nginx-devel February 2020

nginx-devel@nginx.org

18 participants
49 discussions

by Maxim Dounin

Hello! On Tue, Sep 18, 2018 at 08:12:20AM -0400, Thomas Ward wrote: > Downstream in Ubuntu, it has been proposed to demote pcre3 and > use pcre2 instead as it is newer. > https://trac.nginx.org/nginx/ticket/720 shows it was marked 4 > years ago that NGINX does not support pcre2. Are there any > plans to use pcre2 instead of pcre3? There are no immediate plans. When we last checked, there were no problems with PCRE, but PCRE2 wasn't available in most distributions we support, making the switch mostly meaningless. Also, it looks like PCRE2 is still not supported even by Exim, which is the parent project of PCRE and PCRE2: https://bugs.exim.org/show_bug.cgi?id=1878 As such, adding PCRE2 support to nginx looks premature. -- Maxim Dounin http://mdounin.ru/

10 months

cache: move open to thread pool

by Ka-Hing Cheung

commit 0bcfefa040abdff674047c15701d237ff16a5f2b Author: Ka-Hing Cheung <kahing(a)cloudflare.com> Date: Fri Aug 3 13:37:58 2018 -0700 move open to thread pool At cloudflare we found that open() can block a long time, especially at p99 and p999. Moving it to thread pool improved overall p99 by 6x or so during peak time. This has the side effect of disabling nginx's open_file_cache when "aio threads" is turned on. For us we found that to have no impact (probably because we have way too many files for open file cache to be effective anyway). thread pool does increase CPU usage somewhat but we have not measured difference in CPU usage for stock "aio threads" compared to after this patch. Only the cache hit open() is moved to thread pool. We wrote more about it here: https://blog.cloudflare.com/how-we-scaled-nginx-and-saved-the-world-54-year… diff --git src/core/ngx_open_file_cache.c src/core/ngx_open_file_cache.c index b23ee78d..9177ebfd 100644 --- src/core/ngx_open_file_cache.c +++ src/core/ngx_open_file_cache.c @@ -35,8 +35,6 @@ static ngx_fd_t ngx_open_file_wrapper(ngx_str_t *name, ngx_int_t access, ngx_log_t *log); static ngx_int_t ngx_file_info_wrapper(ngx_str_t *name, ngx_open_file_info_t *of, ngx_file_info_t *fi, ngx_log_t *log); -static ngx_int_t ngx_open_and_stat_file(ngx_str_t *name, - ngx_open_file_info_t *of, ngx_log_t *log); static void ngx_open_file_add_event(ngx_open_file_cache_t *cache, ngx_cached_open_file_t *file, ngx_open_file_info_t *of, ngx_log_t *log); static void ngx_open_file_cleanup(void *data); @@ -836,7 +834,7 @@ ngx_file_info_wrapper(ngx_str_t *name, ngx_open_file_info_t *of, } -static ngx_int_t +ngx_int_t ngx_open_and_stat_file(ngx_str_t *name, ngx_open_file_info_t *of, ngx_log_t *log) { diff --git src/core/ngx_open_file_cache.h src/core/ngx_open_file_cache.h index d119c129..94b4d552 100644 --- src/core/ngx_open_file_cache.h +++ src/core/ngx_open_file_cache.h @@ -124,6 +124,8 @@ ngx_open_file_cache_t *ngx_open_file_cache_init(ngx_pool_t *pool, ngx_uint_t max, time_t inactive); ngx_int_t ngx_open_cached_file(ngx_open_file_cache_t *cache, ngx_str_t *name, ngx_open_file_info_t *of, ngx_pool_t *pool); +ngx_int_t ngx_open_and_stat_file(ngx_str_t *name, + ngx_open_file_info_t *of, ngx_log_t *log); #endif /* _NGX_OPEN_FILE_CACHE_H_INCLUDED_ */ diff --git src/http/ngx_http_cache.h src/http/ngx_http_cache.h index f9e96640..2910f6a1 100644 --- src/http/ngx_http_cache.h +++ src/http/ngx_http_cache.h @@ -114,6 +114,7 @@ struct ngx_http_cache_s { unsigned exists:1; unsigned temp_file:1; unsigned purged:1; + unsigned opening:1; unsigned reading:1; unsigned secondary:1; unsigned background:1; diff --git src/http/ngx_http_file_cache.c src/http/ngx_http_file_cache.c index 56866fa4..9cb110bf 100644 --- src/http/ngx_http_file_cache.c +++ src/http/ngx_http_file_cache.c @@ -18,6 +18,10 @@ static void ngx_http_file_cache_lock_wait(ngx_http_request_t *r, ngx_http_cache_t *c); static ngx_int_t ngx_http_file_cache_read(ngx_http_request_t *r, ngx_http_cache_t *c); +static ngx_int_t ngx_http_file_cache_aio_open(ngx_http_request_t *r, + ngx_http_cache_t *c, ngx_int_t *rv); +static ngx_int_t ngx_http_file_cache_do_aio_open(ngx_http_request_t *r, + ngx_http_cache_t *c, ngx_open_file_info_t *of, ngx_int_t *rv); static ssize_t ngx_http_file_cache_aio_read(ngx_http_request_t *r, ngx_http_cache_t *c); #if (NGX_HAVE_FILE_AIO) @@ -268,9 +272,7 @@ ngx_http_file_cache_open(ngx_http_request_t *r) ngx_uint_t test; ngx_http_cache_t *c; ngx_pool_cleanup_t *cln; - ngx_open_file_info_t of; ngx_http_file_cache_t *cache; - ngx_http_core_loc_conf_t *clcf; c = r->cache; @@ -278,6 +280,10 @@ ngx_http_file_cache_open(ngx_http_request_t *r) return NGX_AGAIN; } + if (c->opening) { + return ngx_http_file_cache_aio_open(r, c, &rv); + } + if (c->reading) { return ngx_http_file_cache_read(r, c); } @@ -343,23 +349,33 @@ ngx_http_file_cache_open(ngx_http_request_t *r) goto done; } - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + return ngx_http_file_cache_aio_open(r, c, &rv); - ngx_memzero(&of, sizeof(ngx_open_file_info_t)); +done: - of.uniq = c->uniq; - of.valid = clcf->open_file_cache_valid; - of.min_uses = clcf->open_file_cache_min_uses; - of.events = clcf->open_file_cache_events; - of.directio = NGX_OPEN_FILE_DIRECTIO_OFF; - of.read_ahead = clcf->read_ahead; + if (rv == NGX_DECLINED) { + return ngx_http_file_cache_lock(r, c); + } - if (ngx_open_cached_file(clcf->open_file_cache, &c->file.name, &of, r->pool) - != NGX_OK) - { - switch (of.err) { + return rv; +} + +static ngx_int_t +ngx_http_file_cache_aio_open(ngx_http_request_t *r, ngx_http_cache_t *c, + ngx_int_t *rv) +{ + ngx_int_t rc; + ngx_open_file_info_t of; + ngx_http_file_cache_t *cache = c->file_cache; - case 0: + rc = ngx_http_file_cache_do_aio_open(r, c, &of, rv); + if (rc == NGX_AGAIN) { + return rc; + } + + if (rc != NGX_OK) { + switch (of.err) { + case NGX_OK: return NGX_ERROR; case NGX_ENOENT: @@ -391,14 +407,13 @@ ngx_http_file_cache_open(ngx_http_request_t *r) done: - if (rv == NGX_DECLINED) { + if (*rv == NGX_DECLINED) { return ngx_http_file_cache_lock(r, c); } - return rv; + return *rv; } - static ngx_int_t ngx_http_file_cache_lock(ngx_http_request_t *r, ngx_http_cache_t *c) { @@ -663,6 +678,127 @@ ngx_http_file_cache_read(ngx_http_request_t *r, ngx_http_cache_t *c) } +#if (NGX_THREADS) +typedef struct { + ngx_str_t name; + ngx_pool_t *pool; + ngx_open_file_info_t of; + ngx_int_t rv; +} ngx_thread_file_open_ctx_t; + +static void +ngx_http_file_cache_thread_open_handler(void *data, ngx_log_t *log) +{ + ngx_thread_file_open_ctx_t *ctx = data; + ngx_pool_t *pool = ctx->pool; + ngx_open_file_info_t *of = &ctx->of; + ngx_pool_cleanup_t *cln; + ngx_pool_cleanup_file_t *clnf; + ngx_int_t rc; + + ngx_log_debug0(NGX_LOG_DEBUG_CORE, log, 0, "thread read handler"); + + cln = ngx_pool_cleanup_add(pool, sizeof(ngx_pool_cleanup_file_t)); + if (cln == NULL) { + ctx->of.err = NGX_ERROR; + return; + } + + of->fd = NGX_INVALID_FILE; + + rc = ngx_open_and_stat_file(&ctx->name, of, pool->log); + if (rc == NGX_OK && !of->is_dir) { + cln->handler = ngx_pool_cleanup_file; + clnf = cln->data; + + clnf->fd = of->fd; + clnf->name = ctx->name.data; + clnf->log = pool->log; + } +} + + +static ngx_int_t +ngx_http_file_cache_thread_open(ngx_http_cache_t *c, ngx_open_file_info_t *of, + ngx_int_t *rv, ngx_pool_t *pool) +{ + ngx_thread_task_t *task; + ngx_thread_file_open_ctx_t *ctx; + ngx_file_t *file = &c->file; + + task = file->thread_task; + + if (task == NULL) { + task = ngx_thread_task_alloc(pool, sizeof(ngx_thread_file_open_ctx_t)); + if (task == NULL) { + return NGX_ERROR; + } + + file->thread_task = task; + } + + ctx = task->ctx; + + if (task->event.complete) { + task->event.complete = 0; + + *of = ctx->of; + *rv = ctx->rv; + return of->err; + } + + task->handler = ngx_http_file_cache_thread_open_handler; + + ctx->pool = pool; + ctx->name = file->name; + ctx->of = *of; + ctx->rv = *rv; + + if (file->thread_handler(task, file) != NGX_OK) { + return NGX_ERROR; + } + + return NGX_AGAIN; +} +#endif + +static ngx_int_t +ngx_http_file_cache_do_aio_open(ngx_http_request_t *r, ngx_http_cache_t *c, + ngx_open_file_info_t *of, ngx_int_t *rv) +{ + ngx_http_core_loc_conf_t *clcf; + + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + ngx_memzero(of, sizeof(ngx_open_file_info_t)); + + of->uniq = c->uniq; + of->valid = clcf->open_file_cache_valid; + of->min_uses = clcf->open_file_cache_min_uses; + of->events = clcf->open_file_cache_events; + of->directio = NGX_OPEN_FILE_DIRECTIO_OFF; + of->read_ahead = clcf->read_ahead; + +#if (NGX_THREADS) + if (clcf->aio == NGX_HTTP_AIO_THREADS) { + ngx_int_t rc; + + c->file.thread_task = c->thread_task; + c->file.thread_handler = ngx_http_cache_thread_handler; + c->file.thread_ctx = r; + + rc = ngx_http_file_cache_thread_open(c, of, rv, r->pool); + + c->thread_task = c->file.thread_task; + c->opening = (rc == NGX_AGAIN); + + return rc; + } +#endif + + return ngx_open_cached_file(clcf->open_file_cache, &c->file.name, of, r->pool); +} + static ssize_t ngx_http_file_cache_aio_read(ngx_http_request_t *r, ngx_http_cache_t *c) {

