Commit Graph

8017 Commits

Author SHA1 Message Date
Roman Arutyunyan
77fc6b7fb9 QUIC: automatically add and never delete stream events.
Previously, stream events were added and deleted by ngx_handle_read_event() and
ngx_handle_write_event() in a way similar to level-triggered events.  However,
QUIC stream events are effectively edge-triggered and can stay active all time.
Moreover, the events are now active since the moment a stream is created.
2023-01-10 14:05:18 +04:00
Sergey Kandaurov
1fe0913fcc HTTP/3: fixed $connection_time.
Previously, start_time wasn't set for a new stream.
The fix is to derive it from the parent connection.
Also it's used to simplify tracking keepalive_time.
2023-01-10 17:59:16 +04:00
Roman Arutyunyan
d04f45ac5b HTTP/3: handled insertion reference to a going to be evicted entry.
As per RFC 9204, section 3.2.2, a new entry can reference an entry in the
dynamic table that will be evicted when adding this new entry into the dynamic
table.

Previously, such inserts resulted in use-after-free since the old entry was
evicted before the insertion (ticket #2431).  Now it's evicted after the
insertion.

This change fixes Insert with Name Reference and Duplicate encoder instructions.
2023-01-03 16:24:45 +04:00
Sergey Kandaurov
f5aa66bd30 Merged with the default branch. 2023-01-02 17:10:22 +04:00
Maxim Dounin
9c7a2c7ce4 Updated link to OpenVZ suspend/resume bug. 2022-12-21 14:53:27 +03:00
Valentin Bartenev
641368249c Fixed port ranges support in the listen directive.
Ports difference must be respected when checking addresses for duplicates,
otherwise configurations like this are broken:

  listen 127.0.0.1:6000-6005

It was broken by 4cc2bfeff46c (nginx 1.23.3).
2022-12-18 21:29:02 +03:00
BullerDu
95133893f9 Style. 2022-12-16 01:15:15 +04:00
Sergey Kandaurov
bf5dcc3fb2 Version bump. 2022-12-16 01:15:13 +04:00
Sergey Kandaurov
a1bb12e14e Merged with the default branch. 2022-12-15 19:40:44 +04:00
Maxim Dounin
8e9f7e89b8 release-1.23.3 tag 2022-12-13 18:53:53 +03:00
Maxim Dounin
307123b359 nginx-1.23.3-RELEASE 2022-12-13 18:53:53 +03:00
Maxim Dounin
3a52c79b44 Updated OpenSSL and zlib used for win32 builds. 2022-12-13 03:32:57 +03:00
Maxim Dounin
5eaa67490a Win32: event flags handling edge cases in ngx_wsarecv().
Fixed event flags handling edge cases in ngx_wsarecv() and ngx_wsarecv_chain(),
notably to always reset rev->ready in case of errors (which wasn't the case
after ngx_socket_nread() errors), and after EOF (rev->ready was not cleared
if due to a misconfiguration a zero-sized buffer was used for reading).
2022-12-01 04:22:36 +03:00
Maxim Dounin
39892c6265 SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.

This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).

With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.
2022-12-01 04:22:31 +03:00
Maxim Dounin
a77cef0995 Removed casts from ngx_memcmp() macro.
Casts are believed to be not needed, since memcmp() has "const void *"
arguments since introduction of the "void" type in C89.  And on pre-C89
platforms nginx is unlikely to compile without warnings anyway, as there
are no casts in memcpy() and memmove() calls.

These casts were added in 1648:89a47f19b9ec without any details on why they
were added, and Igor does not remember details either.  The most plausible
explanation is that they were copied from ngx_strcmp() and were not really
needed even at that time.

Prodded by Alejandro Colomar.
2022-11-30 18:01:53 +03:00
Maxim Dounin
e8da064e0d Fixed alignment of ngx_memmove()/ngx_movemem() macro definitions. 2022-11-30 18:01:43 +03:00
Sergey Kandaurov
765ef1098d SSL: fixed debug logging of SSL_sendfile() return value. 2022-11-24 23:08:30 +04:00
Maxim Dounin
d52e568443 Fixed segfault when switching off master process during upgrade.
Binary upgrades are not supported without master process, but it is,
however, possible, that nginx running with master process is asked
to upgrade binary, and the configuration file as available on disk
at this time includes "master_process off;".

If this happens, listening sockets inherited from the previous binary
will have ls[i].previous set.  But the old cycle on initial process
startup, including startup after binary upgrade, is destroyed by
ngx_init_cycle() once configuration parsing is complete.  As a result,
an attempt to dereference ls[i].previous in ngx_event_process_init()
accesses already freed memory.

Fix is to avoid looking into ls[i].previous if the old cycle is already
freed.

