Compare commits

..

1 Commits
c9 ... c9

Author SHA1 Message Date
MSVSphere Packaging Team 34d2b0e707 import nginx-1.20.1-16.el9_4.1
4 months ago

@ -18,6 +18,7 @@ low tolerance to flooding attempts.
src/http/v2/ngx_http_v2.h | 2 ++ src/http/v2/ngx_http_v2.h | 2 ++
2 files changed, 17 insertions(+) 2 files changed, 17 insertions(+)
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
index 3611a2e..291677a 100644 index 3611a2e..291677a 100644
--- a/src/http/v2/ngx_http_v2.c --- a/src/http/v2/ngx_http_v2.c
@ -71,6 +72,3 @@ index 3492297..6a7aaa6 100644
ngx_uint_t priority_limit; ngx_uint_t priority_limit;
ngx_uint_t pushing; ngx_uint_t pushing;
--
2.31.1

@ -0,0 +1,183 @@
From f3bcc0bcfb6eda3f4874fe2531d546ba724c518c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Wed, 12 Jun 2024 12:49:28 +0200
Subject: [PATCH] Optimized chain link usage
Previously chain links could sometimes be dropped instead of being reused,
which could result in increased memory consumption during long requests.
---
src/core/ngx_output_chain.c | 10 ++++++++--
src/http/modules/ngx_http_grpc_module.c | 5 ++++-
.../modules/ngx_http_gunzip_filter_module.c | 18 ++++++++++++++----
src/http/modules/ngx_http_gzip_filter_module.c | 10 +++++++---
src/http/modules/ngx_http_ssi_filter_module.c | 8 ++++++--
src/http/modules/ngx_http_sub_filter_module.c | 8 ++++++--
6 files changed, 45 insertions(+), 14 deletions(-)
diff --git a/src/core/ngx_output_chain.c b/src/core/ngx_output_chain.c
index 5c3dbe8..4aa1b02 100644
--- a/src/core/ngx_output_chain.c
+++ b/src/core/ngx_output_chain.c
@@ -121,7 +121,10 @@ ngx_output_chain(ngx_output_chain_ctx_t *ctx, ngx_chain_t *in)
ngx_debug_point();
- ctx->in = ctx->in->next;
+ cl = ctx->in;
+ ctx->in = cl->next;
+
+ ngx_free_chain(ctx->pool, cl);
continue;
}
@@ -207,7 +210,10 @@ ngx_output_chain(ngx_output_chain_ctx_t *ctx, ngx_chain_t *in)
/* delete the completed buf from the ctx->in chain */
if (ngx_buf_size(ctx->in->buf) == 0) {
- ctx->in = ctx->in->next;
+ cl = ctx->in;
+ ctx->in = cl->next;
+
+ ngx_free_chain(ctx->pool, cl);
}
cl = ngx_alloc_chain_link(ctx->pool);
diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
index 53bc547..9f13089 100644
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -1230,7 +1230,7 @@ ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in)
ngx_buf_t *b;
ngx_int_t rc;
ngx_uint_t next, last;
- ngx_chain_t *cl, *out, **ll;
+ ngx_chain_t *cl, *out, *ln, **ll;
ngx_http_upstream_t *u;
ngx_http_grpc_ctx_t *ctx;
ngx_http_grpc_frame_t *f;
@@ -1458,7 +1458,10 @@ ngx_http_grpc_body_output_filter(void *data, ngx_chain_t *in)
last = 1;
}
+ ln = in;
in = in->next;
+
+ ngx_free_chain(r->pool, ln);
}
ctx->in = in;
diff --git a/src/http/modules/ngx_http_gunzip_filter_module.c b/src/http/modules/ngx_http_gunzip_filter_module.c
index c1341f5..5d170a1 100644
--- a/src/http/modules/ngx_http_gunzip_filter_module.c
+++ b/src/http/modules/ngx_http_gunzip_filter_module.c
@@ -333,6 +333,8 @@ static ngx_int_t
ngx_http_gunzip_filter_add_data(ngx_http_request_t *r,
ngx_http_gunzip_ctx_t *ctx)
{
+ ngx_chain_t *cl;
+
if (ctx->zstream.avail_in || ctx->flush != Z_NO_FLUSH || ctx->redo) {
return NGX_OK;
}
@@ -344,8 +346,11 @@ ngx_http_gunzip_filter_add_data(ngx_http_request_t *r,
return NGX_DECLINED;
}
- ctx->in_buf = ctx->in->buf;
- ctx->in = ctx->in->next;
+ cl = ctx->in;
+ ctx->in_buf = cl->buf;
+ ctx->in = cl->next;
+
+ ngx_free_chain(r->pool, cl);
ctx->zstream.next_in = ctx->in_buf->pos;
ctx->zstream.avail_in = ctx->in_buf->last - ctx->in_buf->pos;
@@ -374,6 +379,7 @@ static ngx_int_t
ngx_http_gunzip_filter_get_buf(ngx_http_request_t *r,
ngx_http_gunzip_ctx_t *ctx)
{
+ ngx_chain_t *cl;
ngx_http_gunzip_conf_t *conf;
if (ctx->zstream.avail_out) {
@@ -383,8 +389,12 @@ ngx_http_gunzip_filter_get_buf(ngx_http_request_t *r,
conf = ngx_http_get_module_loc_conf(r, ngx_http_gunzip_filter_module);
if (ctx->free) {
- ctx->out_buf = ctx->free->buf;
- ctx->free = ctx->free->next;
+
+ cl = ctx->free;
+ ctx->out_buf = cl->buf;
+ ctx->free = cl->next;
+
+ ngx_free_chain(r->pool, cl);
ctx->out_buf->flush = 0;
diff --git a/src/http/modules/ngx_http_gzip_filter_module.c b/src/http/modules/ngx_http_gzip_filter_module.c
index b8c5ccc..1d17a6d 100644
--- a/src/http/modules/ngx_http_gzip_filter_module.c
+++ b/src/http/modules/ngx_http_gzip_filter_module.c
@@ -978,10 +978,14 @@ static void
ngx_http_gzip_filter_free_copy_buf(ngx_http_request_t *r,
ngx_http_gzip_ctx_t *ctx)
{
- ngx_chain_t *cl;
+ ngx_chain_t *cl, *ln;
+
+ for (cl = ctx->copied; cl; /* void */) {
+ ln = cl;
+ cl = cl->next;
- for (cl = ctx->copied; cl; cl = cl->next) {
- ngx_pfree(r->pool, cl->buf->start);
+ ngx_pfree(r->pool, ln->buf->start);
+ ngx_free_chain(r->pool, ln);
}
ctx->copied = NULL;
diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c
index 6737965..a55f6e5 100644
--- a/src/http/modules/ngx_http_ssi_filter_module.c
+++ b/src/http/modules/ngx_http_ssi_filter_module.c
@@ -455,9 +455,13 @@ ngx_http_ssi_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
while (ctx->in || ctx->buf) {
if (ctx->buf == NULL) {
- ctx->buf = ctx->in->buf;
- ctx->in = ctx->in->next;
+
+ cl = ctx->in;
+ ctx->buf = cl->buf;
+ ctx->in = cl->next;
ctx->pos = ctx->buf->pos;
+
+ ngx_free_chain(r->pool, cl);
}
if (ctx->state == ssi_start_state) {
diff --git a/src/http/modules/ngx_http_sub_filter_module.c b/src/http/modules/ngx_http_sub_filter_module.c
index 6d3de59..456bb27 100644
--- a/src/http/modules/ngx_http_sub_filter_module.c
+++ b/src/http/modules/ngx_http_sub_filter_module.c
@@ -335,9 +335,13 @@ ngx_http_sub_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
while (ctx->in || ctx->buf) {
if (ctx->buf == NULL) {
- ctx->buf = ctx->in->buf;
- ctx->in = ctx->in->next;
+
+ cl = ctx->in;
+ ctx->buf = cl->buf;
+ ctx->in = cl->next;
ctx->pos = ctx->buf->pos;
+
+ ngx_free_chain(r->pool, cl);
}
if (ctx->buf->flush || ctx->buf->recycled) {
--
2.44.0

