Compare commits
56 commits
quic
...
stable-1.4
Author | SHA1 | Date | |
---|---|---|---|
|
879a3da2c3 | ||
|
4f682d9f5a | ||
|
7c6c99a10a | ||
|
135a8680ac | ||
|
6e2c0a113f | ||
|
1ebc9c28aa | ||
|
12bacef9ba | ||
|
80b784a1c5 | ||
|
df150c6b8b | ||
|
934095dd34 | ||
|
71e3e75de3 | ||
|
a1e7e8babb | ||
|
e6048f5bb6 | ||
|
7e5dcb3bb7 | ||
|
1b88f85a04 | ||
|
6ca56c5d32 | ||
|
239327a9b1 | ||
|
db4766b488 | ||
|
778cd67043 | ||
|
9a73be2740 | ||
|
eb927f8f2f | ||
|
2953968e4f | ||
|
a443af4ee0 | ||
|
f1864dc225 | ||
|
a935327d25 | ||
|
b59c38e645 | ||
|
efc1b505d9 | ||
|
f04e0507f8 | ||
|
d9cd2a3a2b | ||
|
021b91849f | ||
|
9519db468a | ||
|
a6b4e36207 | ||
|
78145c347e | ||
|
843a541c56 | ||
|
c7f3d6d3d6 | ||
|
bbbe730163 | ||
|
9b205847a0 | ||
|
f065eb7eab | ||
|
e77b5689b6 | ||
|
cb3606270b | ||
|
921f7ee59a | ||
|
96538bee1e | ||
|
28d945a554 | ||
|
15a8682eb4 | ||
|
9695fa7bc8 | ||
|
3b854154f4 | ||
|
9778d71862 | ||
|
7818f16a5f | ||
|
2330b9682c | ||
|
4672d90cce | ||
|
6af91f2351 | ||
|
dc53c416de | ||
|
ad0825c491 | ||
|
6a583e5792 | ||
|
f2529f730e | ||
|
e944f8c6a4 |
31 changed files with 518 additions and 151 deletions
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2002-2013 Igor Sysoev
|
||||
* Copyright (C) 2011-2013 Nginx, Inc.
|
||||
* Copyright (C) 2002-2014 Igor Sysoev
|
||||
* Copyright (C) 2011-2014 Nginx, Inc.
|
||||
* All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
|
|
|
@ -5,6 +5,348 @@
|
|||
<change_log title="nginx">
|
||||
|
||||
|
||||
<changes ver="1.4.7" date="18.03.2014">
|
||||
|
||||
<change type="security">
|
||||
<para lang="ru">
|
||||
при обработке специально созданного запроса модулем ngx_http_spdy_module
|
||||
могло происходить переполнение буфера в рабочем процессе,
|
||||
что потенциально могло приводить к выполнению произвольного кода
|
||||
(CVE-2014-0133).<br/>
|
||||
Спасибо Lucas Molas из Programa STIC, Fundación Dr. Manuel
|
||||
Sadosky, Buenos Aires, Argentina.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a heap memory buffer overflow might occur in a worker process
|
||||
while handling a specially crafted request by ngx_http_spdy_module,
|
||||
potentially resulting in arbitrary code execution
|
||||
(CVE-2014-0133).<br/>
|
||||
Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. Manuel
|
||||
Sadosky, Buenos Aires, Argentina.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в директиве fastcgi_next_upstream.<br/>
|
||||
Спасибо Lucas Molas.
|
||||
</para>
|
||||
<para lang="en">
|
||||
in the "fastcgi_next_upstream" directive.<br/>
|
||||
Thanks to Lucas Molas.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.4.6" date="04.03.2014">
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
директива client_max_body_size могла не работать
|
||||
при чтении тела запроса с использованием chunked transfer encoding;
|
||||
ошибка появилась в 1.3.9.<br/>
|
||||
Спасибо Lucas Molas.
|
||||
</para>
|
||||
<para lang="en">
|
||||
the "client_max_body_size" directive might not work
|
||||
when reading a request body using chunked transfer encoding;
|
||||
the bug had appeared in 1.3.9.<br/>
|
||||
Thanks to Lucas Molas.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
при проксировании WebSocket-соединений
|
||||
в рабочем процессе мог произойти segmentation fault.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a segmentation fault might occur in a worker process
|
||||
when proxying WebSocket connections.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.4.5" date="11.02.2014">
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
переменная $ssl_session_id содержала всю сессию в сериализованном виде
|
||||
вместо её идентификатора.<br/>
|
||||
Спасибо Ivan Ristić.
|
||||
</para>
|
||||
<para lang="en">
|
||||
the $ssl_session_id variable contained full session serialized
|
||||
instead of just a session id.<br/>
|
||||
Thanks to Ivan Ristić.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
клиентские соединения могли сразу закрываться,
|
||||
если использовался отложенный accept;
|
||||
ошибка появилась в 1.3.15.
