Merge branch 'nginx' (nginx-1.17.9). Change-Id: Idf8e5a2c793adb565b26c5b113327a3fdcb7f0ae Signed-off-by: Piotr Sikora <piotrsikora@google.com>
diff --git a/.hgtags b/.hgtags index 44ef2f1..c9a99e0 100644 --- a/.hgtags +++ b/.hgtags
@@ -447,3 +447,4 @@ de68d0d94320cbf033599c6f3ca37e5335c67fd7 release-1.17.6 e56295fe0ea76bf53b06bffa77a2d3a9a335cb8c release-1.17.7 fdacd273711ddf20f778c1fb91529ab53979a454 release-1.17.8 +5e8d52bca714d4b85284ddb649d1ba4a3ca978a8 release-1.17.9
diff --git a/BUILD b/BUILD index b72c379..2723306 100644 --- a/BUILD +++ b/BUILD
@@ -1520,5 +1520,5 @@ preinst = "@nginx_pkgoss//:debian_preinst", prerm = "@nginx_pkgoss//:debian_prerm", section = "httpd", - version = "1.17.8", + version = "1.17.9", )
diff --git a/build.bzl b/build.bzl index aed616e..ec52740 100644 --- a/build.bzl +++ b/build.bzl
@@ -673,9 +673,9 @@ name = "nginx_pkgoss", build_file_content = _PKGOSS_BUILD_FILE.format(nginx = nginx) + _PKGOSS_BUILD_FILE_TAIL, - commit = "8c658c22ad1b25f46ae166fb02a17fa18bb080eb", # nginx-1.17.8 + commit = "30e01364d235891447d90fa9b28352118f0f1114", # nginx-1.17.9 remote = "https://nginx.googlesource.com/nginx-pkgoss", - shallow_since = "1579613828 +0300", + shallow_since = "1583256764 +0300", ) def nginx_repositories_zlib(bind):
diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml index 0bf680c..818b983 100644 --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml
@@ -5,6 +5,82 @@ <change_log title="nginx"> +<changes ver="1.17.9" date="2020-03-03"> + +<change type="change"> +<para lang="ru"> +теперь nginx не разрешает +несколько строк "Host" в заголовке запроса. +</para> +<para lang="en"> +now nginx does not allow +several "Host" request header lines. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +nginx игнорировал дополнительные +строки "Transfer-Encoding" в заголовке запроса. +</para> +<para lang="en"> +nginx ignored additional +"Transfer-Encoding" request header lines. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +утечки сокетов при использовании HTTP/2. +</para> +<para lang="en"> +socket leak when using HTTP/2. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +в рабочем процессе мог произойти segmentation fault, +если использовался OCSP stapling. +</para> +<para lang="en"> +a segmentation fault might occur in a worker process +if OCSP stapling was used. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +в модуле ngx_http_mp4_module. +</para> +<para lang="en"> +in the ngx_http_mp4_module. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +при перенаправлении ошибок с кодом 494 с помощью директивы error_page +nginx возвращал ответ с кодом 494 вместо 400. +</para> +<para lang="en"> +nginx used status code 494 instead of 400 +if errors with code 494 were redirected with the "error_page" directive. +</para> +</change> + +<change type="bugfix"> +<para lang="ru"> +утечки сокетов при использовании подзапросов в модуле njs и директивы aio. +</para> +<para lang="en"> +socket leak when using subrequests in the njs module and the "aio" directive. +</para> +</change> + +</changes> + + <changes ver="1.17.8" date="2020-01-21"> <change type="feature">
diff --git a/misc/GNUmakefile b/misc/GNUmakefile index 6938fe9..0055730 100644 --- a/misc/GNUmakefile +++ b/misc/GNUmakefile
@@ -8,7 +8,7 @@ OBJS = objs.msvc8 OPENSSL = openssl-1.1.1d ZLIB = zlib-1.2.11 -PCRE = pcre-8.43 +PCRE = pcre-8.44 release: export
diff --git a/src/core/nginx.h b/src/core/nginx.h index c539c38..656d5c1 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h
@@ -13,8 +13,8 @@ #define NGINX_NAME "nginx" #endif -#define nginx_version 1017008 -#define NGINX_VERSION "1.17.8" +#define nginx_version 1017009 +#define NGINX_VERSION "1.17.9" #define NGINX_VER NGINX_NAME "/" NGINX_VERSION #ifdef NGX_BUILD
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c index 618bf78..c1006ab 100644 --- a/src/http/modules/ngx_http_mp4_module.c +++ b/src/http/modules/ngx_http_mp4_module.c
