Commit Graph

7795 Commits

Author SHA1 Message Date
Maxim Dounin
7f15b4592e release-1.17.6 tag 2019-11-19 17:18:58 +03:00
Maxim Dounin
52faf0f609 nginx-1.17.6-RELEASE 2019-11-19 17:18:58 +03:00
Roman Arutyunyan
5dc242e8f7 Limit conn: added shared context.
Previously only an rbtree was associated with a limit_conn.  To make it
possible to associate more data with a limit_conn, shared context is introduced
similar to limit_req.  Also, shared pool pointer is kept in a way similar to
limit_req.
2019-11-18 19:50:59 +03:00
Roman Arutyunyan
3a55d60d2d Limit conn: $limit_conn_status variable.
The variable takes one of the values: PASSED, REJECTED or REJECTED_DRY_RUN.
2019-11-18 17:48:32 +03:00
Roman Arutyunyan
b48c8718bf Limit conn: limit_conn_dry_run directive.
A new directive limit_conn_dry_run allows enabling the dry run mode.  In this
mode connections are not rejected, but reject status is logged as usual.
2019-11-19 11:30:41 +03:00
Roman Arutyunyan
271b12c711 Updated comment after 776d1bebdca2. 2019-11-18 17:46:52 +03:00
Roman Arutyunyan
02ec15dc0d Limit req: $limit_req_status variable.
The variable takes one of the values: PASSED, DELAYED, REJECTED,
DELAYED_DRY_RUN or REJECTED_DRY_RUN.
2019-11-06 19:03:18 +03:00
Roman Arutyunyan
203898505c Parsing server PROXY protocol address and port (ticket #1206).
New variables $proxy_protocol_server_addr and $proxy_protocol_server_port are
added both to HTTP and Stream.
2019-10-21 20:22:30 +03:00
Roman Arutyunyan
be932e81a1 Core: moved PROXY protocol fields out of ngx_connection_t.
Now a new structure ngx_proxy_protocol_t holds these fields.  This allows
to add more PROXY protocol fields in the future without modifying the
connection structure.
2019-10-21 18:06:19 +03:00
Roman Arutyunyan
0098761cb8 Version bump. 2019-10-24 13:47:28 +03:00
Maxim Dounin
e3dfaa12e0 release-1.17.5 tag 2019-10-22 18:16:08 +03:00
Maxim Dounin
8fce961b60 nginx-1.17.5-RELEASE 2019-10-22 18:16:08 +03:00
Maxim Dounin
2393e25acb Win32: silenced -Wcast-function-type GCC warning (ticket #1865).
With MinGW-w64, building 64-bit nginx binary with GCC 8 and above
results in warning due to cast of GetProcAddress() result to ngx_wsapoll_pt,
which GCC thinks is incorrect.  Added intermediate cast to "void *" to
silence the warning.
2019-10-21 19:07:03 +03:00
Maxim Dounin
9aa906a684 Win32: improved fallback on FormatMessage() errors.
FormatMessage() seems to return many errors which essentially indicate that
the language in question is not available.  At least the following were
observed in the wild and during testing: ERROR_MUI_FILE_NOT_FOUND (15100)
(ticket #1868), ERROR_RESOURCE_TYPE_NOT_FOUND (1813).  While documentation
says it should be ERROR_RESOURCE_LANG_NOT_FOUND (1815), this doesn't seem
to be the case.

As such, checking error code was removed, and as long as FormatMessage()
returns an error, we now always try the default language.
2019-10-21 19:06:12 +03:00
Maxim Dounin
798fcf1ab4 SSL: available bytes handling (ticket #1431).
Added code to track number of bytes available in the socket.
This makes it possible to avoid looping for a long time while
working with fast enough peer when data are added to the socket buffer
faster than we are able to read and process data.

When kernel does not provide number of bytes available, it is
retrieved using ioctl(FIONREAD) as long as a buffer is filled by
SSL_read().

It is assumed that number of bytes returned by SSL_read() is close
to the number of bytes read from the socket, as we do not use
SSL compression.  But even if it is not true for some reason, this
is not important, as we post an additional reading event anyway.

