Commit Graph

5169 Commits

Author SHA1 Message Date
Maxim Dounin
c01481a4cb Fixed possible buffer overrun in "too long header line" logging.
Additionally, ellipsis now always added to make it clear that
the header logged is incomplete.

Reported by Daniil Bondarev.
2014-10-08 17:16:04 +04:00
Yichun Zhang
52e4dc2f74 Core: fixed buffer overrun when hash max_size reached. 2014-10-02 12:00:17 -07:00
Piotr Sikora
4a2fba2d46 Upstream: fix $upstream_cache_last_modified variable.
Due to the u->headers_in.last_modified_time not being correctly initialized,
this variable was evaluated to "Thu, 01 Jan 1970 00:00:00 GMT" for responses
cached without the "Last-Modified" header which resulted in subsequent proxy
requests being sent with "If-Modified-Since: Thu, 01 Jan 1970 00:00:00 GMT"
header.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-10-01 15:48:53 -07:00
Valentin Bartenev
840b347bb2 Fixed counting of sent bytes in the send chain functions on EINTR.
Previously, a value of the "send" variable wasn't properly adjusted
in a rare case when syscall was interrupted by a signal.  As a result,
these functions could send less data than the limit allows.
2014-08-27 20:51:01 +04:00
Valentin Bartenev
70995077ad Version bump. 2014-10-02 22:36:27 +04:00
Maxim Dounin
28fd65e06a release-1.7.6 tag 2014-09-30 17:20:33 +04:00
Maxim Dounin
92180950d2 nginx-1.7.6-RELEASE 2014-09-30 17:20:32 +04:00
Maxim Dounin
403a9efc0c Upstream keepalive: reset c->sent on cached connections.
The c->sent is reset to 0 on each request by server-side http code,
so do the same on client side.  This allows to count number of bytes
sent in a particular request.
2014-09-29 22:27:45 +04:00
Valentin Bartenev
c9fbbc8273 Limit req: reduced number of parameters in the lookup function.
No functional changes.
2014-09-24 21:55:19 +04:00
Valentin Bartenev
021a9df15b Limit req: use complex value in limit_req_zone.
One intentional side effect of this change is that key is allowed only
in the first position.  Previously, it was possible to specify the key
variable at any position, but that was never documented, and is contrary
with nginx configuration practice for positional parameters.
2014-09-24 21:55:19 +04:00
Valentin Bartenev
98f7d0efb2 Limit conn: aligned field names in structures.
No functional changes.
2014-09-24 21:55:19 +04:00
Valentin Bartenev
dd1ae4348a Limit conn: use complex value in limit_conn_zone (ticket #121).
One intentional side effect of this change is that key is allowed only
in the first position.  Previously, it was possible to specify the key
variable at any position, but that was never documented, and is contrary
to nginx configuration practice for positional parameters.
2014-09-24 21:55:19 +04:00
Valentin Bartenev
1866f15d7d Limit conn: removed deprecated "limit_zone" directive.
It's deprecated since 260d591cb6a3 (1.1.8).  The "limit_conn_zone" directive
should be used instead.
2014-09-24 21:55:19 +04:00
Vladimir Homutov
27fa3123f9 Syslog: improved error handling of unix domain sockets.
If a syslog daemon is restarted and the unix socket is used, further logging
might stop to work.  In case of send error, socket is closed, forcing
a reconnection at the next logging attempt.
2014-08-26 14:56:54 +04:00
Vladimir Homutov
d79cbf15e6 Syslog: enabled logging of send errors.
The ngx_cycle->log is used when sending the message.  This allows to log syslog
send errors in another log.

Logging to syslog after its cleanup handler has been executed was prohibited.
Previously, this was possible from ngx_destroy_pool(), which resulted in error
messages caused by attempts to write into the closed socket.