@@ -3116,6 +3116,13 @@ "chunk samples sizes:%uL", trak->start_chunk_samples_size); + if (trak->start_chunk_samples_size > (uint64_t) mp4->end) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large mp4 start samples size in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + if (mp4->length) { if (trak->end_sample - trak->start_sample > entries) { ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, @@ -3135,6 +3142,13 @@ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 stsz end_chunk_samples_size:%uL", trak->end_chunk_samples_size); + + if (trak->end_chunk_samples_size > (uint64_t) mp4->end) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large mp4 end samples size in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } } atom_size = sizeof(ngx_mp4_stsz_atom_t) + (data->last - data->pos); @@ -3226,6 +3240,7 @@ { size_t atom_size; uint32_t entries; + uint64_t chunk_offset, samples_size; ngx_buf_t *atom, *data; ngx_mp4_stco_atom_t *stco_atom; @@ -3256,8 +3271,19 @@ data->pos += trak->start_chunk * sizeof(uint32_t); - trak->start_offset = ngx_mp4_get_32value(data->pos); - trak->start_offset += trak->start_chunk_samples_size; + chunk_offset = ngx_mp4_get_32value(data->pos); + samples_size = trak->start_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size + || chunk_offset + samples_size > NGX_MAX_UINT32_VALUE) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->start_offset = chunk_offset + samples_size; ngx_mp4_set_32value(data->pos, trak->start_offset); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, @@ -3276,9 +3302,19 @@ data->last = data->pos + entries * sizeof(uint32_t); if (entries) { - trak->end_offset = - ngx_mp4_get_32value(data->last - sizeof(uint32_t)); - trak->end_offset += trak->end_chunk_samples_size; + chunk_offset = ngx_mp4_get_32value(data->last - sizeof(uint32_t)); + samples_size = trak->end_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size + || chunk_offset + samples_size > NGX_MAX_UINT32_VALUE) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->end_offset = chunk_offset + samples_size; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "end chunk offset:%O", trak->end_offset); @@ -3409,7 +3445,7 @@ ngx_http_mp4_trak_t *trak) { size_t atom_size; - uint64_t entries; + uint64_t entries, chunk_offset, samples_size; ngx_buf_t *atom, *data; ngx_mp4_co64_atom_t *co64_atom; @@ -3440,8 +3476,17 @@ data->pos += trak->start_chunk * sizeof(uint64_t); - trak->start_offset = ngx_mp4_get_64value(data->pos); - trak->start_offset += trak->start_chunk_samples_size; + chunk_offset = ngx_mp4_get_64value(data->pos); + samples_size = trak->start_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->start_offset = chunk_offset + samples_size; ngx_mp4_set_64value(data->pos, trak->start_offset); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, @@ -3460,9 +3505,17 @@ data->last = data->pos + entries * sizeof(uint64_t); if (entries) { - trak->end_offset = - ngx_mp4_get_64value(data->last - sizeof(uint64_t)); - trak->end_offset += trak->end_chunk_samples_size; + chunk_offset = ngx_mp4_get_64value(data->last - sizeof(uint64_t)); + samples_size = trak->end_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->end_offset = chunk_offset + samples_size; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "end chunk offset:%O", trak->end_offset);
diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index cb3e531..d4f7b9d 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c