Note that data can be buffered at SSL layer, and it is not possible
to simply stop reading at some point and wait till the event will
be reported by the kernel again.  This can be only done when there
are no data in SSL buffers, and there is no good way to find out if
it's the case.

Instead of trying to figure out if SSL buffers are empty, this patch
introduces events posted for the next event loop iteration - such
events will be processed only on the next event loop iteration,
after going into the kernel and retrieving additional events.  This
seems to be simple and reliable approach.
2019-10-17 16:02:24 +03:00
Maxim Dounin
fac4c7bdf5 Events: available bytes calculation via ioctl(FIONREAD).
This makes it possible to avoid looping for a long time while working
with a fast enough peer when data are added to the socket buffer faster
than we are able to read and process them (ticket #1431).  This is
basically what we already do on FreeBSD with kqueue, where information
about the number of bytes in the socket buffer is returned by
the kevent() call.

With other event methods rev->available is now set to -1 when the socket
is ready for reading.  Later in ngx_recv() and ngx_recv_chain(), if
full buffer is received, real number of bytes in the socket buffer is
retrieved using ioctl(FIONREAD).  Reading more than this number of bytes
ensures that even with edge-triggered event methods the event will be
triggered again, so it is safe to stop processing of the socket and
switch to other connections.

Using ioctl(FIONREAD) only after reading a full buffer is an optimization.
With this approach we only call ioctl(FIONREAD) when there are at least
two recv()/readv() calls.
2019-10-17 16:02:19 +03:00
Maxim Dounin
d2ea226229 SSL: improved ngx_ssl_recv_chain() to stop if c->read->ready is 0.
As long as there are data to read in the socket, yet the amount of data
is less than total size of the buffers in the chain, this saves one
unneeded read() syscall.  Before this change, reading only stopped if
ngx_ssl_recv() returned no data, that is, two read() syscalls in a row
returned EAGAIN.
2019-10-17 16:02:13 +03:00
Maxim Dounin
60609f2372 Event pipe: disabled c->read->available checking for SSL.
In SSL connections, data can be buffered by the SSL layer, and it is
wrong to avoid doing c->recv_chain() if c->read->available is 0 and
c->read->pending_eof is set.  And tests show that the optimization in
question indeed can result in incorrect detection of premature connection
close if upstream closes the connection without sending a close notify
alert at the same time.  Fix is to disable c->read->available optimization
for SSL connections.
2019-10-17 16:02:03 +03:00
Ruslan Ermilov
3c84e4b705 Fixed header parsing with ignore_invalid_headers switched off.
The parsing was broken when the first character of the header name was invalid.

Based on a patch by Alan Kemp.
2019-10-15 14:46:10 +03:00
Maxim Dounin
85137dd2a6 Fixed URI normalization with merge_slashes switched off.
Previously, "/foo///../bar" was normalized into "/foo/bar"
instead of "/foo//bar".
2019-10-08 21:56:14 +03:00
Ruslan Ermilov
ed42131da6 The "/." and "/.." at the end of URI should be normalized. 2019-10-08 21:56:14 +03:00
Ruslan Ermilov
2ac24f1c88 Improved detection of broken percent encoding in URI. 2019-10-08 21:56:14 +03:00
Vladimir Homutov
f7999fe689 Core: removed dead code in ngx_rbtree_delete().
The result of ngx_rbtree_min() is always a node with the left child equal to
sentinel, thus the check is unnecessary.
2019-09-30 16:39:20 +03:00
Vladimir Homutov
201062c83f Version bump. 2019-09-30 16:43:16 +03:00
Maxim Dounin
deaf75606c release-1.17.4 tag 2019-09-24 18:08:48 +03:00
Maxim Dounin
88d2cb8a22 nginx-1.17.4-RELEASE 2019-09-24 18:08:48 +03:00
Maxim Dounin
2079d3c2b2 Updated OpenSSL used for win32 builds. 2019-09-24 16:30:03 +03:00
Ruslan Ermilov
6052881a98 HTTP/2: fixed worker_shutdown_timeout. 2019-09-23 15:45:36 +03:00
Ruslan Ermilov
f878492af3 HTTP/2: fixed possible alert about left open socket on shutdown.
This could happen when graceful shutdown configured by worker_shutdown_timeout
times out and is then followed by another timeout such as proxy_read_timeout.
In this case, the HEADERS frame is added to the output queue, but attempt to
send it fails (due to c->error forcibly set during graceful shutdown timeout).
This triggers request finalization which attempts to close the stream.  But the
stream cannot be closed because there is a frame in the output queue, and the
connection cannot be finalized.  This leaves the connection open without any
timer events leading to alert.

