toddyhan
diff --git a/‎CHANGES
Lines changed: 19 additions & 0 deletions b/‎CHANGES
Lines changed: 19 additions & 0 deletions
diff --git a/‎CHANGES.ru
Lines changed: 20 additions & 0 deletions b/‎CHANGES.ru
Lines changed: 20 additions & 0 deletions
diff --git a/‎auto/unix
Lines changed: 1 addition & 0 deletions b/‎auto/unix
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/core/nginx.h
Lines changed: 2 additions & 2 deletions b/‎src/core/nginx.h
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/core/ngx_config.h
Lines changed: 3 additions & 0 deletions b/‎src/core/ngx_config.h
Lines changed: 3 additions & 0 deletions
diff --git a/‎src/core/ngx_hash.c
Lines changed: 2 additions & 0 deletions b/‎src/core/ngx_hash.c
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/core/ngx_inet.c
Lines changed: 6 additions & 2 deletions b/‎src/core/ngx_inet.c
Lines changed: 6 additions & 2 deletions
diff --git a/‎src/core/ngx_parse.c
Lines changed: 52 additions & 28 deletions b/‎src/core/ngx_parse.c
Lines changed: 52 additions & 28 deletions
@@ -1,4 +1,23 @@
 
+Changes with nginx 1.6.3                                         07 Apr 2015
+
+    *) Feature: now the "tcp_nodelay" directive works with SPDY connections.
+
+    *) Bugfix: in error handling.
+       Thanks to Yichun Zhang and Daniil Bondarev.
+
+    *) Bugfix: alerts "header already sent" appeared in logs if the
+       "post_action" directive was used; the bug had appeared in 1.5.4.
+
+    *) Bugfix: alerts "sem_post() failed" might appear in logs.
+
+    *) Bugfix: in hash table handling.
+       Thanks to Chris West.
+
+    *) Bugfix: in integer overflow handling.
+       Thanks to Régis Leroy.
+
+
 Changes with nginx 1.6.2                                         16 Sep 2014
 
     *) Security: it was possible to reuse SSL sessions in unrelated contexts
 
@@ -1,4 +1,24 @@
 
+Изменения в nginx 1.6.3                                           07.04.2015
+
+    *) Добавление: теперь директива tcp_nodelay работает для
+       SPDY-соединений.
+
+    *) Исправление: в обработке ошибок.
+       Спасибо Yichun Zhang и Даниилу Бондареву.
+
+    *) Исправление: при использовании директивы post_action в лог писались
+       сообщения "header already sent"; ошибка появилась в nginx 1.5.4.
+
+    *) Исправление: в лог могли писаться сообщения "sem_post() failed".
+
+    *) Исправление: в обработке хэш-таблиц.
+       Спасибо Chris West.
+
+    *) Исправление: в обработке целочисленных переполнений.
+       Спасибо Régis Leroy.
+
+
 Изменения в nginx 1.6.2                                           16.09.2014
 
     *) Безопасность: при использовании общего для нескольких блоков server
 
@@ -489,6 +489,7 @@ ngx_param=NGX_OFF_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
 ngx_type="time_t"; . auto/types/sizeof
 ngx_param=NGX_TIME_T_SIZE; ngx_value=$ngx_size; . auto/types/value
 ngx_param=NGX_TIME_T_LEN; ngx_value=$ngx_max_len; . auto/types/value
+ngx_param=NGX_MAX_TIME_T_VALUE; ngx_value=$ngx_max_value; . auto/types/value
 
 
 # syscalls, libc calls and some features
 
@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1006002
-#define NGINX_VERSION      "1.6.2"
+#define nginx_version      1006003
+#define NGINX_VERSION      "1.6.3"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
 
@@ -85,8 +85,11 @@ typedef intptr_t        ngx_flag_t;
 
 #if (NGX_PTR_SIZE == 4)
 #define NGX_INT_T_LEN   NGX_INT32_LEN
+#define NGX_MAX_INT_T_VALUE  2147483647
+
 #else
 #define NGX_INT_T_LEN   NGX_INT64_LEN
+#define NGX_MAX_INT_T_VALUE  9223372036854775807
 #endif
 
 
 
