Commit Graph

98 Commits

Author SHA1 Message Date
Dmitry Volyntsev
06176bce91 Realip: port support in X-Real-IP and X-Forwarded-For.
Now, the module extracts optional port which may accompany an
IP address.  This custom extension is introduced, among other
things, in order to facilitate logging of original client ports.
Addresses with ports are expected to be in the RFC 3986 format,
that is, with IPv6 addresses in square brackets.  E.g.,
"X-Real-IP: [2001:0db8::1]:12345" sets client port ($remote_port)
to 12345.
2016-05-23 18:44:23 +03:00
Ruslan Ermilov
fd064d3b88 Introduced the ngx_sockaddr_t type.
It's properly aligned and can hold any supported sockaddr.
2016-05-23 16:37:20 +03:00
Ruslan Ermilov
41d512c069 Removed a surplus condition from ngx_parse_inet6_url().
No functional changes, since the condition was always true.
2016-05-11 17:55:30 +03:00
Valentin Bartenev
66be8c6608 Core: fixed port handling in ngx_parse_inet6_url().
This fixes buffer over-read when no port is specified in cases
similar to 5df5d7d771f6, and catches missing port separator.
2016-05-11 17:55:20 +03:00
Ruslan Ermilov
37a3a2b2e8 Removed redundant "u" format specifier.
It is implied for "x" and "X".
2016-04-08 15:03:38 +03:00
Sergey Kandaurov
6a716c6123 Fixed format specifiers in ngx_sprintf(). 2016-03-31 02:34:00 +03:00
Ruslan Ermilov
7ad57da598 Style. 2016-03-30 11:52:16 +03:00
Piotr Sikora
c3aed0a233 Core: allow strings without null-termination in ngx_parse_url().
This fixes buffer over-read while using variables in the "proxy_pass",
"fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives, where result
of string evaluation isn't null-terminated.

Found with MemorySanitizer.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2016-02-26 17:30:27 -08:00
Valentin Bartenev
89ad9ea309 Fixed overflow detection in ngx_inet_addr().
Overflow detection of the last octet might not work.

Reported by Sergey Polovko.
2015-04-28 18:55:03 +03:00
Ruslan Ermilov
a43f1bcf6e Overflow detection in ngx_inet_addr(). 2015-03-17 00:26:22 +03:00
Ruslan Ermilov
efd0e0e177 Core: externalized ngx_cmp_sockaddr().
It's also extended with the "cmp_port" argument to indicate
whether ports should be compared as well, or only addresses.
2013-12-06 14:30:27 +04:00
Ruslan Ermilov
3693daa20f Core: guard use of AI_ADDRCONFIG.
Some systems (notably NetBSD and OpenBSD) lack AI_ADDRCONFIG support.

Reported by Piotr Sikora.
2013-08-05 13:44:56 +04:00
Maxim Dounin
4d1b08bb1c Fixed build with signed socklen_t and unix sockets.
This seems to be the case at least under Cygwin, where build was broken
by 05ba5bce31e0 (1.5.3).

Reported by Kevin Worthington,
http://mailman.nginx.org/pipermail/nginx/2013-August/040028.html.
2013-08-05 11:40:33 +04:00
Ruslan Ermilov
7c6971cff3 Core: only resolve address families configured on the local system.
This is done by passing AI_ADDRCONFIG to getaddrinfo().

On Linux, setting net.ipv6.conf.all.disable_ipv6 to 1 will now be
respected.

On FreeBSD, AI_ADDRCONFIG filtering is currently implemented by
attempting to create a datagram socket for the corresponding family,
which succeeds even if the system doesn't in fact have any addresses
of that family configured.  That is, if the system with IPv6 support
in the kernel doesn't have IPv6 addresses configured, AI_ADDRCONFIG
will filter out IPv6 only inside a jail without IPv6 addresses or
with IPv6 disabled.
2013-08-05 10:55:59 +04:00
Vladimir Homutov
af18946d76 Core: extended ngx_sock_ntop() with socklen parameter.
On Linux, sockaddr length is required to process unix socket addresses properly
due to unnamed sockets (which don't have sun_path set at all) and abstract
namespace sockets.
2013-07-11 16:07:25 +04:00
Ruslan Ermilov
a2a229193a Fixed "proxy_pass" with IP address and no port (ticket #276).
Upstreams created by "proxy_pass" with IP address and no port were
broken in 1.3.10, by not initializing port in u->sockaddr.

