diff options
author | nginx <nginx@nginx.org> | 2014-08-05 13:55:13 +0000 |
---|---|---|
committer | Jon Kolb <kolbyjack@gmail.com> | 2014-08-05 13:55:13 +0000 |
commit | 1176952193ccf47078dc84b8494d0496ad1ac4a2 (patch) | |
tree | 184d59c52c52465b58dac087075d168020a0aa78 | |
parent | 251331cd59f780fca94bef334f58a6e311e4ad32 (diff) | |
download | nginx-1176952193ccf47078dc84b8494d0496ad1ac4a2.tar.gz |
Changes with nginx 1.7.4 05 Aug 2014v1.7.4
*) Security: pipelined commands were not discarded after STARTTLS
command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6.
Thanks to Chris Boulton.
*) Change: URI escaping now uses uppercase hexadecimal digits.
Thanks to Piotr Sikora.
*) Feature: now nginx can be build with BoringSSL and LibreSSL.
Thanks to Piotr Sikora.
*) Bugfix: requests might hang if resolver was used and a DNS server
returned a malformed response; the bug had appeared in 1.5.8.
*) Bugfix: in the ngx_http_spdy_module.
Thanks to Piotr Sikora.
*) Bugfix: the $uri variable might contain garbage when returning errors
with code 400.
Thanks to Sergey Bobrov.
*) Bugfix: in error handling in the "proxy_store" directive and the
ngx_http_dav_module.
Thanks to Feng Gu.
*) Bugfix: a segmentation fault might occur if logging of errors to
syslog was used; the bug had appeared in 1.7.1.
*) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and
$geoip_area_code variables might not work.
Thanks to Yichun Zhang.
*) Bugfix: in memory allocation error handling.
Thanks to Tatsuhiko Kubo and Piotr Sikora.
30 files changed, 291 insertions, 93 deletions
@@ -1,4 +1,41 @@ +Changes with nginx 1.7.4 05 Aug 2014 + + *) Security: pipelined commands were not discarded after STARTTLS + command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. + Thanks to Chris Boulton. + + *) Change: URI escaping now uses uppercase hexadecimal digits. + Thanks to Piotr Sikora. + + *) Feature: now nginx can be build with BoringSSL and LibreSSL. + Thanks to Piotr Sikora. + + *) Bugfix: requests might hang if resolver was used and a DNS server + returned a malformed response; the bug had appeared in 1.5.8. + + *) Bugfix: in the ngx_http_spdy_module. + Thanks to Piotr Sikora. + + *) Bugfix: the $uri variable might contain garbage when returning errors + with code 400. + Thanks to Sergey Bobrov. + + *) Bugfix: in error handling in the "proxy_store" directive and the + ngx_http_dav_module. + Thanks to Feng Gu. + + *) Bugfix: a segmentation fault might occur if logging of errors to + syslog was used; the bug had appeared in 1.7.1. + + *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and + $geoip_area_code variables might not work. + Thanks to Yichun Zhang. + + *) Bugfix: in memory allocation error handling. + Thanks to Tatsuhiko Kubo and Piotr Sikora. + + Changes with nginx 1.7.3 08 Jul 2014 *) Feature: weak entity tags are now preserved on response diff --git a/CHANGES.ru b/CHANGES.ru index f87375fc5..720180c01 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,43 @@ +Изменения в nginx 1.7.4 05.08.2014 + + *) Безопасность: pipelined-команды не отбрасывались после команды + STARTTLS в SMTP прокси-сервере (CVE-2014-3556); ошибка появилась в + 1.5.6. + Спасибо Chris Boulton. + + *) Изменение: экранирование символов в URI теперь использует + шестнадцатеричные цифры в верхнем регистре. + Спасибо Piotr Sikora. + + *) Добавление: теперь nginx можно собрать с BoringSSL и LibreSSL. + Спасибо Piotr Sikora. + + *) Исправление: запросы могли зависать, если использовался resolver и + DNS-сервер возвращал некорректный ответ; ошибка появилась в 1.5.8. + + *) Исправление: в модуле ngx_http_spdy_module. + Спасибо Piotr Sikora. + + *) Исправление: переменная $uri могла содержать мусор при возврате + ошибок с кодом 400. + Спасибо Сергею Боброву. + + *) Исправление: в обработке ошибок в директиве proxy_store и в модуле + ngx_http_dav_module. + Спасибо Feng Gu. + + *) Исправление: при логгировании ошибок в syslog мог происходить + segmentation