Commit Graph

8309 Commits

Author SHA1 Message Date
Roman Arutyunyan
b1a2b3ebdf Version bump. 2024-03-21 17:06:21 +04:00
Sergey Kandaurov
ef96f58354 release-1.25.4 tag 2024-02-14 20:03:00 +04:00
Sergey Kandaurov
c8b288cd8a nginx-1.25.4-RELEASE 2024-02-14 15:55:46 +04:00
Sergey Kandaurov
4bef3c3367 Updated OpenSSL and zlib used for win32 builds. 2024-02-14 15:55:42 +04:00
Roman Arutyunyan
5818f8a669 QUIC: fixed stream cleanup (ticket #2586).
Stream connection cleanup handler ngx_quic_stream_cleanup_handler() calls
ngx_quic_shutdown_stream() after which it resets the pointer from quic stream
to the connection (sc->connection = NULL).  Previously if this call failed,
sc->connection retained the old value, while the connection was freed by the
application code.  This resulted later in a second attempt to close the freed
connection, which lead to allocator double free error.

The fix is to reset the sc->connection pointer in case of error.
2024-02-14 15:55:37 +04:00
Sergey Kandaurov
5902baf680 QUIC: trial packet decryption in response to invalid key update.
Inspired by RFC 9001, Section 6.3, trial packet decryption with the current
keys is now used to avoid a timing side-channel signal.  Further, this fixes
segfault while accessing missing next keys (ticket #2585).
2024-02-14 15:55:34 +04:00
Roman Arutyunyan
ed47f72a85 QUIC: fixed unsent MTU probe acknowledgement.
Previously if an MTU probe send failed early in ngx_quic_frame_sendto()
due to allocation error or congestion control, the application level packet
number was not increased, but was still saved as MTU probe packet number.
Later when a packet with this number was acknowledged, the unsent MTU probe
was acknowledged as well.  This could result in discovering a bigger MTU than
supported by the path, which could lead to EMSGSIZE (Message too long) errors
while sending further packets.

The problem existed since PMTUD was introduced in 58afcd72446f (1.25.2).
Back then only the unlikely memory allocation error could trigger it.  However
in efcdaa66df2e congestion control was added to ngx_quic_frame_sendto() which
can now trigger the issue with a higher probability.
2024-02-14 16:56:28 +04:00
Sergey Kandaurov
71a0a4acdb HTTP/3: added more compatibility checks for "listen ... quic".
Now "fastopen", "backlog", "accept_filter", "deferred", and "so_keepalive"
parameters are not allowed with "quic" in the "listen" directive.

Reported by Izorkin.
2024-01-30 19:19:26 +04:00
Sergey Kandaurov
2a10e48620 SSL: fixed $ssl_curves allocation error handling. 2024-01-30 19:18:31 +04:00
Sergey Kandaurov
771cf15704 Year 2024. 2024-01-30 19:14:16 +04:00
Maxim Dounin
6f2059147f Upstream: fixed usage of closed sockets with filter finalization.
When filter finalization is triggered when working with an upstream server,
and error_page redirects request processing to some simple handler,
ngx_http_request_finalize() triggers request termination when the response
is sent.  In particular, via the upstream cleanup handler, nginx will close
the upstream connection and the corresponding socket.

Still, this can happen to be with ngx_event_pipe() on stack.  While
the code will set p->downstream_error due to NGX_ERROR returned from the
output filter chain by filter finalization, otherwise the error will be
ignored till control returns to ngx_http_upstream_process_request().
And event pipe might try reading from the (already closed) socket, resulting
in "readv() failed (9: Bad file descriptor) while reading upstream" errors
(or even segfaults with SSL).

