Maxim Dounin [Wed, 21 May 2014 17:56:20 +0000 (21:56 +0400)]
Mail: added a check for the number of arguments in MAIL/RCPT.
Missed during introduction of the SMTP pipelining support (04e43d03e153,
1.5.6). Previously, the check wasn't needed as s->buffer was used directly
and the number of arguments didn't matter.
Previously, an empty frame object was created for an output chain that contains
only sync or flush empty buffers. But since 39d7eef2e332 every DATA frame has
the flush flag set on its last buffer, so there's no need any more in additional
flush buffers in the output queue and they can be skipped.
Note that such flush frames caused an incorrect $body_bytes_sent value.
SPDY: consistently handle control frames with unknown type.
The SPDY draft 2 specification requires that if an endpoint receives a
control frame for a type it does not recognize, it must ignore the frame.
But the 3 and 3.1 drafts don't seem to declare any behavior for such case.
Then sticking with the previous draft in this matter looks to be right.
But previously, only 8 least significant bits of the type field were
parsed while the rest of 16 bits of the field were checked against zero.
Though there are no known frame types bigger than 255, this resulted in
inconsistency in handling of such frames: they were not recognized as
valid frames at all, and the connection was closed.
If start time is within the track but end time is out of it, error
"end time is out mp4 stts samples" is generated. However it's
better to ignore the error and output the track until its end.
Maxim Dounin [Mon, 31 Mar 2014 18:47:42 +0000 (22:47 +0400)]
Adjusted default value of types_hash_bucket_size (ticket #352).
The ngx_cacheline_size may be too low on some platforms, resulting
in unexpected hash build problems (as no collisions are tolerated due
to low bucket_size, and max_size isn't big enough to build a hash without
collisions). These problems aren't fatal anymore but nevertheless
need to be addressed.
Maxim Dounin [Mon, 31 Mar 2014 17:38:30 +0000 (21:38 +0400)]
Core: slab log_nomem flag.
The flag allows to suppress "ngx_slab_alloc() failed: no memory" messages
from a slab allocator, e.g., if an LRU expiration is used by a consumer
and allocation failures aren't fatal.
The flag is now used in the SSL session cache code, and in the limit_req
module.
Maxim Dounin [Mon, 31 Mar 2014 17:38:28 +0000 (21:38 +0400)]
Win32: fixed cpu hog by cache manager on exit (ticket #514).
The "ngx_quit" may be reset by the worker thread before it's seen
by a ngx_cache_manager_thread(), resulting in an infinite loop. Make
sure to test ngx_exiting as well.
Maxim Dounin [Mon, 31 Mar 2014 17:38:25 +0000 (21:38 +0400)]
Added #ifndef around NGX_HAVE_CASELESS_FILESYSTEM define.
This brings Cygwin compilation in line with other case-insensitive
systems (notably win32 and OS X) where one can force case sensitivity
using -DNGX_HAVE_CASELESS_FILESYSTEM=0.
Roman Arutyunyan [Mon, 31 Mar 2014 15:52:17 +0000 (19:52 +0400)]
Mp4: fixed seeking to a track end.
When "start" value is equal to a track duration the request
fails with "time is out mp4 stts" like it did before track
duration check was added. Now such tracks are considered
short and skipped.
The SPDY/3.1 specification requires that the server must respond with
a 400 "Bad request" error if the sum of the data frame payload lengths
does not equal the size of the Content-Length header.
This also fixes "zero size buf in output" alert, that might be triggered
if client sends a greater than zero Content-Length header and closes
stream using the FIN flag with an empty request body.
SPDY: fixed the DATA frame length handling in case of some errors.
There are a few cases in ngx_http_spdy_state_read_data() related to error
handling when ngx_http_spdy_state_skip() might be called with an inconsistent
state between *pos and sc->length, that leads to violation of frame layout
parsing and resuted in corruption of spdy connection.
SPDY: better detect if headers block has wrong entries count.
Previously, only one case was checked: if there's more data to parse
in a r->header_in buffer, but the buffer can be filled to the end by
the last parsed entry, so we also need to check that there's no more
data to inflate.
Maxim Dounin [Fri, 21 Mar 2014 15:33:21 +0000 (19:33 +0400)]
Range filter: single_range flag in request.
If set, it means that response body is going to be in more than one buffer,
hence only range requests with a single range should be honored.
The flag is now used by mp4 and cacheable upstream responses, thus allowing
range requests of mp4 files with start/end, as well as range processing
on a first request to a not-yet-cached files with proxy_cache.
Notably this makes it possible to play mp4 files (with proxy_cache, or with
mp4 module) on iOS devices, as byte-range support is required by Apple.
Maxim Dounin [Mon, 17 Mar 2014 11:34:36 +0000 (15:34 +0400)]
FastCGI: f->split_parts reset on request start.
Additionally, make sure to check for errors from ngx_http_parse_header_line()
call after joining saved parts. There shouldn't be any errors, though
check may help to catch bugs like missing f->split_parts reset.
SPDY: fixed potential integer overflow while parsing headers.
Previously r->header_size was used to store length for a part of
value that represents an individual already parsed HTTP header,
while r->header_end pointed to the end of the whole value.
Instead of storing length of a following name or value as pointer
to a potential end address (r->header_name_end and r->header_end)
that might be overflowed, now r->lowercase_index counter is used
to store remaining length of a following unparsed field.
It also fixes incorrect $body_bytes_sent value if a request is
closed while parsing of the request header. Since r->header_size
is intended for counting header size, thus abusing it for header
parsing purpose was certainly a bad idea.
