Changes of Revision 277
[-] | Changed | nginx.changes |
x 1
2 ------------------------------------------------------------------- 3 +Tue Mar 12 06:58:53 UTC 2019 - Local OBS User <cs@linux-administrator.com> 4 + 5 +- update to nginx 1.14.2 6 +- update openssl to 1.1.1b 7 + 8 +------------------------------------------------------------------- 9 Tue Jun 5 13:27:07 UTC 2018 - cs@linux-administrator.com 10 11 - update to nginx 1.14.0 12 |
||
[+] | Changed | _service ^ |
@@ -2,6 +2,6 @@ <service name="download_url"> <param name="host">nginx.org</param> <param name="protocol">http</param> - <param name="path">/download/nginx-1.14.0.tar.gz</param> + <param name="path">/download/nginx-1.14.2.tar.gz</param> </service> -<service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.0h.tar.gz</param></service></services> +<service name="download_url"><param name="host">www.openssl.org</param><param name="protocol">https</param><param name="path">/source/openssl-1.1.1b.tar.gz</param></service></services> | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/CHANGES ^ |
@@ -1,4 +1,50 @@ +Changes with nginx 1.14.2 04 Dec 2018 + + *) Bugfix: nginx could not be built by gcc 8.1. + + *) Bugfix: nginx could not be built on Fedora 28 Linux. + + *) Bugfix: in handling of client addresses when using unix domain listen + sockets to work with datagrams on Linux. + + *) Change: the logging level of the "http request", "https proxy + request", "unsupported protocol", "version too low", "no suitable key + share", and "no suitable signature algorithm" SSL errors has been + lowered from "crit" to "info". + + *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to + switch off "ssl_prefer_server_ciphers" in a virtual server if it was + switched on in the default server. + + *) Bugfix: nginx could not be built with LibreSSL 2.8.0. + + *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL + 1.1.1, the TLS 1.3 protocol was always enabled. + + *) Bugfix: sending a disk-buffered request body to a gRPC backend might + fail. + + *) Bugfix: connections with some gRPC backends might not be cached when + using the "keepalive" directive. + + *) Bugfix: a segmentation fault might occur in a worker process if the + ngx_http_mp4_module was used on 32-bit platforms. + + +Changes with nginx 1.14.1 06 Nov 2018 + + *) Security: when using HTTP/2 a client might cause excessive memory + consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). + + *) Security: processing of a specially crafted mp4 file with the + ngx_http_mp4_module might result in worker process memory disclosure + (CVE-2018-16845). + + *) Bugfix: working with gRPC backends might result in excessive memory + consumption. + + Changes with nginx 1.14.0 17 Apr 2018 *) 1.14.x stable branch. | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/CHANGES.ru ^ |
@@ -1,4 +1,52 @@ +Изменения в nginx 1.14.2 04.12.2018 + + *) Исправление: nginx не собирался gcc 8.1. + + *) Исправление: nginx не собирался на Fedora 28 Linux. + + *) Исправление: в обработке адресов клиентов при использовании unix + domain listen-сокетов для работы с датаграммами на Linux. + + *) Изменение: уровень логгирования ошибок SSL "http request", "https + proxy request", "unsupported protocol", "version too low", "no + suitable key share" и "no suitable signature algorithm" понижен с + уровня crit до info. + + *) Исправление: при использовании OpenSSL 1.1.0 и новее директиву + ssl_prefer_server_ciphers нельзя было выключить в виртуальном + сервере, если