changeset 562:7fa8dc2315bd NGINX_0_8_33

nginx 0.8.33 *) Security: now nginx/Windows ignores trailing spaces in URI. Thanks to Dan Crowley, Core Security Technologies. *) Security: now nginx/Windows ignores short files names. Thanks to Dan Crowley, Core Security Technologies. *) Change: now keepalive connections after POST requests are not disabled for MSIE 7.0+. Thanks to Adam Lounds. *) Workaround: now keepalive connections are disabled for Safari. Thanks to Joshua Sierles. *) Bugfix: if a proxied or FastCGI request was internally redirected to another proxied or FastCGI location, then $upstream_response_time variable may have abnormally large value; the bug had appeared in 0.8.7. *) Bugfix: a segmentation fault might occur in a worker process, while discarding a request body; the bug had appeared in 0.8.11.
author Igor Sysoev <http://sysoev.ru>
date Mon, 01 Feb 2010 00:00:00 +0000
parents 1763c9f30920
children 66adffc35a46
files CHANGES CHANGES.ru src/core/nginx.h src/http/modules/perl/nginx.pm src/http/ngx_http_core_module.c src/http/ngx_http_request.c src/http/ngx_http_request.h src/http/ngx_http_upstream.c
diffstat 8 files changed, 83 insertions(+), 16 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,27 @@
 
+Changes with nginx 0.8.33                                        01 Feb 2010
+
+    *) Security: now nginx/Windows ignores trailing spaces in URI.
+       Thanks to Dan Crowley, Core Security Technologies.
+
+    *) Security: now nginx/Windows ignores short files names.
+       Thanks to Dan Crowley, Core Security Technologies.
+
+    *) Change: now keepalive connections after POST requests are not 
+       disabled for MSIE 7.0+. Thanks to Adam Lounds.
+
+    *) Workaround: now keepalive connections are disabled for Safari. 
+       Thanks to Joshua Sierles.
+
+    *) Bugfix: if a proxied or FastCGI request was internally redirected to 
+       another proxied or FastCGI location, then $upstream_response_time 
+       variable may have abnormally large value; the bug had appeared in 
+       0.8.7.
+
+    *) Bugfix: a segmentation fault might occur in a worker process, while 
+       discarding a request body; the bug had appeared in 0.8.11.
+
+
 Changes with nginx 0.8.32                                        11 Jan 2010
 
     *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module.
@@ -12,11 +35,11 @@ Changes with nginx 0.8.32               
        directive.
        Thanks to Maxim Dounin.
 
-    *) Bugfix: nginx did nor support chunked transfer encoding for 201 
+    *) Bugfix: nginx did not support chunked transfer encoding for 201 
        responses.
        Thanks to Julian Reich.
 
-    *) Bugfix: if the "expires modified" set date in the past, the a 
+    *) Bugfix: if the "expires modified" set date in the past, then a 
        negative number was set in the "Cache-Control" response header 
        line.
        Thanks to Alex Kapranoff.
--- a/CHANGES.ru
+++ b/CHANGES.ru
@@ -1,4 +1,29 @@
 
+Изменения в nginx 0.8.33                                          01.02.2010
+
+    *) Безопасность: теперь nginx/Windows игнорирует пробелы в конце 
+       URI.
+       Спасибо Dan Crowley, Core Security Technologies.
+
+    *) Безопасность: теперь nginx/Windows игнорирует короткие имена 
+       файлов.
+       Спасибо Dan Crowley, Core Security Technologies.
+
+    *) Изменение: теперь keepalive соединения после запросов POST не 
+       запрещаются для MSIE 7.0+. Спасибо Adam Lounds.
+
+    *) Изменение: теперь keepalive соединения запрещены для Safari. Спасибо 
+       Joshua Sierles.
+
+    *) Исправление: если проксированный или FastCGI запрос внутренне 
+       перенаправлялся в другой проксированный или FastCGI location, то 
+       переменная $upstream_response_time могла иметь ненормально большое 
+       значение; ошибка появилась в 0.8.7.
+
+    *) Исправление: в рабочем процессе мог произойти segmentation fault при 
+       отбрасывания тела запроса; ошибка появилась в 0.8.11.
+
+
 Изменения в nginx 0.8.32                                          11.01.2010
 