|
||||
</para>
|
||||
<para lang="en">
|
||||
client connections might be immediately closed
|
||||
if deferred accept was used;
|
||||
the bug had appeared in 1.3.15.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
при проксировании в логах могли появляться сообщения "zero size buf in output";
|
||||
ошибка появилась в 1.3.9.
|
||||
</para>
|
||||
<para lang="en">
|
||||
alerts "zero size buf in output" might appear in logs while proxying;
|
||||
the bug had appeared in 1.3.9.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в рабочем процессе мог произойти segmentation fault,
|
||||
если использовался модуль ngx_http_spdy_module.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a segmentation fault might occur in a worker process
|
||||
if the ngx_http_spdy_module was used.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
при использовании методов обработки соединений select, poll и /dev/poll
|
||||
проксируемые WebSocket-соединения могли зависать сразу после открытия.
|
||||
</para>
|
||||
<para lang="en">
|
||||
proxied WebSocket connections might hang right after handshake
|
||||
if the select, poll, or /dev/poll methods were used.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
при чтении тела запроса с использованием chunked transfer encoding
|
||||
по SSL-соединению мог произойти таймаут.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a timeout might occur while reading client request body
|
||||
in an SSL connection using chunked transfer encoding.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
утечки памяти в nginx/Windows.
|
||||
</para>
|
||||
<para lang="en">
|
||||
memory leak in nginx/Windows.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.4.4" date="19.11.2013">
|
||||
|
||||
<change type="security">
|
||||
<para lang="ru">
|
||||
символ, следующий за незакодированным пробелом в строке запроса,
|
||||
обрабатывался неправильно (CVE-2013-4547);
|
||||
ошибка появилась в 0.8.41.<br/>
|
||||
Спасибо Ivan Fratric из Google Security Team.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a character following an unescaped space in a request line
|
||||
was handled incorrectly (CVE-2013-4547);
|
||||
the bug had appeared in 0.8.41.<br/>
|
||||
Thanks to Ivan Fratric of the Google Security Team.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.4.3" date="08.10.2013">
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в рабочем процессе мог произойти segmentation fault,
|
||||
если использовался модуль ngx_http_spdy_module
|
||||
и директива client_body_in_file_only.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a segmentation fault might occur in a worker process
|
||||
if the ngx_http_spdy_module was used
|
||||
with the "client_body_in_file_only" directive.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
на старте или во время переконфигурации мог произойти segmentation fault,
|
||||
если использовалась директива try_files с пустым параметром.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a segmentation fault might occur on start or during reconfiguration
|
||||
if the "try_files" directive was used with an empty parameter.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
переменная $request_time не работала в nginx/Windows.
|
||||
</para>
|
||||
<para lang="en">
|
||||
the $request_time variable did not work in nginx/Windows.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в модуле ngx_http_auth_basic_module
|
||||
при использовании метода шифрования паролей "$apr1$".<br/>
|
||||
Спасибо Markus Linnala.
|
||||
</para>
|
||||
<para lang="en">
|
||||
in the ngx_http_auth_basic_module
|
||||
when using "$apr1$" password encryption method.<br/>
|
||||
Thanks to Markus Linnala.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в модуле ngx_http_autoindex_module.
|
||||
</para>
|
||||
<para lang="en">
|
||||
in the ngx_http_autoindex_module.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в почтовом прокси-сервере.
|
||||
</para>
|
||||
<para lang="en">
|
||||
in the mail proxy server.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.4.2" date="17.07.2013">
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
метод $r->header_in() встроенного перла не возвращал значения строк
|
||||
"Cookie" и "X-Forwarded-For" из заголовка запроса;
|
||||
ошибка появилась в 1.3.14.
|
||||
</para>
|
||||
<para lang="en">
|
||||
the $r->header_in() embedded perl method did not return value of the
|
||||
"Cookie" and "X-Forwarded-For" request header lines;
|
||||
the bug had appeared in 1.3.14.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
nginx не собирался с модулем ngx_mail_ssl_module,
|
||||
но без модуля ngx_http_ssl_module;
|
||||
ошибка появилась в 1.3.14.
|
||||
</para>
|
||||
<para lang="en">
|
||||
nginx could not be built with the ngx_mail_ssl_module,
|
||||
but without ngx_http_ssl_module;
|
||||
the bug had appeared in 1.3.14.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в директиве proxy_set_body.<br/>
|
||||
Спасибо Lanshun Zhou.
|
||||
</para>
|
||||
<para lang="en">
|
||||
in the "proxy_set_body" directive.<br/>
|
||||
Thanks to Lanshun Zhou.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
параметр fail_timeout директивы server
|
||||
в блоке upstream мог не работать,
|
||||
если использовался параметр max_fails;
|
||||
ошибка появилась в 1.3.0.
