Commit Graph

36 Commits

Author SHA1 Message Date
Maxim Dounin
71841601d2 Style. 2016-10-14 19:48:26 +03:00
Maxim Dounin
2c96914312 Core: fixed segfault with null in wildcard hash names.
A configuration like

    server { server_name .foo^@; }
    server { server_name .foo; }

resulted in a segmentation fault during construction of server names hash.

Reported by Markus Linnala.
Found with afl-fuzz.
2015-09-11 17:04:40 +03:00
Sergey Kandaurov
b7da4f5962 Core: fixed potential division by zero when initializing hash.
Found by Clang Static Analyzer.
2015-08-13 16:27:17 +03:00
Sergey Kandaurov
e161b6a46f Core: fixed style in the error message. 2015-08-13 16:27:13 +03:00
Maxim Dounin
7dd799357d Core: fixed potential buffer overrun when initializing hash.
Initial size as calculated from the number of elements may be bigger
than max_size.  If this happens, make sure to set size to max_size.

Reported by Chris West.
2015-02-24 18:37:14 +03:00
Yichun Zhang
52e4dc2f74 Core: fixed buffer overrun when hash max_size reached. 2014-10-02 12:00:17 -07:00
Maxim Dounin
8877284863 Core: fixed hash to actually try max_size.
Previously, maximum size of a hash table built was (max_size - 1).
2014-03-31 21:40:35 +04:00
Maxim Dounin
2a620ae109 Core: hash now ignores bucket_size if it hits max_size limit. 2014-03-31 21:40:31 +04:00
Maxim Dounin
40a366c5a8 Fixed handling of conflicting wildcard server names.
With previous code wildcard names were added to hash even if conflict
was detected.  This resulted in identical names in hash and segfault
later in ngx_hash_wildcard_init().
2012-06-18 14:06:00 +00:00
Maxim Konovalov
f8d59e33f3 Copyright updated. 2012-01-18 15:07:43 +00:00
Valentin Bartenev
363a0c53e7 Fixed division by zero exception in ngx_hash_init().
The ngx_hash_init() function did not expect call with zero elements count,
which caused FPE error on configs with an empty "types" block in http context
and "types_hash_max_size" > 10000.

Example configuration to reproduce:

  events { }

  http {
          types_hash_max_size 10001;
          types {}
          server {}
  }
2012-01-16 12:42:07 +00:00
Igor Sysoev
6884183ad9 allow hash key values more than 255 bytes, it does not actually increase mean
hash element size, because due to aligning a byte after key is not used
anyway in 3/4 cases on 32-bit platforms and in 7/8 cases on 64-bit platforms
2010-05-13 12:52:45 +00:00
Igor Sysoev
570608ff4a style fix 2009-09-13 06:25:54 +00:00
Igor Sysoev
134d1a67c5 fix r2169 for .def.com and .abc.def.com case 2009-02-11 12:33:13 +00:00
Igor Sysoev
b29426deb8 server_name "" support 2008-08-21 12:56:10 +00:00
Igor Sysoev
1c7d449fa8 fix the case when unset domain.tld was matched by *.domain.tld 2008-08-12 15:28:19 +00:00
Igor Sysoev
2278ea09b6 update debug logging 2008-08-05 15:19:21 +00:00
Igor Sysoev
ca824f3cfa update debug logging 2008-08-04 21:51:36 +00:00
Igor Sysoev
6a07833d47 ngx_hash_strlow() 2008-08-04 10:18:36 +00:00
Igor Sysoev
777b019c73 ngx_strlow() 2008-08-04 10:07:00 +00:00
Igor Sysoev
7f6b2ffc60 *) back out r2040
*) refactor ngx_palloc()
*) introduce ngx_pnalloc()
*) additional pool blocks have smaller header
2008-06-17 15:00:30 +00:00
Igor Sysoev
425b0afd7c fix r1416 2007-09-21 13:43:53 +00:00
Igor Sysoev
43f3aead14 fix trailing wildcard when two or more listen used in one server 2007-08-24 11:05:47 +00:00
Igor Sysoev
9d8a75c525 the "www.example.*" wildcard hash support 2007-06-11 19:49:22 +00:00
Igor Sysoev
39b05edb24 fix SIGFPE on alpha 2006-10-06 13:28:19 +00:00
Igor Sysoev
3338cfdfbc nginx-0.3.46-RELEASE import
*) Feature: the "proxy_hide_header", "proxy_pass_header",
       "fastcgi_hide_header", and "fastcgi_pass_header" directives.