@@ -2667,43 +2667,41 @@ u_char *xff, size_t xfflen, ngx_array_t *proxies, int recursive) { u_char *p; - ngx_int_t rc; ngx_addr_t paddr; + ngx_uint_t found; - if (ngx_cidr_match(addr->sockaddr, proxies) != NGX_OK) { - return NGX_DECLINED; - } + found = 0; - for (p = xff + xfflen - 1; p > xff; p--, xfflen--) { - if (*p != ' ' && *p != ',') { - break; - } - } + do { - for ( /* void */ ; p > xff; p--) { - if (*p == ' ' || *p == ',') { - p++; - break; - } - } - - if (ngx_parse_addr_port(r->pool, &paddr, p, xfflen - (p - xff)) != NGX_OK) { - return NGX_DECLINED; - } - - *addr = paddr; - - if (recursive && p > xff) { - rc = ngx_http_get_forwarded_addr_internal(r, addr, xff, p - 1 - xff, - proxies, 1); - - if (rc == NGX_DECLINED) { - return NGX_DONE; + if (ngx_cidr_match(addr->sockaddr, proxies) != NGX_OK) { + return found ? NGX_DONE : NGX_DECLINED; } - /* rc == NGX_OK || rc == NGX_DONE */ - return rc; - } + for (p = xff + xfflen - 1; p > xff; p--, xfflen--) { + if (*p != ' ' && *p != ',') { + break; + } + } + + for ( /* void */ ; p > xff; p--) { + if (*p == ' ' || *p == ',') { + p++; + break; + } + } + + if (ngx_parse_addr_port(r->pool, &paddr, p, xfflen - (p - xff)) + != NGX_OK) + { + return found ? NGX_DONE : NGX_DECLINED; + } + + *addr = paddr; + found = 1; + xfflen = p - 1 - xff; + + } while (recursive && p > xff); return NGX_OK; } @@ -4689,6 +4687,7 @@ case NGX_HTTP_TO_HTTPS: case NGX_HTTPS_CERT_ERROR: case NGX_HTTPS_NO_CERT: + case NGX_HTTP_REQUEST_HEADER_TOO_LARGE: err->overwrite = NGX_HTTP_BAD_REQUEST; } }
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 51618c2..f6ed394 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c
@@ -131,7 +131,7 @@ { ngx_string("Transfer-Encoding"), offsetof(ngx_http_headers_in_t, transfer_encoding), - ngx_http_process_header_line }, + ngx_http_process_unique_header_line }, { ngx_string("TE"), offsetof(ngx_http_headers_in_t, te), @@ -748,6 +748,8 @@ return; } + ngx_reusable_connection(c, 0); + rc = ngx_ssl_handshake(c); if (rc == NGX_AGAIN) { @@ -756,8 +758,6 @@ ngx_add_timer(rev, c->listening->post_accept_timeout); } - ngx_reusable_connection(c, 0); - c->ssl->handler = ngx_http_ssl_handshake_handler; return; } @@ -1910,10 +1910,18 @@ ngx_int_t rc; ngx_str_t host; - if (r->headers_in.host == NULL) { - r->headers_in.host = h; + if (r->headers_in.host) { + ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, + "client sent duplicate host header: \"%V: %V\", " + "previous value: \"%V: %V\"", + &h->key, &h->value, &r->headers_in.host->key, + &r->headers_in.host->value); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return NGX_ERROR; } + r->headers_in.host = h; + host = h->value; rc = ngx_http_validate_host(&host, r->pool, 0); @@ -2123,10 +2131,7 @@ r->headers_in.content_length_n = -1; r->headers_in.chunked = 1; - } else if (r->headers_in.transfer_encoding->value.len != 8 - || ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, - (u_char *) "identity", 8) != 0) - { + } else { ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent unknown \"Transfer-Encoding\": \"%V\"", &r->headers_in.transfer_encoding->value); @@ -2654,26 +2659,6 @@ } if (r != r->main) { - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - - if (r->background) { - if (!r->logged) { - if (clcf->log_subrequest) { - ngx_http_log_request(r); - } - - r->logged = 1; - - } else { - ngx_log_error(NGX_LOG_ALERT, c->log, 0, - "subrequest: \"%V?%V\" logged again", - &r->uri, &r->args); - } - - r->done = 1; - ngx_http_finalize_connection(r); - return; - } if (r->buffered || r->postponed) { @@ -2686,11 +2671,12 @@ pr = r->parent; - if (r == c->data) { - - r->main->count--; + if (r == c->data || r->background) { if (!r->logged) { + + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + if (clcf->log_subrequest) { ngx_http_log_request(r); } @@ -2705,6 +2691,13 @@ r->done = 1; + if (r->background) { + ngx_http_finalize_connection(r); + return; + } + + r->main->count--; + if (pr->postponed && pr->postponed->request == r) { pr->postponed = pr->postponed->next; }
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c index f677e8e..b07d5b9 100644 --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c
@@ -1720,8 +1720,13 @@ ngx_http_v2_stream_t *stream; if (h2c->state.length) { - h2c->state.handler = ngx_http_v2_state_header_block; - return pos; + if (end - pos > 0) { + h2c->state.handler = ngx_http_v2_state_header_block; + return pos; + } + + return ngx_http_v2_state_headers_save(h2c, pos, end, + ngx_http_v2_state_header_block); } if (!(h2c->state.flags & NGX_HTTP_V2_END_HEADERS_FLAG)) {