With this change it is also no longer needed to clear ls[i].previous in
worker processes, so the relevant code was removed.
2022-11-23 23:48:53 +03:00
Maxim Dounin
593bb54387 Disabled cloning of sockets without master process (ticket #2403).
Cloning of listening sockets for each worker process does not make sense
when working without master process, and causes some of the connections
not to be accepted if worker_processes is set to more than one and there
are listening sockets configured with the reuseport flag.  Fix is to
disable cloning when master process is disabled.
2022-11-23 23:12:04 +03:00
Maxim Dounin
22223c75c9 Filtering duplicate addresses in listen (ticket #2400).
Due to the glibc bug[1], getaddrinfo("localhost") with AI_ADDRCONFIG
on a typical host with glibc and without IPv6 returns two 127.0.0.1
addresses, and therefore "listen localhost:80;" used to result in
"duplicate ... address and port pair" after 4f9b72a229c1.

Fix is to explicitly filter out duplicate addresses returned during
resolution of a name.

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=14969
2022-11-23 17:30:08 +03:00
Roman Arutyunyan
17066ac860 Process events posted by ngx_close_idle_connections() immediately.
Previously, if an event was posted by a read event handler, called by
ngx_close_idle_connections(), that event was not processed until the next
event loop iteration, which could happen after a timeout.
2022-11-18 19:31:38 +04:00
Ciel Zhao
053e40e5d4 SSI: handling of subrequests from other modules (ticket #1263).
As the SSI parser always uses the context from the main request for storing
variables and blocks, that context should always exist for subrequests using
SSI, even though the main request does not necessarily have SSI enabled.

However, `ngx_http_get_module_ctx(r->main, ...)` is getting NULL in such cases,
resulting in the worker crashing SIGSEGV when accessing its attributes.

This patch links the first initialized context to the main request, and
upgrades it only when main context is initialized.
2022-11-21 17:01:34 +03:00
Maxim Dounin
67e2a69161 Fixed PROXY protocol to use ngx_memcpy()/ngx_memcmp(). 2022-11-08 12:48:21 +03:00
Maxim Dounin
fbe42d4631 Added logging to PROXY protocol write buffer check.
The check is not expected to fail unless there is a bug in the calling
code.  But given the check is here, it should log an alert if it fails
instead of silently closing the connection.
2022-11-08 12:48:19 +03:00
Roman Arutyunyan
7600ca0286 Increased maximum read PROXY protocol header size.
Maximum size for reading the PROXY protocol header is increased to 4096 to
accommodate a bigger number of TLVs, which are supported since cca4c8a715de.

Maximum size for writing the PROXY protocol header is not changed since only
version 1 is currently supported.
2022-11-02 13:46:16 +04:00
Roman Arutyunyan
d7483bf1af Version bump. 2022-11-03 15:52:55 +04:00
Roman Arutyunyan
36f7b31f95 HTTP/3: implement keepalive for hq.
Previously, keepalive timer was deleted in ngx_http_v3_wait_request_handler()
and set in request cleanup handler.  This worked for HTTP/3 connections, but not
for hq connections.  Now keepalive timer is deleted in
ngx_http_v3_init_request_stream() and set in connection cleanup handler,
which works both for HTTP/3 and hq.
2022-10-25 12:52:09 +04:00
Roman Arutyunyan
64ccdf4528 QUIC: application init() callback.
It's called after handshake completion or prior to the first early data stream
creation.  The callback should initialize application-level data before
creating streams.

HTTP/3 callback implementation sets keepalive timer and sends SETTINGS.

Also, this allows to limit max handshake time in ngx_http_v3_init_stream().
2022-11-30 12:51:15 +04:00
Maxim Dounin
09d5305592 release-1.23.2 tag 2022-10-19 10:56:21 +03:00
Maxim Dounin
569f417a7f nginx-1.23.2-RELEASE 2022-10-19 10:56:20 +03:00
Roman Arutyunyan
0d23105373 Mp4: disabled duplicate atoms.
Most atoms should not appear more than once in a container.  Previously,
this was not enforced by the module, which could result in worker process
crash, memory corruption and disclosure.
2022-10-19 10:53:17 +03:00
Sergey Kandaurov
35fce42269 SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.
Now it properly detects invalid shared zone configuration with omitted size.
Previously it used to read outside of the buffer boundary.

Found with AddressSanitizer.
2022-10-17 16:24:53 +04:00
Sergey Kandaurov
5b23fe690f SSL: removed cast not needed after 5ffd76a9ccf3. 2022-10-13 16:18:56 +04:00
Maxim Dounin
4d61d59ae9 SSL: workaround for session timeout handling with TLSv1.3.
OpenSSL with TLSv1.3 updates the session creation time on session
resumption and keeps the session timeout unmodified, making it possible
to maintain the session forever, bypassing client certificate expiration
and revocation.  To make sure session timeouts are actually used, we
now update the session creation time and reduce the session timeout
accordingly.

BoringSSL with TLSv1.3 ignores configured session timeouts and uses a
hardcoded timeout instead, 7 days.  So we update session timeout to
the configured value as soon as a session is created.
2022-10-12 20:14:57 +03:00
Maxim Dounin
02314f0c3c SSL: optimized rotation of session ticket keys.
Instead of syncing keys with shared memory on each ticket operation,
the code now does this only when the worker is going to change expiration
of the current key, or going to switch to a new key: that is, usually
at most once per second.