Maxim Dounin [Thu, 27 Feb 2014 16:36:35 +0000 (20:36 +0400)]
Disabled redirects to named locations if URI is not set.
If something like "error_page 400 @name" is used in a configuration,
a request could be passed to a named location without URI set, and this
in turn might result in segmentation faults or other bad effects
as most of the code assumes URI is set.
With this change nginx will catch such configuration problems in
ngx_http_named_location() and will stop request processing if URI
is not set, returning 500.
Maxim Dounin [Tue, 18 Feb 2014 13:30:40 +0000 (17:30 +0400)]
Upstream: ngx_post_event() instead of upgraded call (ticket #503).
If a request is finalized in the first call to the
ngx_http_upstream_process_upgraded() function, e.g., because upstream
server closed the connection for some reason, in the second call
the u->peer.connection pointer will be null, resulting in segmentation
fault.
Fix is to avoid second direct call, and post event instead. This ensures
that ngx_http_upstream_process_upgraded() won't be called again if
a request is finalized.
Roman Arutyunyan [Fri, 14 Feb 2014 11:14:48 +0000 (15:14 +0400)]
Mp4: remove useless leading stsc entry in result mp4.
The fix removes useless stsc entry in result mp4.
If start_sample == n then current stsc entry should be skipped
and the result stsc should start with the next entry.
The reason for that is start_sample starts from 0, not 1.
Shigeki Ohtsu [Tue, 4 Feb 2014 05:06:23 +0000 (14:06 +0900)]
SPDY: fixed parsing of the priority field.
The size of the priority field is increased by one bit in spdy/3,
and now it's a 3-bit field followed by 5 bits of unused space.
But a shift of these bits hasn't been adjusted in 39d7eef2e332
accordingly.
Ruslan Ermilov [Thu, 30 Jan 2014 14:57:11 +0000 (18:57 +0400)]
Proxy: fixed upstream search by proxy_pass with variables.
If "proxy_pass" is specified with variables, the resulting
hostname is looked up in the list of upstreams defined in
configuration. The search was case-sensitive, as opposed
to the case of "proxy_pass" specified without variables.
Roman Arutyunyan [Wed, 29 Jan 2014 09:44:15 +0000 (13:44 +0400)]
Mp4: fix seeks to standalone last chunk.
If seek position is within the last track chunk
and that chunk is standalone (stsc entry describes only
this chunk) such seek generates stsc seek error. The
problem is that chunk numbers start with 1, not with 0.
Roman Arutyunyan [Wed, 29 Jan 2014 09:33:45 +0000 (13:33 +0400)]
Mp4: skip tracks shorter than seek position (ticket #414).
Mp4 module does not check movie and track durations when reading
file. Instead it generates errors when track metadata is shorter
than seek position. Now such tracks are skipped and movie duration
check is performed at file read stage.
Roman Arutyunyan [Wed, 29 Jan 2014 09:30:36 +0000 (13:30 +0400)]
Mp4: fix seeks after the last key frame.
Mp4 module does not allow seeks after the last key frame. Since
stss atom only contains key frames it's usually shorter than
other track atoms. That leads to stss seek error when seek
position is close to the end of file. The fix outputs empty
stss frame instead of generating error.
Maxim Dounin [Tue, 28 Jan 2014 11:40:46 +0000 (15:40 +0400)]
Fixed TCP_DEFER_ACCEPT handling (ticket #353).
Backed out 05a56ebb084a, as it turns out that kernel can return connections
without any delay if syncookies are used. This basically means we can't
assume anything about connections returned with deferred accept set.
To solve original problem the 05a56ebb084a tried to solve, i.e. to don't
wait longer than needed if a connection was accepted after deferred accept
timeout, this patch changes a timeout set with setsockopt(TCP_DEFER_ACCEPT)
to 1 second, unconditionally. This is believed to be enough for speed
improvements, and doesn't imply major changes to timeouts used.
Note that before 2.6.32 connections were dropped after a timeout. Though
it is believed that 1s is still appropriate for kernels before 2.6.32,
as previously tcp_synack_retries controlled the actual timeout and 1s results
in more than 1 minute actual timeout by default.
Maxim Dounin [Tue, 28 Jan 2014 11:40:45 +0000 (15:40 +0400)]
SSI: fixed $date_local and $date_gmt without SSI (ticket #230).
If there is no SSI context in a given request at a given time,
the $date_local and $date_gmt variables used "%s" format, instead
of "%A, %d-%b-%Y %H:%M:%S %Z" documented as the default and used
if there is SSI module context and timefmt wasn't modified using
the "config" SSI command.
While use of these variables outside of the SSI evaluation isn't strictly
valid, previous behaviour is certainly inconsistent, hence the fix.
Ruslan Ermilov [Mon, 27 Jan 2014 20:31:31 +0000 (00:31 +0400)]
Configure: enabled -Werror for clang.
Modern clang versions seem to no longer produce warnings for
system headers on Linux (at least clang 3.3 works), hence the
change. For older versions --with-cc-opt="-Wno-error" can be
used as a workaround.
Maxim Dounin [Thu, 23 Jan 2014 14:32:26 +0000 (18:32 +0400)]
SSL: fixed $ssl_session_id possible segfault after 97e3769637a7.
Even during execution of a request it is possible that there will be
no session available, notably in case of renegotiation. As a result
logging of $ssl_session_id in some cases caused NULL pointer dereference
after revision 97e3769637a7 (1.5.9). The check added returns an empty
string if there is no session available.
projects / nginx.git / log