@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t *hinit, ngx_hash_key_t *names, ngx_uint_t nelts)
         continue;
     }
 
+    size = hinit->max_size;
+
     ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
                   "could not build optimal %s, you should increase "
                   "either %s_max_size: %i or %s_bucket_size: %i; "
 
@@ -27,14 +27,18 @@ ngx_inet_addr(u_char *text, size_t len)
 
     for (p = text; p < text + len; p++) {
 
+        if (octet > 255) {
+            return INADDR_NONE;
+        }
+
         c = *p;
 
         if (c >= '0' && c <= '9') {
             octet = octet * 10 + (c - '0');
             continue;
         }
 
-        if (c == '.' && octet < 256) {
+        if (c == '.') {
             addr = (addr << 8) + octet;
             octet = 0;
             n++;
@@ -44,7 +48,7 @@ ngx_inet_addr(u_char *text, size_t len)
         return INADDR_NONE;
     }
 
-    if (n == 3 && octet < 256) {
+    if (n == 3) {
         addr = (addr << 8) + octet;
         return htonl(addr);
     }
 
@@ -12,10 +12,9 @@
 ssize_t
 ngx_parse_size(ngx_str_t *line)
 {
-    u_char     unit;
-    size_t     len;
-    ssize_t    size;
-    ngx_int_t  scale;
+    u_char   unit;
+    size_t   len;
+    ssize_t  size, scale, max;
 
     len = line->len;
     unit = line->data[len - 1];
@@ -24,21 +23,24 @@ ngx_parse_size(ngx_str_t *line)
     case 'K':
     case 'k':
         len--;
+        max = NGX_MAX_SIZE_T_VALUE / 1024;
         scale = 1024;
         break;
 
     case 'M':
     case 'm':
         len--;
+        max = NGX_MAX_SIZE_T_VALUE / (1024 * 1024);
         scale = 1024 * 1024;
         break;
 
     default:
+        max = NGX_MAX_SIZE_T_VALUE;
         scale = 1;
     }
 
     size = ngx_atosz(line->data, len);
-    if (size == NGX_ERROR) {
+    if (size == NGX_ERROR || size > max) {
         return NGX_ERROR;
     }
 
@@ -51,10 +53,9 @@ ngx_parse_size(ngx_str_t *line)
 off_t
 ngx_parse_offset(ngx_str_t *line)
 {
-    u_char     unit;
-    off_t      offset;
-    size_t     len;
-    ngx_int_t  scale;
+    u_char  unit;
+    off_t   offset, scale, max;
+    size_t  len;
 
     len = line->len;
     unit = line->data[len - 1];
@@ -63,27 +64,31 @@ ngx_parse_offset(ngx_str_t *line)
     case 'K':
     case 'k':
         len--;
+        max = NGX_MAX_OFF_T_VALUE / 1024;
         scale = 1024;
         break;
 
     case 'M':
     case 'm':
         len--;
+        max = NGX_MAX_OFF_T_VALUE / (1024 * 1024);
         scale = 1024 * 1024;
         break;
 
     case 'G':
     case 'g':
         len--;
+        max = NGX_MAX_OFF_T_VALUE / (1024 * 1024 * 1024);
         scale = 1024 * 1024 * 1024;
         break;
 
     default:
+        max = NGX_MAX_OFF_T_VALUE;
         scale = 1;
     }
 
     offset = ngx_atoof(line->data, len);
-    if (offset == NGX_ERROR) {
+    if (offset == NGX_ERROR || offset > max) {
         return NGX_ERROR;
     }
 
@@ -98,7 +103,8 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
 {
     u_char      *p, *last;
     ngx_int_t    value, total, scale;
-    ngx_uint_t   max, valid;
+    ngx_int_t    max, cutoff, cutlim;
+    ngx_uint_t   valid;
     enum {
         st_start = 0,
         st_year,
@@ -115,15 +121,20 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
     valid = 0;
     value = 0;
     total = 0;
+    cutoff = NGX_MAX_INT_T_VALUE / 10;
+    cutlim = NGX_MAX_INT_T_VALUE % 10;
     step = is_sec ? st_start : st_month;
-    scale = is_sec ? 1 : 1000;
 
     p = line->data;
     last = p + line->len;
 
     while (p < last) {
 
         if (*p >= '0' && *p <= '9') {
+            if (value >= cutoff && (value > cutoff || *p - '0' > cutlim)) {
+                return NGX_ERROR;
+            }
+
             value = value * 10 + (*p++ - '0');
             valid = 1;
             continue;
@@ -136,7 +147,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 return NGX_ERROR;
             }
             step = st_year;
-            max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 365);
+            max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 365);
             scale = 60 * 60 * 24 * 365;
             break;
 
