--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: pre-approve: nginx/1.6.3-1
- From: Christos Trochalakis <yatiohi@ideopolis.gr>
- Date: Thu, 9 Apr 2015 11:53:36 +0300
- Message-id: <20150409085336.GA9697@luke.ws.skroutz.gr>
Package: release.debian.org
Severity: normal
Hello,
I have prepared an upload for nginx (1.6.3-1) and I'd like to request a
pre-approval for jessie.
1.6.3 is the latest upstream stable bugfix release including 6 bug fixes[0].
One of them fixes a tcp nodelay issue with spdy that effectively makes spdy
unusuitable for production use.
Upstream already maintains a stable branch and has proven that it does
it well, backporting only what's absolutely needed. I believe it is
better for debian and nginx maintainers to follow suit and package 1.6.3
for jessie.
I am attaching a debdiff or the proposed upload. (I'll also file a bug report
for packaging 1.6.3 and include it the changelog).
Upstream changelog:
*) Feature: now the "tcp_nodelay" directive works with SPDY connections.
*) Bugfix: in error handling.
Thanks to Yichun Zhang and Daniil Bondarev.
*) Bugfix: alerts "header already sent" appeared in logs if the
"post_action" directive was used; the bug had appeared in 1.5.4.
*) Bugfix: alerts "sem_post() failed" might appear in logs.
*) Bugfix: in hash table handling.
Thanks to Chris West.
*) Bugfix: in integer overflow handling.
Thanks to Régis Leroy.
[0] tcp_nodelay is marked as a feature, but it's actually an important
bugfix
diff -Nru nginx-1.6.2/auto/unix nginx-1.6.3/auto/unix
--- nginx-1.6.2/auto/unix 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/auto/unix 2015-04-07 18:58:37.000000000 +0300
@@ -489,6 +489,7 @@
ngx_type="time_t"; . auto/types/sizeof
ngx_param=NGX_TIME_T_SIZE; ngx_value=$ngx_size; . auto/types/value
ngx_param=NGX_TIME_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
+ngx_param=NGX_MAX_TIME_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value
# syscalls, libc calls and some features
diff -Nru nginx-1.6.2/CHANGES nginx-1.6.3/CHANGES
--- nginx-1.6.2/CHANGES 2014-09-16 15:23:24.000000000 +0300
+++ nginx-1.6.3/CHANGES 2015-04-07 18:58:53.000000000 +0300
@@ -1,4 +1,23 @@
+Changes with nginx 1.6.3 07 Apr 2015
+
+ *) Feature: now the "tcp_nodelay" directive works with SPDY connections.
+
+ *) Bugfix: in error handling.
+ Thanks to Yichun Zhang and Daniil Bondarev.
+
+ *) Bugfix: alerts "header already sent" appeared in logs if the
+ "post_action" directive was used; the bug had appeared in 1.5.4.
+
+ *) Bugfix: alerts "sem_post() failed" might appear in logs.
+
+ *) Bugfix: in hash table handling.
+ Thanks to Chris West.
+
+ *) Bugfix: in integer overflow handling.
+ Thanks to Régis Leroy.
+
+
Changes with nginx 1.6.2 16 Sep 2014
*) Security: it was possible to reuse SSL sessions in unrelated contexts
diff -Nru nginx-1.6.2/CHANGES.ru nginx-1.6.3/CHANGES.ru
--- nginx-1.6.2/CHANGES.ru 2014-09-16 15:23:22.000000000 +0300
+++ nginx-1.6.3/CHANGES.ru 2015-04-07 18:58:47.000000000 +0300
@@ -1,4 +1,24 @@
+Изменения в nginx 1.6.3 07.04.2015
+
+ *) Добавление: теперь директива tcp_nodelay работает для
+ SPDY-соединений.
+
+ *) Исправление: в обработке ошибок.
+ Спасибо Yichun Zhang и Даниилу Бондареву.
+
+ *) Исправление: при использовании директивы post_action в лог писались
+ сообщения "header already sent"; ошибка появилась в nginx 1.5.4.
+
+ *) Исправление: в лог могли писаться сообщения "sem_post() failed".
+
+ *) Исправление: в обработке хэш-таблиц.
+ Спасибо Chris West.
+
+ *) Исправление: в обработке целочисленных переполнений.
+ Спасибо Régis Leroy.