1 year

[PATCH] Ensured SIGQUIT deletes listening UNIX socket files.

by Thibault Charbonnier

# HG changeset patch # User Thibault Charbonnier <thibaultcha(a)me.com> # Date 1582764433 28800 # Wed Feb 26 16:47:13 2020 -0800 # Node ID 55ea1a9197a6f28d4da00909e5ea8585f6a08239 # Parent 4f18393a1d51bce6103ea2f1b2587900f349ba3d Ensured SIGQUIT deletes listening UNIX socket files. Prior to this patch, the SIGQUIT signal handling (graceful shutdown) did not remove UNIX socket files since ngx_master_process_cycle reimplemented listening socket closings in lieu of using ngx_close_listening_sockets. Since ngx_master_process_exit will call the aforementioned ngx_close_listening_sockets, we can remove the custom implementation and now expect listening sockets to be closed properly by ngx_close_listening_sockets instead. This fixes the trac issue #753 (https://trac.nginx.org/nginx/ticket/753). diff -r 4f18393a1d51 -r 55ea1a9197a6 src/os/unix/ngx_process_cycle.c --- a/src/os/unix/ngx_process_cycle.c Thu Feb 20 16:51:07 2020 +0300 +++ b/src/os/unix/ngx_process_cycle.c Wed Feb 26 16:47:13 2020 -0800 @@ -77,12 +77,11 @@ u_char *p; size_t size; ngx_int_t i; - ngx_uint_t n, sigio; + ngx_uint_t sigio; sigset_t set; struct itimerval itv; ngx_uint_t live; ngx_msec_t delay; - ngx_listening_t *ls; ngx_core_conf_t *ccf; sigemptyset(&set); @@ -205,16 +204,6 @@ ngx_signal_worker_processes(cycle, ngx_signal_value(NGX_SHUTDOWN_SIGNAL)); - ls = cycle->listening.elts; - for (n = 0; n < cycle->listening.nelts; n++) { - if (ngx_close_socket(ls[n].fd) == -1) { - ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_socket_errno, - ngx_close_socket_n " %V failed", - &ls[n].addr_text); - } - } - cycle->listening.nelts = 0; - continue; }