она была включена в сервере по умолчанию. + + *) Исправление: nginx не собирался с LibreSSL 2.8.0. + + *) Исправление: если nginx был собран с OpenSSL 1.1.0, а использовался с + OpenSSL 1.1.1, протокол TLS 1.3 всегда был разрешён. + + *) Исправление: при отправке сохранённого на диск тела запроса на + gRPC-бэкенд могли возникать ошибки. + + *) Исправление: соединения к некоторым gRPC-бэкендам могли не + кэшироваться при использовании директивы keepalive. + + *) Исправление: в рабочем процессе мог произойти segmentation fault, + если использовался модуль ngx_http_mp4_module на 32-битных + платформах. + + +Изменения в nginx 1.14.1 06.11.2018 + + *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное + потреблению памяти (CVE-2018-16843) и ресурсов процессора + (CVE-2018-16844). + + *) Безопасность: при обработке специально созданного mp4-файла модулем + ngx_http_mp4_module содержимое памяти рабочего процесса могло быть + отправлено клиенту (CVE-2018-16845). + + *) Исправление: при работе с gRPC-бэкендами могло расходоваться большое + количество памяти. + + Изменения в nginx 1.14.0 17.04.2018 *) Стабильная ветка 1.14.x. | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/core/nginx.h ^ |
@@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1014000 -#define NGINX_VERSION "1.14.0" +#define nginx_version 1014002 +#define NGINX_VERSION "1.14.2" #define NGINX_VER "nginx/" NGINX_VERSION #ifdef NGX_BUILD | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/event/ngx_event_accept.c ^ |
@@ -448,6 +448,18 @@ c->socklen = sizeof(ngx_sockaddr_t); } + if (c->socklen == 0) { + + /* + * on Linux recvmsg() returns zero msg_namelen + * when receiving packets from unbound AF_UNIX sockets + */ + + c->socklen = sizeof(struct sockaddr); + ngx_memzero(&sa, sizeof(struct sockaddr)); + sa.sockaddr.sa_family = ls->sockaddr->sa_family; + } + #if (NGX_STAT_STUB) (void) ngx_atomic_fetch_add(ngx_stat_active, 1); #endif | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/event/ngx_event_openssl.c ^ |
@@ -296,7 +296,7 @@ SSL_CTX_set_options(ssl->ctx, SSL_OP_SINGLE_DH_USE); -#ifdef SSL_CTRL_CLEAR_OPTIONS +#if OPENSSL_VERSION_NUMBER >= 0x009080dfL /* only in 0.9.8m+ */ SSL_CTX_clear_options(ssl->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1); @@ -330,6 +330,16 @@ } #endif +#ifdef SSL_CTX_set_min_proto_version + SSL_CTX_set_min_proto_version(ssl->ctx, 0); + SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_2_VERSION); +#endif + +#ifdef TLS1_3_VERSION + SSL_CTX_set_min_proto_version(ssl->ctx, 0); + SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION); +#endif + #ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION); #endif @@ -2059,10 +2069,18 @@ /* handshake failures */ if (n == SSL_R_BAD_CHANGE_CIPHER_SPEC /* 103 */ +#ifdef SSL_R_NO_SUITABLE_KEY_SHARE + || n == SSL_R_NO_SUITABLE_KEY_SHARE /* 101 */ +#endif +#ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM + || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */ +#endif || n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */ || n == SSL_R_DIGEST_CHECK_FAILED /* 149 */ || n == SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST /* 151 */ || n == SSL_R_EXCESSIVE_MESSAGE_SIZE /* 152 */ + || n == SSL_R_HTTPS_PROXY_REQUEST /* 155 */ + || n == SSL_R_HTTP_REQUEST /* 156 */ || n == SSL_R_LENGTH_MISMATCH /* 159 */ #ifdef SSL_R_NO_CIPHERS_PASSED || n == SSL_R_NO_CIPHERS_PASSED /* 182 */ @@ -2078,6 +2096,13 @@ || n == SSL_R_UNEXPECTED_RECORD /* 245 */ || n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */ || n == SSL_R_UNKNOWN_PROTOCOL /* 252 */ +#ifdef SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS + || n == SSL_R_NO_COMMON_SIGNATURE_ALGORITHMS /* 253 */ +#endif + || n == SSL_R_UNSUPPORTED_PROTOCOL /* 258 */ +#ifdef SSL_R_NO_SHARED_GROUP + || n == SSL_R_NO_SHARED_GROUP /* 266 */ +#endif || n == SSL_R_WRONG_VERSION_NUMBER /* 267 */ || n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */ #ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG @@ -2094,6 +2119,9 @@ #ifdef SSL_R_INAPPROPRIATE_FALLBACK || n == SSL_R_INAPPROPRIATE_FALLBACK /* 373 */ #endif +#ifdef SSL_R_VERSION_TOO_LOW + || n == SSL_R_VERSION_TOO_LOW /* 396 */ +#endif || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */ #ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */ | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/event/ngx_event_openssl.h ^ |
@@ -36,8 +36,12 @@ #if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L) #undef OPENSSL_VERSION_NUMBER +#if (LIBRESSL_VERSION_NUMBER >= 0x2080000fL) +#define OPENSSL_VERSION_NUMBER 0x1010000fL +#else #define OPENSSL_VERSION_NUMBER 0x1000107fL #endif +#endif #if (OPENSSL_VERSION_NUMBER >= 0x10100001L) | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/modules/ngx_http_fastcgi_module.c ^ |
@@ -3264,7 +3264,8 @@ return NGX_ERROR; } - copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; copy->len = src[i].key.len; copy = ngx_array_push_n(params->lengths, @@ -3273,7 +3274,8 @@ return NGX_ERROR; } - copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; copy->len = src[i].skip_empty; | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/modules/ngx_http_grpc_module.c ^ |
@@ -78,6 +78,9 @@ ngx_uint_t id; + ngx_uint_t pings; + ngx_uint_t settings; + ssize_t send_window; size_t recv_window; @@ -109,8 +112,10 @@ unsigned header_sent:1; unsigned output_closed:1; + unsigned output_blocked:1; unsigned parsing_headers:1; unsigned end_stream:1; + unsigned done:1; unsigned status:1; ngx_http_request_t *request; @@ -1072,8 +1077,10 @@ ctx->state = 0; ctx->header_sent = 0; ctx->output_closed = 0; + ctx->output_blocked = 0; ctx->parsing_headers = 0; ctx->end_stream = 0; + ctx->done = 0; ctx->status = 0; ctx->connection = NULL; @@ -1093,6 +1100,7 @@ ngx_int_t rc; ngx_uint_t next, last; ngx_chain_t *cl, *out, **ll; + ngx_http_upstream_t *u; ngx_http_grpc_ctx_t *ctx; ngx_http_grpc_frame_t *f; @@ -1407,6 +1415,36 @@ rc = NGX_AGAIN; } + if (rc == NGX_AGAIN) { + ctx->output_blocked = 1; + + } else { + ctx->output_blocked = 0; + } + + if (ctx->done) { + + /* + * We have already got the response and were sending some additional + * control frames. Even if there is still something unsent, stop + * here anyway. + */ + + u = r->upstream; + u->length = 0; + + if (ctx->in == NULL + && ctx->out == NULL + && ctx->output_closed + && !ctx->output_blocked + && ctx->state == ngx_http_grpc_st_start) + { + u->keepalive = 1; + } + + ngx_post_event(u->peer.connection->read, &ngx_posted_events); + } + return rc; } @@ -1749,6 +1787,7 @@ if (ctx->in == NULL && ctx->out == NULL && ctx->output_closed + && !ctx->output_blocked && b->last == b->pos) { u->keepalive = 1; @@ -1832,6 +1871,34 @@ rc = ngx_http_grpc_parse_frame(r, ctx, b); if (rc == NGX_AGAIN) { + + if (ctx->done) { + + /* + * We have finished parsing the response and the + * remaining control frames. If there are unsent + * control frames, post a write event to send them. + */ + + if (ctx->out) { + ngx_post_event(u->peer.connection->write, + &ngx_posted_events); + return NGX_AGAIN; + } + + u->length = 0; + + if (ctx->in == NULL + && ctx->output_closed + && !ctx->output_blocked + && ctx->state == ngx_http_grpc_st_start) + { + u->keepalive = 1; + } + + break; + } + return NGX_AGAIN; } @@ -1898,6 +1965,13 @@ return NGX_ERROR; } + if (ctx->stream_id && ctx->done) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent frame for closed stream %ui", + ctx->stream_id); + return NGX_ERROR; + } + ctx->padding = 0; } @@ -1914,17 +1988,7 @@ ctx->state = ngx_http_grpc_st_start; if (ctx->flags & NGX_HTTP_V2_END_STREAM_FLAG) { - u->length = 0; - - if (ctx->in == NULL - && ctx->out == NULL - && ctx->output_closed - && b->last == b->pos) - { - u->keepalive = 1; - } - - break; + ctx->done = 1; } continue; @@ -2094,17 +2158,8 @@ "grpc trailer done"); if (ctx->end_stream) { - u->length = 0; - - if (ctx->in == NULL - && ctx->out == NULL - && ctx->output_closed - && b->last == b->pos) - { - u->keepalive = 1; - } - - return NGX_OK; + ctx->done = 1; + break; } ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, @@ -2121,6 +2176,10 @@ return NGX_ERROR; } + if (rc == NGX_HTTP_PARSE_HEADER_DONE) { + continue; + } + /* rc == NGX_AGAIN */ if (ctx->rest == 0) { @@ -2237,17 +2296,7 @@ ctx->state = ngx_http_grpc_st_start; if (ctx->flags & NGX_HTTP_V2_END_STREAM_FLAG) { - u->length = 0; - - if (ctx->in == NULL - && ctx->out == NULL - && ctx->output_closed - && b->last == b->pos) - { - u->keepalive = 1; - } - - break; + ctx->done = 1; } } @@ -3531,6 +3580,12 @@ ctx->rest); return NGX_ERROR; } + + if (ctx->free == NULL && ctx->settings++ > 1000) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent too many settings frames"); + return NGX_ERROR; + } } for (p = b->pos; p < last; p++) { @@ -3683,6 +3738,12 @@ "upstream sent ping frame with ack flag"); return NGX_ERROR; } + + if (ctx->free == NULL && ctx->pings++ > 1000) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "upstream sent too many ping frames"); + return NGX_ERROR; + } } for (p = b->pos; p < last; p++) { @@ -3868,6 +3929,7 @@ static ngx_chain_t * ngx_http_grpc_get_buf(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx) { + u_char *start; ngx_buf_t *b; ngx_chain_t *cl; @@ -3877,29 +3939,33 @@ } b = cl->buf; + start = b->start; - b->tag = (ngx_buf_tag_t) &ngx_http_grpc_body_output_filter; - b->temporary = 1; - b->flush = 1; - - if (b->start == NULL) { + if (start == NULL) { /* * each buffer is large enough to hold two window update * frames in a row */ - b->start = ngx_palloc(r->pool, 2 * sizeof(ngx_http_grpc_frame_t) + 8); - if (b->start == NULL) { + start = ngx_palloc(r->pool, 2 * sizeof(ngx_http_grpc_frame_t) + 8); + if (start == NULL) { return NULL; } - b->pos = b->start; - b->last = b->start; - - b->end = b->start + 2 * sizeof(ngx_http_grpc_frame_t) + 8; } + ngx_memzero(b, sizeof(ngx_buf_t)); + + b->start = start; + b->pos = start; + b->last = start; + b->end = start + 2 * sizeof(ngx_http_grpc_frame_t) + 8; + + b->tag = (ngx_buf_tag_t) &ngx_http_grpc_body_output_filter; + b->temporary = 1; + b->flush = 1; + return cl; } @@ -4389,7 +4455,8 @@ return NGX_ERROR; } - copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; copy->len = src[i].key.len; size = (sizeof(ngx_http_script_copy_code_t) | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/modules/ngx_http_mp4_module.c ^ |