+
+
Изменения в nginx 1.6.2 16.09.2014
*) Безопасность: при использовании общего для нескольких блоков server
diff -Nru nginx-1.6.2/debian/changelog nginx-1.6.3/debian/changelog
--- nginx-1.6.2/debian/changelog 2014-12-01 13:12:00.000000000 +0200
+++ nginx-1.6.3/debian/changelog 2015-04-09 11:00:03.000000000 +0300
@@ -1,3 +1,11 @@
+nginx (1.6.3-1) unstable; urgency=medium
+
+ [ Christos Trochalakis ]
+ * New upstream release.
+ Fixes tcp nodelay issue in spdy module.
+
+ -- Christos Trochalakis <yatiohi@ideopolis.gr> Thu, 09 Apr 2015 10:57:26 +0300
+
nginx (1.6.2-5) unstable; urgency=medium
[ Christos Trochalakis ]
diff -Nru nginx-1.6.2/src/core/nginx.h nginx-1.6.3/src/core/nginx.h
--- nginx-1.6.2/src/core/nginx.h 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/core/nginx.h 2015-04-07 18:58:38.000000000 +0300
@@ -9,8 +9,8 @@
#define _NGINX_H_INCLUDED_
-#define nginx_version 1006002
-#define NGINX_VERSION "1.6.2"
+#define nginx_version 1006003
+#define NGINX_VERSION "1.6.3"
#define NGINX_VER "nginx/" NGINX_VERSION
#define NGINX_VAR "NGINX"
diff -Nru nginx-1.6.2/src/core/ngx_config.h nginx-1.6.3/src/core/ngx_config.h
--- nginx-1.6.2/src/core/ngx_config.h 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/core/ngx_config.h 2015-04-07 18:58:38.000000000 +0300
@@ -85,8 +85,11 @@
#if (NGX_PTR_SIZE == 4)
#define NGX_INT_T_LEN NGX_INT32_LEN
+#define NGX_MAX_INT_T_VALUE 2147483647
+
#else
#define NGX_INT_T_LEN NGX_INT64_LEN
+#define NGX_MAX_INT_T_VALUE 9223372036854775807
#endif
diff -Nru nginx-1.6.2/src/core/ngx_hash.c nginx-1.6.3/src/core/ngx_hash.c
--- nginx-1.6.2/src/core/ngx_hash.c 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/core/ngx_hash.c 2015-04-07 18:58:38.000000000 +0300
@@ -312,6 +312,8 @@
continue;
}
+ size = hinit->max_size;
+
ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
"could not build optimal %s, you should increase "
"either %s_max_size: %i or %s_bucket_size: %i; "
diff -Nru nginx-1.6.2/src/core/ngx_inet.c nginx-1.6.3/src/core/ngx_inet.c
--- nginx-1.6.2/src/core/ngx_inet.c 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/core/ngx_inet.c 2015-04-07 18:58:38.000000000 +0300
@@ -27,6 +27,10 @@
for (p = text; p < text + len; p++) {
+ if (octet > 255) {
+ return INADDR_NONE;
+ }
+
c = *p;
if (c >= '0' && c <= '9') {
@@ -34,7 +38,7 @@
continue;
}
- if (c == '.' && octet < 256) {
+ if (c == '.') {
addr = (addr << 8) + octet;
octet = 0;
n++;
@@ -44,7 +48,7 @@
return INADDR_NONE;
}
- if (n == 3 && octet < 256) {
+ if (n == 3) {
addr = (addr << 8) + octet;
return htonl(addr);
}
diff -Nru nginx-1.6.2/src/core/ngx_parse.c nginx-1.6.3/src/core/ngx_parse.c
--- nginx-1.6.2/src/core/ngx_parse.c 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/core/ngx_parse.c 2015-04-07 18:58:38.000000000 +0300
@@ -12,10 +12,9 @@
ssize_t
ngx_parse_size(ngx_str_t *line)
{
- u_char unit;
- size_t len;
- ssize_t size;
- ngx_int_t scale;
+ u_char unit;
+ size_t len;
+ ssize_t size, scale, max;
len = line->len;
unit = line->data[len - 1];
@@ -24,21 +23,24 @@
case 'K':
case 'k':
len--;
+ max = NGX_MAX_SIZE_T_VALUE / 1024;
scale = 1024;
break;
case 'M':
case 'm':
len--;
+ max = NGX_MAX_SIZE_T_VALUE / (1024 * 1024);