|
||||
</para>
|
||||
<para lang="en">
|
||||
the "fail_timeout" parameter of the "server" directive
|
||||
in the "upstream" context might not work
|
||||
if "max_fails" parameter was used;
|
||||
the bug had appeared in 1.3.0.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
в рабочем процессе мог произойти segmentation fault,
|
||||
если использовалась директива ssl_stapling.<br/>
|
||||
Спасибо Piotr Sikora.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a segmentation fault might occur in a worker process
|
||||
if the "ssl_stapling" directive was used.<br/>
|
||||
Thanks to Piotr Sikora.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
<change type="bugfix">
|
||||
<para lang="ru">
|
||||
nginx/Windows мог перестать принимать соединения,
|
||||
если использовалось несколько рабочих процессов.
|
||||
</para>
|
||||
<para lang="en">
|
||||
nginx/Windows might stop accepting connections
|
||||
if several worker processes were used.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.4.1" date="07.05.2013">
|
||||
|
||||
<change type="security">
|
||||
<para lang="ru">
|
||||
при обработке специально созданного запроса
|
||||
мог перезаписываться стек рабочего процесса,
|
||||
что могло приводить к выполнению произвольного кода (CVE-2013-2028);
|
||||
ошибка появилась в 1.3.9.<br/>
|
||||
Спасибо Greg MacManus, iSIGHT Partners Labs.
|
||||
</para>
|
||||
<para lang="en">
|
||||
a stack-based buffer overflow might occur in a worker process
|
||||
while handling a specially crafted request,
|
||||
potentially resulting in arbitrary code execution (CVE-2013-2028);
|
||||
the bug had appeared in 1.3.9.<br/>
|
||||
Thanks to Greg MacManus, iSIGHT Partners Labs.
|
||||
</para>
|
||||
</change>
|
||||
|
||||
</changes>
|
||||
|
||||
|
||||
<changes ver="1.4.0" date="24.04.2013">
|
||||
|
||||
<change type="bugfix">
|
||||
|
|
|
@ -3,11 +3,10 @@ VER = $(shell grep 'define NGINX_VERSION' src/core/nginx.h \
|
|||
| sed -e 's/^.*"\(.*\)".*/\1/')
|
||||
NGINX = nginx-$(VER)
|
||||
TEMP = tmp
|
||||
REPO = $(shell svn info | sed -n 's/^Repository Root: //p')
|
||||
|
||||
OBJS = objs.msvc8
|
||||
OPENSSL = openssl-1.0.1e
|
||||
ZLIB = zlib-1.2.7
|
||||
OPENSSL = openssl-1.0.1f
|
||||
ZLIB = zlib-1.2.8
|
||||
PCRE = pcre-8.32
|
||||
|
||||
|
||||
|
@ -38,40 +37,14 @@ release: export
|
|||
|
||||
export:
|
||||
rm -rf $(TEMP)
|
||||
|
||||
if [ -d .svn ]; then \
|
||||
svn export -rHEAD . $(TEMP)/$(NGINX); \
|
||||
else \
|
||||
hg archive -X '.hg*' $(TEMP)/$(NGINX); \
|
||||
fi
|
||||
hg archive -X '.hg*' $(TEMP)/$(NGINX)
|
||||
|
||||
|
||||
RELEASE:
|
||||
if [ -d .svn ]; then \
|
||||
$(MAKE) -f misc/GNUmakefile RELEASE.svn; \
|
||||
else \
|
||||
$(MAKE) -f misc/GNUmakefile RELEASE.hg; \
|
||||
fi
|
||||
|
||||
$(MAKE) -f misc/GNUmakefile release
|
||||
|
||||
|
||||
RELEASE.hg:
|
||||
hg ci -m nginx-$(VER)-RELEASE
|
||||
hg tag -m "release-$(VER) tag" release-$(VER)
|
||||
|
||||
|
||||
RELEASE.svn:
|
||||
test -d $(TEMP) || mkdir -p $(TEMP)
|
||||
|
||||
echo "nginx-$(VER)-RELEASE" > $(TEMP)/message
|
||||
svn ci -F $(TEMP)/message
|
||||
|
||||
echo "release-$(VER) tag" > $(TEMP)/message
|
||||
svn copy $(REPO)/trunk $(REPO)/tags/release-$(VER) \
|
||||
-F $(TEMP)/message
|
||||
|
||||
svn up
|
||||
$(MAKE) -f misc/GNUmakefile release
|
||||
|
||||
|
||||
win32:
|
||||
|
|
|
@ -1,7 +1,4 @@
|
|||
|
||||
GNUmakefile, in svn it is available since 0.4.0 only.
