Commit Graph

6554 Commits

Author SHA1 Message Date
Thibault Charbonnier
bbb82a736f Upstream: removed unused ngx_http_upstream_conf_t.timeout field. 2017-01-24 17:52:39 -08:00
Vladimir Homutov
20443cae62 Upstream: removed compatibility shims from ngx_http_upstream_t.
The type is no longer modified in NGINX Plus.
2017-01-25 15:39:22 +03:00
Vladimir Homutov
dbb698363b Version bump. 2017-01-26 11:44:55 +03:00
Maxim Dounin
9ccc7ac0e8 release-1.11.9 tag 2017-01-24 17:02:19 +03:00
Maxim Dounin
859d62f66a nginx-1.11.9-RELEASE 2017-01-24 17:02:18 +03:00
Maxim Dounin
a33ec3dabe Updated zlib and PCRE used for win32 builds. 2017-01-24 16:41:29 +03:00
Maxim Dounin
e66073c4d3 Upstream: fixed cache corruption and socket leaks with aio_write.
The ngx_event_pipe() function wasn't called on write events with
wev->delayed set.  As a result, threaded writing results weren't
properly collected in ngx_event_pipe_write_to_downstream() when a
write event was triggered for a completed write.

Further, this wasn't detected, as p->aio was reset by a thread completion
handler, and results were later collected in ngx_event_pipe_read_upstream()
instead of scheduling a new write of additional data.  If this happened
on the last reading from an upstream, last part of the response was never
written to the cache file.

Similar problems might also happen in case of timeouts when writing to
client, as this also results in ngx_event_pipe() not being called on write
events.  In this scenario socket leaks were observed.

Fix is to check if p->writing is set in ngx_event_pipe_read_upstream(), and
therefore collect results of previous write operations in case of read events
as well, similar to how we do so in ngx_event_pipe_write_downstream().
This is enough to fix the wev->delayed case.  Additionally, we now call
ngx_event_pipe() from ngx_http_upstream_process_request() if there are
uncollected write operations (p->writing and !p->aio).  This also fixes
the wev->timedout case.
2017-01-20 21:14:19 +03:00
Maxim Dounin
855f4b1cca Removed pthread mutex / conditional variables debug messages.
These messages doesn't seem to be needed in practice and only make
debugging logs harder to read.
2017-01-20 21:14:18 +03:00
Maxim Dounin
7ca4b6743d Fixed trailer construction with limit on FreeBSD and macOS.
The ngx_chain_coalesce_file() function may produce more bytes to send then
requested in the limit passed, as it aligns the last file position
to send to memory page boundary.  As a result, (limit - send) may become
negative.  This resulted in big positive number when converted to size_t
while calling ngx_output_chain_to_iovec().

Another part of the problem is in ngx_chain_coalesce_file(): it changes cl
to the next chain link even if the current buffer is only partially sent
due to limit.

Therefore, if a file buffer was not expected to be fully sent due to limit,
and was followed by a memory buffer, nginx called sendfile() with a part
of the file buffer, and the memory buffer in trailer.  If there were enough
room in the socket buffer, this resulted in a part of the file buffer being
skipped, and corresponding part of the memory buffer sent instead.

The bug was introduced in 8e903522c17a (1.7.8).  Configurations affected
are ones using limits, that is, limit_rate and/or sendfile_max_chunk, and
memory buffers after file ones (may happen when using subrequests or
with proxying with disk buffering).

Fix is to explicitly check if (send < limit) before constructing trailer
with ngx_output_chain_to_iovec().  Additionally, ngx_chain_coalesce_file()
was modified to preserve unfinished file buffers in cl.
2017-01-20 21:12:48 +03:00
Maxim Dounin
c3ad24da01 Improved connection draining with small number of connections.
Closing up to 32 connections might be too aggressive if worker_connections
is set to a comparable number (and/or there are only a small number of
reusable connections).  If an occasional connection shorage happens in
such a configuration, it leads to closing all reusable connections instead
of gradually reducing keepalive timeout to a smaller value.  To improve
granularity in such configurations we now close no more than 1/8 of all
reusable connections at once.

Suggested by Joel Cunningham.
2017-01-20 14:03:20 +03:00
Maxim Dounin
660e1a5340 Added cycle parameter to ngx_drain_connections().
No functional changes, mostly style.
2017-01-20 14:03:19 +03:00
Vladimir Homutov
620c9a4c44 Stream: client SSL certificates were not checked in some cases.
If ngx_stream_ssl_init_connection() succeeded immediately, the check was not
done.