scale = 1024 * 1024;
break;
default:
+ max = NGX_MAX_SIZE_T_VALUE;
scale = 1;
}
size = ngx_atosz(line->data, len);
- if (size == NGX_ERROR) {
+ if (size == NGX_ERROR || size > max) {
return NGX_ERROR;
}
@@ -51,10 +53,9 @@
off_t
ngx_parse_offset(ngx_str_t *line)
{
- u_char unit;
- off_t offset;
- size_t len;
- ngx_int_t scale;
+ u_char unit;
+ off_t offset, scale, max;
+ size_t len;
len = line->len;
unit = line->data[len - 1];
@@ -63,27 +64,31 @@
case 'K':
case 'k':
len--;
+ max = NGX_MAX_OFF_T_VALUE / 1024;
scale = 1024;
break;
case 'M':
case 'm':
len--;
+ max = NGX_MAX_OFF_T_VALUE / (1024 * 1024);
scale = 1024 * 1024;
break;
case 'G':
case 'g':
len--;
+ max = NGX_MAX_OFF_T_VALUE / (1024 * 1024 * 1024);
scale = 1024 * 1024 * 1024;
break;
default:
+ max = NGX_MAX_OFF_T_VALUE;
scale = 1;
}
offset = ngx_atoof(line->data, len);
- if (offset == NGX_ERROR) {
+ if (offset == NGX_ERROR || offset > max) {
return NGX_ERROR;
}
@@ -98,7 +103,8 @@
{
u_char *p, *last;
ngx_int_t value, total, scale;
- ngx_uint_t max, valid;
+ ngx_int_t max, cutoff, cutlim;
+ ngx_uint_t valid;
enum {
st_start = 0,
st_year,
@@ -115,8 +121,9 @@
valid = 0;
value = 0;
total = 0;
+ cutoff = NGX_MAX_INT_T_VALUE / 10;
+ cutlim = NGX_MAX_INT_T_VALUE % 10;
step = is_sec ? st_start : st_month;
- scale = is_sec ? 1 : 1000;
p = line->data;
last = p + line->len;
@@ -124,6 +131,10 @@
while (p < last) {
if (*p >= '0' && *p <= '9') {
+ if (value >= cutoff && (value > cutoff || *p - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*p++ - '0');
valid = 1;
continue;
@@ -136,7 +147,7 @@
return NGX_ERROR;
}
step = st_year;
- max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 365);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 365);
scale = 60 * 60 * 24 * 365;
break;
@@ -145,7 +156,7 @@
return NGX_ERROR;
}
step = st_month;
- max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 30);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 30);
scale = 60 * 60 * 24 * 30;
break;
@@ -154,7 +165,7 @@
return NGX_ERROR;
}
step = st_week;
- max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 7);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 7);
scale = 60 * 60 * 24 * 7;
break;
@@ -163,7 +174,7 @@
return NGX_ERROR;
}
step = st_day;
- max = NGX_MAX_INT32_VALUE / (60 * 60 * 24);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24);
scale = 60 * 60 * 24;
break;
@@ -172,7 +183,7 @@
return NGX_ERROR;
}
step = st_hour;
- max = NGX_MAX_INT32_VALUE / (60 * 60);
+ max = NGX_MAX_INT_T_VALUE / (60 * 60);
scale = 60 * 60;
break;
@@ -183,7 +194,7 @@
}
p++;
step = st_msec;
- max = NGX_MAX_INT32_VALUE;
+ max = NGX_MAX_INT_T_VALUE;
scale = 1;
break;
}
@@ -192,7 +203,7 @@
return NGX_ERROR;
}
step = st_min;
- max = NGX_MAX_INT32_VALUE / 60;
+ max = NGX_MAX_INT_T_VALUE / 60;
scale = 60;
break;
@@ -201,7 +212,7 @@
return NGX_ERROR;
}
step = st_sec;
- max = NGX_MAX_INT32_VALUE;
+ max = NGX_MAX_INT_T_VALUE;
scale = 1;
break;
@@ -210,7 +221,7 @@
return NGX_ERROR;
}
step = st_last;
- max = NGX_MAX_INT32_VALUE;
+ max = NGX_MAX_INT_T_VALUE;
scale = 1;
break;
@@ -223,27 +234,40 @@
max /= 1000;
}
- if ((ngx_uint_t) value > max) {
+ if (value > max) {