@@ -169,7 +169,14 @@ #define ngx_mp4_atom_next(mp4, n) \ - mp4->buffer_pos += (size_t) n; \ + \ + if (n > (size_t) (mp4->buffer_end - mp4->buffer_pos)) { \ + mp4->buffer_pos = mp4->buffer_end; \ + \ + } else { \ + mp4->buffer_pos += (size_t) n; \ + } \ + \ mp4->offset += n @@ -942,6 +949,13 @@ atom_size = ngx_mp4_get_64value(atom_header + 8); atom_header_size = sizeof(ngx_mp4_atom_header64_t); + if (atom_size < sizeof(ngx_mp4_atom_header64_t)) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 atom is too small:%uL", + mp4->file.name.data, atom_size); + return NGX_ERROR; + } + } else { ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, "\"%s\" mp4 atom is too small:%uL", | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/modules/ngx_http_proxy_module.c ^ |
@@ -3493,7 +3493,8 @@ return NGX_ERROR; } - copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; copy->len = src[i].key.len; size = (sizeof(ngx_http_script_copy_code_t) | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/modules/ngx_http_scgi_module.c ^ |
@@ -1724,7 +1724,8 @@ return NGX_ERROR; } - copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; copy->len = src[i].key.len + 1; copy = ngx_array_push_n(params->lengths, @@ -1733,7 +1734,8 @@ return NGX_ERROR; } - copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; copy->len = src[i].skip_empty; | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/modules/ngx_http_uwsgi_module.c ^ |
@@ -1987,7 +1987,8 @@ return NGX_ERROR; } - copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; copy->len = src[i].key.len; copy = ngx_array_push_n(params->lengths, @@ -1996,7 +1997,8 @@ return NGX_ERROR; } - copy->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + copy->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; copy->len = src[i].skip_empty; | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/ngx_http_request.c ^ |
@@ -923,7 +923,7 @@ SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx)); -#ifdef SSL_CTRL_CLEAR_OPTIONS +#if OPENSSL_VERSION_NUMBER >= 0x009080dfL /* only in 0.9.8m+ */ SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) & ~SSL_CTX_get_options(sscf->ssl.ctx)); | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/ngx_http_script.c ^ |
@@ -695,7 +695,8 @@ return NGX_ERROR; } - code->code = (ngx_http_script_code_pt) ngx_http_script_copy_len_code; + code->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_len_code; code->len = len; size = (sizeof(ngx_http_script_copy_code_t) + len + sizeof(uintptr_t) - 1) @@ -784,7 +785,8 @@ return NGX_ERROR; } - code->code = (ngx_http_script_code_pt) ngx_http_script_copy_var_len_code; + code->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_var_len_code; code->index = (uintptr_t) index; code = ngx_http_script_add_code(*sc->values, @@ -1178,8 +1180,8 @@ return NGX_ERROR; } - code->code = (ngx_http_script_code_pt) - ngx_http_script_copy_capture_len_code; + code->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_copy_capture_len_code; code->n = 2 * n; @@ -1293,7 +1295,8 @@ return NGX_ERROR; } - code->code = (ngx_http_script_code_pt) ngx_http_script_full_name_len_code; + code->code = (ngx_http_script_code_pt) (void *) + ngx_http_script_full_name_len_code; code->conf_prefix = sc->conf_prefix; code = ngx_http_script_add_code(*sc->values, | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/ngx_http_upstream.c ^ |
