Commit Graph

5462 Commits

Author SHA1 Message Date
Valentin Bartenev
93aef089b4 SSL: only select HTTP/2 using NPN if "http2" is enabled.
OpenSSL doesn't check if the negotiated protocol has been announced.
As a result, the client might force using HTTP/2 even if it wasn't
enabled in configuration.
2015-11-05 15:01:09 +03:00
Valentin Bartenev
b22c0e0846 HTTP/2: backed out 16905ecbb49e (ticket #822).
It caused inconsistency between setting "in_closed" flag and the moment when
the last DATA frame was actually read.  As a result, the body buffer might not
be initialized properly in ngx_http_v2_init_request_body(), which led to a
segmentation fault in ngx_http_v2_state_read_data().  Also it might cause
start processing of incomplete body.

This issue could be triggered when the processing of a request was delayed,
e.g. in the limit_req or auth_request modules.
2015-11-05 15:01:01 +03:00
Maxim Dounin
f9cce38e49 Fixed ngx_parse_time() out of bounds access (ticket #821).
The code failed to ensure that "s" is within the buffer passed for
parsing when checking for "ms", and this resulted in unexpected errors when
parsing non-null-terminated strings with trailing "m".  The bug manifested
itself when the expires directive was used with variables.

Found by Roman Arutyunyan.
2015-10-30 21:43:30 +03:00
Vladimir Homutov
e7d298f3fc Syslog: added "nohostname" option.
The option disables sending hostname in the syslog message header.  This is
useful with syslog daemons that do not expect it (tickets #677 and #783).
2015-10-26 19:06:42 +03:00
Valentin Bartenev
090c471032 HTTP/2: changed behavior of the "http2_max_field_size" directive.
Now it limits only the maximum length of literal string (either raw or
compressed) in HPACK request header fields.  It's easier to understand
and to describe in the documentation.
2015-10-27 23:16:35 +03:00
Valentin Bartenev
edf30961e6 HTTP/2: fixed spelling. 2015-10-27 23:16:35 +03:00
Valentin Bartenev
5a8b212fd9 Version bump. 2015-10-27 23:16:29 +03:00
Maxim Dounin
6613a99c00 release-1.9.6 tag 2015-10-27 16:47:30 +03:00
Maxim Dounin
8687fd70a0 nginx-1.9.6-RELEASE 2015-10-27 16:47:29 +03:00
Valentin Bartenev
f36f51725a HTTP/2: simplified checking the END_STREAM flag.
No functional changes.
2015-10-26 17:46:28 +03:00
Valentin Bartenev
d418b92cdc HTTP/2: improved the ngx_http_v2_integer_octets(v) macro.
Previously, it didn't work well for 0, 127, and 128, returning less than needed.
2015-10-26 17:46:16 +03:00
Valentin Bartenev
3565680d94 HTTP/2: fixed the NGX_HTTP_V2_MAX_FIELD macro. 2015-10-26 17:46:13 +03:00
Valentin Bartenev
9150c7df1f HTTP/2: fixed splitting of response headers on CONTINUATION frames.
Previous code has been based on assumption that the header block can only be
splitted at the borders of individual headers.  That wasn't the case and might
result in emitting frames bigger than the frame size limit.

The current approach is to split header blocks by the frame size limit.
2015-09-28 02:32:44 +03:00
Valentin Bartenev
60e41c0fb1 HTTP/2: introduced NGX_HTTP_V2_ENCODE_* macros.
No functional changes.
2015-10-26 17:43:08 +03:00
Valentin Bartenev
69e78850fe HTTP/2: simplified producing of the Last-Modified header. 2015-10-26 17:43:08 +03:00
Valentin Bartenev
70c29f05f0 HTTP/2: fixed header block size calculation. 2015-10-26 17:43:08 +03:00
Piotr Sikora
f93aa4d953 HTTP/2: fix handling of connection errors.
Previously, nginx worker would crash because of a double free
if client disconnected or timed out before sending all headers.

Found with afl-fuzz.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-01 20:25:55 -07:00
Piotr Sikora
de4f0eb26b HTTP/2: fix indirect reprioritization.
Previously, streams that were indirectly reprioritized (either because of
a new exclusive dependency on their parent or because of removal of their
parent from the dependency tree), didn't have their pointer to the parent
node updated.