2 years, 2 months

Dynamic Modules - Support CXXFLAGS

by Patrik Mada

Dear NGINX developers, we are using C++ dynamic modules in our NGINX based servers, while multiple Debian distributions have to be supported. On older Debian distributions it is impossible to use more recent C++ standard, due to build defaulting to system provided clang package. Our developers stood before decision to either create wrappers around modern C++ libraries which would be compliant with older standards or write the entire logic using obsolete featureless language. Neither of these approaches is sustainable in terms of developers' productivity and long term maintenance. Would it be possible to consider a change in dynamic modules' build system, so that C++ flags may be provided? We propose a low intrusive changes concerning 3 files. The changes are backwards compatible: if CXX is not provided by an user, the build uses CC instead (as well as CFLAGS instead of CXXFLAGS). Would you be so kind and share your opinion on those? Please find attachment provided bellow (the patch was created using Quilt). Best Regards, Patrik Mada Je dobré vědět, že tento e-mail a přílohy jsou důvěrné. Pokud spolu jednáme o uzavření obchodu, vyhrazujeme si právo naše jednání kdykoli ukončit. Pro fanoušky právní mluvy - vylučujeme tím ustanovení občanského zákoníku o předsmluvní odpovědnosti. Pravidla o tom, kdo u nás a jak vystupuje za společnost a kdo může co a jak podepsat naleznete zde<https://onas.seznam.cz/cz/podpisovy-rad-cz.html> You should know that this e-mail and its attachments are confidential. If we are negotiating on the conclusion of a transaction, we reserve the right to terminate the negotiations at any time. For fans of legalese—we hereby exclude the provisions of the Civil Code on pre-contractual liability. The rules about who and how may act for the company and what are the signing procedures can be found here<https://onas.seznam.cz/cz/podpisovy-rad-cz.html>.

2 years, 5 months

[njs] Fixed njs_date_string().

by Dmitry Volyntsev

details: https://hg.nginx.org/njs/rev/3f094214cd64 branches: changeset: 1342:3f094214cd64 user: Dmitry Volyntsev <xeioex(a)nginx.com> date: Fri Feb 28 18:56:24 2020 +0300 description: Fixed njs_date_string(). This closes #292 issue on Github. diffstat: src/njs_date.c | 2 +- src/test/njs_unit_test.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletions(-) diffs (25 lines): diff -r ee5fa0d312df -r 3f094214cd64 src/njs_date.c --- a/src/njs_date.c Thu Jan 30 21:14:30 2020 +0800 +++ b/src/njs_date.c Fri Feb 28 18:56:24 2020 +0300 @@ -1157,7 +1157,7 @@ njs_date_string(njs_vm_t *vm, njs_value_ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; if (njs_slow_path(isnan(time))) { - vm->retval = njs_string_invalid_date; + *retval = njs_string_invalid_date; return NJS_OK; } diff -r ee5fa0d312df -r 3f094214cd64 src/test/njs_unit_test.c --- a/src/test/njs_unit_test.c Thu Jan 30 21:14:30 2020 +0800 +++ b/src/test/njs_unit_test.c Fri Feb 28 18:56:24 2020 +0300 @@ -13270,6 +13270,9 @@ static njs_unit_test_t njs_test[] = { njs_str("new Date(8.65e15)"), njs_str("Invalid Date") }, + { njs_str("njs.dump([new Date(8.65e15)])"), + njs_str("[Invalid Date]") }, + { njs_str("new Date(0e0.o0)"), njs_str("Invalid Date") },

2 years, 5 months

[nginx] Added default overwrite in error_page 494.

