Custom Query (2297 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:

Results (10 - 12 of 2297)

1 2 3 4 5 6 7 8 9 10 11 12 13 14
Ticket Resolution Summary Owner Reporter
#158 fixed Debian package does not provide package name httpd Sergey Budnevitch Daniel Miller
Description

The older packages in the Ubuntu/Debian repositories provide the "httpd" package name - the "lucid" package available from nginx.org does not. This is necessary to show other packages that depend on the presence of a webserver that competing servers are not required.

#611 invalid alignment check breaks trailer code for ngx_freebsd_sendfile_chain.c, possibly others glebius mattdillon.pip.verisignlabs.com
Description

The ngx_freebsd_sendfile_chain.c file contains sendfile() code for FreeBSD (and also DragonFly). This code implements sendfile() with headers, file body, and trailers. This bug pertains to an alignment reduction done in the file body which can cause the trailers to operate improperly.

Around line 160 in os/unix/ngx_freebsd_sendfile_chain.c the following code is present:

if (send + size > limit) {

size = limit - send;

aligned = (cl->buf->file_pos + size + ngx_pagesize - 1)

& ~((off_t) ngx_pagesize - 1);

if (aligned <= cl->buf->file_last) {

size = aligned - cl->buf->file_pos;

}

}

The problem is that if this alignment code is *EVER* hit and the (size) variable is reduced, the (cl) variable will be advanced to the next chain but (send + size) will remain < (limit). This will allow the trailer-generating code which follows, around line 183, to execute at least one loop on the chain following the file body chain and possibly improperly add a trailer to the sendfile() sequence when the file body has not yet been completed.

I do not believe that this bug gets hit for normal file sends, but any partial resend can potentially hit this bug and cause corruption in the data stream.

The solution to this problem is to test for the case and forcefully skip the the trailer code if it gets hit. So, e.g.

if (aligned <= cl->buf->file_last) {

size = aligned - cl->buf->file_pos; goto skip_trailers;

}

... (and then add a skip_trailers: label down after the trailers block)

I came across this bug while examining the code debugging a DragonFly sendfile() issue. That issue was a kernel bug and not this bug, but insofar as I can tell this is a bug too. I have not tested that the case can actually occur but it seems like it should be possible for it to occur in client/server systems that request files piecemeal in an unaligned fashion.

I believe that this bug can only occur in situations where trailers are used with sendfile(). FreeBSD and DragonFly are certain affected. In situations where trailers are not implemented, the code bug is present but the advanced chain is thrown away so it isn't a problem.

-Matt

#14 fixed Number of *_buffers must be less then 17 on Solaris Maxim Dounin dsdiv.moikrug.ru
Description

At Solaris readv() return EINVAL, if iovcnt greater than IOV_MAX.

1 2 3 4 5 6 7 8 9 10 11 12 13 14
Batch Modify
Note: See TracBatchModify for help on using batch modify.
Note: See TracQuery for help on using queries.