summaryrefslogtreecommitdiff
path: root/src/core
diff options
context:
space:
mode:
Diffstat (limited to 'src/core')
-rw-r--r--src/core/nginx.h4
-rw-r--r--src/core/ngx_config.h3
-rw-r--r--src/core/ngx_hash.c2
-rw-r--r--src/core/ngx_inet.c8
-rw-r--r--src/core/ngx_parse.c80
-rw-r--r--src/core/ngx_resolver.c8
-rw-r--r--src/core/ngx_shmtx.c3
-rw-r--r--src/core/ngx_string.c99
8 files changed, 128 insertions, 79 deletions
diff --git a/src/core/nginx.h b/src/core/nginx.h
index 20dcd1d78..e56e5415d 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1006002
-#define NGINX_VERSION "1.6.2"
+#define nginx_version 1006003
+#define NGINX_VERSION "1.6.3"
#define NGINX_VER "nginx/" NGINX_VERSION
#define NGINX_VAR "NGINX"
diff --git a/src/core/ngx_config.h b/src/core/ngx_config.h
index 1da71f8d1..145e43a44 100644
--- a/src/core/ngx_config.h
+++ b/src/core/ngx_config.h
@@ -85,8 +85,11 @@ typedef intptr_t ngx_flag_t;
#if (NGX_PTR_SIZE == 4)
#define NGX_INT_T_LEN NGX_INT32_LEN
+#define NGX_MAX_INT_T_VALUE 2147483647
+
#else
#define NGX_INT_T_LEN NGX_INT64_LEN
+#define NGX_MAX_INT_T_VALUE 9223372036854775807
#endif
diff --git a/src/core/ngx_hash.c b/src/core/ngx_hash.c
index c7bfed709..e707c0998 100644
--- a/src/core/ngx_hash.c
+++ b/src/core/ngx_hash.c
@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ngx_hash_key_t *names, ngx_uint_t nelts)
continue;
}
+ size = hinit->max_size;
+
ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
"could not build optimal %s, you should increase "
"either %s_max_size: %i or %s_bucket_size: %i; "
diff --git a/src/core/ngx_inet.c b/src/core/ngx_inet.c
index 26c5bc4b0..2c84daf6e 100644
--- a/src/core/ngx_inet.c
+++ b/src/core/ngx_inet.c
@@ -27,6 +27,10 @@ ngx_inet_addr(u_char *text, size_t len)
for (p = text; p < text + len; p++) {
+ if (octet > 255) {
+ return INADDR_NONE;
+ }
+
c = *p;
if (c >= '0' && c <= '9') {
@@ -34,7 +38,7 @@ ngx_inet_addr(u_char *text, size_t len)
continue;
}
- if (c == '.' && octet < 256) {
+ if (c == '.') {
addr = (addr << 8) + octet;
octet = 0;
n++;
@@ -44,7 +48,7 @@ ngx_inet_addr(u_char *text, size_t len)
return INADDR_NONE;
}
- if (n == 3 && octet < 256) {
+ if (n == 3) {
addr = (addr << 8) + octet;
return htonl(addr);
}
diff --git a/src/core/ngx_parse.c b/src/core/ngx_parse.c
index da24f4c75..d7350d423 100644
--- a/src/core/ngx_parse.c
+++ b/src/core/ngx_parse.c
@@ -12,10 +12,9 @@
ssize_t
ngx_parse_size(ngx_str_t *line)
{
- u_char unit;
- size_t len;
- ssize_t size;
- ngx_int_t scale;
+ u_char unit;
+ size_t len;
+ ssize_t size, scale, max;
len = line->len;
unit = line->data[len - 1];
@@ -24,21 +23,24 @@ ngx_parse_size(ngx_str_t *line)
case 'K':
case 'k':
len--;
+ max = NGX_MAX_SIZE_T_VALUE / 1024;
scale = 1024;
break;
case 'M':
case 'm':
len--;
+ max = NGX_MAX_SIZE_T_VALUE / (1024 * 1024);
scale = 1024 * 1024;
break;
default:
+ max = NGX_MAX_SIZE_T_VALUE;
scale = 1;
}
size = ngx_atosz(line->data, len);
- if (size == NGX_ERROR) {
+ if (size == NGX_ERROR || size > max) {
return NGX_ERROR;
}
@@ -51,10 +53,9 @@ ngx_parse_size(ngx_str_t *line)
off_t
ngx_parse_offset(ngx_str_t *line)
{
- u_char unit;
- off_t offset;
- size_t len;
- ngx_int_t scale;
+ u_char unit;
+ off_t offset, scale, max;
+ size_t len;
len = line->len;
unit = line->data[len - 1];
@@ -63,27 +64,31 @@ ngx_parse_offset(ngx_str_t *line)
case 'K':
case 'k':
len--;
+ max = NGX_MAX_OFF_T_VALUE / 1024;
scale = 1024;
break;
case 'M':
case 'm':
len--;
+ max = NGX_MAX_OFF_T_VALUE / (1024 * 1024);
scale = 1024 * 1024;
break;
case 'G':
case 'g':
len--;