To do so without races, the code maintains 3 keys: current, previous,
and next.  If a worker will switch to the next key earlier, other workers
will still be able to decrypt new tickets, since they will be encrypted
with the next key.
2022-10-12 20:14:55 +03:00
Maxim Dounin
1d572e359a SSL: automatic rotation of session ticket keys.
As long as ssl_session_cache in shared memory is configured, session ticket
keys are now automatically generated in shared memory, and rotated
periodically.  This can be beneficial from forward secrecy point of view,
and also avoids increased CPU usage after configuration reloads.

This also helps BoringSSL to properly resume sessions in configurations
with multiple worker processes and no ssl_session_ticket_key directives,
as BoringSSL tries to automatically rotate session ticket keys and does
this independently in different worker processes, thus breaking session
resumption between worker processes.
2022-10-12 20:14:53 +03:00
Maxim Dounin
3b127da111 SSL: shorter debug messages about session tickets. 2022-10-12 20:14:51 +03:00
Maxim Dounin
2a8e56b1e2 SSL: renamed session ticket key functions and data index.
Previously used names are way too long, renamed to simplify writing code.
2022-10-12 20:14:49 +03:00
Maxim Dounin
6e5120a01d SSL: renamed session ticket key type.
The ngx_ssl_session_ticket_key_t is way too long, renamed to
ngx_ssl_ticket_key_t to simplify writing code.
2022-10-12 20:14:47 +03:00
Maxim Dounin
a5b768c536 SSL: style.
Runtime OCSP functions separated from configuration ones.
2022-10-12 20:14:45 +03:00
Maxim Dounin
3057e6e9ad SSL: explicit clearing of expired sessions.
This reduces lifetime of session keying material in server's memory, and
therefore can be beneficial from forward secrecy point of view.
2022-10-12 20:14:43 +03:00
Maxim Dounin
76876c160f SSL: single allocation in session cache on 32-bit platforms.
Given the present typical SSL session sizes, on 32-bit platforms it is
now beneficial to store all data in a single allocation, since rbtree
node + session id + ASN1 representation of a session takes 256 bytes of
shared memory (36 + 32 + 150 = about 218 bytes plus SNI server name).

Storing all data in a single allocation is beneficial for SNI names up to
about 40 characters long and makes it possible to store about 4000 sessions
in one megabyte (instead of about 3000 sessions now).  This also slightly
simplifies the code.
2022-10-12 20:14:40 +03:00
Maxim Dounin
5c5c449ba0 SSL: explicit session id length checking.
Session ids are not expected to be longer than 32 bytes, but this is
theoretically possible with TLSv1.3, where session ids are essentially
arbitrary and sent as session tickets.  Since on 64-bit platforms we
use fixed 32-byte buffer for session ids, added an explicit length check
to make sure the buffer is large enough.
2022-10-12 20:14:39 +03:00
Maxim Dounin
aeae4c7845 SSL: updated comment about session sizes.
Previous numbers are somewhat outdated, typical ASN1 representations of
sessions are slightly bigger now.
2022-10-12 20:14:37 +03:00
Maxim Dounin
4ea6baf7bc SSL: reduced logging of session cache failures (ticket #621).
Session cache allocations might fail as long as the new session is different
in size from the one least recently used (and freed when the first allocation
fails).  In particular, it might not be possible to allocate space for
sessions with client certificates, since they are noticeably bigger than
normal sessions.

To ensure such allocation failures won't clutter logs, logging level changed
to "warn", and logging is now limited to at most one warning per second.
2022-10-12 20:14:36 +03:00
Maxim Dounin
23ce9baf0e SSL: disabled saving tickets to session cache.
OpenSSL tries to save TLSv1.3 sessions into session cache even when using
tickets for stateless session resumption, "because some applications just
want to know about the creation of a session".  To avoid trashing session
cache with useless data, we do not save such sessions now.
2022-10-12 20:14:34 +03:00
Roman Arutyunyan
f27af85016 Added type cast to ngx_proxy_protocol_parse_uint16().
The cast is added to make ngx_proxy_protocol_parse_uint16() similar to
ngx_proxy_protocol_parse_uint32().
2022-09-27 11:31:16 +04:00
Roman Arutyunyan
50e3ff8a00 PROXY protocol v2 TLV variables.
The variables have prefix $proxy_protocol_tlv_ and are accessible by name
and by type.  Examples are: $proxy_protocol_tlv_0x01, $proxy_protocol_tlv_alpn.
2022-10-12 16:58:16 +04:00
Roman Arutyunyan
68119b4362 Log only the first line of user input on PROXY protocol v1 error.
Previously, all received user input was logged.  If a multi-line text was
received from client and logged, it could reduce log readability and also make
it harder to parse nginx log by scripts.  The change brings to PROXY protocol
the same behavior that exists for HTTP request line in
ngx_http_log_error_handler().
2022-10-10 13:57:31 +04:00
Sergey Kandaurov
5071bc0bcf SSL: silenced GCC warnings when building with BoringSSL.
BoringSSL uses macro stub for SSL_CTX_set_ecdh_auto that expands to 1,
which triggers -Wunused-value "statement with no effect" warnings.
2022-09-08 13:53:49 +04:00