The bug had appeared in 1.11.8 (41cb1b64561d).
2017-01-19 16:20:07 +03:00
Vladimir Homutov
0ccbe0abe4 Stream: fixed handling of non-ssl sessions.
A missing check could cause ngx_stream_ssl_handler() to be applied
to a non-ssl session, which resulted in a null pointer dereference
if ssl_verify_client is enabled.

The bug had appeared in 1.11.8 (41cb1b64561d).
2017-01-19 16:17:05 +03:00
Sergey Kandaurov
b5a3cc3781 Mail: make it possible to disable SASL EXTERNAL. 2017-01-12 19:22:03 +03:00
Vladimir Homutov
b580770f3a Stream: avoid infinite loop in case of socket read error. 2017-01-11 12:01:56 +03:00
Ruslan Ermilov
bd6d8b5455 Year 2017. 2017-01-10 17:13:06 +03:00
Ruslan Ermilov
72060f4ec8 Version bump. 2017-01-10 17:13:01 +03:00
Maxim Dounin
98a9f80ba9 release-1.11.8 tag 2016-12-27 17:23:08 +03:00
Maxim Dounin
0bda473183 nginx-1.11.8-RELEASE 2016-12-27 17:23:07 +03:00
Roman Arutyunyan
6dae95a7d4 Stream: speed up TCP peer recovery.
Previously, an unavailable peer was considered recovered after a successful
proxy session to this peer.  Until then, only a single client connection per
fail_timeout was allowed to be proxied to the peer.

Since stream sessions can be long, it may take indefinite time for a peer to
recover, limiting the ability of the peer to receive new connections.

Now, a peer is considered recovered after a successful TCP connection is
established to it.  Balancers are notified of this event via the notify()
callback.
2016-12-26 14:27:05 +03:00
Maxim Dounin
77471dbdbb Win32: compatiblity with OpenSSL 1.1.0.
OpenSSL 1.1.0 now uses normal "nmake; nmake install" instead of using
custom "ms\do_ms.bat" script and "ms\nt.mak" makefile.  And Configure
now requires --prefix to be absolute, and no longer derives --openssldir
from prefix (so it's specified explicitly).  Generated libraries are now
called "libcrypto.lib" and "libssl.lib" instead of "libeay32.lib"
and "ssleay32.lib".  Appropriate tests added to support both old and new
variants.

Additionally, openssl/lhash.h now triggers warning C4090 ('function' :
different 'const' qualifiers), so the warning was disabled.
2016-12-24 18:01:14 +03:00
Maxim Dounin
1c2c11fb6f Win32: support 64-bit compilation with MSVC.
There are lots of C4244 warnings (conversion from 'type1' to 'type2',
possible loss of data), so they were disabled.

The same applies to C4267 warnings (conversion from 'size_t' to 'type',
possible loss of data), most notably - conversion from ngx_str_t.len to
ngx_variable_value_t.len (which is unsigned:28).  Additionally, there
is at least one case when it is not possible to fix the warning properly
without introducing win32-specific code: recv() on win32 uses "int len",
while POSIX defines "size_t len".

The ssize_t type now properly defined for 64-bit compilation with MSVC.
Caught by warning C4305 (truncation from '__int64' to 'ssize_t'), on
"cutoff = NGX_MAX_SIZE_T_VALUE / 10" in ngx_atosz()).

Several C4334 warnings (result of 32-bit shift implicitly converted to 64 bits)
were fixed by adding explicit conversions.

Several C4214 warnings (nonstandard extension used: bit field types other
than int) in ngx_http_script.h fixed by changing bit field types from
uintptr_t to unsigned.
2016-12-24 18:01:14 +03:00
Maxim Dounin
c17009ee75 Win32: fixed some warnings reported by Borland C.
Most notably, warning W8012 (comparing signed and unsigned values) reported
in multiple places where an unsigned value of small type (e.g., u_short) is
promoted to an int and compared to an unsigned value.