fault; ошибка появилась в 1.7.1. + + *) Исправление: переменные $geoip_latitude, $geoip_longitude, + $geoip_dma_code и $geoip_area_code могли не работать. + Спасибо Yichun Zhang. + + *) Исправление: в обработке ошибок выделения памяти. + Спасибо Tatsuhiko Kubo и Piotr Sikora. + + Изменения в nginx 1.7.3 08.07.2014 *) Добавление: weak entity tags теперь не удаляются при изменениях @@ -1614,7 +1653,7 @@ Изменения в nginx 0.9.2 06.12.2010 *) Добавление: поддержка строки "If-Unmodified-Since" в заголовке - запросе клиента. + запроса клиента. *) Изменение: использование accept(), если accept4() не реализован; ошибка появилась в 0.9.0. @@ -3562,7 +3601,7 @@ Изменения в nginx 0.6.31 12.05.2008 *) Исправление: nginx не обрабатывал ответ FastCGI-сервера, если строка - заголовка ответ была в конце записи FastCGI; ошибка появилась в + заголовка ответа была в конце записи FastCGI; ошибка появилась в 0.6.2. Спасибо Сергею Серову. @@ -4638,7 +4677,7 @@ *) Добавление: директива ip_hash в блоке upstream. - *) Добавление: статус WAIT в строке "Auth-Status" в заголовка ответа + *) Добавление: статус WAIT в строке "Auth-Status" в заголовке ответа сервера аутентификации IMAP/POP3 прокси. *) Исправление: nginx не собирался на 64-битных платформах; ошибка @@ -6123,7 +6162,7 @@ Изменения в nginx 0.1.36 15.06.2005 - *) Изменение: если в заголовке запросе есть дублирующиеся строки "Host", + *) Изменение: если в заголовке запроса есть дублирующиеся строки "Host", "Connection", "Content-Length" и "Authorization", то nginx теперь выдаёт ошибку 400. diff --git a/auto/lib/zlib/patch.zlib.h b/auto/lib/zlib/patch.zlib.h deleted file mode 100644 index 122f7fa86..000000000 --- a/auto/lib/zlib/patch.zlib.h +++ /dev/null @@ -1,10 +0,0 @@ ---- zlib.h Thu Jul 9 20:06:56 1998 -+++ zlib-1.1.3/zlib.h Tue Mar 22 13:41:04 2005 -@@ -709,7 +709,6 @@ - (0 in case of error). - */ - --ZEXTERN int ZEXPORTVA gzprintf OF((gzFile file, const char *format, ...)); - /* - Converts, formats, and writes the args to the compressed file under - control of the format string, as in fprintf. gzprintf returns the number of diff --git a/src/core/nginx.h b/src/core/nginx.h index 8d134487a..3cdf3ec6a 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1007003 -#define NGINX_VERSION "1.7.3" +#define nginx_version 1007004 +#define NGINX_VERSION "1.7.4" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD diff --git a/src/core/ngx_conf_file.c b/src/core/ngx_conf_file.c index d6b5cdf1e..ec3c1fae1 100644 --- a/src/core/ngx_conf_file.c +++ b/src/core/ngx_conf_file.c @@ -781,6 +781,9 @@ ngx_conf_include(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) file.len = name.len++; file.data = ngx_pstrdup(cf->pool, &name); + if (file.data == NULL) { + return NGX_CONF_ERROR; + } ngx_log_debug1(NGX_LOG_DEBUG_CORE, cf->log, 0, "include %s", file.data); diff --git a/src/core/ngx_log.c b/src/core/ngx_log.c index 375d52f65..005d9ff88 100644 --- a/src/core/ngx_log.c +++ b/src/core/ngx_log.c @@ -387,20 +387,22 @@ ngx_log_open_default(ngx_cycle_t *cycle) return NGX_ERROR; } - log->log_level = NGX_LOG_ERR; - ngx_log_insert(&cycle->new_log, log); - } else { /* no error logs at all */ log = &cycle->new_log; - log->log_level = NGX_LOG_ERR; } + log->log_level = NGX_LOG_ERR; + log->file = ngx_conf_open_file(cycle, &error_log); if (log->file == NULL) { return NGX_ERROR; } + if (log != &cycle->new_log) { + ngx_log_insert(&cycle->new_log, log); + } + return NGX_OK; } diff --git a/src/core/ngx_log.h b/src/core/ngx_log.h index c1a52c44f..95ecca528 100644 --- a/src/core/ngx_log.h +++ b/src/core/ngx_log.h @@ -248,7 +248,7 @@ char *ngx_log_set_log(ngx_conf_t *cf, ngx_log_t **head); static ngx_inline void ngx_write_stderr(char *text) { - (void) ngx_write_fd(ngx_stderr, text, strlen(text)); + (void) ngx_write_fd(ngx_stderr, text, ngx_strlen(text)); } diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c index 645738ce5..dfe3dcb1e 100644 --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -1467,7 +1467,6 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, goto failed; } - rn->naddrs6 = 0; qident = (rn->query6[0] << 8) + rn->query6[1]; break; @@ -1482,7 +1481,6 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, goto failed; } - rn->naddrs = 0; qident = (rn->query[0] << 8) + rn->query[1]; } @@ -1507,6 +1505,8 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, case NGX_RESOLVE_AAAA: + rn->naddrs6 = 0; + if (rn->naddrs == (u_short) -1) { goto next; } @@ -1519,6 +1519,8 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, default: /* NGX_RESOLVE_A */ + rn->naddrs = 0; + if (rn->naddrs6 == (u_short) -1) { goto next; } @@ -1539,6 +1541,8 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, case NGX_RESOLVE_AAAA: + rn->naddrs6 = 0; + if (rn->naddrs == (u_short) -1) { rn->code = (u_char) code; goto next; @@ -1548,6 +1552,8 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, default: /* NGX_RESOLVE_A */ + rn->naddrs = 0; + if (rn->naddrs6 == (u_short) -1) { rn->code = (u_char) code; goto next; @@ -1817,6 +1823,25 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last, } } + switch (qtype) { + +#if (NGX_HAVE_INET6) + case NGX_RESOLVE_AAAA: + + if (rn->naddrs6 == (u_short) -1) { + rn->naddrs6 = 0; + } + + break; +#endif + + default: /* NGX_RESOLVE_A */ + + if (rn->naddrs == (u_short) -1) { + rn->naddrs = 0; + } + } + if (rn->naddrs != (u_short) -1 #if (NGX_HAVE_INET6) && rn->naddrs6 != (u_short) -1 @@ -2722,8 +2747,7 @@ done: } if (len == -1) { - name->len = 0; - name->data = NULL; + ngx_str_null(name); return NGX_OK; } diff --git a/src/core/ngx_slab.c b/src/core/ngx_slab.c index 24f2ff16a..c1125062a 100644 --- a/src/core/ngx_slab.c +++ b/src/core/ngx_slab.c @@ -160,7 +160,7 @@ ngx_slab_alloc_locked(ngx_slab_pool_t *pool, size_t size) ngx_uint_t i, slot, shift, map; ngx_slab_page_t *page, *prev, *slots; - if (size >= ngx_slab_max_size) { + if (size > ngx_slab_max_size) { ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, ngx_cycle->log, 0, "slab alloc: %uz", size); diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c index 4e279176c..9d854fa0e 100644 --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -1407,7 +1407,7 @@ ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type) { ngx_uint_t n; uint32_t *escape; - static u_char hex[] = "0123456789abcdef"; + static u_char hex[] = "0123456789ABCDEF"; /* " ", "#", "%", "?", %00-%1F, %7F-%FF */ diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c index 50691ade7..bb82143d3 100644 --- a/src/event/ngx_event_openssl.c +++ b/src/event/ngx_event_openssl.c @@ -50,7 +50,7 @@ static int ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, HMAC_CTX *hctx, int enc); #endif -#if OPENSSL_VERSION_NUMBER < 0x10002001L +#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER) static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *str); #endif @@ -106,7 +106,9 @@ int ngx_ssl_stapling_index; ngx_int_t ngx_ssl_init(ngx_log_t *log) { +#ifndef OPENSSL_IS_BORINGSSL OPENSSL_config(NULL); +#endif SSL_library_init(); SSL_load_error_strings(); @@ -217,7 +219,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data) SSL_CTX_set_options(ssl->ctx, SSL_OP_MSIE_SSLV2_RSA_PADDING); #endif +#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG SSL_CTX_set_options(ssl->ctx, SSL_OP_SSLEAY_080_CLIENT_DH_BUG); +#endif + SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_D5_BUG); SSL_CTX_set_options(ssl->ctx, SSL_OP_TLS_BLOCK_PADDING_BUG); @@ -382,8 +387,13 @@ ngx_ssl_certificate(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *cert, if (--tries) { n = ERR_peek_error(); +#ifdef OPENSSL_IS_BORINGSSL + if (ERR_GET_LIB(n) == ERR_LIB_CIPHER + && ERR_GET_REASON(n) == CIPHER_R_BAD_DECRYPT) +#else if (ERR_GET_LIB(n) == ERR_LIB_EVP && ERR_GET_REASON(n) == EVP_R_BAD_DECRYPT) +#endif { ERR_clear_error(); SSL_CTX_set_default_passwd_cb_userdata(ssl->ctx, ++pwd); @@ -588,7 +598,7 @@ ngx_ssl_verify_callback(int ok, X509_STORE_CTX *x509_store) ngx_log_debug5(NGX_LOG_DEBUG_EVENT, c->log, 