+ max = NGX_MAX_OFF_T_VALUE / (1024 * 1024 * 1024);
scale = 1024 * 1024 * 1024;
break;
default:
+ max = NGX_MAX_OFF_T_VALUE;
scale = 1;
}
offset = ngx_atoof(line->data, len);
- if (offset == NGX_ERROR) {
+ if (offset == NGX_ERROR || offset > max) {
return NGX_ERROR;
}
@@ -98,7 +103,8 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
{
u_char *p, *last;
ngx_int_t value, total, scale;
- ngx_uint_t max, valid;
+ ngx_int_t max, cutoff, cutlim;
+ ngx_uint_t valid;
enum {
st_start = 0,
st_year,
@@ -115,8 +121,9 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
valid = 0;
value = 0;
total = 0;
+ cutoff = NGX_MAX_INT_T_VALUE / 10;
+ cutlim = NGX_MAX_INT_T_VALUE % 10;
step = is_sec ? st_start : st_month;
- scale = is_sec ? 1 : 1000;
p = line->data;
last = p + line->len;
@@ -124,6 +131,10 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
while (p < last) {
if (*p >= '0' && *p <= '9') {
+ if (value >= cutoff && (value > cutoff || *p - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*p++ - '0');
valid = 1;
continue;
@@ -136,7 +147,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
return NGX_ERROR;
}
step = st_year;
- max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 365);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 365);
scale = 60 * 60 * 24 * 365;
break;
@@ -145,7 +156,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
return NGX_ERROR;
}
step = st_month;
- max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 30);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 30);
scale = 60 * 60 * 24 * 30;
break;
@@ -154,7 +165,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
return NGX_ERROR;
}
step = st_week;
- max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 7);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 7);
scale = 60 * 60 * 24 * 7;
break;
@@ -163,7 +174,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
return NGX_ERROR;
}
step = st_day;
- max = NGX_MAX_INT32_VALUE / (60 * 60 * 24);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24);
scale = 60 * 60 * 24;
break;
@@ -172,7 +183,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
return NGX_ERROR;
}
step = st_hour;
- max = NGX_MAX_INT32_VALUE / (60 * 60);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60);
scale = 60 * 60;
break;
@@ -183,7 +194,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
}
p++;
step = st_msec;
- max = NGX_MAX_INT32_VALUE;
+ max = NGX_MAX_INT_T_VALUE;
scale = 1;
break;
}
@@ -192,7 +203,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
return NGX_ERROR;
}
step = st_min;
- max = NGX_MAX_INT32_VALUE / 60;
+ max = NGX_MAX_INT_T_VALUE / 60;
scale = 60;
break;
@@ -201,7 +212,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
return NGX_ERROR;
}
step = st_sec;
- max = NGX_MAX_INT32_VALUE;
+ max = NGX_MAX_INT_T_VALUE;
scale = 1;
break;
@@ -210,7 +221,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
return NGX_ERROR;
}
step = st_last;
- max = NGX_MAX_INT32_VALUE;
+ max = NGX_MAX_INT_T_VALUE;
scale = 1;
break;
@@ -223,27 +234,40 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
max /= 1000;
}
- if ((ngx_uint_t) value > max) {
+ if (value > max) {
return NGX_ERROR;
}
- total += value * scale;
+ value *= scale;
- if ((ngx_uint_t) total > NGX_MAX_INT32_VALUE) {
+ if (total > NGX_MAX_INT_T_VALUE - value) {
return NGX_ERROR;
}
+ total += value;
+
value = 0;
- scale = is_sec ? 1 : 1000;
while (p < last && *p == ' ') {
p++;
}
}
- if (valid) {
- return total + value * scale;
+ if (!valid) {
+ return NGX_ERROR;
+ }
+
+ if (!is_sec) {