by Maxim Dounin

details: https://hg.nginx.org/nginx/rev/f001d9384293 branches: changeset: 7630:f001d9384293 user: Maxim Dounin <mdounin(a)mdounin.ru> date: Fri Feb 28 17:21:18 2020 +0300 description: Added default overwrite in error_page 494. We used to have default error_page overwrite for 495, 496, and 497, so a configuration like error_page 495 /error; will result in error 400, much like without any error_page configured. The 494 status code was introduced later (in 3848:de59ad6bf557, nginx 0.9.4), and relevant changes to ngx_http_core_error_page() were missed, resulting in inconsistent behaviour of "error_page 494" - with error_page configured it results in 494 being returned instead of 400. Reported by Frank Liu, http://mailman.nginx.org/pipermail/nginx/2020-February/058957.html. diffstat: src/http/ngx_http_core_module.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (11 lines): diff -r f47f7d3d1bfa -r f001d9384293 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Wed Feb 26 15:10:46 2020 +0300 +++ b/src/http/ngx_http_core_module.c Fri Feb 28 17:21:18 2020 +0300 @@ -4687,6 +4687,7 @@ ngx_http_core_error_page(ngx_conf_t *cf, case NGX_HTTP_TO_HTTPS: case NGX_HTTPS_CERT_ERROR: case NGX_HTTPS_NO_CERT: + case NGX_HTTP_REQUEST_HEADER_TOO_LARGE: err->overwrite = NGX_HTTP_BAD_REQUEST; } }

2 years, 5 months

nginx for Windows - WSASend() socket error 10057

by Yury Shpakov

Hi there, Trying to make nginx work as SMTP server and/or SMTP proxy. Done everything according to: http://nginx.org/en/docs/howto_build_on_win32.html But excluded (don't care about SSL at this point so don't want to install/configure Perl now): --with-openssl=objs/lib/openssl-master \ --with-openssl-opt=no-asm \ --with-http_ssl_module \ And added: --with-mail nmake was successful and nginx.exe was created. However nginx.exe keeps failing with the error: WSASend() failed (10057: A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using a sendto call) no address was supplied) while in http auth state, client: 127.0.0.1, server: 0.0.0.0:8025 Windows API says the following about this error: WSAENOTCONN 10057 Socket is not connected. A request to send or receive data was disallowed because the socket is not connected and (when sending on a datagram socket using sendto<https://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-sen…>) no address was supplied. Any other type of operation might also return this error—for example, setsockopt<https://docs.microsoft.com/en-us/windows/desktop/api/winsock/nf-winsock-set…> setting SO_KEEPALIVE<https://docs.microsoft.com/en-us/windows/desktop/winsock/so-keepalive> if the connection has been reset. https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-erro… Windows Sockets Error Codes (Winsock2.h) - Win32 apps | Microsoft Docs<https://docs.microsoft.com/en-us/windows/win32/winsock/windows-sockets-erro…> Return code/value Description; WSA_INVALID_HANDLE 6: Specified event object handle is invalid. An application attempts to use an event object, but the specified handle is not valid. docs.microsoft.com Managed to debug your code in VS 2010 a little bit but it's brutal C so it's hard to figure your code out. And this debugger doesn't show you any local variables values. Any recommendation for me to make it work? Tried to play with config (commenting/uncommenting): #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } mail { server_name localhost; auth_http localhost:9000/cgi-bin/nginxauth.cgi; # auth_http none; smtp_auth none; # smtp_auth login plain cram-md5; # smtp_capabilities "SIZE 10485760" ENHANCEDSTATUSCODES 8BITMIME DSN; xclient off; server { listen 8025; protocol smtp; proxy on; proxy_pass_error_message on; } } Tried both under a regular user and under admin. Tried on 25, 1025 and 8025 ports. Thank you, Yury

2 years, 5 months

[njs] Fixed non-native module importing.