Such errors were seen with the following configuration:

    location /t2 {
        proxy_pass http://127.0.0.1:8080/big;

        image_filter_buffer 10m;
        image_filter   resize  150 100;
        error_page     415   = /empty;
    }

    location /empty {
        return 204;
    }

    location /big {
        # big enough static file
    }

Fix is to clear p->upstream in ngx_http_upstream_finalize_request(),
and ensure that p->upstream is checked in ngx_event_pipe_read_upstream()
and when handling events at ngx_event_pipe() exit.
2024-01-30 03:20:10 +03:00
Maxim Dounin
c251961c41 Fixed request termination with AIO and subrequests (ticket #2555).
When a request was terminated due to an error via ngx_http_terminate_request()
while an AIO operation was running in a subrequest, various issues were
observed.  This happened because ngx_http_request_finalizer() was only set
in the subrequest where ngx_http_terminate_request() was called, but not
in the subrequest where the AIO operation was running.  After completion
of the AIO operation normal processing of the subrequest was resumed, leading
to issues.

In particular, in case of the upstream module, termination of the request
called upstream cleanup, which closed the upstream connection.  Attempts to
further work with the upstream connection after AIO operation completion
resulted in segfaults in ngx_ssl_recv(), "readv() failed (9: Bad file
descriptor) while reading upstream" errors, or socket leaks.

In ticket #2555, issues were observed with the following configuration
with cache background update (with thread writing instrumented to
introduce a delay, when a client closes the connection during an update):

    location = /background-and-aio-write {
        proxy_pass ...
        proxy_cache one;
        proxy_cache_valid 200 1s;
        proxy_cache_background_update on;
        proxy_cache_use_stale updating;
        aio threads;
        aio_write on;
        limit_rate 1000;
    }

Similarly, the same issue can be seen with SSI, and can be caused by
errors in subrequests, such as in the following configuration
(where "/proxy" uses AIO, and "/sleep" returns 444 after some delay,
causing request termination):

    location = /ssi-active-boom {
        ssi on;
        ssi_types *;
        return 200 '
                   <!--#include virtual="/proxy" -->
                   <!--#include virtual="/sleep" -->
                   ';
        limit_rate 1000;
    }

Or the same with both AIO operation and the error in non-active subrequests
(which needs slightly different handling, see below):

    location = /ssi-non-active-boom {
        ssi on;
        ssi_types *;
        return 200 '
                   <!--#include virtual="/static" -->
                   <!--#include virtual="/proxy" -->
                   <!--#include virtual="/sleep" -->
                   ';
        limit_rate 1000;
    }

Similarly, issues can be observed with just static files.  However,
with static files potential impact is limited due to timeout safeguards
in ngx_http_writer(), and the fact that c->error is set during request
termination.

In a simple configuration with an AIO operation in the active subrequest,
such as in the following configuration, the connection is closed right
after completion of the AIO operation anyway, since ngx_http_writer()
tries to write to the connection and fails due to c->error set:

    location = /ssi-active-static-boom {
        ssi on;
        ssi_types *;
        return 200 '
                   <!--#include virtual="/static-aio" -->
                   <!--#include virtual="/sleep" -->
                   ';
        limit_rate 1000;
    }

In the following configuration, with an AIO operation in a non-active
subrequest, the connection is closed only after send_timeout expires:

    location = /ssi-non-active-static-boom {
        ssi on;
        ssi_types *;
        return 200 '
                   <!--#include virtual="/static" -->
                   <!--#include virtual="/static-aio" -->
                   <!--#include virtual="/sleep" -->
                   ';
        limit_rate 1000;
    }

Fix is to introduce r->main->terminated flag, which is to be checked
by AIO event handlers when the r->main->blocked counter is decremented.
When the flag is set, handlers are expected to wake up the connection
instead of the subrequest (which might be already cleaned up).

Additionally, now ngx_http_request_finalizer() is always set in the
active subrequest, so waking up the connection properly finalizes the
request even if termination happened in a non-active subrequest.
2024-01-30 03:20:05 +03:00
Maxim Dounin
b794465178 AIO operations now add timers (ticket #2162).
Each AIO (thread IO) operation being run is now accompanied with 1-minute
timer.  This timer prevents unexpected shutdown of the worker process while
an AIO operation is running, and logs an alert if the operation is running
for too long.