|
||||
|
||||
|
||||
make -f misc/GNUmakefile release
|
||||
|
||||
the required tools:
|
||||
|
|
|
@ -9,8 +9,8 @@
|
|||
#define _NGINX_H_INCLUDED_
|
||||
|
||||
|
||||
#define nginx_version 1004000
|
||||
#define NGINX_VERSION "1.4.0"
|
||||
#define nginx_version 1004007
|
||||
#define NGINX_VERSION "1.4.7"
|
||||
#define NGINX_VER "nginx/" NGINX_VERSION
|
||||
|
||||
#define NGINX_VAR "NGINX"
|
||||
|
|
|
@ -647,7 +647,13 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle)
|
|||
if (ls[i].add_deferred || ls[i].delete_deferred) {
|
||||
|
||||
if (ls[i].add_deferred) {
|
||||
timeout = (int) (ls[i].post_accept_timeout / 1000);
|
||||
/*
|
||||
* There is no way to find out how long a connection was
|
||||
* in queue (and a connection may bypass deferred queue at all
|
||||
* if syncookies were used), hence we use 1 second timeout
|
||||
* here.
|
||||
*/
|
||||
timeout = 1;
|
||||
|
||||
} else {
|
||||
timeout = 0;
|
||||
|
|
|
@ -137,7 +137,7 @@ ngx_crypt_apr1(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
|
|||
|
||||
/* output */
|
||||
|
||||
*encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 16 + 1);
|
||||
*encrypted = ngx_pnalloc(pool, sizeof("$apr1$") - 1 + saltlen + 1 + 22 + 1);
|
||||
if (*encrypted == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
|
|
@ -607,6 +607,17 @@ ngx_event_process_init(ngx_cycle_t *cycle)
|
|||
ngx_use_accept_mutex = 0;
|
||||
}
|
||||
|
||||
#if (NGX_WIN32)
|
||||
|
||||
/*
|
||||
* disable accept mutex on win32 as it may cause deadlock if
|
||||
* grabbed by a process which can't accept connections
|
||||
*/
|
||||
|
||||
ngx_use_accept_mutex = 0;
|
||||
|
||||
#endif
|
||||
|
||||
#if (NGX_THREADS)
|
||||
ngx_posted_events_mutex = ngx_mutex_init(cycle->log, 0);
|
||||
if (ngx_posted_events_mutex == NULL) {
|
||||
|
|
|
@ -965,6 +965,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
|
|||
size -= n;
|
||||
|
||||
if (size == 0) {
|
||||
c->read->ready = 1;
|
||||
return bytes;
|
||||
}
|
||||
|
||||
|
@ -974,6 +975,10 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
|
|||
}
|
||||
|
||||
if (bytes) {
|
||||
if (c->ssl->last != NGX_AGAIN) {
|
||||
c->read->ready = 1;
|
||||
}
|
||||
|
||||
return bytes;
|
||||
}
|
||||
|
||||
|
@ -2224,32 +2229,26 @@ ngx_int_t
|
|||
ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
|
||||
{
|
||||
int len;
|
||||
u_char *p, *buf;
|
||||
u_char *buf;
|
||||
SSL_SESSION *sess;
|
||||
|
||||
sess = SSL_get0_session(c->ssl->connection);
|
||||
|
||||
len = i2d_SSL_SESSION(sess, NULL);
|
||||
|
||||
buf = ngx_alloc(len, c->log);
|
||||
if (buf == NULL) {
|
||||
return NGX_ERROR;
|
||||
if (sess == NULL) {
|
||||
s->len = 0;
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
buf = sess->session_id;
|
||||
len = sess->session_id_length;
|
||||
|
||||
s->len = 2 * len;
|
||||
s->data = ngx_pnalloc(pool, 2 * len);
|
||||
if (s->data == NULL) {
|
||||
ngx_free(buf);
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
p = buf;
|
||||
i2d_SSL_SESSION(sess, &p);
|
||||
|
||||
ngx_hex_dump(s->data, buf, len);
|
||||
|
||||
ngx_free(buf);
|
||||
|
||||
return NGX_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -611,15 +611,14 @@ ngx_ssl_stapling_ocsp_handler(ngx_ssl_ocsp_ctx_t *ctx)
|
|||
!= 1)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
|
||||
"certificate status not found in the OCSP response",
|
||||
n, OCSP_response_status_str(n));
|
||||
"certificate status not found in the OCSP response");
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (n != V_OCSP_CERTSTATUS_GOOD) {
|
||||
ngx_log_error(NGX_LOG_ERR, ctx->log, 0,
|
||||
"certificate status \"%s\" in the OCSP response",
|
||||
n, OCSP_cert_status_str(n));
|
||||
OCSP_cert_status_str(n));
|
||||
goto error;
|
||||
}
|
||||
|
||||
|
|
|
@ -304,7 +304,7 @@ ngx_http_autoindex_handler(ngx_http_request_t *r)