by Dmitry Volyntsev

details: https://hg.nginx.org/njs/rev/ee5fa0d312df branches: changeset: 1341:ee5fa0d312df user: hongzhidao <hongzhidao(a)gmail.com> date: Thu Jan 30 21:14:30 2020 +0800 description: Fixed non-native module importing. Previously, string from "import statement" was used as a key in a hash to keep track of already loaded modules. This works fine for built-in modules. It can cause an issue when different modules from different paths but with identical names are loaded. This patch avoids the issue by using a full path to a file as a key. This closes #282 issue on GitHub. diffstat: src/njs_module.c | 20 ++++++++++++++------ test/module/lib1.js | 3 ++- test/module/libs/hash.js | 3 ++- test/module/libs/name.js | 1 + test/module/name.js | 1 + test/module/normal.js | 10 ++++++++++ test/module/recursive.js | 4 +--- test/njs_expect_test.exp | 8 ++++---- 8 files changed, 35 insertions(+), 15 deletions(-) diffs (176 lines): diff -r 3313d0d593a0 -r ee5fa0d312df src/njs_module.c --- a/src/njs_module.c Thu Feb 27 14:30:14 2020 +0300 +++ b/src/njs_module.c Thu Jan 30 21:14:30 2020 +0800 @@ -113,7 +113,7 @@ njs_parser_module(njs_vm_t *vm, njs_pars parser->node = NULL; module = njs_module_find(vm, &name, 0); - if (module != NULL) { + if (module != NULL && module->function.native) { goto found; } @@ -138,18 +138,24 @@ njs_parser_module(njs_vm_t *vm, njs_pars goto fail; } + module = njs_module_find(vm, &info.file, 0); + if (module != NULL) { + (void) close(info.fd); + goto found; + } + ret = njs_module_read(vm, info.fd, &text); (void) close(info.fd); if (njs_slow_path(ret != NJS_OK)) { - njs_internal_error(vm, "while reading \"%V\" module", &name); + njs_internal_error(vm, "while reading \"%V\" module", &info.file); goto fail; } if (njs_module_realpath_equal(&prev->file, &info.file)) { njs_parser_syntax_error(vm, parser, "Cannot import itself \"%V\"", - &name); + &info.file); goto fail; } @@ -171,7 +177,7 @@ njs_parser_module(njs_vm_t *vm, njs_pars goto fail; } - module = njs_module_add(vm, &name); + module = njs_module_add(vm, &info.file); if (njs_slow_path(module == NULL)) { goto fail; } @@ -229,7 +235,8 @@ njs_module_lookup(njs_vm_t *vm, const nj } ret = njs_module_relative_path(vm, cwd, info); - if (ret == NJS_OK) { + + if (ret != NJS_DECLINED) { return ret; } @@ -241,7 +248,8 @@ njs_module_lookup(njs_vm_t *vm, const nj for (i = 0; i < vm->paths->items; i++) { ret = njs_module_relative_path(vm, path, info); - if (ret == NJS_OK) { + + if (ret != NJS_DECLINED) { return ret; } diff -r 3313d0d593a0 -r ee5fa0d312df test/module/lib1.js --- a/test/module/lib1.js Thu Feb 27 14:30:14 2020 +0300 +++ b/test/module/lib1.js Thu Jan 30 21:14:30 2020 +0800 @@ -10,6 +10,7 @@ function hash() { return v; } +import hashlib from 'hash.js'; import crypto from 'crypto'; var state = {count:0} @@ -22,4 +23,4 @@ function get() { return state.count; } -export default {hash, inc, get}; +export