This broke detection of circular dependencies and, as a result, nginx
worker would crash due to stack overflow whenever such dependency was
introduced.

Found with afl-fuzz.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-01 20:25:55 -07:00
Piotr Sikora
71a6b600c2 HTTP/2: reject self-dependent streams.
Per RFC7540, a stream cannot depend on itself.

Previously, this requirement was enforced on PRIORITY frames, but not on
HEADERS frames and due to the implementation details nginx worker would
crash (stack overflow) while opening self-dependent stream.

Found with afl-fuzz.

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-01 20:25:55 -07:00
Piotr Sikora
79a03b3ff6 Core: read/write locks are also required by the Stream module.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-23 18:21:33 -07:00
Piotr Sikora
33cd01ed57 Configure: style fixes for autoconf.err.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
2015-10-23 18:21:33 -07:00
Valentin Bartenev
c0eb2f0759 HTTP/2: improved error handling while parsing integers.
The case when an integer is out of frame bounds should be checked first
as a more accurate error.
2015-10-20 21:28:38 +03:00
Ruslan Ermilov
c830cf28ae HTTP/2: improved HPACK integer parsing code readability.
No functional changes.
2015-10-20 21:26:38 +03:00
Maxim Dounin
faed7212fe Win32: timer_resolution now ignored with select.
As setitimer() isn't available on Windows, time wasn't updated at all
if timer_resolution was used with the select event method.  Fix is
to ignore timer_resolution in such cases.
2015-10-20 18:16:18 +03:00
Kouhei Sutou
67614b3aa3 Win32: fixed build with MinGW and MinGW-w64 gcc.
This change fixes the "comparison between signed and unsigned integer
expressions" warning, introduced in 5e6142609e48 (1.9.4).
2015-10-17 21:41:02 +09:00
Maxim Dounin
582911c9c2 Style: unneeded casts of cf->args->elts removed. 2015-10-19 23:04:49 +03:00
Maxim Dounin
cc74c63d39 Fixed variables prefix comparison.
Variable names are not null-terminated, so using ngx_strncmp() without
extra length checks is wrong.

Reported by Markus Linnala,
http://mailman.nginx.org/pipermail/nginx-devel/2015-August/007211.html.
2015-10-19 21:28:17 +03:00
Maxim Dounin
b9e0b9df44 Fixed handling of empty root.
Previously, a configuration with "root" set to an empty string tried test
a character at clcf->root.data[-1].  Additional test added to make sure
this won't happen.

Reported by Markus Linnala, see
http://mailman.nginx.org/pipermail/nginx-devel/2015-August/007210.html.
2015-10-19 21:28:02 +03:00
Maxim Dounin
a6befbb40f SSL: preserve default server context in connection (ticket #235).
This context is needed for shared sessions cache to work in configurations
with multiple virtual servers sharing the same port.  Unfortunately, OpenSSL
does not provide an API to access the session context, thus storing it
separately.

In collaboration with Vladimir Homutov.
2015-10-19 21:22:38 +03:00
Valentin Bartenev
7d2af13f3a HTTP/2: fixed parsing of literal header fields without indexing. 2015-10-19 16:16:47 +03:00
Vladimir Homutov
645697f111 SSL: handled long string truncation in ngx_ssl_error().
If no space left in buffer after adding formatting symbols, error message
could be left without terminating null.  The fix is to output message using
actual length.
2015-10-07 22:19:42 +03:00
Ruslan Ermilov
0079f29326 Stream: delete proxy connection timer after SSL handshake.
The timer remained active and could drop active SSL connection.
2015-10-06 08:57:09 +03:00
Kurtis Nusbaum
470d038671 Extract out version info function.
The code for displaying version info and configuration info seemed to be
cluttering up the main function. I was finding it hard to read main. This
extracts out all of the logic for displaying version and configuration info
into its own function, thus making main easier to read.
2015-07-12 08:31:38 -07:00
Valentin Bartenev
20669d1949 HTTP/2: fixed $server_protocol value (ticket #800). 2015-09-28 20:02:05 +03:00
Maxim Dounin
4bab18f63d SSL: compatibility with OpenSSL master branch.
RAND_pseudo_bytes() is deprecated in the OpenSSL master branch, so the only
use was changed to RAND_bytes().  Access to internal structures is no longer
possible, so now we don't try to set SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS even
if it's defined.
2015-09-24 17:19:08 +03:00
Maxim Dounin
49766257fe Version bump. 2015-09-24 17:18:42 +03:00
Maxim Dounin
7c2e7816cb release-1.9.5 tag 2015-09-22 17:36:22 +03:00
Maxim Dounin
658813c43b nginx-1.9.5-RELEASE 2015-09-22 17:36:21 +03:00
Maxim Dounin
49b17956f9 Style. 2015-09-22 17:09:50 +03:00
Valentin Bartenev
a0d7df93a0 Increased the default number of output buffers.
Since an output buffer can only be used for either reading or sending, small
amounts of data left from the previous operation (due to some limits) must be
sent before nginx will be able to read further into the buffer.  Using only
one output buffer can result in suboptimal behavior that manifests itself in
forming and sending too small chunks of data.  This is particularly painful
with SPDY (or HTTP/2) where each such chunk needs to be prefixed with some
header.

