From d7483bf1af704c1ef55e706ed3e44a09ee1e1f9b Mon Sep 17 00:00:00 2001 From: Roman Arutyunyan Date: Thu, 3 Nov 2022 15:52:55 +0400 Subject: Version bump. --- src/core/nginx.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/core') diff --git a/src/core/nginx.h b/src/core/nginx.h index a7571cdf3..f4e9d7c91 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1023002 -#define NGINX_VERSION "1.23.2" +#define nginx_version 1023003 +#define NGINX_VERSION "1.23.3" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD -- cgit From 7600ca028644d3ecc7e62499d71bbe21fe3bda0d Mon Sep 17 00:00:00 2001 From: Roman Arutyunyan Date: Wed, 2 Nov 2022 13:46:16 +0400 Subject: Increased maximum read PROXY protocol header size. Maximum size for reading the PROXY protocol header is increased to 4096 to accommodate a bigger number of TLVs, which are supported since cca4c8a715de. Maximum size for writing the PROXY protocol header is not changed since only version 1 is currently supported. --- src/core/ngx_proxy_protocol.c | 2 +- src/core/ngx_proxy_protocol.h | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'src/core') diff --git a/src/core/ngx_proxy_protocol.c b/src/core/ngx_proxy_protocol.c index 2d9c095b1..212763647 100644 --- a/src/core/ngx_proxy_protocol.c +++ b/src/core/ngx_proxy_protocol.c @@ -281,7 +281,7 @@ ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last) { ngx_uint_t port, lport; - if (last - buf < NGX_PROXY_PROTOCOL_MAX_HEADER) { + if (last - buf < NGX_PROXY_PROTOCOL_V1_MAX_HEADER) { return NULL; } diff --git a/src/core/ngx_proxy_protocol.h b/src/core/ngx_proxy_protocol.h index 7d9d3eb70..d1749f57b 100644 --- a/src/core/ngx_proxy_protocol.h +++ b/src/core/ngx_proxy_protocol.h @@ -13,7 +13,8 @@ #include -#define NGX_PROXY_PROTOCOL_MAX_HEADER 107 +#define NGX_PROXY_PROTOCOL_V1_MAX_HEADER 107 +#define NGX_PROXY_PROTOCOL_MAX_HEADER 4096 struct ngx_proxy_protocol_s { -- cgit From fbe42d46312a87ee24f9038f26876a95c7abab34 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Tue, 8 Nov 2022 12:48:19 +0300 Subject: Added logging to PROXY protocol write buffer check. The check is not expected to fail unless there is a bug in the calling code. But given the check is here, it should log an alert if it fails instead of silently closing the connection. --- src/core/ngx_proxy_protocol.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src/core') diff --git a/src/core/ngx_proxy_protocol.c b/src/core/ngx_proxy_protocol.c index 212763647..8d3bd01d9 100644 --- a/src/core/ngx_proxy_protocol.c +++ b/src/core/ngx_proxy_protocol.c @@ -282,6 +282,8 @@ ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, u_char *last) ngx_uint_t port, lport; if (last - buf < NGX_PROXY_PROTOCOL_V1_MAX_HEADER) { + ngx_log_error(NGX_LOG_ALERT, c->log, 0, + "too small buffer for PROXY protocol"); return NULL; } -- cgit From 67e2a6916170f126a078bf7499a9a02c994e2f6d Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Tue, 8 Nov 2022 12:48:21 +0300 Subject: Fixed PROXY protocol to use ngx_memcpy()/ngx_memcmp(). --- src/core/ngx_proxy_protocol.