@@ -2008,6 +2008,18 @@ return; } + if (c->write->ready && c->tcp_nopush == NGX_TCP_NOPUSH_SET) { + if (ngx_tcp_push(c->fd) == -1) { + ngx_log_error(NGX_LOG_CRIT, c->log, ngx_socket_errno, + ngx_tcp_push_n " failed"); + ngx_http_upstream_finalize_request(r, u, + NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + + c->tcp_nopush = NGX_TCP_NOPUSH_UNSET; + } + return; } @@ -2901,7 +2913,8 @@ } if (r->request_body && r->request_body->temp_file - && r == r->main && !r->preserve_body) + && r == r->main && !r->preserve_body + && !u->conf->preserve_output) { ngx_pool_run_cleanup_file(r->pool, r->request_body->temp_file->file.fd); r->request_body->temp_file->file.fd = NGX_INVALID_FILE; | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/v2/ngx_http_v2.c ^ |
@@ -664,6 +664,7 @@ h2c->pool = NULL; h2c->free_frames = NULL; + h2c->frames = 0; h2c->free_fake_connections = NULL; #if (NGX_HTTP_SSL) @@ -2895,7 +2896,7 @@ frame->blocked = 0; - } else { + } else if (h2c->frames < 10000) { pool = h2c->pool ? h2c->pool : h2c->connection->pool; frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t)); @@ -2919,6 +2920,15 @@ frame->last = frame->first; frame->handler = ngx_http_v2_frame_handler; + + h2c->frames++; + + } else { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "http2 flood detected"); + + h2c->connection->error = 1; + return NULL; } #if (NGX_DEBUG) @@ -4471,12 +4481,19 @@ #endif - c->destroyed = 0; - ngx_reusable_connection(c, 0); - h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx, ngx_http_v2_module); + if (h2c->idle++ > 10 * h2scf->max_requests) { + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, + "http2 flood detected"); + ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_NO_ERROR); + return; + } + + c->destroyed = 0; + ngx_reusable_connection(c, 0); + h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log); if (h2c->pool == NULL) { ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_INTERNAL_ERROR); | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/http/v2/ngx_http_v2.h ^ |
@@ -120,6 +120,8 @@ ngx_http_connection_t *http_connection; ngx_uint_t processing; + ngx_uint_t frames; + ngx_uint_t idle; ngx_uint_t pushing; ngx_uint_t concurrent_pushes; | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/os/unix/ngx_user.c ^ |
@@ -21,10 +21,6 @@ struct crypt_data cd; cd.initialized = 0; -#ifdef __GLIBC__ - /* work around the glibc bug */ - cd.current_salt[0] = ~salt[0]; -#endif value = crypt_r((char *) key, (char *) salt, &cd); | ||
[+] | Changed | _service:download_url:nginx-1.14.2.tar.gz/src/stream/ngx_stream_script.c ^ |
@@ -587,7 +587,8 @@ return NGX_ERROR; } - code->code = (ngx_stream_script_code_pt) ngx_stream_script_copy_len_code; + code->code = (ngx_stream_script_code_pt) (void *) + ngx_stream_script_copy_len_code; code->len = len; size = (sizeof(ngx_stream_script_copy_code_t) + len + sizeof(uintptr_t) - 1) @@ -677,8 +678,8 @@ return NGX_ERROR; } - code->code = (ngx_stream_script_code_pt) - ngx_stream_script_copy_var_len_code; + code->code = (ngx_stream_script_code_pt) (void *) + ngx_stream_script_copy_var_len_code; code->index = (uintptr_t) index; code = ngx_stream_script_add_code(*sc->values, @@ -767,8 +768,8 @@ return NGX_ERROR; } - code->code = (ngx_stream_script_code_pt) - ngx_stream_script_copy_capture_len_code; + code->code = (ngx_stream_script_code_pt) (void *) + ngx_stream_script_copy_capture_len_code; code->n = 2 * n; @@ -859,7 +860,7 @@ return NGX_ERROR; } - code->code = (ngx_stream_script_code_pt) + code->code = (ngx_stream_script_code_pt) (void *) ngx_stream_script_full_name_len_code; code->conf_prefix = sc->conf_prefix; | ||
Deleted | _service:download_url:openssl-1.1.0h.tar.gz ^ | |
Added | _service:download_url:openssl-1.1.1b.tar.gz ^ |