0, "verify:%d, error:%d, depth:%d, " - "subject:\"%s\",issuer: \"%s\"", + "subject:\"%s\", issuer:\"%s\"", ok, err, depth, subject, issuer); if (sname) { @@ -652,12 +662,18 @@ ngx_ssl_rsa512_key_callback(ngx_ssl_conn_t *ssl_conn, int is_export, { static RSA *key; - if (key_length == 512) { - if (key == NULL) { - key = RSA_generate_key(512, RSA_F4, NULL, NULL); - } + if (key_length != 512) { + return NULL; + } + +#ifndef OPENSSL_NO_DEPRECATED + + if (key == NULL) { + key = RSA_generate_key(512, RSA_F4, NULL, NULL); } +#endif + return key; } @@ -2072,9 +2088,10 @@ static int ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) { int len; - u_char *p, *id, *cached_sess; + u_char *p, *id, *cached_sess, *session_id; uint32_t hash; SSL_CTX *ssl_ctx; + unsigned int session_id_length; ngx_shm_zone_t *shm_zone; ngx_connection_t *c; ngx_slab_pool_t *shpool; @@ -2137,13 +2154,24 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) } } +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + + session_id = (u_char *) SSL_SESSION_get_id(sess, &session_id_length); + +#else + + session_id = sess->session_id; + session_id_length = sess->session_id_length; + +#endif + #if (NGX_PTR_SIZE == 8) id = sess_id->sess_id; #else - id = ngx_slab_alloc_locked(shpool, sess->session_id_length); + id = ngx_slab_alloc_locked(shpool, session_id_length); if (id == NULL) { @@ -2151,7 +2179,7 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) ngx_ssl_expire_sessions(cache, shpool, 0); - id = ngx_slab_alloc_locked(shpool, sess->session_id_length); + id = ngx_slab_alloc_locked(shpool, session_id_length); if (id == NULL) { goto failed; @@ -2162,16 +2190,16 @@ ngx_ssl_new_session(ngx_ssl_conn_t *ssl_conn, ngx_ssl_session_t *sess) ngx_memcpy(cached_sess, buf, len); - ngx_memcpy(id, sess->session_id, sess->session_id_length); + ngx_memcpy(id, session_id, session_id_length); - hash = ngx_crc32_short(sess->session_id, sess->session_id_length); + hash = ngx_crc32_short(session_id, session_id_length); ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, - "ssl new session: %08XD:%d:%d", - hash, sess->session_id_length, len); + "ssl new session: %08XD:%ud:%d", + hash, session_id_length, len); sess_id->node.key = hash; - sess_id->node.data = (u_char) sess->session_id_length; + sess_id->node.data = (u_char) session_id_length; sess_id->id = id; sess_id->len = len; sess_id->session = cached_sess; @@ -2319,10 +2347,10 @@ ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) static void ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) { - size_t len; u_char *id; uint32_t hash; ngx_int_t rc; + unsigned int len; ngx_shm_zone_t *shm_zone; ngx_slab_pool_t *shpool; ngx_rbtree_node_t *node, *sentinel; @@ -2337,13 +2365,21 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess) cache = shm_zone->data; +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + + id = (u_char *) SSL_SESSION_get_id(sess, &len); + +#else + id = sess->session_id; - len = (size_t) sess->session_id_length; + len = sess->session_id_length; + +#endif hash = ngx_crc32_short(id, len); ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ngx_cycle->log, 0, - "ssl remove session: %08XD:%uz", hash, len); + "ssl remove session: %08XD:%ud", hash, len); shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; @@ -2638,7 +2674,7 @@ ngx_ssl_session_ticket_key_callback(ngx_ssl_conn_t *ssl_conn, EVP_EncryptInit_ex(ectx, EVP_aes_128_cbc(), NULL, key[0].aes_key, iv); HMAC_Init_ex(hctx, key[0].hmac_key, 16, ngx_ssl_session_ticket_md(), NULL); - memcpy(name, key[0].name, 16); + ngx_memcpy(name, key[0].name, 16); return 0; @@ -2707,7 +2743,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) return NGX_ERROR; } -#if OPENSSL_VERSION_NUMBER >= 0x10002001L +#if (OPENSSL_VERSION_NUMBER >= 0x10002002L && !defined LIBRESSL_VERSION_NUMBER) /* X509_check_host() is only available in OpenSSL 1.0.2+ */ @@ -2715,7 +2751,7 @@ ngx_ssl_check_host(ngx_connection_t *c, ngx_str_t *name) goto failed; } - if (X509_check_host(cert, name->data, name->len, 0) != 1) { + if (X509_check_host(cert, (char *) name->data, name->len, 0, NULL) != 1) { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "X509_check_host(): no match"); goto failed; @@ -2824,7 +2860,7 @@ found: } -#if OPENSSL_VERSION_NUMBER < 0x10002001L +#if (OPENSSL_VERSION_NUMBER < 0x10002002L || defined LIBRESSL_VERSION_NUMBER) static ngx_int_t ngx_ssl_check_name(ngx_str_t *name, ASN1_STRING *pattern) @@ -2885,9 +2921,9 @@ ngx_ssl_get_cipher_name(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) ngx_int_t ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) { - int len; - u_char *buf; - SSL_SESSION *sess; + u_char *buf; + SSL_SESSION *sess; + unsigned int len; sess = SSL_get0_session(c->ssl->connection); if (sess == NULL) { @@ -2895,9 +2931,17 @@ ngx_ssl_get_session_id(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) return NGX_OK; } +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL + + buf = (u_char *) SSL_SESSION_get_id(sess, &len); + +#else + buf = sess->session_id; len = sess->session_id_length; +#endif + s->len = 2 * len; s->data = ngx_pnalloc(pool, 2 * len); if (s->data == NULL) { @@ -3245,6 +3289,8 @@ ngx_openssl_create_conf(ngx_cycle_t *cycle) static char * ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { +#ifndef OPENSSL_NO_ENGINE + ngx_openssl_conf_t *oscf = conf; ENGINE *engine; @@ -3279,6 +3325,12 @@ ngx_openssl_engine(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) ENGINE_free(engine); return NGX_CONF_OK; + +#else + + return "is not supported"; + +#endif } @@ -3286,5 +3338,7 @@ static void ngx_openssl_exit(ngx_cycle_t *cycle) { EVP_cleanup(); +#ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); +#endif } diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h index 0194602f6..408694035 100644 --- a/src/event/ngx_event_openssl.h +++ b/src/event/ngx_event_openssl.h @@ -14,10 +14,21 @@ #include <openssl/ssl.h> #include <openssl/err.h> +#include <openssl/bn.h> #include <openssl/conf.h> +#include <openssl/crypto.h> +#include <openssl/dh.h> +#ifndef OPENSSL_NO_ENGINE #include <openssl/engine.h> +#endif #include <openssl/evp.h> +#ifndef OPENSSL_NO_OCSP #include <openssl/ocsp.h> +#endif +#include <openssl/rand.h> +#include <openssl/rsa.h> +#include <openssl/x509.h> +#include <openssl/x509v3.h> #define NGX_SSL_NAME "OpenSSL" diff --git a/src/event/ngx_event_openssl_stapling.c b/src/event/ngx_event_openssl_stapling.c index 69340b37b..2fa067309 100644 --- a/src/event/ngx_event_openssl_stapling.c +++ b/src/event/ngx_event_openssl_stapling.c @@ -11,7 +11,7 @@ #include <ngx_event_connect.h> -#ifdef SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB +#if (!defined OPENSSL_NO_OCSP && defined SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB) typedef struct { diff --git a/src/http/modules/ngx_http_dav_module.c b/src/http/modules/ngx_http_dav_module.c index e7f9e9ae3..529aba533 100644 --- a/src/http/modules/ngx_http_dav_module.c +++ b/src/http/modules/ngx_http_dav_module.c @@ -212,7 +212,10 @@ ngx_http_dav_put_handler(ngx_http_request_t *r) return; } - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } path.len--; @@ -320,7 +323,9 @@ ngx_http_dav_delete_handler(ngx_http_request_t *r) ok: - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http delete filename: \"%s\"", path.data); @@ -488,6 +493,9 @@ ngx_http_dav_mkcol_handler(ngx_http_request_t *r, ngx_http_dav_loc_conf_t *dlcf) } p = ngx_http_map_uri_to_path(r, &path, &root, 0); + if (p == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } *(p - 1) = '\0'; r->uri.len--; @@ -666,7 +674,9 @@ destination_done: overwrite_done: - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http copy from: \"%s\"", path.data); @@ -674,7 +684,9 @@ overwrite_done: uri = r->uri; r->uri = duri; - ngx_http_map_uri_to_path(r, ©.path, &root, 0); + if (ngx_http_map_uri_to_path(r, ©.path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } r->uri = uri; diff --git a/src/http/modules/ngx_http_geo_module.c b/src/http/modules/ngx_http_geo_module.c index 34c3b190d..9b3c6cb9c 100644 --- a/src/http/modules/ngx_http_geo_module.c +++ b/src/http/modules/ngx_http_geo_module.c @@ -1470,7 +1470,7 @@ ngx_http_geo_include_binary_base(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx, vv = (ngx_http_variable_value_t *) (base + sizeof(ngx_http_geo_header_t)); - while(vv->data) { + while (vv->data) { len = ngx_align(sizeof(ngx_http_variable_value_t) + vv->len, sizeof(void *)); ngx_crc32_update(&crc32, (u_char *) vv, len); diff --git a/src/http/modules/ngx_http_geoip_module.c b/src/http/modules/ngx_http_geoip_module.c index 576fc5f3c..8e151aa8f 100644 --- a/src/http/modules/ngx_http_geoip_module.c +++ b/src/http/modules/ngx_http_geoip_module.c @@ -553,6 +553,9 @@ ngx_http_geoip_city_float_variable(ngx_http_request_t *r, val = *(float *) ((char *) gr + data); v->len = ngx_sprintf(v->data, "%.4f", val) - v->data; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; GeoIPRecord_delete(gr); @@ -582,6 +585,9 @@ ngx_http_geoip_city_int_variable(ngx_http_request_t *r, val = *(int *) ((char *) gr + data); v->len = ngx_sprintf(v->data, "%d", val) - v->data; + v->valid = 1; + v->no_cacheable = 0; + v->not_found = 0; GeoIPRecord_delete(gr); @@ -691,7 +697,7 @@ ngx_http_geoip_country(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (cf->args->nelts == 3) { if (ngx_strcmp(value[2].data, "utf8") == 0) { - GeoIP_set_charset (gcf->country, GEOIP_CHARSET_UTF8); + GeoIP_set_charset(gcf->country, GEOIP_CHARSET_UTF8); } else { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, @@ -746,7 +752,7 @@ ngx_http_geoip_org(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (cf->args->nelts == 3) { if (ngx_strcmp(value[2].data, "utf8") == 0) { - GeoIP_set_charset (gcf->org, GEOIP_CHARSET_UTF8); + GeoIP_set_charset(gcf->org, GEOIP_CHARSET_UTF8); } else { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, @@ -807,7 +813,7 @@ ngx_http_geoip_city(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (cf->args->nelts == 3) { if (ngx_strcmp(value[2].data, "utf8") == 0) { - GeoIP_set_charset (gcf->city, GEOIP_CHARSET_UTF8); + GeoIP_set_charset(gcf->city, GEOIP_CHARSET_UTF8); } else { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, diff --git a/src/http/modules/ngx_http_memcached_module.c b/src/http/modules/ngx_http_memcached_module.c index aaa047e8f..bda038da4 100644 --- a/src/http/modules/ngx_http_memcached_module.c +++ b/src/http/modules/ngx_http_memcached_module.c @@ -380,11 +380,8 @@ found: } h->hash = 1; - h->key.len = sizeof("Content-Encoding") - 1; - h->key.data = (u_char *) "Content-Encoding"; - h->value.len = sizeof("gzip") - 1; - h->value.data = (u_char *) "gzip"; - + ngx_str_set(&h->key, "Content-Encoding"); + ngx_str_set(&h->value, "gzip"); r->headers_out.content_encoding = h; } diff --git a/src/http/modules/ngx_http_scgi_module.c b/src/http/modules/ngx_http_scgi_module.c index d3a8f11b6..0be5066ec 100644 --- a/src/http/modules/ngx_http_scgi_module.c +++ b/src/http/modules/ngx_http_scgi_module.c @@ -1645,7 +1645,7 @@ ngx_http_scgi_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) return "is duplicate"; } - clcf = ngx_http_conf_get_module_loc_conf (cf, ngx_http_core_module); + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); clcf->handler = ngx_http_scgi_handler; value = cf->args->elts; diff --git a/src/http/modules/ngx_http_stub_status_module.c b/src/http/modules/ngx_http_stub_status_module.c index b5ecd6d9e..f4f5888b6 100644 --- a/src/http/modules/ngx_http_stub_status_module.c +++ b/src/http/modules/ngx_http_stub_status_module.c @@ -10,18 +10,19 @@ #include <ngx_http.h> +static ngx_int_t ngx_http_stub_status_handler(ngx_http_request_t *r); static ngx_int_t ngx_http_stub_status_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data); static ngx_int_t ngx_http_stub_status_add_variables(ngx_conf_t *cf); +static char *ngx_http_set_stub_status(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); -static char *ngx_http_set_status(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf); static ngx_command_t ngx_http_status_commands[] = { { ngx_string("stub_status"), NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, - ngx_http_set_status, + ngx_http_set_stub_status, 0, 0, NULL }, @@ -30,7 +31,6 @@ static ngx_command_t ngx_http_status_commands[] = { }; - static ngx_http_module_t ngx_http_stub_status_module_ctx = { ngx_http_stub_status_add_variables, /* preconfiguration */ NULL, /* postconfiguration */ @@ -80,7 +80,8 @@ static ngx_http_variable_t ngx_http_stub_status_vars[] = { }; -static ngx_int_t ngx_http_status_handler(ngx_http_request_t *r) +static ngx_int_t +ngx_http_stub_status_handler(ngx_http_request_t *r) { size_t size; ngx_int_t rc; @@ -223,12 +224,13 @@ ngx_http_stub_status_add_variables(ngx_conf_t *cf) } -static char *ngx_http_set_status(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +static char * +ngx_http_set_stub_status(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { ngx_http_core_loc_conf_t *clcf; clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); - clcf->handler = ngx_http_status_handler; + clcf->handler = ngx_http_stub_status_handler; return NGX_CONF_OK; } diff --git a/src/http/modules/ngx_http_uwsgi_module.c b/src/http/modules/ngx_http_uwsgi_module.c index 588b13547..a613b684a 100644 --- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c @@ -1868,7 +1868,7 @@ ngx_http_uwsgi_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) return "is duplicate"; } - clcf = ngx_http_conf_get_module_loc_conf (cf, ngx_http_core_module); + clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); clcf->handler = ngx_http_uwsgi_handler; value = cf->args->elts; diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index 2947ad32a..4071b6126 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -2355,7 +2355,7 @@ ngx_http_gzip_accept_encoding(ngx_str_t *ae) p += 4; while (p < last) { - switch(*p++) { + switch (*p++) { case ',': return NGX_OK; case ';': @@ -2372,7 +2372,7 @@ ngx_http_gzip_accept_encoding(ngx_str_t *ae) quantity: while (p < last) { - switch(*p++) { + switch (*p++) { case 'q': case 'Q': goto equal; diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index f28786946..b60f41bb6 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -1287,7 +1287,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) break; } - switch(ch) { + switch (ch) { #if (NGX_WIN32) case '\\': if (u - 2 >= r->uri.data @@ -1357,7 +1357,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) break; } - switch(ch) { + switch (ch) { #if (NGX_WIN32) case '\\': break; @@ -1400,7 +1400,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) break; } - switch(ch) { + switch (ch) { #if (NGX_WIN32) case '\\': #endif @@ -1441,7 +1441,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes) break; } - switch(ch) { + switch (ch) { #if (NGX_WIN32) case '\\': #endif diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 4bf9d1fcf..845ada322 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -1071,6 +1071,8 @@ ngx_http_process_request_uri(ngx_http_request_t *r) cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); if (ngx_http_parse_complex_uri(r, cscf->merge_slashes) != NGX_OK) { + r->uri.len = 0; + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent invalid request"); ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c index 810d8d8f4..478036979 100644 --- a/src/http/ngx_http_spdy.c +++ b/src/http/ngx_http_spdy.c @@ -2584,6 +2584,8 @@ ngx_http_spdy_parse_header(ngx_http_request_t *r) r->header_end = p; r->header_in->pos = p + 1; + r->state = sw_value; + return NGX_OK; } diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index 012969170..18b04f775 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -1393,6 +1393,11 @@ ngx_http_upstream_ssl_init_connection(ngx_http_request_t *r, rc = ngx_ssl_handshake(c); if (rc == NGX_AGAIN) { + + if (!c->write->timer_set) { + ngx_add_timer(c->write, u->conf->connect_timeout); + } + c->ssl->handler = ngx_http_upstream_ssl_handshake; return; } @@ -3253,7 +3258,6 @@ ngx_http_upstream_process_request(ngx_http_request_t *r) || u->headers_in.content_length_n == tf->offset)) { ngx_http_upstream_store(r, u); - u->store = 0; } } } @@ -3375,7 +3379,9 @@ ngx_http_upstream_store(ngx_http_request_t *r, ngx_http_upstream_t *u) if (u->conf->store_lengths == NULL) { - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + return; + } } else { if (ngx_http_script_run(r, &path, u->conf->store_lengths->elts, 0, @@ -3393,6 +3399,8 @@ ngx_http_upstream_store(ngx_http_request_t *r, ngx_http_upstream_t *u) tf->file.name.data, path.data); (void) ngx_ext_rename_file(&tf->file.name, &path, &ext); + + u->store = 0; } @@ -3441,7 +3449,7 @@ ngx_http_upstream_next(ngx_http_request_t *r, ngx_http_upstream_t *u, u->peer.tries++; } else { - switch(ft_type) { + switch (ft_type) { case NGX_HTTP_UPSTREAM_FT_TIMEOUT: status = NGX_HTTP_GATEWAY_TIME_OUT; diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c index 37c835cbd..b39eeae50 100644 --- a/src/http/ngx_http_upstream_round_robin.c +++ b/src/http/ngx_http_upstream_round_robin.c @@ -632,9 +632,8 @@ ngx_http_upstream_set_round_robin_peer_session(ngx_peer_connection_t *pc, rc = ngx_ssl_set_session(pc->connection, ssl_session); - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, - "set session: %p:%d", - ssl_session, ssl_session ? ssl_session->references : 0); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "set session: %p", ssl_session); /* ngx_unlock_mutex(rrp->peers->mutex); */ @@ -657,8 +656,8 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc, return; } - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, - "save session: %p:%d", ssl_session, ssl_session->references); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "save session: %p", ssl_session); peer = &rrp->peers->peer[rrp->current]; @@ -672,9 +671,8 @@ ngx_http_upstream_save_round_robin_peer_session(ngx_peer_connection_t *pc, if (old_ssl_session) { - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, pc->log, 0, - "old session: %p:%d", - old_ssl_session, old_ssl_session->references); + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, + "old session: %p", old_ssl_session); /* TODO: may block */ diff --git a/src/mail/ngx_mail_smtp_handler.c b/src/mail/ngx_mail_smtp_handler.c index 665f5ef19..46d703e2c 100644 --- a/src/mail/ngx_mail_smtp_handler.c +++ b/src/mail/ngx_mail_smtp_handler.c @@ -777,6 +777,9 @@ ngx_mail_smtp_starttls(ngx_mail_session_t *s, ngx_connection_t *c) ngx_str_null(&s->smtp_from); ngx_str_null(&s->smtp_to); + s->buffer->pos = s->buffer->start; + s->buffer->last = s->buffer->start; + c->read->handler = ngx_mail_starttls_handler; return NGX_OK; } diff --git a/src/misc/ngx_cpp_test_module.cpp b/src/misc/ngx_cpp_test_module.cpp index 3cbc0a811..5d2f08d39 100644 --- a/src/misc/ngx_cpp_test_module.cpp +++ b/src/misc/ngx_cpp_test_module.cpp @@ -1,5 +1,5 @@ -// stub module to test header files' C++ compatibilty +// stub module to test header files' C++ compatibility extern "C" { #include <ngx_config.h> diff --git a/src/os/unix/ngx_process_cycle.c b/src/os/unix/ngx_process_cycle.c index fb10d7746..3205aa555 100644 --- a/src/os/unix/ngx_process_cycle.c +++ b/src/os/unix/ngx_process_cycle.c @@ -121,6 +121,10 @@ ngx_master_process_cycle(ngx_cycle_t *cycle) } title = ngx_pnalloc(cycle->pool, size); + if (title == NULL) { + /* fatal */ + exit(2); + } p = ngx_cpymem(title, master_process, sizeof(master_process) - 1); for (i = 0; i < ngx_argc; i++) { diff --git a/src/os/unix/ngx_readv_chain.c b/src/os/unix/ngx_readv_chain.c index 8836c817d..e4eb5ff32 100644 --- a/src/os/unix/ngx_readv_chain.c +++ b/src/os/unix/ngx_readv_chain.c @@ -10,7 +10,11 @@ #include <ngx_event.h> -#define NGX_IOVS 16 +#if (IOV_MAX > 64) +#define NGX_IOVS 64 +#else +#define NGX_IOVS IOV_MAX +#endif #if (NGX_HAVE_KQUEUE) |