@ -41,7 +41,7 @@
Name: nginx Name: nginx
Epoch: 1 Epoch: 1
Version: 1.20.1 Version: 1.20.1
Release: 14%{?dist}.1 Release: 16%{?dist}.1
Summary: A high performance web server and reverse proxy server Summary: A high performance web server and reverse proxy server
# BSD License (two clause) # BSD License (two clause)
@ -91,9 +91,12 @@ Patch5: 0006-Fix-ALPACA-security-issue.patch
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2028781 # downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2028781
Patch6: 0007-Enable-TLSv1.3-by-default.patch Patch6: 0007-Enable-TLSv1.3-by-default.patch
# security fix - https://issues.redhat.com/browse/RHEL-12516 # security patch - https://issues.redhat.com/browse/RHEL-12518
Patch7: 0008-CVE-2023-44487-HTTP-2-per-iteration-stream-handling.patch Patch7: 0008-CVE-2023-44487-HTTP-2-per-iteration-stream-handling.patch
# upstream patch - https://issues.redhat.com/browse/RHEL-40075
Patch8: 0009-Optimized-chain-link-usage.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
BuildRequires: gnupg2 BuildRequires: gnupg2
@ -605,9 +608,12 @@ fi
%changelog %changelog
* Wed Oct 11 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-14.1 * Tue Jul 16 2024 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-16.1
- Resolves: RHEL-12516 - nginx: HTTP/2: Multiple HTTP/2 enabled web - Resolves: RHEL-48791 - nginx worker processes memory leak
servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* Mon Oct 16 2023 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-16
- Resolves: RHEL-12518 - nginx: HTTP/2: Multiple HTTP/2 enabled web servers are
vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* Thu Nov 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-14 * Thu Nov 24 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-14
- Resolves: #2086527 - Fix logrotate config and nginx log dir permissions - Resolves: #2086527 - Fix logrotate config and nginx log dir permissions

Loading…
Cancel
Save