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src/core') diff --git a/src/core/ngx_proxy_protocol.c b/src/core/ngx_proxy_protocol.c index 8d3bd01d9..49888b986 100644 --- a/src/core/ngx_proxy_protocol.c +++ b/src/core/ngx_proxy_protocol.c @@ -109,7 +109,7 @@ ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, u_char *last) len = last - buf; if (len >= sizeof(ngx_proxy_protocol_header_t) - && memcmp(p, signature, sizeof(signature) - 1) == 0) + && ngx_memcmp(p, signature, sizeof(signature) - 1) == 0) { return ngx_proxy_protocol_v2_read(c, buf, last); } @@ -396,11 +396,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last) src_sockaddr.sockaddr_in.sin_family = AF_INET; src_sockaddr.sockaddr_in.sin_port = 0; - memcpy(&src_sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); + ngx_memcpy(&src_sockaddr.sockaddr_in.sin_addr, in->src_addr, 4); dst_sockaddr.sockaddr_in.sin_family = AF_INET; dst_sockaddr.sockaddr_in.sin_port = 0; - memcpy(&dst_sockaddr.sockaddr_in.sin_addr, in->dst_addr, 4); + ngx_memcpy(&dst_sockaddr.sockaddr_in.sin_addr, in->dst_addr, 4); pp->src_port = ngx_proxy_protocol_parse_uint16(in->src_port); pp->dst_port = ngx_proxy_protocol_parse_uint16(in->dst_port); @@ -423,11 +423,11 @@ ngx_proxy_protocol_v2_read(ngx_connection_t *c, u_char *buf, u_char *last) src_sockaddr.sockaddr_in6.sin6_family = AF_INET6; src_sockaddr.sockaddr_in6.sin6_port = 0; - memcpy(&src_sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); + ngx_memcpy(&src_sockaddr.sockaddr_in6.sin6_addr, in6->src_addr, 16); dst_sockaddr.sockaddr_in6.sin6_family = AF_INET6; dst_sockaddr.sockaddr_in6.sin6_port = 0; - memcpy(&dst_sockaddr.sockaddr_in6.sin6_addr, in6->dst_addr, 16); + ngx_memcpy(&dst_sockaddr.sockaddr_in6.sin6_addr, in6->dst_addr, 16); pp->src_port = ngx_proxy_protocol_parse_uint16(in6->src_port); pp->dst_port = ngx_proxy_protocol_parse_uint16(in6->dst_port); -- cgit From e8da064e0d16527a994ec7e3b2937363804b8e30 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Wed, 30 Nov 2022 18:01:43 +0300 Subject: Fixed alignment of ngx_memmove()/ngx_movemem() macro definitions. --- src/core/ngx_string.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/core') diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h index 0fb9be72e..4378b649c 100644 --- a/src/core/ngx_string.h +++ b/src/core/ngx_string.h @@ -140,8 +140,8 @@ ngx_copy(u_char *dst, u_char *src, size_t len) #endif -#define ngx_memmove(dst, src, n) (void) memmove(dst, src, n) -#define ngx_movemem(dst, src, n) (((u_char *) memmove(dst, src, n)) + (n)) +#define ngx_memmove(dst, src, n) (void) memmove(dst, src, n) +#define ngx_movemem(dst, src, n) (((u_char *) memmove(dst, src, n)) + (n)) /* msvc and icc7 compile memcmp() to the inline loop */ -- cgit From a77cef0995fb29af6602dcdeb560755443cb2cca Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Wed, 30 Nov 2022 18:01:53 +0300 Subject: Removed casts from ngx_memcmp() macro. Casts are believed to be not needed, since memcmp() has "const void *" arguments since introduction of the "void" type in C89. And on pre-C89 platforms nginx is unlikely to compile without warnings anyway, as there are no casts in memcpy() and memmove() calls. These casts were added in 1648:89a47f19b9ec without any details on why they were added, and Igor does not remember details either. The most plausible explanation is that they were copied from ngx_strcmp() and were not really needed even at that time. Prodded by Alejandro Colomar. --- src/core/ngx_string.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/core') diff --git a/src/core/ngx_string.h b/src/core/ngx_string.h index 4378b649c..713eb42a7 100644 --- a/src/core/ngx_string.h +++ b/src/core/ngx_string.h @@ -145,7 +145,7 @@ ngx_copy(u_char *dst, u_char *src, size_t len) /* msvc and icc7 compile memcmp() to the inline loop */ -#define ngx_memcmp(s1, s2, n) memcmp((const char *) s1, (const char *) s2, n) +#define ngx_memcmp(s1, s2, n) memcmp(s1, s2, n) u_char *ngx_cpystrn(u_char *dst, u_char *src, size_t n); -- cgit