    *) Change: the "proxy_pass_x_powered_by", "fastcgi_x_powered_by", and
       "proxy_pass_server" directives were canceled.

    *) Feature: the "X-Accel-Buffering" response header line is supported
       in proxy mode.

    *) Bugfix: the reconfiguration bug and memory leaks in the
       ngx_http_perl_module.
2006-05-11 14:43:47 +00:00
Igor Sysoev
94e32ce7f8 nginx-0.3.37-RELEASE import
*) Feature: the "limit_except" directive.

    *) Feature: the "if" directive supports the "!~", "!~*", "-f", and
       "!-f" operators.

    *) Feature: the ngx_http_perl_module supports the $r->request_body
       method.

    *) Bugfix: in the ngx_http_addition_filter_module.
2006-04-07 14:08:04 +00:00
Igor Sysoev
13c68741f2 nginx-0.3.31-RELEASE import
*) Change: now nginx passes the malformed proxied backend responses.

    *) Feature: the "listen" directives support the address in the "*:port"
       form.

    *) Feature: the EVFILER_TIMER support in MacOSX 10.4.

    *) Workaround: for MacOSX 64-bit kernel kqueue millisecond timeout
       bug.
       Thanks to Andrei Nigmatulin.

    *) Bugfix: if there were several "listen" directives listening one
       various addresses inside one server, then server names like
       "*.domain.tld" worked for first address only; the bug had appeared
       in 0.3.18.

    *) Bugfix: if the HTTPS protocol was used in the "proxy_pass" directive
       and the request body was in temporarily file then the request was
       not transferred.

    *) Bugfix: perl 5.8.8 compatibility.
2006-03-10 12:51:52 +00:00
Igor Sysoev
df3254aa49 nginx-0.3.20-RELEASE import
*) Bugfix: in SSI handling.

    *) Bugfix: the ngx_http_memcached_module did not support the keys in
       the "/usr?args" form.
2006-01-11 15:26:57 +00:00
Igor Sysoev
3ca233ee5c nginx-0.3.19-RELEASE import
*) Feature: the "path" and "alias" directives support the variables.

    *) Change: now the "valid_referers" directive again checks the URI part.

    *) Bugfix: in SSI handling.
2005-12-28 14:23:52 +00:00
Igor Sysoev
305a9d83cf nginx-0.3.18-RELEASE import
*) Feature: the "server_names" directive supports the ".domain.tld"
       names.

    *) Feature: the "server_names" directive uses the hash for the
       "*.domain.tld" names and more effective hash for usual names.

    *) Change: the "server_names_hash_max_size" and
       "server_names_hash_bucket_size" directives.

    *) Change: the "server_names_hash" and "server_names_hash_threshold"
       directives were canceled.

    *) Feature: the "valid_referers" directive uses the hash site names.

    *) Change: now the "valid_referers" directive checks the site names
       only without the URI part.

    *) Bugfix: some ".domain.tld" names incorrectly processed by the
       ngx_http_map_module.

    *) Bugfix: segmentation fault was occurred if configuration file did
       not exist; the bug had appeared in 0.3.12.

    *) Bugfix: on 64-bit platforms segmentation fault may occurred on
       start; the bug had appeared in 0.3.16.
2005-12-26 17:07:48 +00:00
Igor Sysoev
43f279dc9c nginx-0.3.17-RELEASE import
*) Change: now on Linux configure checks the presence of epoll and
       sendfile64() in kernel.

    *) Feature: the "map" directive supports domain names in the
       ".domain.tld" form.

    *) Bugfix: the timeouts were not used in SSL handshake; the bug had
       appeared in 0.2.4.

    *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive.

    *) Bugfix: when the HTTPS protocol was used in the "proxy_pass"
       directive the port 80 was used by default.
2005-12-18 16:02:44 +00:00
Igor Sysoev
2402502c2f nginx-0.3.16-RELEASE import
*) Feature: the ngx_http_map_module.

    *) Feature: the "types_hash_max_size" and "types_hash_bucket_size"
       directives.

    *) Feature: the "ssi_value_length" directive.

    *) Feature: the "worker_rlimit_core" directive.

    *) Workaround: the connection number in logs was always 1 if nginx was
       built by the icc 8.1 or 9.0 compilers with optimization for
       Pentium 4.

    *) Bugfix: the "config timefmt" SSI command set incorrect time format.

    *) Bugfix: nginx did not close connection to IMAP/POP3 backend for the
       SSL connections; the bug had appeared in 0.3.13.
       Thanks to Rob Mueller.

