Mercurial > hg > nginx
view src/core/ngx_string.h @ 6874:7cc2d3a96ea3
Fixed trailer construction with limit on FreeBSD and macOS.
The ngx_chain_coalesce_file() function may produce more bytes to send then
requested in the limit passed, as it aligns the last file position
to send to memory page boundary. As a result, (limit - send) may become
negative. This resulted in big positive number when converted to size_t
while calling ngx_output_chain_to_iovec().
Another part of the problem is in ngx_chain_coalesce_file(): it changes cl
to the next chain link even if the current buffer is only partially sent
due to limit.
Therefore, if a file buffer was not expected to be fully sent due to limit,
and was followed by a memory buffer, nginx called sendfile() with a part
of the file buffer, and the memory buffer in trailer. If there were enough
room in the socket buffer, this resulted in a part of the file buffer being
skipped, and corresponding part of the memory buffer sent instead.
The bug was introduced in 8e903522c17a (1.7.8). Configurations affected
are ones using limits, that is, limit_rate and/or sendfile_max_chunk, and
memory buffers after file ones (may happen when using subrequests or
with proxying with disk buffering).
Fix is to explicitly check if (send < limit) before constructing trailer
with ngx_output_chain_to_iovec(). Additionally, ngx_chain_coalesce_file()
was modified to preserve unfinished file buffers in cl.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 20 Jan 2017 21:12:48 +0300 |
| parents | 33c08d7e2915 |
| children | 874171c3c71a |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_STRING_H_INCLUDED_ #define _NGX_STRING_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> typedef struct { size_t len; u_char *data; } ngx_str_t; typedef struct { ngx_str_t key; ngx_str_t value; } ngx_keyval_t; typedef struct { unsigned len:28; unsigned valid:1; unsigned no_cacheable:1; unsigned not_found:1; unsigned escape:1; u_char *data; } ngx_variable_value_t; #define ngx_string(str) { sizeof(str) - 1, (u_char *) str } #define ngx_null_string { 0, NULL } #define ngx_str_set(str, text) \ (str)->len = sizeof(text) - 1; (str)->data = (u_char *) text #define ngx_str_null(str) (str)->len = 0; (str)->data = NULL #define ngx_tolower(c) (u_char) ((c >= 'A' && c <= 'Z') ? (c | 0x20) : c) #define ngx_toupper(c) (u_char) ((c >= 'a' && c <= 'z') ? (c & ~0x20) : c) void ngx_strlow(u_char *dst, u_char *src, size_t n); #define ngx_strncmp(s1, s2, n) strncmp((const char *) s1, (const char *) s2, n) /* msvc and icc7 compile strcmp() to inline loop */ #define ngx_strcmp(s1, s2) strcmp((const char *) s1, (const char *) s2) #define ngx_strstr(s1, s2) strstr((const char *) s1, (const char *) s2) #define ngx_strlen(s) strlen((const char *) s) #define ngx_strchr(s1, c) strchr((const char *) s1, (int) c) static ngx_inline u_char * ngx_strlchr(u_char *p, u_char *last, u_char c) { while (p < last) { if (*p == c) { return p; } p++; } return NULL; } /* * msvc and icc7 compile memset() to the inline "rep stos" * while ZeroMemory() and bzero() are the calls. * icc7 may also inline several mov's of a zeroed register for small blocks. */ #define ngx_memzero(buf, n) (void) memset(buf, 0, n) #define ngx_memset(buf, c, n) (void) memset(buf, c, n) #if (NGX_MEMCPY_LIMIT) void *ngx_memcpy(void *dst, const void *src, size_t n); #define ngx_cpymem(dst, src, n) (((u_char *) ngx_memcpy(dst, src, n)) + (n)) #else /* * gcc3, msvc, and icc7 compile memcpy() to the inline "rep movs". * gcc3 compiles memcpy(d, s, 4) to the inline "mov"es. * icc8 compile memcpy(d, s, 4) to the inline "mov"es or XMM moves. */ #define ngx_memcpy(dst, src, n) (void) memcpy(dst, src, n) #define ngx_cpymem(dst, src, n) (((u_char *) memcpy(dst, src, n)) + (n)) #endif #if ( __INTEL_COMPILER >= 800 ) /* * the simple inline cycle copies the variable length strings up to 16 * bytes faster than icc8 autodetecting _intel_fast_memcpy() */ static ngx_inline u_char * ngx_copy(u_char *dst, u_char *src, size_t len) { if (len < 17) { while (len) { *dst++ = *src++; len--; } return dst; } else { return ngx_cpymem(dst, src, len); } } #else #define ngx_copy ngx_cpymem #endif #define ngx_memmove(dst, src, n) (void) memmove(dst, src, n) #define ngx_movemem(dst, src, n) (((u_char *) memmove(dst, src, n)) + (n)) /* msvc and icc7 compile memcmp() to the inline loop */ #define ngx_memcmp(s1, s2, n) memcmp((const char *) s1, (const char *) s2, n) u_char *ngx_cpystrn(u_char *dst, u_char *src, size_t n); u_char *ngx_pstrdup(ngx_pool_t *pool, ngx_str_t *src); u_char * ngx_cdecl ngx_sprintf(u_char *buf, const char *fmt, ...); u_char * ngx_cdecl ngx_snprintf(u_char *buf, size_t max, const char *fmt, ...); u_char * ngx_cdecl ngx_slprintf(u_char *buf, u_char *last, const char *fmt, ...); u_char *ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args); #define ngx_vsnprintf(buf, max, fmt, args) \ ngx_vslprintf(buf, buf + (max), fmt, args) ngx_int_t ngx_strcasecmp(u_char *s1, u_char *s2); ngx_int_t ngx_strncasecmp(u_char *s1, u_char *s2, size_t n); u_char *ngx_strnstr(u_char *s1, char *s2, size_t n); u_char *ngx_strstrn(u_char *s1, char *s2, size_t n); u_char *ngx_strcasestrn(u_char *s1, char *s2, size_t n); u_char *ngx_strlcasestrn(u_char *s1, u_char *last, u_char *s2, size_t n); ngx_int_t ngx_rstrncmp(u_char *s1, u_char *s2, size_t n); ngx_int_t ngx_rstrncasecmp(u_char *s1, u_char *s2, size_t n); ngx_int_t ngx_memn2cmp(u_char *s1, u_char *s2, size_t n1, size_t n2); ngx_int_t ngx_dns_strcmp(u_char *s1, u_char *s2); ngx_int_t ngx_filename_cmp(u_char *s1, u_char *s2, size_t n); ngx_int_t ngx_atoi(u_char *line, size_t n); ngx_int_t ngx_atofp(u_char *line, size_t n, size_t point); ssize_t ngx_atosz(u_char *line, size_t n); off_t ngx_atoof(u_char *line, size_t n); time_t ngx_atotm(u_char *line, size_t n); ngx_int_t ngx_hextoi(u_char *line, size_t n); u_char *ngx_hex_dump(u_char *dst, u_char *src, size_t len); #define ngx_base64_encoded_length(len) (((len + 2) / 3) * 4) #define ngx_base64_decoded_length(len) (((len + 3) / 4) * 3) void ngx_encode_base64(ngx_str_t *dst, ngx_str_t *src); void ngx_encode_base64url(ngx_str_t *dst, ngx_str_t *src); ngx_int_t ngx_decode_base64(ngx_str_t *dst, ngx_str_t *src); ngx_int_t ngx_decode_base64url(ngx_str_t *dst, ngx_str_t *src); uint32_t ngx_utf8_decode(u_char **p, size_t n); size_t ngx_utf8_length(u_char *p, size_t n); u_char *ngx_utf8_cpystrn(u_char *dst, u_char *src, size_t n, size_t len); #define NGX_ESCAPE_URI 0 #define NGX_ESCAPE_ARGS 1 #define NGX_ESCAPE_URI_COMPONENT 2 #define NGX_ESCAPE_HTML 3 #define NGX_ESCAPE_REFRESH 4 #define NGX_ESCAPE_MEMCACHED 5 #define NGX_ESCAPE_MAIL_AUTH 6 #define NGX_UNESCAPE_URI 1 #define NGX_UNESCAPE_REDIRECT 2 uintptr_t ngx_escape_uri(u_char *dst, u_char *src, size_t size, ngx_uint_t type); void ngx_unescape_uri(u_char **dst, u_char **src, size_t size, ngx_uint_t type); uintptr_t ngx_escape_html(u_char *dst, u_char *src, size_t size); uintptr_t ngx_escape_json(u_char *dst, u_char *src, size_t size); typedef struct { ngx_rbtree_node_t node; ngx_str_t str; } ngx_str_node_t; void ngx_str_rbtree_insert_value(ngx_rbtree_node_t *temp, ngx_rbtree_node_t *node, ngx_rbtree_node_t *sentinel); ngx_str_node_t *ngx_str_rbtree_lookup(ngx_rbtree_t *rbtree, ngx_str_t *name, uint32_t hash); void ngx_sort(void *base, size_t n, size_t size, ngx_int_t (*cmp)(const void *, const void *)); #define ngx_qsort qsort #define ngx_value_helper(n) #n #define ngx_value(n) ngx_value_helper(n) #endif /* _NGX_STRING_H_INCLUDED_ */