This fixes "open socket left" alerts during worker processes shutdown
due to pending AIO (or thread IO) operations while corresponding requests
have no timers.  In particular, such errors were observed while reading
cache headers (ticket #2162), and with worker_shutdown_timeout.
2024-01-29 10:31:37 +03:00
Maxim Dounin
cc4c3ee0a4 Silenced complaints about socket leaks on forced termination.
When graceful shutdown was requested, and then nginx was forced to
do fast shutdown, it used to (incorrectly) complain about open sockets
left in connections which weren't yet closed when fast shutdown
was requested.

Fix is to avoid complaining about open sockets when fast shutdown was
requested after graceful one.  Abnormal termination, if requested with
the WINCH signal, can still happen though.
2024-01-29 10:29:39 +03:00
Sergey Kandaurov
f255815f5d SSL: reasonable version for LibreSSL adjusted.
OPENSSL_VERSION_NUMBER is now redefined to 0x1010000fL for LibreSSL 3.5.0
and above.  Building with older LibreSSL versions, such as 2.8.0, may now
produce warnings (see cab37803ebb3) and may require appropriate compiler
options to suppress them.

Notably, this allows to start using SSL_get0_verified_chain() appeared
in OpenSSL 1.1.0 and LibreSSL 3.5.0, without additional macro tests.

Prodded by Ilya Shipitsin.
2023-12-25 21:15:48 +04:00
Sergey Kandaurov
d7923960a8 SSL: disabled renegotiation checks with LibreSSL.
Similar to 7356:e3ba4026c02d, as long as SSL_OP_NO_CLIENT_RENEGOTIATION
is defined, it is the library responsibility to prevent renegotiation.

Additionally, this allows to raise LibreSSL version used to redefine
OPENSSL_VERSION_NUMBER to 0x1010000fL, such that this won't result in
attempts to dereference SSL objects made opaque in LibreSSL 3.4.0.

Patch by Maxim Dounin.
2023-12-25 21:15:47 +04:00
J Carter
c0134ded9f Win32: extended ngx_random() range to 0x7fffffff.
rand() is used on win32. RAND_MAX is implementation defined. win32's is
0x7fff.

Existing uses of ngx_random() rely upon 0x7fffffff range provided by
POSIX implementations of random().
2023-12-09 08:38:14 +00:00
Sergey Kandaurov
5e74324284 QUIC: fixed format specifier after a6f79f044de5. 2023-12-16 03:40:01 +04:00
Sergey Kandaurov
386329d3cf QUIC: path aware in-flight bytes accounting.
On-packet acknowledgement is made path aware, as per RFC 9000, Section 9.4:
    Packets sent on the old path MUST NOT contribute to congestion control
    or RTT estimation for the new path.

To make this possible in a single congestion control context, the first packet
to be sent after the new path has been validated, which includes resetting the
congestion controller and RTT estimator, is now remembered in the connection.
Packets sent previously, such as on the old path, are not taken into account.

Note that although the packet number is saved per-connection, the added checks
affect application level packets only.  For non-application level packets,
which are only processed prior to the handshake is complete, the remembered
packet number remains set to zero.
2023-12-12 20:21:12 +04:00
Sergey Kandaurov
4ee2a48f3f QUIC: reset RTT estimator for the new path.
RTT is a property of the path, it must be reset on confirming a peer's
ownership of its new address.
2023-12-12 20:20:51 +04:00
Roman Arutyunyan
c1efb3a725 QUIC: path revalidation after expansion failure.
As per RFC 9000, Section 8.2.1:

    When an endpoint is unable to expand the datagram size to 1200 bytes due
    to the anti-amplification limit, the path MTU will not be validated.
    To ensure that the path MTU is large enough, the endpoint MUST perform a
    second path validation by sending a PATH_CHALLENGE frame in a datagram of
    at least 1200 bytes.
2023-11-29 10:58:21 +04:00
Roman Arutyunyan
209e8bc0c0 QUIC: ngx_quic_frame_t time fields cleanup.
The field "first" is removed.  It's unused since 909b989ec088.
The field "last" is renamed to "send_time".  It holds frame send time.
2023-11-30 15:03:06 +04:00
Roman Arutyunyan
ccca701dc6 QUIC: congestion control in ngx_quic_frame_sendto().
Previously ngx_quic_frame_sendto() ignored congestion control and did not
contribute to in_flight counter.