The "processing" flag is renamed to "busy" to better match its semantics.
2014-09-01 17:55:07 +04:00
Gu Feng
bba2ce8aae Avoided to add duplicate hash key in ngx_http_types_slot(). 2014-09-17 22:52:02 +08:00
Valentin Bartenev
840d205bac Removed duplicate initialization of the "rev" variable. 2014-09-22 19:48:23 +04:00
Valentin Bartenev
651be6067e Generalized definitions of the number of preallocated iovec's.
No functional changes.
2014-08-13 15:11:45 +04:00
Valentin Bartenev
1cbeabfd4c Reduced difference between the send chain functions.
No functional changes.  This follows the change from ad137a80919f.
2014-08-13 15:11:45 +04:00
Valentin Bartenev
0a02bdb249 Merged implementations of ngx_readv_chain().
There's no real need in two separate implementations,
with and without kqueue support.
2014-08-13 15:11:45 +04:00
Valentin Bartenev
77d61350a4 Removed the "complete" variable from various send chain functions.
It was made redundant by the previous change, since the "sent" variable
is no longer modified.
2014-08-13 15:11:45 +04:00
Valentin Bartenev
4aac91049f Moved the code for adjusting sent buffers in a separate function. 2014-08-13 15:11:45 +04:00
Valentin Bartenev
8b6f1c7bb0 Fixed writev() debug log message in ngx_darwin_sendfile_chain(). 2014-08-13 15:11:45 +04:00
Roman Arutyunyan
ba1676f267 Upstream: fixed file buffers reinit in ngx_http_upstream_reinit().
Previously, a file buffer start position was reset to the file start.
Now it's reset to the previous file buffer end.  This fixes
reinitialization of requests having multiple successive parts of a
single file.  Such requests are generated by fastcgi module.
2014-09-18 16:37:16 +04:00
Roman Arutyunyan
66876d0b09 FastCGI: fixed start pointers in request buffers.
The start pointers are used in ngx_http_upstream_reinit() to
reinit FastCGI requests.
2014-09-18 16:37:14 +04:00
Valentin Bartenev
a7798de9bd Limit req: don't truncate key value to 255 bytes.
While the module allows to use values up to 65535 bytes as a key,
that actually never worked properly.
2014-09-16 21:12:51 +04:00
Valentin Bartenev
681f74a9ba Version bump. 2014-09-17 12:04:47 +04:00
Maxim Dounin
b7ef041cdb release-1.7.5 tag 2014-09-16 16:19:03 +04:00
Maxim Dounin
f6cf796109 nginx-1.7.5-RELEASE 2014-09-16 16:19:03 +04:00
Maxim Dounin
ce47411b45 Updated OpenSSL used for win32 builds. 2014-09-15 18:03:49 +04:00
Maxim Dounin
6ec0f4d85b SSL: session id context now includes certificate hash.
This prevents inappropriate session reuse in unrelated server{}
blocks, while preserving ability to restore sessions on other servers
when using TLS Session Tickets.

Additionally, session context is now set even if there is no session cache
configured.  This is needed as it's also used for TLS Session Tickets.

Thanks to Antoine Delignat-Lavaud and Piotr Sikora.
2014-09-15 17:59:47 +04:00
Valentin Bartenev
152d92b4b7 Access log: fixed the "if=" parameter with buffering (ticket #625).
It might not work if there were more than one "access_log" directives
pointed to the same file and duplicate buffer parameters.
2014-09-13 21:47:13 +04:00
Roman Arutyunyan
02ce6c415f Upstream: limited next_upstream time and tries (ticket #544).
The new directives {proxy,fastcgi,scgi,uwsgi,memcached}_next_upstream_tries
and {proxy,fastcgi,scgi,uwsgi,memcached}_next_upstream_timeout limit
the number of upstreams tried and the maximum time spent for these tries
when searching for a valid upstream.
2014-09-12 18:50:47 +04:00
Roman Arutyunyan
cfc3db1972 Upstream: included backup peers into peer.tries.
Since peer.tries is never reset it can now be limited if required.
2014-09-12 18:50:46 +04:00
Maxim Dounin
4c7e1a8d85 Upstream keepalive: removed "single" parameter remnants.
The "single" parameter is deprecated and ignored since 5b5c07dee156 (1.3.2).
2014-09-11 20:09:04 +04:00
Maxim Dounin
3a235bf52e Added warning about unset cache keys.
In fastcgi, scgi and uwsgi modules there are no default cache keys, and
using a cache without a cache key set is likely meaningless.
2014-09-11 20:08:52 +04:00
Maxim Dounin
d7d26feba1 Style. 2014-09-11 20:08:45 +04:00
FengGu
b4cb8475b1 Upstream: avoided directly terminating the connection.
When memory allocation failed in ngx_http_upstream_cache(), the connection
would be terminated directly in ngx_http_upstream_init_request().
Return a INTERNAL_SERVER_ERROR response instead.
2014-08-13 14:53:55 +08:00
Maxim Dounin
cb8a0327ab Added ngx_init_setproctitle() return code check.
The ngx_init_setproctitle() function, as used on systems without
setproctitle(3), may fail due to memory allocation errors, and
therefore its return code needs to be checked.