|
|||
if (ngx_de_info(filename, &dir) == NGX_FILE_ERROR) {
|
||||
err = ngx_errno;
|
||||
|
||||
if (err != NGX_ENOENT) {
|
||||
if (err != NGX_ENOENT && err != NGX_ELOOP) {
|
||||
ngx_log_error(NGX_LOG_CRIT, r->connection->log, err,
|
||||
ngx_de_info_n " \"%s\" failed", filename);
|
||||
|
||||
|
@ -388,7 +388,7 @@ ngx_http_autoindex_handler(ngx_http_request_t *r)
|
|||
|
||||
b = ngx_create_temp_buf(r->pool, len);
|
||||
if (b == NULL) {
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (entries.nelts > 1) {
|
||||
|
@ -649,7 +649,7 @@ ngx_http_autoindex_error(ngx_http_request_t *r, ngx_dir_t *dir, ngx_str_t *name)
|
|||
ngx_close_dir_n " \"%V\" failed", name);
|
||||
}
|
||||
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
return r->header_sent ? NGX_ERROR : NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1195,6 +1195,10 @@ ngx_http_fastcgi_reinit_request(ngx_http_request_t *r)
|
|||
f->fastcgi_stdout = 0;
|
||||
f->large_stderr = 0;
|
||||
|
||||
if (f->split_parts) {
|
||||
f->split_parts->nelts = 0;
|
||||
}
|
||||
|
||||
r->state = 0;
|
||||
|
||||
return NGX_OK;
|
||||
|
@ -1475,6 +1479,13 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
|
|||
|
||||
rc = ngx_http_parse_header_line(r, &buf, 1);
|
||||
|
||||
if (rc != NGX_OK) {
|
||||
ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
|
||||
"invalid header after joining "
|
||||
"FastCGI records");
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
h->key.len = r->header_name_end - r->header_name_start;
|
||||
h->key.data = r->header_name_start;
|
||||
h->key.data[h->key.len] = '\0';
|
||||
|
|
|
@ -780,7 +780,7 @@ ngx_http_log_request_time(ngx_http_request_t *r, u_char *buf,
|
|||
((tp->sec - r->start_sec) * 1000 + (tp->msec - r->start_msec));
|
||||
ms = ngx_max(ms, 0);
|
||||
|
||||
return ngx_sprintf(buf, "%T.%03M", ms / 1000, ms % 1000);
|
||||
return ngx_sprintf(buf, "%T.%03M", (time_t) ms / 1000, ms % 1000);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -615,7 +615,8 @@ static ngx_http_variable_t ngx_http_proxy_vars[] = {
|
|||
#endif
|
||||
|
||||
{ ngx_string("proxy_internal_body_length"), NULL,
|
||||
ngx_http_proxy_internal_body_length_variable, 0, NGX_HTTP_VAR_NOHASH, 0 },
|
||||
ngx_http_proxy_internal_body_length_variable, 0,
|
||||
NGX_HTTP_VAR_NOCACHEABLE|NGX_HTTP_VAR_NOHASH, 0 },
|
||||
|
||||
{ ngx_null_string, NULL, NULL, 0, 0, 0 }
|
||||
};
|
||||
|
|
|
@ -282,7 +282,10 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data)
|
|||
}
|
||||
|
||||
best->current_weight -= total;
|
||||
|
||||
if (now - best->checked > best->fail_timeout) {
|
||||
best->checked = now;
|
||||
}
|
||||
|
||||
pc->sockaddr = best->sockaddr;
|
||||
pc->socklen = best->socklen;
|
||||
|
|
|
@ -222,10 +222,11 @@ header_in(r, key)
|
|||
dXSTARG;
|
||||
ngx_http_request_t *r;
|
||||
SV *key;
|
||||
u_char *p, *lowcase_key, *cookie;
|
||||
u_char *p, *lowcase_key, *value, sep;
|
||||
STRLEN len;
|
||||
ssize_t size;
|
||||
ngx_uint_t i, n, hash;
|
||||
ngx_array_t *a;
|
||||
ngx_list_part_t *part;
|
||||
ngx_table_elt_t *h, **ph;
|
||||
ngx_http_header_t *hh;
|
||||
|
@ -255,6 +256,19 @@ header_in(r, key)
|
|||
hh = ngx_hash_find(&cmcf->headers_in_hash, hash, lowcase_key, len);
|
||||
|
||||
if (hh) {
|
||||
|
||||
if (hh->offset == offsetof(ngx_http_headers_in_t, cookies)) {
|
||||
sep = ';';
|
||||
goto multi;
|
||||
}
|
||||
|
||||
#if (NGX_HTTP_X_FORWARDED_FOR)
|
||||
if (hh->offset == offsetof(ngx_http_headers_in_t, x_forwarded_for)) {
|
||||
sep = ',';
|
||||
goto multi;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (hh->offset) {
|
||||
|
||||
ph = (ngx_table_elt_t **) ((char *) &r->headers_in + hh->offset);
|
||||
|
@ -268,15 +282,19 @@ header_in(r, key)
|
|||
XSRETURN_UNDEF;
|
||||
}
|
||||
|
||||
/* Cookie */
|
||||
multi:
|
||||
|
||||
n = r->headers_in.cookies.nelts;