The default flow-control window in HTTP/2 is 64k minus one bytes.  With one
32k output buffer this results is one byte left after exhausting the window.
With two 32k buffers the data will be read into the second free buffer before
sending, thus the minimum output is increased to 32k + 1 bytes which is much
better.
2015-09-15 17:49:15 +03:00
Valentin Bartenev
61e1f16d90 HTTP/2: fixed header block parsing with CONTINUATION frames (#792).
It appears that the CONTINUATION frames don't need to be aligned to bounds of
individual headers.
2015-09-22 01:40:04 +03:00
Valentin Bartenev
a27d0bd00d HTTP/2: fixed HPACK header field parsing. 2015-09-22 01:40:04 +03:00
Roman Arutyunyan
f64ff24451 Sub filter: fixed initialization in http{} level (ticket #791).
If sub_filter directive was only specified at http{} level, sub filter
internal data remained uninitialized.  That would lead to a crash in runtime.
2015-09-21 23:08:34 +03:00
Valentin Bartenev
ee37ff613f The HTTP/2 implementation (RFC 7240, 7241).
The SPDY support is removed, as it's incompatible with the new module.
2015-09-11 20:13:06 +03:00
Maxim Dounin
2c96914312 Core: fixed segfault with null in wildcard hash names.
A configuration like

    server { server_name .foo^@; }
    server { server_name .foo; }

resulted in a segmentation fault during construction of server names hash.

Reported by Markus Linnala.
Found with afl-fuzz.
2015-09-11 17:04:40 +03:00
Maxim Dounin
7930a6c442 Fixed segfault with incorrect location nesting.
A configuration with a named location inside a zero-length prefix
or regex location used to trigger a segmentation fault, as
ngx_http_core_location() failed to properly detect if a nested location
was created.  Example configuration to reproduce the problem:

    location "" {
        location @foo {}
    }

Fix is to not rely on a parent location name length, but rather check
command type we are currently parsing.

Identical fix is also applied to ngx_http_rewrite_if(), which used to
incorrectly assume the "if" directive is on server{} level in such
locations.

Reported by Markus Linnala.
Found with afl-fuzz.
2015-09-11 17:04:04 +03:00
Maxim Dounin
ce05841eef Cache: check the whole cache key in addition to hashes.
This prevents a potential attack that discloses cached data if an attacker
will be able to craft a hash collision between some cache key the attacker
is allowed to access and another cache key with protected data.

See http://mailman.nginx.org/pipermail/nginx-devel/2015-September/007288.html.

Thanks to Gena Makhomed and Sergey Brester.
2015-09-11 17:03:56 +03:00
Roman Arutyunyan
51f714c85d Upstream: fixed cache send error handling.
The value of NGX_ERROR, returned from filter handlers, was treated as a generic
upstream error and changed to NGX_HTTP_INTERNAL_SERVER_ERROR before calling
ngx_http_finalize_request().  This resulted in "header already sent" alert
if header was already sent in filter handlers.

The problem appeared in 54e9b83d00f0 (1.7.5).
2015-09-03 15:09:21 +03:00
Valentin Bartenev
a38402e306 Fixed building --with-debug, broken by 6fce16b1fc10. 2015-09-02 19:45:40 +03:00
Valentin Bartenev
7dd3f9ee22 Writing to some file systems can be interrupted.
At least such behavior was observed with CephFS, see:
http://mailman.nginx.org/pipermail/nginx/2015-July/048188.html.
2015-09-02 19:26:40 +03:00