Now congestion control window is checked unless ignore_congestion flag is set.
Also, in_flight counter is incremented and the frame is stored in ctx->sent
queue if it's ack-eliciting.  This behavior is now similar to
ngx_quic_output_packet().
2023-11-29 21:41:29 +04:00
Roman Arutyunyan
0c0f340554 QUIC: ignore duplicate PATH_CHALLENGE frames.
According to RFC 9000, an endpoint SHOULD NOT send multiple PATH_CHALLENGE
frames in a single packet.  The change adds a check to enforce this claim to
optimize server behavior.  Previously each PATH_CHALLENGE always resulted in a
single response datagram being sent to client.  The effect of this was however
limited by QUIC flood protection.

Also, PATH_CHALLENGE is explicitly disabled in Initial and Handshake levels,
see RFC 9000, Table 3.  However, technically it may be sent by client in 0-RTT
over a new path without actual migration, even though the migration itself is
prohibited during handshake.  This allows client to coalesce multiple 0-RTT
packets each carrying a PATH_CHALLENGE and end up with multiple PATH_CHALLENGEs
per datagram.  This again leads to suboptimal behavior, see above.  Since the
purpose of sending PATH_CHALLENGE frames in 0-RTT is unclear, these frames are
now only allowed in 1-RTT.  For 0-RTT they are silently ignored.
2023-11-22 14:48:12 +04:00
Roman Arutyunyan
6c78bb9bb1 QUIC: fixed anti-amplification with explicit send.
Previously, when using ngx_quic_frame_sendto() to explicitly send a packet with
a single frame, anti-amplification limit was not properly enforced.  Even when
there was no quota left for the packet, it was sent anyway, but with no padding.
Now the packet is not sent at all.

This function is called to send PATH_CHALLENGE/PATH_RESPONSE, PMTUD and probe
packets.  For all these cases packet send is retried later in case the send was
not successful.
2023-11-22 14:52:21 +04:00
Roman Arutyunyan
0efe8db1d0 QUIC: avoid partial expansion of PATH_CHALLENGE/PATH_RESPONSE.
By default packets with these frames are expanded to 1200 bytes.  Previously,
if anti-amplification limit did not allow this expansion, it was limited to
whatever size was allowed.  However RFC 9000 clearly states no partial
expansion should happen in both cases.

    Section 8.2.1.  Initiating Path Validation:

    An endpoint MUST expand datagrams that contain a PATH_CHALLENGE frame
    to at least the smallest allowed maximum datagram size of 1200 bytes,
    unless the anti-amplification limit for the path does not permit
    sending a datagram of this size.

    Section 8.2.2. Path Validation Responses:

    An endpoint MUST expand datagrams that contain a PATH_RESPONSE frame
    to at least the smallest allowed maximum datagram size of 1200 bytes.
    ...
    However, an endpoint MUST NOT expand the datagram containing the
    PATH_RESPONSE if the resulting data exceeds the anti-amplification limit.
2023-11-29 18:13:25 +04:00
Vladimir Khomutov
d8fa024ef1 HTTP: uniform checks in ngx_http_alloc_large_header_buffer().
If URI is not fully parsed yet, some pointers are not set.  As a result,
the calculation of "new + (ptr - old)" expression is flawed.