|
||||
/* Cookie, X-Forwarded-For */
|
||||
|
||||
a = (ngx_array_t *) ((char *) &r->headers_in + hh->offset);
|
||||
|
||||
n = a->nelts;
|
||||
|
||||
if (n == 0) {
|
||||
XSRETURN_UNDEF;
|
||||
}
|
||||
|
||||
ph = r->headers_in.cookies.elts;
|
||||
ph = a->elts;
|
||||
|
||||
if (n == 1) {
|
||||
ngx_http_perl_set_targ((*ph)->value.data, (*ph)->value.len);
|
||||
|
@ -290,12 +308,12 @@ header_in(r, key)
|
|||
size += ph[i]->value.len + sizeof("; ") - 1;
|
||||
}
|
||||
|
||||
cookie = ngx_pnalloc(r->pool, size);
|
||||
if (cookie == NULL) {
|
||||
value = ngx_pnalloc(r->pool, size);
|
||||
if (value == NULL) {
|
||||
XSRETURN_UNDEF;
|
||||
}
|
||||
|
||||
p = cookie;
|
||||
p = value;
|
||||
|
||||
for (i = 0; /* void */ ; i++) {
|
||||
p = ngx_copy(p, ph[i]->value.data, ph[i]->value.len);
|
||||
|
@ -304,10 +322,10 @@ header_in(r, key)
|
|||
break;
|
||||
}
|
||||
|
||||
*p++ = ';'; *p++ = ' ';
|
||||
*p++ = sep; *p++ = ' ';
|
||||
}
|
||||
|
||||
ngx_http_perl_set_targ(cookie, size);
|
||||
ngx_http_perl_set_targ(value, size);
|
||||
|
||||
goto done;
|
||||
}
|
||||
|
@ -419,7 +437,7 @@ request_body(r)
|
|||
|
||||
p = ngx_pnalloc(r->pool, len);
|
||||
if (p == NULL) {
|
||||
return XSRETURN_UNDEF;
|
||||
XSRETURN_UNDEF;
|
||||
}
|
||||
|
||||
data = p;
|
||||
|
|
|
@ -89,7 +89,7 @@ ngx_int_t ngx_http_add_listen(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf,
|
|||
void ngx_http_init_connection(ngx_connection_t *c);
|
||||
void ngx_http_close_connection(ngx_connection_t *c);
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
||||
int ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg);
|
||||
#endif
|
||||
|
||||
|
|
|
@ -4758,7 +4758,9 @@ ngx_http_core_try_files(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
|
|||
|
||||
tf[i].name = value[i + 1];
|
||||
|
||||
if (tf[i].name.data[tf[i].name.len - 1] == '/') {
|
||||
if (tf[i].name.len > 0
|
||||
&& tf[i].name.data[tf[i].name.len - 1] == '/')
|
||||
{
|
||||
tf[i].test_dir = 1;
|
||||
tf[i].name.len--;
|
||||
tf[i].name.data[tf[i].name.len] = '\0';
|
||||
|
|
|
@ -614,6 +614,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
|
|||
default:
|
||||
r->space_in_uri = 1;
|
||||
state = sw_check_uri;
|
||||
p--;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
@ -667,6 +668,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
|
|||
default:
|
||||
r->space_in_uri = 1;
|
||||
state = sw_uri;
|
||||
p--;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
@ -2209,6 +2211,10 @@ data:
|
|||
|
||||
}
|
||||
|
||||
if (ctx->size < 0 || ctx->length < 0) {
|
||||
goto invalid;
|
||||
}
|
||||
|
||||
return rc;
|
||||
|
||||
done:
|
||||
|
|
|
@ -423,20 +423,6 @@ ngx_http_wait_request_handler(ngx_event_t *rev)
|
|||
|
||||
if (n == NGX_AGAIN) {
|
||||
|
||||
#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
|
||||
if (c->listening->deferred_accept
|
||||
#if (NGX_HTTP_SSL)
|
||||
&& c->ssl == NULL
|
||||
#endif
|
||||
)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
|
||||
"client timed out in deferred accept");
|
||||
ngx_http_close_connection(c);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!rev->timer_set) {
|
||||
ngx_add_timer(rev, c->listening->post_accept_timeout);
|
||||
ngx_reusable_connection(c, 1);
|
||||
|
@ -635,15 +621,6 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
|
|||
if (n == -1) {
|
||||
if (err == NGX_EAGAIN) {
|
||||
|
||||
#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
|
||||
if (c->listening->deferred_accept) {
|
||||
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
|
||||
"client timed out in deferred accept");
|
||||
ngx_http_close_connection(c);
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (!rev->timer_set) {
|
||||
ngx_add_timer(rev, c->listening->post_accept_timeout);
|
||||
ngx_reusable_connection(c, 1);
|