    *) Bugfix: segmentation fault may occurred in at SSL shutdown; the bug
       had appeared in 0.3.13.
2005-12-16 15:07:08 +00:00
Igor Sysoev
d3283ff922 nginx-0.3.13-RELEASE import
*) Feature: the IMAP/POP3 proxy supports STARTTLS and STLS.

    *) Bugfix: the IMAP/POP3 proxy did not work with the select, poll, and
       /dev/poll methods.

    *) Bugfix: in SSI handling.

    *) Bugfix: now Solaris sendfilev() is not used to transfer the client
       request body to FastCGI-server via the unix domain socket.

    *) Bugfix: the "auth_basic" directive did not disable the
       authorization; the bug had appeared in 0.3.11.
2005-12-05 13:18:09 +00:00
Igor Sysoev
899b44eab2 nginx-0.1.29-RELEASE import
*) Feature: the ngx_http_ssi_module supports "include virtual" command.

    *) Feature: the ngx_http_ssi_module supports the condition command like
       'if expr="$NAME"' and "else" and "endif" commands. Only one nested
       level is supported.

    *) Feature: the ngx_http_ssi_module supports the DATE_LOCAL and
       DATE_GMT variables and "config timefmt" command.

    *) Feature: the "ssi_ignore_recycled_buffers" directive.

    *) Bugfix: the "echo" command did not show the default value for the
       empty QUERY_STRING variable.

    *) Change: the ngx_http_proxy_module was rewritten.

    *) Feature: the "proxy_redirect", "proxy_pass_request_headers",
       "proxy_pass_request_body", and "proxy_method" directives.

    *) Feature: the "proxy_set_header" directive. The "proxy_x_var" was
       canceled and must be replaced with the proxy_set_header directive.

    *) Change: the "proxy_preserve_host" is canceled and must be replaced
       with the "proxy_set_header Host $host" and the "proxy_redirect off"
       directives, the "proxy_set_header Host $host:$proxy_port" directive
       and the appropriate proxy_redirect directives.

    *) Change: the "proxy_set_x_real_ip" is canceled and must be replaced
       with the "proxy_set_header X-Real-IP $remote_addr" directive.

    *) Change: the "proxy_add_x_forwarded_for" is canceled and must be
       replaced with
       the "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
       directive.

    *) Change: the "proxy_set_x_url" is canceled and must be replaced with
       the "proxy_set_header X-URL http://$host:$server_port$request_uri"
       directive.

    *) Feature: the "fastcgi_param" directive.

    *) Change: the "fastcgi_root", "fastcgi_set_var" and "fastcgi_params"
       directive are canceled and must be replaced with the fastcgi_param
       directives.

    *) Feature: the "index" directive can use the variables.

    *) Feature: the "index" directive can be used at http and server levels.

    *) Change: the last index only in the "index" directive can be absolute.

    *) Feature: the "rewrite" directive can use the variables.

    *) Feature: the "internal" directive.

    *) Feature: the CONTENT_LENGTH, CONTENT_TYPE, REMOTE_PORT, SERVER_ADDR,
       SERVER_PORT, SERVER_PROTOCOL, DOCUMENT_ROOT, SERVER_NAME,
       REQUEST_METHOD, REQUEST_URI, and REMOTE_USER variables.

    *) Change: nginx now passes the invalid lines in a client request
       headers or a backend response header.

    *) Bugfix: if the backend did not transfer response for a long time and
       the "send_timeout" was less than "proxy_read_timeout", then nginx
       returned the 408 response.

    *) Bugfix: the segmentation fault was occurred if the backend sent an
       invalid line in response header; the bug had appeared in 0.1.26.

    *) Bugfix: the segmentation fault may occurred in FastCGI fault
       tolerance configuration.

    *) Bugfix: the "expires" directive did not remove the previous
       "Expires" and "Cache-Control" headers.

    *) Bugfix: nginx did not take into account trailing dot in "Host"
       header line.

    *) Bugfix: the ngx_http_auth_module did not work under Linux.

    *) Bugfix: the rewrite directive worked incorrectly, if the arguments
       were in a request.

    *) Bugfix: nginx could not be built on MacOS X.
2005-05-12 14:58:06 +00:00
Igor Sysoev
02f742b45e nginx-0.1.28-RELEASE import
*) Bugfix: nginx hogs CPU while proxying the huge files.

    *) Bugfix: nginx could not be built by gcc 4.0 on Linux.
2005-04-08 15:18:55 +00:00