According to C11, 6.5.6 Additive operators, p.9:

: When two pointers are subtracted, both shall point to elements
: of the same array object, or one past the last element of the
: array object

Since "ptr" is not set, subtraction leads to undefined behaviour, because
"ptr" and "old" are not in the same buffer (i.e. array objects).

Prodded by GCC undefined behaviour sanitizer.
2023-11-29 11:13:05 +03:00
Vladimir Khomutov
0db94ba96a HTTP: removed unused r->port_start and r->port_end.
Neither r->port_start nor r->port_end were ever used.

The r->port_end is set by the parser, though it was never used by
the following code (and was never usable, since not copied by the
ngx_http_alloc_large_header_buffer() without r->port_start set).
2023-11-28 12:57:14 +03:00
Sergey Kandaurov
f9a25736fd HTTP/3: added Huffman decoding error logging. 2023-11-14 15:26:02 +04:00
Sergey Kandaurov
6a4eb51f5e Adjusted Huffman coding debug logging, missed in 7977:336084ff943b.
Spotted by XingY Wang.
2023-11-14 14:50:03 +04:00
Vladimir Khomutov
a13ed7f5ed QUIC: improved packet and frames debug tracing.
Currently, packets generated by ngx_quic_frame_sendto() and
ngx_quic_send_early_cc() are not logged, thus making it hard
to read logs due to gaps appearing in packet numbers sequence.

At frames level, it is handy to see immediately packet number
in which they arrived or being sent.
2023-10-26 23:35:09 +03:00
Sergey Kandaurov
1f1bc17ba8 Version bump. 2023-10-27 01:29:28 +04:00
Maxim Dounin
eb62c7f629 release-1.25.3 tag 2023-10-24 16:46:47 +03:00
Maxim Dounin
b8fb83b8d2 nginx-1.25.3-RELEASE 2023-10-24 16:46:46 +03:00
Maxim Dounin
80a620a2f3 Updated OpenSSL and zlib used for win32 builds. 2023-10-23 21:50:26 +03:00
Sergey Kandaurov
b19bc2e0fa HTTP/2: fixed buffer management with HTTP/2 auto-detection.
As part of normal HTTP/2 processing, incomplete frames are saved in the
control state using a fixed size memcpy of NGX_HTTP_V2_STATE_BUFFER_SIZE.
For this matter, two state buffers are reserved in the HTTP/2 recv buffer.

As part of HTTP/2 auto-detection on plain TCP connections, initial data
is first read into a buffer specified by the client_header_buffer_size
directive that doesn't have state reservation.  Previously, this made it
possible to over-read the buffer as part of saving the state.

The fix is to read the available buffer size rather than a fixed size.
Although memcpy of a fixed size can produce a better optimized code,
handling of incomplete frames isn't a common execution path, so it was
sacrificed for the sake of simplicity of the fix.
2023-10-21 18:48:24 +04:00
Sergey Kandaurov
31620d1a89 QUIC: explicitly zero out unused keying material. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
b94f1fbee3 QUIC: removed key field from ngx_quic_secret_t.
It is made local as it is only needed now when creating crypto context.

BoringSSL lacks EVP interface for ChaCha20, providing instead
a function for one-shot encryption, thus hp is still preserved.

Based on a patch by Roman Arutyunyan.
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
01bd8caceb QUIC: simplified ngx_quic_ciphers() API.
After conversion to reusable crypto ctx, now there's enough caller
context to remove the "level" argument from ngx_quic_ciphers().
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
d15f8f2c85 QUIC: cleaned up now unused ngx_quic_ciphers() calls. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
4f60ee789e QUIC: reusing crypto contexts for header protection. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
52d50714eb QUIC: common code for crypto open and seal operations. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
80a695add8 QUIC: reusing crypto contexts for packet protection. 2023-10-20 18:05:07 +04:00
Sergey Kandaurov
885a02696e QUIC: renamed protection functions.
Now these functions have names ngx_quic_crypto_XXX():

  - ngx_quic_tls_open() -> ngx_quic_crypto_open()
  - ngx_quic_tls_seal() -> ngx_quic_crypto_seal()
  - ngx_quic_tls_hp() -> ngx_quic_crypto_hp()
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
8e1217c46d QUIC: prevented generating ACK frames with discarded keys.
Previously it was possible to generate ACK frames using formally discarded
protection keys, in particular, when acknowledging a client Handshake packet
used to complete the TLS handshake and to discard handshake protection keys.
As it happens late in packet processing, it could be possible to generate ACK
frames after the keys were already discarded.