default {hash, inc, get, name: hashlib.name} diff -r 3313d0d593a0 -r ee5fa0d312df test/module/libs/hash.js --- a/test/module/libs/hash.js Thu Feb 27 14:30:14 2020 +0300 +++ b/test/module/libs/hash.js Thu Jan 30 21:14:30 2020 +0800 @@ -4,6 +4,7 @@ function hash() { return v; } +import name from 'name.js'; import crypto from 'crypto'; -export default {hash}; +export default {hash, name}; diff -r 3313d0d593a0 -r ee5fa0d312df test/module/libs/name.js --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/module/libs/name.js Thu Jan 30 21:14:30 2020 +0800 @@ -0,0 +1,1 @@ +export default 'libs.name'; diff -r 3313d0d593a0 -r ee5fa0d312df test/module/name.js --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/module/name.js Thu Jan 30 21:14:30 2020 +0800 @@ -0,0 +1,1 @@ +export default 'name'; diff -r 3313d0d593a0 -r ee5fa0d312df test/module/normal.js --- a/test/module/normal.js Thu Feb 27 14:30:14 2020 +0300 +++ b/test/module/normal.js Thu Jan 30 21:14:30 2020 +0800 @@ -1,3 +1,4 @@ +import name from 'name.js'; import lib1 from 'lib1.js'; import lib2 from 'lib2.js'; import lib1_2 from 'lib1.js'; @@ -7,6 +8,15 @@ var h = crypto.createHash('md5'); var hash = h.update('AB').digest('hex'); var fails = 0; + +if (name != 'name') { + fails++; +} + +if (lib1.name != 'libs.name') { + fails++; +} + if (lib1.hash() != hash) { fails++; } diff -r 3313d0d593a0 -r ee5fa0d312df test/module/recursive.js --- a/test/module/recursive.js Thu Feb 27 14:30:14 2020 +0300 +++ b/test/module/recursive.js Thu Jan 30 21:14:30 2020 +0800 @@ -1,3 +1,1 @@ - - -import lib from './recursive.js'; +import lib from 'recursive.js'; diff -r 3313d0d593a0 -r ee5fa0d312df test/njs_expect_test.exp --- a/test/njs_expect_test.exp Thu Feb 27 14:30:14 2020 +0300 +++ b/test/njs_expect_test.exp Thu Jan 30 21:14:30 2020 +0800 @@ -757,13 +757,13 @@ njs_run {"-p" "test/module" "-p" "test/m "passed!" njs_run {"./test/module/normal.js"} \ - "SyntaxError: Cannot find module \"hash.js\" in sub2.js:5" + "SyntaxError: Cannot find module \"hash.js\" in lib1.js:13" njs_run {"-p" "test/module/libs" "./test/module/exception.js"} \ "at error \\(sub1.js:5\\)" njs_run {"-p" "test/module" "./test/module/recursive.js"} \ - "SyntaxError: Cannot import itself \"./recursive.js\" in recursive.js:3" + "SyntaxError: Cannot import itself \"./test/module/recursive.js\" in recursive.js:1" # CLI OPTIONS @@ -843,7 +843,7 @@ njs_test { "Error: loading exception\r\n at module \\(loading_exception.js:1\\)"} {"import lib3 from 'lib1.js'\r\n" "undefined\r\n"} -} "-p test/module/" +} "-p test/module/ -p test/module/libs/" njs_test { {"import m from 'export_name.js'\r\n" @@ -861,7 +861,7 @@ njs_test { } "-p test/module/" njs_run {"-q" "./test/module/normal.js"} \ - "SyntaxError: Cannot find module \"hash.js\" in 5" + "SyntaxError: Cannot find module \"hash.js\" in 13" njs_run {"-p" "test/module/libs/" "-d" "./test/module/normal.js"} \ "passed!"