+ if (value > NGX_MAX_INT_T_VALUE / 1000) {
+ return NGX_ERROR;
+ }
+
+ value *= 1000;
+ }
+
+ if (total > NGX_MAX_INT_T_VALUE - value) {
+ return NGX_ERROR;
}
- return NGX_ERROR;
+ return total + value;
}
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 5a944fc79..b45001e2d 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1568,8 +1568,6 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
ngx_rbtree_delete(&r->name_rbtree, &rn->node);
- ngx_resolver_free_node(r, rn);
-
/* unlock name mutex */
while (next) {
@@ -1580,6 +1578,8 @@ ngx_resolver_process_a(ngx_resolver_t *r, u_char *buf, size_t last,
ctx->handler(ctx);
}
+ ngx_resolver_free_node(r, rn);
+
return;
}
@@ -2143,8 +2143,6 @@ valid:
ngx_rbtree_delete(tree, &rn->node);
- ngx_resolver_free_node(r, rn);
-
/* unlock addr mutex */
while (next) {
@@ -2155,6 +2153,8 @@ valid:
ctx->handler(ctx);
}
+ ngx_resolver_free_node(r, rn);
+
return;
}
diff --git a/src/core/ngx_shmtx.c b/src/core/ngx_shmtx.c
index a62999f33..6230dc060 100644
--- a/src/core/ngx_shmtx.c
+++ b/src/core/ngx_shmtx.c
@@ -101,6 +101,7 @@ ngx_shmtx_lock(ngx_shmtx_t *mtx)
(void) ngx_atomic_fetch_add(mtx->wait, 1);
if (*mtx->lock == 0 && ngx_atomic_cmp_set(mtx->lock, 0, ngx_pid)) {
+ (void) ngx_atomic_fetch_add(mtx->wait, -1);
return;
}
@@ -174,7 +175,7 @@ ngx_shmtx_wakeup(ngx_shmtx_t *mtx)
wait = *mtx->wait;
- if (wait == 0) {
+ if ((ngx_atomic_int_t) wait <= 0) {
return;
}
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index 4e279176c..503502ab7 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -897,26 +897,28 @@ ngx_filename_cmp(u_char *s1, u_char *s2, size_t n)
ngx_int_t
ngx_atoi(u_char *line, size_t n)
{
- ngx_int_t value;
+ ngx_int_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 10;
+ cutlim = NGX_MAX_INT_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
@@ -925,13 +927,16 @@ ngx_atoi(u_char *line, size_t n)
ngx_int_t
ngx_atofp(u_char *line, size_t n, size_t point)
{
- ngx_int_t value;
+ ngx_int_t value, cutoff, cutlim;
ngx_uint_t dot;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 10;
+ cutlim = NGX_MAX_INT_T_VALUE % 10;
+
dot = 0;
for (value = 0; n--; line++) {
@@ -953,98 +958,107 @@ ngx_atofp(u_char *line, size_t n, size_t point)
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
point -= dot;
}
while (point--) {
+ if (value > cutoff) {
+ return NGX_ERROR;
+ }
+
value = value * 10;
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
ssize_t
ngx_atosz(u_char *line, size_t n)
{
- ssize_t value;
+ ssize_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_SIZE_T_VALUE / 10;
+ cutlim = NGX_MAX_SIZE_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
off_t
ngx_atoof(u_char *line, size_t n)
{
- off_t value;
+ off_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_OFF_T_VALUE / 10;
+ cutlim = NGX_MAX_OFF_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
time_t
ngx_atotm(u_char *line, size_t n)
{
- time_t value;
+ time_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_TIME_T_VALUE / 10;
+ cutlim = NGX_MAX_TIME_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
@@ -1052,13 +1066,19 @@ ngx_int_t
ngx_hextoi(u_char *line, size_t n)
{
u_char c, ch;
- ngx_int_t value;
+ ngx_int_t value, cutoff;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 16;
+
for (value = 0; n--; line++) {
+ if (value > cutoff) {
+ return NGX_ERROR;
+ }
+
ch = *line;
if (ch >= '0' && ch <= '9') {
@@ -1076,12 +1096,7 @@ ngx_hextoi(u_char *line, size_t n)
return NGX_ERROR;
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
View Lorry Controller Status