Changes with nginx 1.4.5 11 Feb 2014v1.4.5

    *) Bugfix: the $ssl_session_id variable contained full session
       serialized instead of just a session id.
       Thanks to Ivan Ristić.

    *) Bugfix: client connections might be immediately closed if deferred
       accept was used; the bug had appeared in 1.3.15.

    *) Bugfix: alerts "zero size buf in output" might appear in logs while
       proxying; the bug had appeared in 1.3.9.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_spdy_module was used.

    *) Bugfix: proxied WebSocket connections might hang right after
       handshake if the select, poll, or /dev/poll methods were used.

    *) Bugfix: a timeout might occur while reading client request body in an
       SSL connection using chunked transfer encoding.

    *) Bugfix: memory leak in nginx/Windows.

10 files changed, 114 insertions, 66 deletions

diff --git a/CHANGES b/CHANGES
index 4899a6d92..3507e6ee4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,28 @@
 
+Changes with nginx 1.4.5                                         11 Feb 2014
+
+    *) Bugfix: the $ssl_session_id variable contained full session
+       serialized instead of just a session id.
+       Thanks to Ivan Ristić.
+
+    *) Bugfix: client connections might be immediately closed if deferred
+       accept was used; the bug had appeared in 1.3.15.
+
+    *) Bugfix: alerts "zero size buf in output" might appear in logs while
+       proxying; the bug had appeared in 1.3.9.
+
+    *) Bugfix: a segmentation fault might occur in a worker process if the
+       ngx_http_spdy_module was used.
+
+    *) Bugfix: proxied WebSocket connections might hang right after
+       handshake if the select, poll, or /dev/poll methods were used.
+
+    *) Bugfix: a timeout might occur while reading client request body in an
+       SSL connection using chunked transfer encoding.
+
+    *) Bugfix: memory leak in nginx/Windows.
+
+
 Changes with nginx 1.4.4                                         19 Nov 2013
 
     *) Security: a character following an unescaped space in a request line
diff --git a/CHANGES.ru b/CHANGES.ru
index 2e12f09cd..ccaf26f2a 100644
--- a/CHANGES.ru
+++ b/CHANGES.ru
@@ -1,4 +1,29 @@
 
+Изменения в nginx 1.4.5                                           11.02.2014
+
+    *) Исправление: переменная $ssl_session_id содержала всю сессию в
+       сериализованном виде вместо её идентификатора.
+       Спасибо Ivan Ristić.
+
+    *) Исправление: клиентские соединения могли сразу закрываться, если
+       использовался отложенный accept; ошибка появилась в 1.3.15.
+
+    *) Исправление: при проксировании в логах могли появляться сообщения
+       "zero size buf in output"; ошибка появилась в 1.3.9.
+
+    *) Исправление: в рабочем процессе мог произойти segmentation fault,
+       если использовался модуль ngx_http_spdy_module.
+
+    *) Исправление: при использовании методов обработки соединений select,
+       poll и /dev/poll проксируемые WebSocket-соединения могли зависать
+       сразу после открытия.
+
+    *) Исправление: при чтении тела запроса с использованием chunked
+       transfer encoding по SSL-соединению мог произойти таймаут.
+
+    *) Исправление: утечки памяти в nginx/Windows.
+
+
 Изменения в nginx 1.4.4                                           19.11.2013
 
     *) Безопасность: символ, следующий за незакодированным пробелом в строке
diff --git a/LICENSE b/LICENSE
index 5d8097000..4ed7a6fc7 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 /* 
- * Copyright (C) 2002-2013 Igor Sysoev
- * Copyright (C) 2011-2013 Nginx, Inc.
+ * Copyright (C) 2002-2014 Igor Sysoev
+ * Copyright (C) 2011-2014 Nginx, Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
diff --git a/src/core/nginx.h b/src/core/nginx.h
index 609bdaa89..697e64102 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1004004
-#define NGINX_VERSION      "1.4.4"
+#define nginx_version      1004005
+#define NGINX_VERSION      "1.4.5"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
diff --git a/src/core/ngx_connection.c b/src/core/ngx_connection.c
index 7ed781e0a..986bf0d02 100644
--- a/src/core/ngx_connection.c
+++ b/src/core/ngx_connection.c
@@ -647,7 +647,13 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle)
         if (ls[i].add_deferred || ls[i].delete_deferred) {
 
             if (ls[i].add_deferred) {
-                timeout = (int) (ls[i].post_accept_timeout / 1000);
+                /*
+                 * There is no way to find out how long a connection was
+                 * in queue (and a connection may bypass deferred queue at all
+                 * if syncookies were used), hence we use 1 second timeout
+                 * here.
+                 */
+                timeout = 1;
 
             } else {
                 timeout = 0;
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 62ce12c14..915e604bb 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -965,6 +965,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
             size -= n;
 
             if (size == 0) {
+                c->read->ready = 1;
                 return bytes;
             }
 
@@ -974,6 +975,10 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
         }
 
         if (bytes) {
+            if (c->ssl->last != NGX_AGAIN) {
+                c->read->ready = 1;
+            }
+
             return bytes;
         }
 
@@ -2224,32 +2229,26 @@ ngx_int_t
 ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
     int           len;
-    u_char       *p, *buf;
+    u_char       *buf;
     SSL_SESSION  *sess;
 
     sess = SSL_get0_session(c->ssl->connection);
-
-    len = i2d_SSL_SESSION(sess, NULL);
-
-    buf = ngx_alloc(len, c->log);
-    if (buf == NULL) {
-        return NGX_ERROR;
+    if (sess == NULL) {
+        s->len = 0;
+        return NGX_OK;
     }
 