API change: ngx_parse_url() was modified to always initialize port
(in u->sockaddr and in u->port), even for the u->no_resolve case;
ngx_http_upstream() and ngx_http_upstream_add() were adopted.
2013-01-10 12:58:55 +00:00
Ruslan Ermilov
7c4068d349 Properly initialize "struct in6_addr" with zeroes. 2012-12-22 20:03:38 +00:00
Ruslan Ermilov
b8a90c6903 Implemented IPv6 support for URLs specified using domain names.
This includes "debug_connection", upstreams, "proxy_pass", etc.
(ticket #92)

To preserve compatibility, "listen" specified with a domain name
selects the first IPv4 address, if available.  If not available,
the first IPv6 address will be used (ticket #186).
2012-12-17 12:08:53 +00:00
Ruslan Ermilov
2f8c1b73b8 Fixed URL parsing code.
The URL parsing code is not expected to initialize port from default port
when in "no_resolve" mode.  This got broken in r4671 for the case of IPv6
literals.
2012-12-17 09:44:46 +00:00
Ruslan Ermilov
bbf7043fe7 Simplified URL parsing code.
Except for the "listen" directive, "*" specified as a hostname is
no longer treated specially.
2012-12-17 09:31:53 +00:00
Maxim Dounin
596226f6f7 Support for IPv6 literals in proxy_pass and so on. 2012-06-04 14:07:34 +00:00
Ruslan Ermilov
887f514e9f Code reduction (no functional changes). 2012-06-01 11:35:09 +00:00
Ruslan Ermilov
d230df40b2 Removed historical and now redundant syntax pre-checks in ngx_parse_url(). 2012-05-21 10:55:10 +00:00
Ruslan Ermilov
3995395dcb Reduced the number of lines of code in ngx_inet_addr(). 2012-04-12 10:20:33 +00:00
Ruslan Ermilov
a5bb616af4 Improved readability of the code that produces bitmask from prefix.
In collaboration with Maxim Dounin.
2012-04-11 17:18:15 +00:00
Ruslan Ermilov
bffbbeb73f In ngx_ptocidr(), check that the supplied prefix length is within
the allowed range.
2012-04-03 08:22:00 +00:00
Ruslan Ermilov
47a04aaa27 Fixed spelling in multiline C comments. 2012-04-03 07:37:31 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Ruslan Ermilov
f12d6ceb65 Fixed port range checking. 2011-10-25 13:48:43 +00:00
Igor Sysoev
9813a1999c fix segfault in IPv6 parsing while processing invalid IPv4 address X.YYYY.Z
patch by Maxim Dounin
2011-04-15 13:50:27 +00:00
Igor Sysoev
d53c836214 fix u->one_addr handling in ngx_inet_resolve_host()
patch by Maxim Dounin
2011-02-17 15:01:16 +00:00
Igor Sysoev
eacd5d89b7 fix double free(), introduced in r3268 2009-12-07 15:13:46 +00:00
Igor Sysoev
4ac5ca8ae0 ngx_ptocidr() supports IPv6 2009-11-03 13:42:25 +00:00
Igor Sysoev
fd078fd6d5 make ngx_inet6_ntop() non-static 2009-11-03 12:44:55 +00:00
Igor Sysoev
8b816d88a9 change ngx_parse_addr() interface 2009-11-02 16:11:06 +00:00
Igor Sysoev
1d52beba73 ngx_parse_addr() 2009-11-02 15:20:42 +00:00
Igor Sysoev
0c189c5159 rename ngx_peer_addr_t to ngx_addr_t 2009-11-02 15:14:17 +00:00
Igor Sysoev
67765e8918 use sin6_addr.s6_addr instead of "(u_char *) & .sin6_addr" 2009-11-02 14:32:46 +00:00
Igor Sysoev
0f25ed3d77 replace inet_addr() with ngx_inet_addr() 2009-11-02 13:51:10 +00:00
Igor Sysoev
47c88464eb use ngx_inet6_addr() 2009-11-02 12:58:30 +00:00
Igor Sysoev
5a76cbbbc6 ngx_inet6_addr() 2009-11-02 12:50:00 +00:00
Igor Sysoev
baf8e409ba http listen unix domain sockets 2009-10-26 11:43:32 +00:00
Igor Sysoev
739e29b651 delete unneeded field 2009-05-18 12:21:00 +00:00
Igor Sysoev
dbc205ab5a IPv6 for Win32 2009-05-07 13:05:04 +00:00
Igor Sysoev
36860101ec prepare ngx_ptocidr() for IPv6 2009-02-24 14:01:40 +00:00
Igor Sysoev
2bc44ea01a fix upstream port, introduced in r2513 2009-02-21 14:34:32 +00:00
Igor Sysoev
a35eaccdec a prelimiary IPv6 support, HTTP listen 2009-02-21 07:02:02 +00:00
Igor Sysoev
ead8091746 style fix: remove trailing spaces 2008-11-11 16:04:05 +00:00
Igor Sysoev
164abfb26f fix case proxy_pass URL is evaluted to http://host?args 2008-10-24 19:34:24 +00:00
Igor Sysoev
c239da5055 fix case when URL has no port, but has ":" in URI part,
the bug has been introduced in r2204
2008-10-24 15:12:11 +00:00