diff options
author | nginx <nginx@nginx.org> | 2014-02-11 13:41:55 +0000 |
---|---|---|
committer | Jon Kolb <kolbyjack@gmail.com> | 2014-02-11 13:41:55 +0000 |
commit | a4c36cb226a1a4ecd396757ace8c73675e01f6f1 (patch) | |
tree | b053e48f056a57f19159b6d31af933e59861638e | |
parent | 725c7e56ecdd6f7406fd220f5cdd7c9174b808e6 (diff) | |
download | nginx-a4c36cb226a1a4ecd396757ace8c73675e01f6f1.tar.gz |
Changes with nginx 1.4.5 11 Feb 2014v1.4.5
*) Bugfix: the $ssl_session_id variable contained full session
serialized instead of just a session id.
Thanks to Ivan Ristić.
*) Bugfix: client connections might be immediately closed if deferred
accept was used; the bug had appeared in 1.3.15.
*) Bugfix: alerts "zero size buf in output" might appear in logs while
proxying; the bug had appeared in 1.3.9.
*) Bugfix: a segmentation fault might occur in a worker process if the
ngx_http_spdy_module was used.
*) Bugfix: proxied WebSocket connections might hang right after
handshake if the select, poll, or /dev/poll methods were used.
*) Bugfix: a timeout might occur while reading client request body in an
SSL connection using chunked transfer encoding.
*) Bugfix: memory leak in nginx/Windows.
-rw-r--r-- | CHANGES | 24 | ||||
-rw-r--r-- | CHANGES.ru | 25 | ||||
-rw-r--r-- | LICENSE | 4 | ||||
-rw-r--r-- | src/core/nginx.h | 4 | ||||
-rw-r--r-- | src/core/ngx_connection.c | 8 | ||||
-rw-r--r-- | src/event/ngx_event_openssl.c | 25 | ||||
-rw-r--r-- | src/http/ngx_http_request.c | 23 | ||||
-rw-r--r-- | src/http/ngx_http_request_body.c | 57 | ||||
-rw-r--r-- | src/http/ngx_http_spdy.c | 4 | ||||
-rw-r--r-- | src/http/ngx_http_upstream.c | 6 |
10 files changed, 114 insertions, 66 deletions
@@ -1,4 +1,28 @@ +Changes with nginx 1.4.5 11 Feb 2014 + + *) Bugfix: the $ssl_session_id variable contained full session + serialized instead of just a session id. + Thanks to Ivan Ristić. + + *) Bugfix: client connections might be immediately closed if deferred + accept was used; the bug had appeared in 1.3.15. + + *) Bugfix: alerts "zero size buf in output" might appear in logs while + proxying; the bug had appeared in 1.3.9. + + *) Bugfix: a segmentation fault might occur in a worker process if the + ngx_http_spdy_module was used. + + *) Bugfix: proxied WebSocket connections might hang right after + handshake if the select, poll, or /dev/poll methods were used. + + *) Bugfix: a timeout might occur while reading client request body in an + SSL connection using chunked transfer encoding. + + *) Bugfix: memory leak in nginx/Windows. + + Changes with nginx 1.4.4 19 Nov 2013 *) Security: a character following an unescaped space in a request line diff --git a/CHANGES.ru b/CHANGES.ru index 2e12f09cd..ccaf26f2a 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,29 @@ +Изменения в nginx 1.4.5 11.02.2014 + + *) Исправление: переменная $ssl_session_id содержала всю сессию в + сериализованном виде вместо её идентификатора. + Спасибо Ivan Ristić. + + *) Исправление: клиентские соединения могли сразу закрываться, если + использовался отложенный accept; ошибка появилась в 1.3.15. + + *) Исправление: при проксировании в логах могли появляться сообщения + "zero size buf in output"; ошибка появилась в 1.3.9. + + *) Исправление: в рабочем процессе мог произойти segmentation fault, + если использовался модуль ngx_http_spdy_module. + + *) Исправление: при использовании методов обработки соединений select, + poll и /dev/poll проксируемые WebSocket-соединения могли зависать + сразу после открытия. + + *) Исправление: при чтении тела запроса с использованием chunked + transfer encoding по SSL-соединению мог произойти таймаут. + + *) Исправление: утечки памяти в nginx/Windows. + + Изменения в nginx 1.4.4 19.11.2013 *) Безопасность: символ, следующий за незакодированным пробелом в строке @@ -1,6 +1,6 @@ /* - * Copyright (C) 2002-2013 Igor Sysoev - * Copyright (C) 2011-2013 Nginx, Inc. + * Copyright (C) 2002-2014 Igor Sysoev + * Copyright (C) 2011-2014 Nginx, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without diff --git a/src/core/nginx.h b/src/core/nginx.h index 609bdaa89..697e64102 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1004004 -#define NGINX_VERSION "1.4.4" +#define nginx_version 1004005 +#define NGINX_VERSION "1.4.5" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c index 7ed781e0a..986bf0d02 100644 --- a/src/core/ngx_connection.c +++ b/src/core/ngx_connection.c @@ -647,7 +647,13 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle) if (ls[i].add_deferred || ls[i].delete_deferred) { if (ls[i].add_deferred) { - timeout = (int) (ls[i].post_accept_timeout / 1000); + /* + * There is no way to find out how long a connection was + * in queue (and a connection may bypass deferred queue at all + * if syncookies were used), hence we use 1 second timeout + * here. + */ + timeout = 1; } else { timeout = 0; diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 62ce12c14..915e604bb 