The fix is to post write event when sending output queue fails on c->error.
That will finalize the connection.
2019-09-23 15:45:32 +03:00
Maxim Dounin
af0e284b96 HTTP/2: traffic-based flood detection.
With this patch, all traffic over an HTTP/2 connection is counted in
the h2c->total_bytes field, and payload traffic is counted in
the h2c->payload_bytes field.  As long as total traffic is many times
larger than payload traffic, we consider this to be a flood.
2019-09-18 20:28:12 +03:00
Maxim Dounin
4d4201fafd HTTP/2: switched back to RST_STREAM with NO_ERROR.
In 8df664ebe037, we've switched to maximizing stream window instead
of sending RST_STREAM.  Since then handling of RST_STREAM with NO_ERROR
was fixed at least in Chrome, hence we switch back to using RST_STREAM.

This allows more effective rejecting of large bodies, and also minimizes
non-payload traffic to be accounted in the next patch.
2019-09-18 20:28:09 +03:00
Sergey Kandaurov
555dc61b54 SSL: fixed ssl_verify_client error message. 2019-09-16 19:26:42 +03:00
Sergey Kandaurov
4cd1dd28dd Resolver: fixed possible use-after-free while resolving PTR.
Previously, if a response to the PTR request was cached, and ngx_resolver_dup()
failed to allocate memory for the resulting name, then the original node was
freed but left in expire_queue.  A subsequent address resolving would end up
in a use-after-free memory access of the node either in ngx_resolver_expire()
or ngx_resolver_process_ptr(), when accessing it through expire_queue.

The fix is to leave the resolver node intact.
2019-09-10 15:42:34 +03:00
Ruslan Ermilov
c3f8098712 HTTP/2: close connection on zero WINDOW_UPDATE.
Don't waste server resources by sending RST_STREAM frames.  Instead,
reject WINDOW_UPDATE frames with invalid zero increment by closing
connection with PROTOCOL_ERROR.
2019-09-10 15:33:38 +03:00
Ruslan Ermilov
456e213904 HTTP/2: close connection on frames with self-dependency.
Don't waste server resources by sending RST_STREAM frames.  Instead,
reject HEADERS and PRIORITY frames with self-dependency by closing
connection with PROTOCOL_ERROR.
2019-09-10 15:33:37 +03:00
Sergey Kandaurov
5a2ce3f4ee Fixed "return" with discarding invalid chunked body.
When ngx_http_discard_request_body() call was added to ngx_http_send_response(),
there were no return codes other than NGX_OK and NGX_HTTP_INTERNAL_SERVER_ERROR.
Now it can also return NGX_HTTP_BAD_REQUEST, but ngx_http_send_response() still
incorrectly transforms it to NGX_HTTP_INTERNAL_SERVER_ERROR.

The fix is to propagate ngx_http_discard_request_body() errors.
2019-09-04 13:33:51 +03:00
Sergey Kandaurov
77c01f10a1 Detect runaway chunks in ngx_http_parse_chunked().
As defined in HTTP/1.1, body chunks have the following ABNF:

   chunk = chunk-size [ chunk-ext ] CRLF chunk-data CRLF

where chunk-data is a sequence of chunk-size octets.