||||
|
@ -1955,7 +1932,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
|
|||
|
||||
hc = r->http_connection;
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
||||
|
||||
if (hc->ssl_servername) {
|
||||
if (hc->ssl_servername->len == host->len
|
||||
|
@ -1986,7 +1963,7 @@ ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
||||
|
||||
if (hc->ssl_servername) {
|
||||
ngx_http_ssl_srv_conf_t *sscf;
|
||||
|
@ -2053,7 +2030,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c,
|
|||
|
||||
sn = virtual_names->regex;
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
||||
|
||||
if (r == NULL) {
|
||||
ngx_http_connection_t *hc;
|
||||
|
@ -2085,7 +2062,7 @@ ngx_http_find_virtual_server(ngx_connection_t *c,
|
|||
return NGX_DECLINED;
|
||||
}
|
||||
|
||||
#endif /* SSL_CTRL_SET_TLSEXT_HOSTNAME */
|
||||
#endif /* NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME */
|
||||
|
||||
for (i = 0; i < virtual_names->nregex; i++) {
|
||||
|
||||
|
|
|
@ -295,7 +295,7 @@ typedef struct {
|
|||
ngx_http_addr_conf_t *addr_conf;
|
||||
ngx_http_conf_ctx_t *conf_ctx;
|
||||
|
||||
#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
|
||||
#if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME)
|
||||
ngx_str_t *ssl_servername;
|
||||
#if (NGX_PCRE)
|
||||
ngx_http_regex_t *ssl_servername_regex;
|
||||
|
|
|
@ -150,9 +150,12 @@ ngx_http_read_client_request_body(ngx_http_request_t *r,
|
|||
goto done;
|
||||
}
|
||||
|
||||
if (rb->temp_file->file.offset != 0) {
|
||||
|
||||
cl = ngx_chain_get_free_buf(r->pool, &rb->free);
|
||||
if (cl == NULL) {
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
b = cl->buf;
|
||||
|
@ -164,6 +167,10 @@ ngx_http_read_client_request_body(ngx_http_request_t *r,
|
|||
b->file = &rb->temp_file->file;
|
||||
|
||||
rb->bufs = cl;
|
||||
|
||||
} else {
|
||||
rb->bufs = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
post_handler(r);
|
||||
|
@ -374,6 +381,8 @@ ngx_http_do_read_client_request_body(ngx_http_request_t *r)
|
|||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
}
|
||||
|
||||
if (rb->temp_file->file.offset != 0) {
|
||||
|
||||
cl = ngx_chain_get_free_buf(r->pool, &rb->free);
|
||||
if (cl == NULL) {
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
|
@ -388,6 +397,10 @@ ngx_http_do_read_client_request_body(ngx_http_request_t *r)
|
|||
b->file = &rb->temp_file->file;
|
||||
|
||||
rb->bufs = cl;
|
||||
|
||||
} else {
|
||||
rb->bufs = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
r->read_event_handler = ngx_http_block_reading;
|
||||
|
@ -842,6 +855,10 @@ ngx_http_request_body_length_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|||
|
||||
for (cl = in; cl; cl = cl->next) {
|
||||
|
||||
if (rb->rest == 0) {
|
||||
break;
|
||||
}
|
||||
|
||||
tl = ngx_chain_get_free_buf(r->pool, &rb->free);
|
||||
if (tl == NULL) {
|
||||
return NGX_HTTP_INTERNAL_SERVER_ERROR;
|
||||
|
@ -936,13 +953,13 @@ ngx_http_request_body_chunked_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|||
|
||||
if (clcf->client_max_body_size
|
||||
&& clcf->client_max_body_size
|
||||
< r->headers_in.content_length_n + rb->chunked->size)
|
||||
- r->headers_in.content_length_n < rb->chunked->size)
|
||||
{
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"client intended to send too large chunked "
|
||||
"body: %O bytes",
|
||||
r->headers_in.content_length_n
|
||||
+ rb->chunked->size);
|
||||
"body: %O+%O bytes",
|
||||
r->headers_in.content_length_n,
|
||||
rb->chunked->size);
|
||||
|
||||
r->lingering_close = 1;
|
||||
|
||||
|
|
|
@ -1465,7 +1465,7 @@ static u_char *
|
|||
ngx_http_spdy_state_save(ngx_http_spdy_connection_t *sc,
|
||||
u_char *pos, u_char *end, ngx_http_spdy_handler_pt handler)
|
||||
{
|
||||
#if (NGX_DEBUG)
|
||||
#if 1
|
||||
if (end - pos > NGX_SPDY_STATE_BUFFER_SIZE) {
|
||||
ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,
|
||||
"spdy state buffer overflow: "
|
||||
|
@ -2529,13 +2529,6 @@ ngx_http_spdy_init_request_body(ngx_http_request_t *r)
|
|||
return NGX_ERROR;
|
||||
}
|
||||
|
||||
if (rb->rest == 0) {
|
||||
buf->in_file = 1;
|
||||
buf->file = &tf->file;
|
||||
} else {
|
||||
rb->buf = buf;
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
if (rb->rest == 0) {
|
||||
|
@ -2546,9 +2539,9 @@ ngx_http_spdy_init_request_body(ngx_http_request_t *r)
|
|||
if (buf == NULL) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
rb->buf = buf;
|
||||
}
|
||||
|
||||
rb->bufs = ngx_alloc_chain_link(r->pool);
|
||||
if (rb->bufs == NULL) {
|
||||
|
@ -2633,6 +2626,10 @@ ngx_http_spdy_close_stream(ngx_http_spdy_stream_t *stream, ngx_int_t rc)
|
|||
}
|
||||
}
|
||||
|
||||
if (sc->stream == stream) {
|
||||
sc->stream = NULL;
|
||||
}
|
||||
|
||||
sscf = ngx_http_get_module_srv_conf(sc->http_connection->conf_ctx,
|
||||
ngx_http_spdy_module);
|
||||
|
||||
|
|
|
@ -2456,15 +2456,13 @@ ngx_http_upstream_upgrade(ngx_http_request_t *r, ngx_http_upstream_t *u)
|
|||
if (u->peer.connection->read->ready
|
||||
|| u->buffer.pos != u->buffer.last)
|
||||
{
|
||||
ngx_post_event(c->read, &ngx_posted_events);
|
||||
ngx_http_upstream_process_upgraded(r, 1, 1);
|
||||
return;
|
||||
}
|
||||
|
||||
if (c->read->ready
|
||||
|| r->header_in->pos != r->header_in->last)
|
||||
{
|
||||
ngx_http_upstream_process_upgraded(r, 0, 1);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
static void
|
||||
|
|
|
@ -523,7 +523,10 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp)
|
|||
rrp->tried[n] |= m;
|
||||
|
||||
best->current_weight -= total;
|
||||
|
||||
if (now - best->checked > best->fail_timeout) {
|
||||
best->checked = now;
|
||||
}
|
||||
|
||||
return best;
|
||||
}
|
||||
|
|
|
@ -1988,7 +1988,7 @@ ngx_http_variable_request_time(ngx_http_request_t *r,
|
|||
((tp->sec - r->start_sec) * 1000 + (tp->msec - r->start_msec));
|
||||
ms = ngx_max(ms, 0);
|
||||
|
||||
v->len = ngx_sprintf(p, "%T.%03M", ms / 1000, ms % 1000) - p;
|
||||
v->len = ngx_sprintf(p, "%T.%03M", (time_t) ms / 1000, ms % 1000) - p;
|
||||
v->valid = 1;
|
||||
v->no_cacheable = 0;
|
||||
v->not_found = 0;
|
||||
|
|
|
@ -277,7 +277,6 @@ ngx_mail_smtp_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
p = ngx_cpymem(p, conf->capability.data, conf->capability.len);
|
||||
|
||||
p = ngx_cpymem(p, "250 STARTTLS" CRLF, sizeof("250 STARTTLS" CRLF) - 1);
|
||||
*p++ = CR; *p = LF;
|
||||
|
||||
p = conf->starttls_capability.data
|
||||
+ (last - conf->capability.data) + 3;
|
||||
|
|
|
@ -235,6 +235,11 @@ ngx_mail_ssl_merge_conf(ngx_conf_t *cf, void *parent, void *child)
|
|||
mode = "";
|
||||
}
|
||||
|
||||
if (conf->file == NULL) {
|
||||
conf->file = prev->file;
|
||||
conf->line = prev->line;
|
||||
}
|
||||
|
||||
if (*mode) {
|
||||
|
||||
if (conf->certificate.len == 0) {
|
||||
|
|
|
@ -49,10 +49,10 @@ typedef int ngx_err_t;
|
|||
#define NGX_ECANCELED ECANCELED
|
||||
#define NGX_EILSEQ EILSEQ
|
||||
#define NGX_ENOMOREFILES 0
|
||||
#define NGX_ELOOP ELOOP
|
||||
|
||||
#if (NGX_HAVE_OPENAT)
|
||||
#define NGX_EMLINK EMLINK
|
||||
#define NGX_ELOOP ELOOP
|
||||
#endif
|
||||
|
||||
#if (__hpux__)
|
||||
|
|
|
@ -51,6 +51,7 @@ typedef DWORD ngx_err_t;
|
|||
#define NGX_EHOSTUNREACH WSAEHOSTUNREACH
|
||||
#define NGX_ENOMOREFILES ERROR_NO_MORE_FILES
|
||||
#define NGX_EILSEQ ERROR_NO_UNICODE_TRANSLATION
|
||||
#define NGX_ELOOP 0
|
||||
|
||||
#define NGX_EALREADY WSAEALREADY
|
||||
#define NGX_EINVAL WSAEINVAL
|
||||
|
|
|
@ -753,6 +753,8 @@ ngx_win32_check_filename(u_char *name, u_short *u, size_t len)
|
|||
goto invalid;
|
||||
}
|
||||
|
||||
ngx_free(lu);
|
||||
|
||||
return NGX_OK;
|
||||
|
||||
invalid:
|
||||
|
|
Loading…
Reference in a new issue