Mercurial > hg > nginx-quic

annotate conf/scgi_params @ 7054:e02555553d0b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Range filter: protect from total size overflows. The overflow can be used to circumvent the restriction on total size of ranges introduced in c2a91088b0c0 (1.1.2). Additionally, overflow allows producing ranges with negative start (such ranges can be created by using a suffix, "bytes=-100"; normally this results in 200 due to the total size check). These can result in the following errors in logs: [crit] ... pread() ... failed (22: Invalid argument) [alert] ... sendfile() failed (22: Invalid argument) When using cache, it can be also used to reveal cache file header. It is believed that there are no other negative effects, at least with standard nginx modules. In theory, this can also result in memory disclosure and/or segmentation faults if multiple ranges are allowed, and the response is returned in a single in-memory buffer. This never happens with standard nginx modules though, as well as known 3rd party modules. Fix is to properly protect from possible overflow when incrementing size.
author Maxim Dounin <mdounin@mdounin.ru>
date Tue, 11 Jul 2017 16:06:23 +0300
parents 62869a9b2e7d
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3637
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
1
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
2 scgi_param REQUEST_METHOD $request_method;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
3 scgi_param REQUEST_URI $request_uri;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
4 scgi_param QUERY_STRING $query_string;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
5 scgi_param CONTENT_TYPE $content_type;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
6
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
7 scgi_param DOCUMENT_URI $document_uri;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
8 scgi_param DOCUMENT_ROOT $document_root;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
9 scgi_param SCGI 1;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
10 scgi_param SERVER_PROTOCOL $server_protocol;
6168
62869a9b2e7d Added the REQUEST_SCHEME parameter.
Maxim Dounin <mdounin@mdounin.ru>
parents: 4333
diff changeset
11 scgi_param REQUEST_SCHEME $scheme;
4333
352a7b025f2e Added HTTPS param with Apache-like behaviour to fastcgi/scgi/uwsgi_params (fixes #38).
Valentin Bartenev <vbart@nginx.com>
parents: 3637
diff changeset
12 scgi_param HTTPS $https if_not_empty;
3637
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
13
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
14 scgi_param REMOTE_ADDR $remote_addr;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
15 scgi_param REMOTE_PORT $remote_port;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
16 scgi_param SERVER_PORT $server_port;
d656caa72ec9 ngx_http_scgi_module
Igor Sysoev <igor@sysoev.ru>
parents:
diff changeset
17 scgi_param SERVER_NAME $server_name;