     *) Исправление: ошибки при использовании кодировки UTF-8 в 
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -8,8 +8,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version         8032
-#define NGINX_VERSION      "0.8.32"
+#define nginx_version         8033
+#define NGINX_VERSION      "0.8.33"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
--- a/src/http/modules/perl/nginx.pm
+++ b/src/http/modules/perl/nginx.pm
@@ -47,7 +47,7 @@ our @EXPORT = qw(
     HTTP_INSUFFICIENT_STORAGE
 );
 
-our $VERSION = '0.8.32';
+our $VERSION = '0.8.33';
 
 require XSLoader;
 XSLoader::load('nginx', $VERSION);
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -783,14 +783,24 @@ ngx_http_handler(ngx_http_request_t *r)
             break;
         }
 
-        if (r->keepalive && r->headers_in.msie && r->method == NGX_HTTP_POST) {
-
-            /*
-             * MSIE may wait for some time if an response for
-             * a POST request was sent over a keepalive connection
-             */
-
-            r->keepalive = 0;
+        if (r->keepalive) {
+
+            if (r->headers_in.msie6) {
+                if (r->method == NGX_HTTP_POST) {
+		    /*
+		     * MSIE may wait for some time if an response for
+		     * a POST request was sent over a keepalive connection
+		     */
+		    r->keepalive = 0;
+                }
+
+            } else if (r->headers_in.safari) {
+                /*
+                 * Safari may send a POST request to a closed keepalive
+                 * connection and stalls for some time
+                 */
+                r->keepalive = 0;
+            }
         }
 
         if (r->headers_in.content_length_n > 0) {
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -788,9 +788,11 @@ ngx_http_process_request_line(ngx_event_
 
             p = r->uri.data + r->uri.len - 1;
 
-            if (*p == '.') {
-
-                while (--p > r->uri.data && *p == '.') { /* void */ }
+            if (*p == '.' || *p == ' ') {
+
+                while (--p > r->uri.data && (*p == '.' || *p == ' ')) {
+                    /* void */
+                }
 
                 r->uri.len = p + 1 - r->uri.data;
 
@@ -1448,6 +1450,9 @@ ngx_http_process_user_agent(ngx_http_req
         } else if (ngx_strstrn(user_agent, "Chrome/", 7 - 1)) {
             r->headers_in.chrome = 1;
 
+        } else if (ngx_strstrn(user_agent, "Safari/", 7 - 1)) {
+            r->headers_in.safari = 1;
+
         } else if (ngx_strstrn(user_agent, "Konqueror", 9 - 1)) {
             r->headers_in.konqueror = 1;
         }
@@ -1997,6 +2002,7 @@ ngx_http_finalize_request(ngx_http_reque
     }
 
     r->done = 1;
+    r->write_event_handler = ngx_http_request_empty_handler;
 
     if (!r->post_action) {
         r->request_complete = 1;
--- a/src/http/ngx_http_request.h
+++ b/src/http/ngx_http_request.h
@@ -220,6 +220,7 @@ typedef struct {
     unsigned                          opera:1;
     unsigned                          gecko:1;
     unsigned                          chrome:1;
+    unsigned                          safari:1;
     unsigned                          konqueror:1;
 } ngx_http_headers_in_t;
 
--- a/src/http/ngx_http_upstream.c
+++ b/src/http/ngx_http_upstream.c
@@ -366,6 +366,7 @@ ngx_http_upstream_create(ngx_http_reques
         r->main->count++;
         ngx_http_upstream_cleanup(r);
         *u->cleanup = NULL;
+        u->cleanup = NULL;
     }
 
     u = ngx_pcalloc(r->pool, sizeof(ngx_http_upstream_t));
@@ -2856,6 +2857,7 @@ ngx_http_upstream_finalize_request(ngx_h
 
     if (u->cleanup) {
         *u->cleanup = NULL;
+        u->cleanup = NULL;
     }
 
     if (u->resolved && u->resolved->ctx) {