With this change, chunk-data that doesn't end up with CRLF at chunk-size
offset will be treated as invalid, such as in the example provided below:

4
SEE-THIS-AND-
4
THAT
0
2019-09-03 17:26:56 +03:00
Sergey Kandaurov
9cb22efa3f HTTP/2: discard remaining request body after redirect.
Previously, if unbuffered request body reading wasn't finished before
the request was redirected to a different location using error_page
or X-Accel-Redirect, and the request body is read again, this could
lead to disastrous effects, such as a duplicate post_handler call or
"http request count is zero" alert followed by a segmentation fault.

This happened in the following configuration (ticket #1819):

    location / {
        proxy_request_buffering off;
        proxy_pass http://bad;
        proxy_intercept_errors on;
        error_page 502 = /error;
    }

    location /error {
        proxy_pass http://backend;
    }
2019-08-19 15:16:06 +03:00
Maxim Dounin
1f960ed92a SSL: lowered log level for WSAECONNABORTED errors on Windows.
Winsock uses ECONNABORTED instead of ECONNRESET in some cases.
For non-SSL connections this is already handled since baad3036086e.

Reported at
http://mailman.nginx.org/pipermail/nginx-ru/2019-August/062363.html.
2019-08-16 18:16:21 +03:00
Maxim Dounin
e77ec60db1 Version bump. 2019-08-16 18:16:14 +03:00
Maxim Dounin
a43974f3f2 release-1.17.3 tag 2019-08-13 15:45:57 +03:00
Maxim Dounin
88216c6b63 nginx-1.17.3-RELEASE 2019-08-13 15:45:56 +03:00
Ruslan Ermilov
5ae7269126 HTTP/2: limited number of PRIORITY frames.
Fixed excessive CPU usage caused by a peer that continuously shuffles
priority of streams.  Fix is to limit the number of PRIORITY frames.
2019-08-13 15:43:40 +03:00
Ruslan Ermilov
a987f81dd1 HTTP/2: limited number of DATA frames.
Fixed excessive memory growth and CPU usage if stream windows are
manipulated in a way that results in generating many small DATA frames.
Fix is to limit the number of simultaneously allocated DATA frames.
2019-08-13 15:43:36 +03:00
Sergey Kandaurov
6dfbc8b1c2 HTTP/2: reject zero length headers with PROTOCOL_ERROR.
Fixed uncontrolled memory growth if peer sends a stream of
headers with a 0-length header name and 0-length header value.
Fix is to reject headers with zero name length.
2019-08-13 15:43:32 +03:00
Maxim Dounin
abe660636c Mail: fixed duplicate resolving.
When using SMTP with SSL and resolver, read events might be enabled
during address resolving, leading to duplicate ngx_mail_ssl_handshake_handler()
calls if something arrives from the client, and duplicate session
initialization - including starting another resolving.  This can lead
to a segmentation fault if the session is closed after first resolving
finished.  Fix is to block read events while resolving.

Reported by Robert Norris,
http://mailman.nginx.org/pipermail/nginx/2019-July/058204.html.
2019-08-01 13:50:07 +03:00
Maxim Dounin
39c40428f9 Gzip: fixed "zero size buf" alerts after ac5a741d39cf.
After ac5a741d39cf it is now possible that after zstream.avail_out
reaches 0 and we allocate additional buffer, there will be no more data
to put into this buffer, triggering "zero size buf" alert.  Fix is to
reset b->temporary flag in this case.

Additionally, an optimization added to avoid allocating additional buffer
in this case, by checking if last deflate() call returned Z_STREAM_END.
Note that checking for Z_STREAM_END by itself is not enough to fix alerts,
as deflate() can return Z_STREAM_END without producing any output if the
buffer is smaller than gzip trailer.

Reported by Witold Filipczyk,
http://mailman.nginx.org/pipermail/nginx-devel/2019-July/012469.html.
2019-07-31 17:29:00 +03:00
Maxim Dounin
6179b98ed5 Version bump. 2019-07-31 17:28:41 +03:00
Maxim Dounin
e957ae888a release-1.17.2 tag 2019-07-23 15:01:47 +03:00
Maxim Dounin
3eb7ef4e20 nginx-1.17.2-RELEASE 2019-07-23 15:01:47 +03:00