Warning W8072 (suspicious pointer arithmetic) disabled, it is reported
when we increment base pointer in ngx_shm_alloc().
2016-12-24 18:01:14 +03:00
Maxim Dounin
a43b2c96b2 Win32: minimized redefinition of ssize_t.
All variants of GCC have ssize_t available, there is no need to
redefine it.
2016-12-24 18:01:14 +03:00
Maxim Dounin
751e6a5dae Win32: minimized redefinition of intptr_t/uintptr_t.
These types are available with MSVC (at least since 2003, in stddef.h),
all variants of GCC (in stdint.h) and Watcom C.  We need to define them
only for Borland C.
2016-12-24 18:01:14 +03:00
Maxim Dounin
ca1c3818f7 Win32: stdint.h used for MinGW GCC.
There is no need to restrict stdint.h only to MinGW-w64 GCC, it is
available with MinGW GCC as well.
2016-12-24 18:01:14 +03:00
Maxim Dounin
25fb9595bb Win32: fixed building with newer versions of MinGW GCC.
Macro to indicate that off_t was defined has been changed, so we now
additionally define the new one.
2016-12-24 18:01:14 +03:00
Maxim Dounin
a4c7e7b1db Win32: added a variable to specify compiler.
This allows to set a different one from command line when needed.
For example, to configure nginx with gcc as a compiler one could
use "make -f misc/GNUmakefile win32 CC=gcc".
2016-12-24 18:01:14 +03:00
Maxim Dounin
c2d3d82ccb SSL: support AES256 encryption of tickets.
This implies ticket key size of 80 bytes instead of previously used 48,
as both HMAC and AES keys are 32 bytes now.  When an old 48-byte ticket key
is provided, we fall back to using backward-compatible AES128 encryption.

OpenSSL switched to using AES256 in 1.1.0, and we are providing equivalent
security.  While here, order of HMAC and AES keys was reverted to make
the implementation compatible with keys used by OpenSSL with
SSL_CTX_set_tlsext_ticket_keys().

Prodded by Christian Klinger.
2016-12-23 17:28:20 +03:00
Ruslan Ermilov
f021706729 Fixed missing "Location" field with some relative redirects.
Relative redirects did not work with directory redirects and
auto redirects issued by nginx.
2016-12-22 11:58:52 +03:00
Ruslan Ermilov
dd70e74197 Core: relative redirects (closes #1000).
The current version of HTTP/1.1 standard allows relative references in
redirects (https://tools.ietf.org/html/rfc7231#section-7.1.2).

Allow this form for redirects generated by nginx by introducing the new
directive absolute_redirect.
2016-12-21 23:10:51 +03:00
Ruslan Ermilov
d1f524d0b3 Limited recursion when evaluating variables.
Unlimited recursion might cause stack exhaustion in some misconfigurations.
2016-12-21 22:01:24 +03:00
Vladimir Homutov
7fab8d046e Stream: client SSL certificates verification support.
New directives: "ssl_verify_client", "ssl_verify_depth",
"ssl_client_certificate", "ssl_trusted_certificate", and
"ssl_crl".

New variables: $ssl_client_cert, $ssl_client_raw_cert,
$ssl_client_s_dn, $ssl_client_i_dn, $ssl_client_serial,
$ssl_client_fingerprint, $ssl_client_verify, $ssl_client_v_start,
$ssl_client_v_end, and $ssl_client_v_remain.
2016-12-20 12:05:14 +03:00
Roman Arutyunyan
393636d79c Stream ssl_preread: relaxed SSL version check.
SSL version 3.0 can be specified by the client at the record level for
compatibility reasons.  Previously, ssl_preread module rejected such
connections, presuming they don't have SNI.  Now SSL 3.0 is allowed at
the record level.
2016-12-19 14:02:39 +03:00
Ruslan Ermilov
853c208fc9 Configure: detect nginx version for nginx.pm at make time. 2016-12-16 19:54:37 +03:00
Dmitry Volyntsev
b69a35ffb1 Resolver: fixed handling of partially resolved SRV.
The resolver handles SRV requests in two stages.  In the first
stage it gets all SRV RRs, and in the second stage it resolves
the names from SRV RRs into addresses.

Previously, if a response to an SRV request was cached, the
queries to resolve names were not limited by a timeout.  If a
response to any of these queries was not received, the SRV
request could never complete.

If a response to an SRV request was not cached, and some of the
queries to resolve names timed out, NGX_RESOLVE_TIMEDOUT was
returned instead of successfully resolved addresses.