@@ -145,7 +156,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 return NGX_ERROR;
             }
             step = st_month;
-            max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 30);
+            max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 30);
             scale = 60 * 60 * 24 * 30;
             break;
 
@@ -154,7 +165,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 return NGX_ERROR;
             }
             step = st_week;
-            max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 7);
+            max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24 * 7);
             scale = 60 * 60 * 24 * 7;
             break;
 
@@ -163,7 +174,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 return NGX_ERROR;
             }
             step = st_day;
-            max = NGX_MAX_INT32_VALUE / (60 * 60 * 24);
+            max = NGX_MAX_INT_T_VALUE / (60 * 60 * 24);
             scale = 60 * 60 * 24;
             break;
 
@@ -172,7 +183,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 return NGX_ERROR;
             }
             step = st_hour;
-            max = NGX_MAX_INT32_VALUE / (60 * 60);
+            max = NGX_MAX_INT_T_VALUE / (60 * 60);
             scale = 60 * 60;
             break;
 
@@ -183,7 +194,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 }
                 p++;
                 step = st_msec;
-                max = NGX_MAX_INT32_VALUE;
+                max = NGX_MAX_INT_T_VALUE;
                 scale = 1;
                 break;
             }
@@ -192,7 +203,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 return NGX_ERROR;
             }
             step = st_min;
-            max = NGX_MAX_INT32_VALUE / 60;
+            max = NGX_MAX_INT_T_VALUE / 60;
             scale = 60;
             break;
 
@@ -201,7 +212,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 return NGX_ERROR;
             }
             step = st_sec;
-            max = NGX_MAX_INT32_VALUE;
+            max = NGX_MAX_INT_T_VALUE;
             scale = 1;
             break;
 
@@ -210,7 +221,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
                 return NGX_ERROR;
             }
             step = st_last;
-            max = NGX_MAX_INT32_VALUE;
+            max = NGX_MAX_INT_T_VALUE;
             scale = 1;
             break;
 
@@ -223,27 +234,40 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
             max /= 1000;
         }
 
-        if ((ngx_uint_t) value > max) {
+        if (value > max) {
             return NGX_ERROR;
         }
 
-        total += value * scale;
+        value *= scale;
 
-        if ((ngx_uint_t) total > NGX_MAX_INT32_VALUE) {
+        if (total > NGX_MAX_INT_T_VALUE - value) {
             return NGX_ERROR;
         }
 
+        total += value;
+
         value = 0;
-        scale = is_sec ? 1 : 1000;
 
         while (p < last && *p == ' ') {
             p++;
         }
     }
 
-    if (valid) {
-        return total + value * scale;
+    if (!valid) {
+        return NGX_ERROR;
+    }
+
+    if (!is_sec) {
+        if (value > NGX_MAX_INT_T_VALUE / 1000) {
+            return NGX_ERROR;
+        }
+
+        value *= 1000;
+    }
+
+    if (total > NGX_MAX_INT_T_VALUE - value) {
+        return NGX_ERROR;
     }
 
-    return NGX_ERROR;
+    return total + value;
 }
Original file line number	Diff line number	Diff line change
`@@ -312,6 +312,8 @@ ngx_hash_init(ngx_hash_init_t hinit, ngx_hash_key_t names, ngx_uint_t nelts)`
`312`	`312`	`continue;`
`313`	`313`	`}`
`314`	`314`
	`315`	`+ size = hinit->max_size;`
	`316`	`+`
`315`	`317`	`ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,`
`316`	`318`	`"could not build optimal %s, you should increase "`
`317`	`319`	`"either %s_max_size: %i or %s_bucket_size: %i; "`