return NGX_ERROR;
}
- total += value * scale;
+ value *= scale;
- if ((ngx_uint_t) total > NGX_MAX_INT32_VALUE) {
+ if (total > NGX_MAX_INT_T_VALUE - value) {
return NGX_ERROR;
}
+ total += value;
+
value = 0;
- scale = is_sec ? 1 : 1000;
while (p < last && *p == ' ') {
p++;
}
}
- if (valid) {
- return total + value * scale;
+ if (!valid) {
+ return NGX_ERROR;
+ }
+
+ if (!is_sec) {
+ if (value > NGX_MAX_INT_T_VALUE / 1000) {
+ return NGX_ERROR;
+ }
+
+ value *= 1000;
+ }
+
+ if (total > NGX_MAX_INT_T_VALUE - value) {
+ return NGX_ERROR;
}
- return NGX_ERROR;
+ return total + value;
}
diff -Nru nginx-1.6.2/src/core/ngx_resolver.c nginx-1.6.3/src/core/ngx_resolver.c
--- nginx-1.6.2/src/core/ngx_resolver.c 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/core/ngx_resolver.c 2015-04-07 18:58:38.000000000 +0300
@@ -1568,8 +1568,6 @@
ngx_rbtree_delete(&r->name_rbtree, &rn->node);
- ngx_resolver_free_node(r, rn);
-
/* unlock name mutex */
while (next) {
@@ -1580,6 +1578,8 @@
ctx->handler(ctx);
}
+ ngx_resolver_free_node(r, rn);
+
return;
}
@@ -2143,8 +2143,6 @@
ngx_rbtree_delete(tree, &rn->node);
- ngx_resolver_free_node(r, rn);
-
/* unlock addr mutex */
while (next) {
@@ -2155,6 +2153,8 @@
ctx->handler(ctx);
}
+ ngx_resolver_free_node(r, rn);
+
return;
}
diff -Nru nginx-1.6.2/src/core/ngx_shmtx.c nginx-1.6.3/src/core/ngx_shmtx.c
--- nginx-1.6.2/src/core/ngx_shmtx.c 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/core/ngx_shmtx.c 2015-04-07 18:58:38.000000000 +0300
@@ -101,6 +101,7 @@
(void) ngx_atomic_fetch_add(mtx->wait, 1);
if (*mtx->lock == 0 && ngx_atomic_cmp_set(mtx->lock, 0, ngx_pid)) {
+ (void) ngx_atomic_fetch_add(mtx->wait, -1);
return;
}
@@ -174,7 +175,7 @@
wait = *mtx->wait;
- if (wait == 0) {
+ if ((ngx_atomic_int_t) wait <= 0) {
return;
}
diff -Nru nginx-1.6.2/src/core/ngx_string.c nginx-1.6.3/src/core/ngx_string.c
--- nginx-1.6.2/src/core/ngx_string.c 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/core/ngx_string.c 2015-04-07 18:58:38.000000000 +0300
@@ -897,26 +897,28 @@
ngx_int_t
ngx_atoi(u_char *line, size_t n)
{
- ngx_int_t value;
+ ngx_int_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 10;
+ cutlim = NGX_MAX_INT_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
@@ -925,13 +927,16 @@
ngx_int_t
ngx_atofp(u_char *line, size_t n, size_t point)
{
- ngx_int_t value;
+ ngx_int_t value, cutoff, cutlim;
ngx_uint_t dot;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 10;
+ cutlim = NGX_MAX_INT_T_VALUE % 10;
+
dot = 0;
for (value = 0; n--; line++) {
@@ -953,98 +958,107 @@
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
point -= dot;
}
while (point--) {
+ if (value > cutoff) {
+ return NGX_ERROR;
+ }
+
value = value * 10;
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
ssize_t
ngx_atosz(u_char *line, size_t n)
{
- ssize_t value;
+ ssize_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_SIZE_T_VALUE / 10;
+ cutlim = NGX_MAX_SIZE_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
off_t
ngx_atoof(u_char *line, size_t n)
{
- off_t value;
+ off_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_OFF_T_VALUE / 10;
+ cutlim = NGX_MAX_OFF_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