To fix both issues, resolving of names is now always limited by
a timeout.
2016-12-16 18:21:55 +03:00
Dmitry Volyntsev
e114960e53 Resolver: fixed a race between parallel name and addr resolves.
Previously, ngx_resolve_name() and ngx_resolve_addr() may have
rescheduled the resend timer while it was already in progress.
2016-12-16 18:21:55 +03:00
Dmitry Volyntsev
6b18bb541e Resolver: fixed possible premature stop of the resend timer.
Previously, ngx_resolve_name_done() and ngx_resolve_addr_done()
may have stopped the resend timer prematurely while srv_resend_queue
was not empty.
2016-12-16 18:21:42 +03:00
Ruslan Ermilov
3a8532219a Resolver: fixed possible use-after-free in worker on fast shutdown.
The fix in a3dc657f4e95 was incomplete.
2016-12-16 14:53:28 +03:00
Ruslan Ermilov
523aee98fc Resolver: fixed possible use-after-free in worker on fast shutdown. 2016-12-15 21:44:34 +03:00
Maxim Dounin
3294292b66 SSL: backed out changeset e7cb5deb951d, reimplemented properly.
Changeset e7cb5deb951d breaks build on CentOS 5 with "dereferencing
type-punned pointer will break strict-aliasing rules" warning.  It is
backed out.

Instead, to keep builds with BoringSSL happy, type of the "value"
variable changed to "char *", and an explicit cast added before calling
ngx_parse_http_time().
2016-12-15 19:00:23 +03:00
Piotr Sikora
592dbcc315 SSL: fix call to BIO_get_mem_data().
Fixes build with BoringSSL.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-12-13 14:19:30 -08:00
Valentin Bartenev
c40d8ddc5d Access log: support for json escaping. 2016-12-15 16:25:42 +03:00
Armin Grodon
7040eee08a Contrib: added 'commentstring' for vim-commentary support. 2016-12-13 00:49:44 +01:00
Ruslan Ermilov
7d34042e4a The size of cmcf->phase_engine.handlers explained. 2016-12-13 22:00:49 +03:00
Ruslan Ermilov
2fbe04c487 Version bump. 2016-12-13 22:00:42 +03:00
Maxim Dounin
60064e4f51 release-1.11.7 tag 2016-12-13 18:21:23 +03:00
Maxim Dounin
e61dc2584b nginx-1.11.7-RELEASE 2016-12-13 18:21:23 +03:00
Valentin Bartenev
27c7ed683b HTTP/2: prevented creating temp files for requests without body.
The problem was introduced by 52bd8cc17f34.
2016-12-10 13:23:38 +03:00
Valentin Bartenev
5d496d467d HTTP/2: fixed posted streams handling.
A bug was introduced by 82efcedb310b that could lead to timing out of
responses or segmentation fault, when accept_mutex was enabled.

The output queue in HTTP/2 can contain frames from different streams.
When the queue is sent, all related write handlers need to be called.
In order to do so, the streams were added to the h2c->posted queue
after handling sent frames.  Then this queue was processed in
ngx_http_v2_write_handler().

If accept_mutex is enabled, the event's "ready" flag is set but its
handler is not called immediately.  Instead, the event is added to
the ngx_posted_events queue.  At the same time in this queue can be
events from upstream connections.  Such events can result in sending
output queue before ngx_http_v2_write_handler() is triggered.  And
at the time ngx_http_v2_write_handler() is called, the output queue
can be already empty with some streams added to h2c->posted.

But after 82efcedb310b, these streams weren't processed if all frames
have already been sent and the output queue was empty.  This might lead
to a situation when a number of streams were get stuck in h2c->posted
queue for a long time.  Eventually these streams might get closed by
the send timeout.

In the worst case this might also lead to a segmentation fault, if
already freed stream was left in the h2c->posted queue.  This could
happen if one of the streams was terminated but wasn't closed, due to
the HEADERS frame or a partially sent DATA frame left in the output
queue.  If this happened the ngx_http_v2_filter_cleanup() handler
removed the stream from the h2c->waiting or h2c->posted queue on
termination stage, before the frame has been sent, and the stream
was again added to the h2c->posted queue after the frame was sent.

In order to fix all these problems and simplify the code, write
events of fake stream connections are now added to ngx_posted_events
instead of using a custom h2c->posted queue.
2016-11-28 20:58:14 +03:00