2 years, 5 months

[nginx] Mp4: fixed possible chunk offset overflow.

by Roman Arutyunyan

details: https://hg.nginx.org/nginx/rev/f47f7d3d1bfa branches: changeset: 7629:f47f7d3d1bfa user: Roman Arutyunyan <arut(a)nginx.com> date: Wed Feb 26 15:10:46 2020 +0300 description: Mp4: fixed possible chunk offset overflow. In "co64" atom chunk start offset is a 64-bit unsigned integer. When trimming the "mdat" atom, chunk offsets are casted to off_t values which are typically 64-bit signed integers. A specially crafted mp4 file with huge chunk offsets may lead to off_t overflow and result in negative trim boundaries. The consequences of the overflow are: - Incorrect Content-Length header value in the response. - Negative left boundary of the response file buffer holding the trimmed "mdat". This leads to pread()/sendfile() errors followed by closing the client connection. On rare systems where off_t is a 32-bit integer, this scenario is also feasible with the "stco" atom. The fix is to add checks which make sure data chunks referenced by each track are within the mp4 file boundaries. Additionally a few more checks are added to ensure mp4 file consistency and log errors. diffstat: src/http/modules/ngx_http_mp4_module.c | 75 +++++++++++++++++++++++++++++---- 1 files changed, 64 insertions(+), 11 deletions(-) diffs (134 lines): diff -r 2e3bfd696ecb -r f47f7d3d1bfa src/http/modules/ngx_http_mp4_module.c --- a/src/http/modules/ngx_http_mp4_module.c Thu Feb 27 19:03:21 2020 +0300 +++ b/src/http/modules/ngx_http_mp4_module.c Wed Feb 26 15:10:46 2020 +0300 @@ -3116,6 +3116,13 @@ ngx_http_mp4_update_stsz_atom(ngx_http_m "chunk samples sizes:%uL", trak->start_chunk_samples_size); + if (trak->start_chunk_samples_size > (uint64_t) mp4->end) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large mp4 start samples size in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + if (mp4->length) { if (trak->end_sample - trak->start_sample > entries) { ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, @@ -3135,6 +3142,13 @@ ngx_http_mp4_update_stsz_atom(ngx_http_m ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 stsz end_chunk_samples_size:%uL", trak->end_chunk_samples_size); + + if (trak->end_chunk_samples_size > (uint64_t) mp4->end) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large mp4 end samples size in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } } atom_size = sizeof(ngx_mp4_stsz_atom_t) + (data->last - data->pos); @@ -3226,6 +3240,7 @@ ngx_http_mp4_update_stco_atom(ngx_http_m { size_t atom_size; uint32_t entries; + uint64_t chunk_offset, samples_size; ngx_buf_t *atom, *data; ngx_mp4_stco_atom_t *stco_atom; @@ -3256,8 +3271,19 @@ ngx_http_mp4_update_stco_atom(ngx_http_m data->pos += trak->start_chunk * sizeof(uint32_t); - trak->start_offset = ngx_mp4_get_32value(data->pos); - trak->start_offset += trak->start_chunk_samples_size; + chunk_offset = ngx_mp4_get_32value(data->pos); + samples_size = trak->start_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size + || chunk_offset + samples_size > NGX_MAX_UINT32_VALUE) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->start_offset = chunk_offset + samples_size; ngx_mp4_set_32value(data->pos, trak->start_offset); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, @@ -3276,9 +3302,19 @@ ngx_http_mp4_update_stco_atom(ngx_http_m data->last = data->pos + entries * sizeof(uint32_t); if (entries) { - trak->end_offset = - ngx_mp4_get_32value(data->last - sizeof(uint32_t)); - trak->end_offset += trak->end_chunk_samples_size; + chunk_offset = ngx_mp4_get_32value(data->last - sizeof(uint32_t)); + samples_size = trak->end_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size + || chunk_offset + samples_size > NGX_MAX_UINT32_VALUE) + { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->end_offset = chunk_offset + samples_size; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "end chunk offset:%O", trak->end_offset); @@ -3409,7 +3445,7 @@ ngx_http_mp4_update_co64_atom(ngx_http_m ngx_http_mp4_trak_t *trak) { size_t atom_size; - uint64_t entries; + uint64_t entries, chunk_offset, samples_size; ngx_buf_t *atom, *data; ngx_mp4_co64_atom_t *co64_atom; @@ -3440,8 +3476,17 @@ ngx_http_mp4_update_co64_atom(ngx_http_m data->pos += trak->start_chunk * sizeof(uint64_t); - trak->start_offset = ngx_mp4_get_64value(data->pos); - trak->start_offset += trak->start_chunk_samples_size; + chunk_offset = ngx_mp4_get_64value(data->pos); + samples_size = trak->start_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->start_offset = chunk_offset + samples_size; ngx_mp4_set_64value(data->pos, trak->start_offset); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, @@ -3460,9 +3505,17 @@ ngx_http_mp4_update_co64_atom(ngx_http_m data->last = data->pos + entries * sizeof(uint64_t); if (entries) { - trak->end_offset = - ngx_mp4_get_64value(data->last - sizeof(uint64_t)); - trak->end_offset += trak->end_chunk_samples_size; + chunk_offset = ngx_mp4_get_64value(data->last - sizeof(uint64_t)); + samples_size = trak->end_chunk_samples_size; + + if (chunk_offset > (uint64_t) mp4->end - samples_size) { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "too large chunk offset in \"%s\"", + mp4->file.name.data); + return NGX_ERROR; + } + + trak->end_offset = chunk_offset + samples_size; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "end chunk offset:%O", trak->end_offset);

2 years, 5 months

[nginx] Disabled connection reuse while in SSL handshake.

by Sergey Kandaurov

details: https://hg.nginx.org/nginx/rev/2e3bfd696ecb branches: changeset: 7628:2e3bfd696ecb user: Sergey Kandaurov <pluknet(a)nginx.com> date: Thu Feb 27 19:03:21 2020 +0300 description: Disabled connection reuse while in SSL handshake. During SSL handshake, the connection could be reused in the OCSP stapling callback, if configured, which subsequently leads to a segmentation fault. diffstat: src/http/ngx_http_request.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (21 lines): diff -r 4f18393a1d51 -r 2e3bfd696ecb src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Thu Feb 20 16:51:07 2020 +0300 +++ b/src/http/ngx_http_request.c Thu Feb 27 19:03:21 2020 +0300 @@ -748,6 +748,8 @@ ngx_http_ssl_handshake(ngx_event_t *rev) return; } + ngx_reusable_connection(c, 0); + rc = ngx_ssl_handshake(c); if (rc == NGX_AGAIN) { @@ -756,8 +758,6 @@ ngx_http_ssl_handshake(ngx_event_t *rev) ngx_add_timer(rev, c->listening->post_accept_timeout); } - ngx_reusable_connection(c, 0); - c->ssl->handler = ngx_http_ssl_handshake_handler; return; }

2 years, 5 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

nginx-devel February 2020