+    buf = sess->session_id;
+    len = sess->session_id_length;
+
     s->len = 2 * len;
     s->data = ngx_pnalloc(pool, 2 * len);
     if (s->data == NULL) {
-        ngx_free(buf);
         return NGX_ERROR;
     }
 
-    p = buf;
-    i2d_SSL_SESSION(sess, &p);
-
     ngx_hex_dump(s->data, buf, len);
 
-    ngx_free(buf);
-
     return NGX_OK;
 }
 
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index c8c5d153f..1be2d463f 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -423,20 +423,6 @@ ngx_http_wait_request_handler(ngx_event_t *rev)
 
     if (n == NGX_AGAIN) {
 
-#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
-        if (c->listening->deferred_accept
-#if (NGX_HTTP_SSL)
-            && c->ssl == NULL
-#endif
-            )
-        {
-            ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
-                          "client timed out in deferred accept");
-            ngx_http_close_connection(c);
-            return;
-        }
-#endif
-
         if (!rev->timer_set) {
             ngx_add_timer(rev, c->listening->post_accept_timeout);
             ngx_reusable_connection(c, 1);
@@ -635,15 +621,6 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
     if (n == -1) {
         if (err == NGX_EAGAIN) {
 
-#if (NGX_HAVE_DEFERRED_ACCEPT && defined TCP_DEFER_ACCEPT)
-            if (c->listening->deferred_accept) {
-                ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT,
-                              "client timed out in deferred accept");
-                ngx_http_close_connection(c);
-                return;
-            }
-#endif
-
             if (!rev->timer_set) {
                 ngx_add_timer(rev, c->listening->post_accept_timeout);
                 ngx_reusable_connection(c, 1);
diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c
index 2c612311d..1d8bc4a28 100644
--- a/src/http/ngx_http_request_body.c
+++ b/src/http/ngx_http_request_body.c
@@ -150,20 +150,27 @@ ngx_http_read_client_request_body(ngx_http_request_t *r,
                 goto done;
             }
 
-            cl = ngx_chain_get_free_buf(r->pool, &rb->free);
-            if (cl == NULL) {
-                return NGX_HTTP_INTERNAL_SERVER_ERROR;
-            }
+            if (rb->temp_file->file.offset != 0) {
 
-            b = cl->buf;
+                cl = ngx_chain_get_free_buf(r->pool, &rb->free);
+                if (cl == NULL) {
+                    rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+                    goto done;
+                }
 
-            ngx_memzero(b, sizeof(ngx_buf_t));
+                b = cl->buf;
 
-            b->in_file = 1;
-            b->file_last = rb->temp_file->file.offset;
-            b->file = &rb->temp_file->file;
+                ngx_memzero(b, sizeof(ngx_buf_t));
 
-            rb->bufs = cl;
+                b->in_file = 1;
+                b->file_last = rb->temp_file->file.offset;
+                b->file = &rb->temp_file->file;
+
+                rb->bufs = cl;
+
+            } else {
+                rb->bufs = NULL;
+            }
         }
 
         post_handler(r);
@@ -374,20 +381,26 @@ ngx_http_do_read_client_request_body(ngx_http_request_t *r)
             return NGX_HTTP_INTERNAL_SERVER_ERROR;
         }
 
-        cl = ngx_chain_get_free_buf(r->pool, &rb->free);
-        if (cl == NULL) {
-            return NGX_HTTP_INTERNAL_SERVER_ERROR;
-        }
+        if (rb->temp_file->file.offset != 0) {
+
+            cl = ngx_chain_get_free_buf(r->pool, &rb->free);
+            if (cl == NULL) {
+                return NGX_HTTP_INTERNAL_SERVER_ERROR;
+            }
 
-        b = cl->buf;
+            b = cl->buf;
 
-        ngx_memzero(b, sizeof(ngx_buf_t));
+            ngx_memzero(b, sizeof(ngx_buf_t));
+
+            b->in_file = 1;
+            b->file_last = rb->temp_file->file.offset;
+            b->file = &rb->temp_file->file;
 
-        b->in_file = 1;
-        b->file_last = rb->temp_file->file.offset;
-        b->file = &rb->temp_file->file;
+            rb->bufs = cl;
 
-        rb->bufs = cl;
+        } else {
+            rb->bufs = NULL;
+        }
     }
 
     r->read_event_handler = ngx_http_block_reading;
@@ -842,6 +855,10 @@ ngx_http_request_body_length_filter(ngx_http_request_t *r, ngx_chain_t *in)
 
     for (cl = in; cl; cl = cl->next) {
 
+        if (rb->rest == 0) {
+            break;
+        }
+
         tl = ngx_chain_get_free_buf(r->pool, &rb->free);
         if (tl == NULL) {
             return NGX_HTTP_INTERNAL_SERVER_ERROR;
diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c
index 7c93dc49a..f4f610a82 100644
--- a/src/http/ngx_http_spdy.c
+++ b/src/http/ngx_http_spdy.c
@@ -2626,6 +2626,10 @@ ngx_http_spdy_close_stream(ngx_http_spdy_stream_t *stream, ngx_int_t rc)
         }
     }
 
+    if (sc->stream == stream) {
+        sc->stream = NULL;
+    }
+
     sscf = ngx_http_get_module_srv_conf(sc->http_connection->conf_ctx,
                                         ngx_http_spdy_module);
 
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c
index 45e2eb7b9..ffdffcf07 100644
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -2459,11 +2459,7 @@ ngx_http_upstream_upgrade(ngx_http_request_t *r, ngx_http_upstream_t *u)
         ngx_http_upstream_process_upgraded(r, 1, 1);
     }
 
-    if (c->read->ready
-        || r->header_in->pos != r->header_in->last)
-    {
-        ngx_http_upstream_process_upgraded(r, 0, 1);
-    }
+    ngx_http_upstream_process_upgraded(r, 0, 1);
 }