Reported by Markus Linnala.
2014-09-08 21:36:09 +04:00
Maxim Dounin
90df702bf8 Fixed ETag memory allocation error handling.
The etag->hash must be set to 0 to avoid an empty ETag header being
returned with the 500 Internal Server Error page after the memory
allocation failure.

Reported by Markus Linnala.
2014-09-08 21:36:03 +04:00
Maxim Dounin
c5bee22d16 Core: ngx_regex_compile() error handling fixes.
Now we actually return NGX_ERROR on errors, and provide an error
string for memory allocation errors.

Reported by Markus Linnala.
2014-09-08 21:35:53 +04:00
Piotr Sikora
2af7181b3b SSL: guard use of all SSL options for bug workarounds.
Some of the OpenSSL forks (read: BoringSSL) started removing unused,
no longer necessary and/or not really working bug workarounds along
with the SSL options and defines for them.

Instead of fixing nginx build after each removal, be proactive
and guard use of all SSL options for bug workarounds.

Signed-off-by: Piotr Sikora <piotr@cloudflare.com>
2014-09-03 14:49:55 -07:00
Roman Arutyunyan
c0b3b9d6ca Upstream: suppressed the file cache slab allocator error messages.
The messages "ngx_slab_alloc() failed: no memory in cache keys zone"
from the file cache slab allocator are suppressed since the allocation
is likely to succeed after the forced expiration of cache nodes.
The second allocation failure is reported.
2014-09-05 18:14:59 +04:00
Valentin Bartenev
37d24e7e3b Events: processing of posted events changed from LIFO to FIFO.
In theory, this can provide a bit better distribution of latencies.

Also it simplifies the code, since ngx_queue_t is now used instead
of custom implementation.
2014-09-01 18:20:18 +04:00
Valentin Bartenev
2a81e05566 Events: removed broken thread support from posted events.
It's mostly dead code.  And the idea of thread support for this task has
been deprecated.
2014-09-01 18:20:03 +04:00
Valentin Bartenev
3ca3f609cb Mail: initialize the "signature" field of ngx_mail_session_t.
Currently it isn't used, but it can be suitable to distinguish
objects stored in c->data.
2014-09-01 17:50:59 +04:00
Ruslan Ermilov
be6175d49d Upstream: improved configuration parser diagnostics.
Made it clear when the selected balancing method does not
support certain parameters of the "server" directive.
2014-09-01 12:27:38 +04:00
Sergey Kandaurov
967c51c9ff Headers filter: "add_header" with "always" parameter (ticket #98).
If specified, the header field is set regardless of the status code.
2014-08-29 18:00:10 +04:00
Maxim Dounin
31c35adfe1 Variables: updated list of prefixes in ngx_http_rewrite_set(). 2014-08-27 21:38:08 +04:00
Maxim Dounin
8cf734c7b4 Variables: fixed non-indexed access of prefix vars (ticket #600).
Previously, a configuration like

    location / {
        ssi on;
        ssi_types *;
        set $http_foo "bar";
        return 200 '<!--#echo var="http_foo" -->\n';
    }

resulted in NULL pointer dereference in ngx_http_get_variable() as
the variable was explicitly added to the variables hash, but its
get_handler wasn't properly set in the hash.  Fix is to make sure
that get_handler is properly set by ngx_http_variables_init_vars().
2014-08-27 21:38:04 +04:00