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -965,6 +965,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) size -= n; if (size == 0) { + c->read->ready = 1; return bytes; } @@ -974,6 +975,10 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size) } if (bytes) { + if (c->ssl->last != NGX_AGAIN) { + c->read->ready = 1; + } + return bytes; } @@ -2224,32 +2229,26 @@ ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) { int len; - u_char *p, *buf; + u_char *buf; SSL_SESSION *sess; sess = SSL_get0_session(c->ssl->connection); - - len = i2d_SSL_SESSION(sess, NULL); - - buf = ngx_alloc(len, c->log); - if (buf == NULL) { - return NGX_ERROR; + if (sess == NULL) { + s->len = 0; + return NGX_OK; } + buf = sess->session_id; + len = sess->session_id_length; + s->len = 2 * len; s->data = ngx_pnalloc(pool, 2 * len); if (s->data == NULL) { - ngx_free(buf); return NGX_ERROR; } - p = buf; - i2d_SSL_SESSION(sess, &p); - ngx_hex_dump(s->data, buf, len); - ngx_free(buf); - return NGX_OK; } diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index c8c5d153f..1be2d463f 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -423,20 +423,6 @@ ngx_http_wait_request_handler(ngx_event_t *rev) if (n == NGX_AGAIN) { -#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT) - if (c->listening->deferred_accept -#if (NGX_HTTP_SSL) - && c->ssl == NULL -#endif - ) - { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, - "client timed out in deferred accept"); - ngx_http_close_connection(c); - return; - } -#endif - if (!rev->timer_set) { ngx_add_timer(rev, c->listening->post_accept_timeout); ngx_reusable_connection(c, 1); @@ -635,15 +621,6 @@ ngx_http_ssl_handshake(ngx_event_t *rev) if (n == -1) { if (err == NGX_EAGAIN) { -#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT) - if (c->listening->deferred_accept) { - ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, - "client timed out in deferred accept"); - ngx_http_close_connection(c); - return; - } -#endif - if (!rev->timer_set) { ngx_add_timer(rev, c->listening->post_accept_timeout); ngx_reusable_connection(c, 1); diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c index 2c612311d..1d8bc4a28 100644 --- a/src/http/ngx_http_request_body.c +++ b/src/http/ngx_http_request_body.c @@ -150,20 +150,27 @@ ngx_http_read_client_request_body(ngx_http_request_t *r, goto done; } - cl = ngx_chain_get_free_buf(r->pool, &rb->free); - if (cl == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } + if (rb->temp_file->file.offset != 0) { - b = cl->buf; + cl = ngx_chain_get_free_buf(r->pool, &rb->free); + if (cl == NULL) { + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + goto done; + } - ngx_memzero(b, sizeof(ngx_buf_t)); + b = cl->buf; - b->in_file = 1; - b->file_last = rb->temp_file->file.offset; - b->file = &rb->temp_file->file; + ngx_memzero(b, sizeof(ngx_buf_t)); - rb->bufs = cl; + b->in_file = 1; + b->file_last = rb->temp_file->file.offset; + b->file = &rb->temp_file->file; + + rb->bufs = cl; + + } else { + rb->bufs = NULL; + } } post_handler(r); @@ -374,20 +381,26 @@ ngx_http_do_read_client_request_body(ngx_http_request_t *r) return NGX_HTTP_INTERNAL_SERVER_ERROR; } - cl = ngx_chain_get_free_buf(r->pool, &rb->free); - if (cl == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } + if (rb->temp_file->file.offset != 0) { + + cl = ngx_chain_get_free_buf(r->pool, &rb->free); + if (cl == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } - b = cl->buf; + b = cl->buf; - ngx_memzero(b, sizeof(ngx_buf_t)); + ngx_memzero(b, sizeof(ngx_buf_t)); + + b->in_file = 1; + b->file_last = rb->temp_file->file.offset; + b->file = &rb->temp_file->file; - b->in_file = 1; - b->file_last = rb->temp_file->file.offset; - b->file = &rb->temp_file->file; + rb->bufs = cl; - rb->bufs = cl; + } else { + rb->bufs = NULL; + } } r->read_event_handler = ngx_http_block_reading; @@ -842,6 +855,10 @@ ngx_http_request_body_length_filter(ngx_http_request_t *r, ngx_chain_t *in) for (cl = in; cl; cl = cl->next) { + if (rb->rest == 0) { + break; + } + tl = ngx_chain_get_free_buf(r->pool, &rb->free); if (tl == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c index 7c93dc49a..f4f610a82 100644 --- a/src/http/ngx_http_spdy.c +++ b/src/http/ngx_http_spdy.c @@ -2626,6 +2626,10 @@ ngx_http_spdy_close_stream(ngx_http_spdy_stream_t *stream, ngx_int_t rc) } } + if (sc->stream == stream) { + sc->stream = NULL; + } + sscf = ngx_http_get_module_srv_conf(sc->http_connection->conf_ctx, ngx_http_spdy_module); diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index 45e2eb7b9..ffdffcf07 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -2459,11 +2459,7 @@ ngx_http_upstream_upgrade(ngx_http_request_t *r, ngx_http_upstream_t *u) ngx_http_upstream_process_upgraded(r, 1, 1); } - if (c->read->ready - || r->header_in->pos != r->header_in->last) - { - ngx_http_upstream_process_upgraded(r, 0, 1); - } + ngx_http_upstream_process_upgraded(r, 0, 1); } |