ACK frames are generated from ngx_quic_ack_packet(), either using a posted
push event, which envolves ngx_quic_generate_ack() as a part of the final
packet assembling, or directly in ngx_quic_ack_packet(), such as when there
is no room to add a new ACK range or when the received packet is out of order.
The added keys availability check is used to avoid generating late ACK frames
in both cases.
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
fffd2823ba QUIC: added safety belt to prevent using discarded keys.
In addition to triggering alert, it ensures that such packets won't be sent.

With the previous change that marks server keys as discarded by zeroing the
key lengh, it is now an error to send packets with discarded keys.  OpenSSL
based stacks tolerate such behaviour because key length isn't used in packet
protection, but BoringSSL will raise the UNSUPPORTED_KEY_SIZE cipher error.
It won't be possible to use discarded keys with reused crypto contexts as it
happens in subsequent changes.
2023-10-20 18:05:07 +04:00
Sergey Kandaurov
cd5f4cd8d3 QUIC: split keys availability checks to read and write sides.
Keys may be released by TLS stack in different times, so it makes sense
to check this independently as well.  This allows to fine-tune what key
direction is used when checking keys availability.

When discarding, server keys are now marked in addition to client keys.
2023-08-31 19:54:10 +04:00
Maxim Dounin
c93cb45ae3 Core: changed ngx_queue_sort() to use merge sort.
This improves nginx startup times significantly when using very large number
of locations due to computational complexity of the sorting algorithm being
used: insertion sort is O(n*n) on average, while merge sort is O(n*log(n)).
In particular, in a test configuration with 20k locations total startup
time is reduced from 8 seconds to 0.9 seconds.

Prodded by Yusuke Nojima,
https://mailman.nginx.org/pipermail/nginx-devel/2023-September/NUL3Y2FPPFSHMPTFTL65KXSXNTX3NQMK.html
2023-10-18 04:30:11 +03:00
Maxim Dounin
284a0c7377 Core: fixed memory leak on configuration reload with PCRE2.
In ngx_regex_cleanup() allocator wasn't configured when calling
pcre2_compile_context_free() and pcre2_match_data_free(), resulting
in no ngx_free() call and leaked memory.  Fix is ensure that allocator
is configured for global allocations, so that ngx_free() is actually
called to free memory.

Additionally, ngx_regex_compile_context was cleared in
ngx_regex_module_init().  It should be either not cleared, so it will
be freed by ngx_regex_cleanup(), or properly freed.  Fix is to
not clear it, so ngx_regex_cleanup() will be able to free it.

Reported by ZhenZhong Wu,
https://mailman.nginx.org/pipermail/nginx-devel/2023-September/3Z5FIKUDRN2WBSL3JWTZJ7SXDA6YIWPB.html
2023-10-17 02:39:38 +03:00
Maxim Dounin
6ceef192e7 HTTP/2: per-iteration stream handling limit.
To ensure that attempts to flood servers with many streams are detected
early, a limit of no more than 2 * max_concurrent_streams new streams per one
event loop iteration was introduced.  This limit is applied even if
max_concurrent_streams is not yet reached - for example, if corresponding
streams are handled synchronously or reset.

Further, refused streams are now limited to maximum of max_concurrent_streams
and 100, similarly to priority_limit initial value, providing some tolerance
to clients trying to open several streams at the connection start, yet
low tolerance to flooding attempts.
2023-10-10 15:13:39 +03:00