|
*) Change in internal API: the HTTP modules initialization was moved
from the init module phase to the HTTP postconfiguration phase.
*) Change: now the request body is not read beforehand for the
ngx_http_perl_module: it's required to start the reading using the
$r->has_request_body method.
*) Feature: the ngx_http_perl_module supports the DECLINED return code.
*) Feature: the ngx_http_dav_module supports the incoming "Date" header
line for the PUT method.
*) Feature: the "ssi" directive is available inside the "if" block.
*) Bugfix: a segmentation fault occurred if there was an "index"
directive with variables and the first index name was without
variables; the bug had appeared in 0.1.29.
|
|
*) Feature: the "error_page" directive supports the variables.
*) Change: now the procfs interface instead of sysctl is used on Linux.
*) Change: now the "Content-Type" header line is inherited from first
response when the "X-Accel-Redirect" was used.
*) Bugfix: the "error_page" directive did not redirect the 413 error.
*) Bugfix: the trailing "?" did not remove old arguments if no new
arguments were added to a rewritten URI.
*) Bugfix: nginx could not run on 64-bit FreeBSD 7.0-CURRENT.
|
|
*) Feature: the "stub" parameter in the "include" SSI command.
*) Feature: the "block" SSI command.
*) Feature: the unicode2nginx script was added to contrib.
*) Bugfix: if a "root" was specified by variable only, then the root
was relative to a server prefix.
*) Bugfix: if the request contained "//" or "/./" and escaped symbols
after them, then the proxied request was sent unescaped.
*) Bugfix: the $r->headers_in("Cookie") of the ngx_http_perl_module now
returns all "Cookie" header lines.
*) Bugfix: a segmentation fault occurred if
"client_body_in_file_only on" was used and nginx switched to a next
upstream.
*) Bugfix: on some condition while reconfiguration character codes
inside the "charset_map" may be treated invalid; the bug had
appeared in 0.3.50.
|
|
*) Feature: nginx now logs the subrequest information to the error log.
*) Feature: the "proxy_next_upstream", "fastcgi_next_upstream", and
"memcached_next_upstream" directives support the "off" parameter.
*) Feature: the "debug_connection" directive supports the CIDR address
form.
*) Bugfix: if a response of proxied server or FastCGI server was
converted from UTF-8 or back, then it may be transferred incomplete.
*) Bugfix: the $upstream_response_time variable had the time of the
first request to a backend only.
*) Bugfix: nginx could not be built on amd64 platform; the bug had
appeared in 0.3.53.
|
|
*) Change: the "add_header" directive adds the string to 204, 301, and
302 responses.
*) Feature: the "server" directive in the "upstream" context supports
the "weight" parameter.
*) Feature: the "server_name" directive supports the "*" wildcard.
*) Feature: nginx supports the request body size more than 2G.
*) Bugfix: if a client was successfully authorized using "satisfy_any
on", then anyway the message "access forbidden by rule" was written
in the log.
*) Bugfix: the "PUT" method may erroneously not create a file and
return the 409 code.
*) Bugfix: if the IMAP/POP3 backend returned an error, then nginx
continued proxying anyway.
|
|
*) Feature: the ngx_http_dav_module supports the MKCOL method.
*) Feature: the "create_full_put_path" directive.
*) Feature: the "$limit_rate" variable.
|