time_t
ngx_atotm(u_char *line, size_t n)
{
- time_t value;
+ time_t value, cutoff, cutlim;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_TIME_T_VALUE / 10;
+ cutlim = NGX_MAX_TIME_T_VALUE % 10;
+
for (value = 0; n--; line++) {
if (*line < '0' || *line > '9') {
return NGX_ERROR;
}
+ if (value >= cutoff && (value > cutoff || *line - '0' > cutlim)) {
+ return NGX_ERROR;
+ }
+
value = value * 10 + (*line - '0');
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
@@ -1052,13 +1066,19 @@
ngx_hextoi(u_char *line, size_t n)
{
u_char c, ch;
- ngx_int_t value;
+ ngx_int_t value, cutoff;
if (n == 0) {
return NGX_ERROR;
}
+ cutoff = NGX_MAX_INT_T_VALUE / 16;
+
for (value = 0; n--; line++) {
+ if (value > cutoff) {
+ return NGX_ERROR;
+ }
+
ch = *line;
if (ch >= '0' && ch <= '9') {
@@ -1076,12 +1096,7 @@
return NGX_ERROR;
}
- if (value < 0) {
- return NGX_ERROR;
-
- } else {
- return value;
- }
+ return value;
}
diff -Nru nginx-1.6.2/src/event/ngx_event_openssl.c nginx-1.6.3/src/event/ngx_event_openssl.c
--- nginx-1.6.2/src/event/ngx_event_openssl.c 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/event/ngx_event_openssl.c 2015-04-07 18:58:38.000000000 +0300
@@ -1614,6 +1614,9 @@
#ifdef SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING
|| n == SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING /* 345 */
#endif
+#ifdef SSL_R_INAPPROPRIATE_FALLBACK
+ || n == SSL_R_INAPPROPRIATE_FALLBACK /* 373 */
+#endif
|| n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
|| n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */
|| n == SSL_R_SSLV3_ALERT_BAD_RECORD_MAC /* 1020 */
diff -Nru nginx-1.6.2/src/http/modules/ngx_http_range_filter_module.c nginx-1.6.3/src/http/modules/ngx_http_range_filter_module.c
--- nginx-1.6.2/src/http/modules/ngx_http_range_filter_module.c 2014-09-16 15:23:19.000000000 +0300
+++ nginx-1.6.3/src/http/modules/ngx_http_range_filter_module.c 2015-04-07 18:58:38.000000000 +0300
@@ -274,7 +274,7 @@
ngx_uint_t ranges)
{
u_char *p;
- off_t start, end, size, content_length;
+ off_t start, end, size, content_length, cutoff, cutlim;
ngx_uint_t suffix;
ngx_http_range_t *range;
@@ -282,6 +282,9 @@
size = 0;
content_length = r->headers_out.content_length_n;
+ cutoff = NGX_MAX_OFF_T_VALUE / 10;
+ cutlim = NGX_MAX_OFF_T_VALUE % 10;
+
for ( ;; ) {
start = 0;
end = 0;
@@ -295,6 +298,10 @@
}
while (*p >= '0' && *p <= '9') {
+ if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) {
+ return NGX_HTTP_RANGE_NOT_SATISFIABLE;
+ }
+
start = start * 10 + *p++ - '0';
}
@@ -321,6 +328,10 @@
}
while (*p >= '0' && *p <= '9') {
+ if (end >= cutoff && (end > cutoff || *p - '0' > cutlim)) {
+ return NGX_HTTP_RANGE_NOT_SATISFIABLE;
+ }
+
end = end * 10 + *p++ - '0';
}
diff -Nru nginx-1.6.2/src/http/ngx_http_core_module.c nginx-1.6.3/src/http/ngx_http_core_module.c
--- nginx-1.6.2/src/http/ngx_http_core_module.c 2014-09-16 15:23:20.000000000 +0300
+++ nginx-1.6.3/src/http/ngx_http_core_module.c 2015-04-07 18:58:39.000000000 +0300
@@ -1935,6 +1935,10 @@
ngx_int_t
ngx_http_send_header(ngx_http_request_t *r)
{
+ if (r->post_action) {
+ return NGX_OK;
+ }
+
if (r->header_sent) {
ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
"header already sent");
diff -Nru nginx-1.6.2/src/http/ngx_http_parse.c nginx-1.6.3/src/http/ngx_http_parse.c
--- nginx-1.6.2/src/http/ngx_http_parse.c 2014-09-16 15:23:20.000000000 +0300
+++ nginx-1.6.3/src/http/ngx_http_parse.c 2015-04-07 18:58:39.000000000 +0300
@@ -2104,6 +2104,10 @@
goto invalid;
case sw_chunk_size:
+ if (ctx->size > NGX_MAX_OFF_T_VALUE / 16) {
+ goto invalid;
+ }
+
if (ch >= '0' && ch <= '9') {
ctx->size = ctx->size * 16 + (ch - '0');
break;
@@ -2253,6 +2257,10 @@
ctx->state = state;
b->pos = pos;
+ if (ctx->size > NGX_MAX_OFF_T_VALUE - 5) {
+ goto invalid;
+ }
+
switch (state) {
case sw_chunk_start:
@@ -2289,10 +2297,6 @@
}
- if (ctx->size < 0 || ctx->length < 0) {
- goto invalid;
- }
-
return rc;
done:
diff -Nru nginx-1.6.2/src/http/ngx_http_request.c nginx-1.6.3/src/http/ngx_http_request.c
--- nginx-1.6.2/src/http/ngx_http_request.c 2014-09-16 15:23:20.000000000 +0300
+++ nginx-1.6.3/src/http/ngx_http_request.c 2015-04-07 18:58:39.000000000 +0300
@@ -1227,12 +1227,11 @@
if (len > NGX_MAX_ERROR_STR - 300) {
len = NGX_MAX_ERROR_STR - 300;
- p[len++] = '.'; p[len++] = '.'; p[len++] = '.';
}
ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent too long header line: \"%*s\"",
- len, r->header_name_start);
+ "client sent too long header line: \"%*s...\"",
+ len, r->header_name_start);
ngx_http_finalize_request(r,
NGX_HTTP_REQUEST_HEADER_TOO_LARGE);
diff -Nru nginx-1.6.2/src/http/ngx_http_spdy.c nginx-1.6.3/src/http/ngx_http_spdy.c
--- nginx-1.6.2/src/http/ngx_http_spdy.c 2014-09-16 15:23:20.000000000 +0300
+++ nginx-1.6.3/src/http/ngx_http_spdy.c 2015-04-07 18:58:39.000000000 +0300
@@ -3156,8 +3156,10 @@
void
ngx_http_spdy_close_stream(ngx_http_spdy_stream_t *stream, ngx_int_t rc)
{
+ int tcp_nodelay;
ngx_event_t *ev;
- ngx_connection_t *fc;
+ ngx_connection_t *c, *fc;
+ ngx_http_core_loc_conf_t *clcf;
ngx_http_spdy_stream_t **index, *s;
ngx_http_spdy_srv_conf_t *sscf;
ngx_http_spdy_connection_t *sc;
@@ -3183,6 +3185,54 @@
{
sc->connection->error = 1;
}
+
+ } else {
+ c = sc->connection;
+
+ if (c->tcp_nopush == NGX_TCP_NOPUSH_SET) {
+ if (ngx_tcp_push(c->fd) == -1) {
+ ngx_connection_error(c, ngx_socket_errno,
+ ngx_tcp_push_n " failed");
+ c->error = 1;
+ tcp_nodelay = 0;
+
+ } else {
+ c->tcp_nopush = NGX_TCP_NOPUSH_UNSET;
+ tcp_nodelay = ngx_tcp_nodelay_and_tcp_nopush ? 1 : 0;
+ }
+
+ } else {
+ tcp_nodelay = 1;
+ }
+
+ clcf = ngx_http_get_module_loc_conf(stream->request,
+ ngx_http_core_module);
+
+ if (tcp_nodelay
+ && clcf->tcp_nodelay
+ && c->tcp_nodelay == NGX_TCP_NODELAY_UNSET)
+ {
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "tcp_nodelay");
+
+ if (setsockopt(c->fd, IPPROTO_TCP, TCP_NODELAY,
+ (const void *) &tcp_nodelay, sizeof(int))
+ == -1)
+ {
+#if (NGX_SOLARIS)
+ /* Solaris returns EINVAL if a socket has been shut down */
+ c->log_error = NGX_ERROR_IGNORE_EINVAL;
+#endif
+
+ ngx_connection_error(c, ngx_socket_errno,
+ "setsockopt(TCP_NODELAY) failed");
+
+ c->log_error = NGX_ERROR_INFO;
+ c->error = 1;
+
+ } else {
+ c->tcp_nodelay = NGX_TCP_NODELAY_SET;
+ }
+ }
}
if (sc->stream == stream) {
--- End Message ---