Age | Commit message (Collapse) | Author | Files | Lines |
|
When using "credential: true", the new namespace starts with a completely
empty uid and gid ranges. Then, any setuid/setgid/setgroups calls using ids
not properly mapped with uidmap and gidmap fields return EINVAL, meaning
the id is not valid inside the new namespace.
|
|
This is related to #330 issue on GitHub.
|
|
There was a typo: nxt_queue_head() used instead of nxt_queue_first() in
connection iteration loop. This prevents idle connection close on quit.
This closes #334 issue on GitHub.
Thanks to 洪志道 (Hong Zhi Dao).
|
|
Thanks to tonyafanasyev.
This is related to #331 issue on GitHub.
|
|
This patch closes #328 in github.
|
|
|
|
|
|
|
|
|
|
Also the error page markup is now valid according to HTML5 specification.
All optional tags were omitted.
|
|
Header names and values are stored 0-terminated for ease of use in different
languages, so magic number 2 should be added to each name-value pair size.
|
|
|
|
This field was intended for MIME type lookup by file extension when serving
static files, but this use case is too narrow; only a fraction of requests
targets static content, and the URI presumably isn't rewritten. Moreover,
current implementation uses the entire filename for MIME type lookup if the
file has no extension.
Instead of extracting filenames and extensions when parsing requests, it's
easier to obtain them right before serving static content; this behavior is
already implemented. Thus, we can drop excessive logic from parser.
|
|
Earlier, the paths were normalized only if there was a "/" at the end, which
is wrong according to section 5.2.4 of RFC 3986 and hypothetically may allow
to the directory above the document root.
|
|
Before this fix EWOULDBLOCK error was fatal for SSL write operation.
This closes #325 issue on GitHub.
|
|
When Unit starts, the main process waits for module discovery message for a
while. If a QUIT signal arrives at this time, the router and controller
processes created by main and Unit stay running. Also, the main process
doesn't stop them after the second QUIT signal is received in this case.
|
|
|
|
The leak has been introduced in 325b315e48c4.
This closes #322 issue in GitHub.
|
|
The <sched.h> is already included by nxt_unix.h.
This closes #314 PR on GitHub.
|
|
Found by Coverity (CID 349485).
|
|
Found by Coverity (CID 349484).
|
|
It's now similar to how attempts to access other non-regular files are handled.
|
|
Fixes segfaults with PHP 7.4.
|
|
Found by Coverity (CID 349483).
|
|
|
|
|
|
Found by Coverity (CID 349456).
|
|
This closes #312 issue on GitHub.
|
|
One small step to Go modules support.
|
|
Each request references the router process structure that owns all memory
maps. The process structure has a reference counter; each request increases
the counter to lock the structure in memory until request processing ends.
Incoming and outgoing buffers reference memory maps that the process owns,
so the process structure should be released only when all buffers are
released to avoid invalid memory access and a crash.
This describes the libunit library mechanism used for application processes.
The background of this issue is as follows:
The issue was found on buildbot when the router crashed during Java
websocket tests. The Java application receives a notification from the
master process; when the notification is processed, libunit deletes the
process structure from its process hash and decrements the use counter;
however, active websocket connections maintain their use counts on the
process structure. After that, when the master process is stopping the
application, libunit releases active websocket connections. At this point,
it's important to release the connections' memory buffers before the
corresponding process structure and all shared memory segments are released.
|
|
To pass Go object references to C and back we use hack with casting to
unsafe and then to uintptr. However, we should not store such references
because Go not guaratnee it will be available by the same address.
Introducing map with integer key helps to avoid dereference stored address.
This closes #253 and #309 issues on GitHub.
|
|
One alert per failed allocation is enough.
|
|
By design, Unit context is created for the thread which reads messages from
the router. However, Go request handlers are called in a separate goroutine
that may be executed in a different thread. To avoid a racing condition,
access to lists of free structures in the context should be serialized. This
patch should fix random crashes in Go applications under high load.
This is related to #253 and #309 issues on GitHub.
|
|
Example:
PUT/POST/DELETE /config/listeners/unix:%2Fpath%2Fto%2Fsocket
This follows a49ee872e83d.
|
|
In theory, all space characters in request target must be encoded; however,
some clients may violate the specification. For the sake of interoperability,
Unit supports unencoded space characters.
Previously, if there was a space character before the extension or arguments
parts, those parts weren't recognized. Also, quoted symbols and complex
target weren't detected after a space character.
|
|
|
|
Thanks to 洪志道 (Hong Zhi Dao).
|
|
|
|
Now URI encoding can be used to escape "/" in the request path:
GET /config/listeners/unix:%2Fpath%2Fto%2Fsocket/
|
|
|
|
|
|
|
|
The "nxt_http_websocket" request state, defined in "nxt_http_websocket.c",
is used in "nxt_router.c" and must be linked with external symbol declared
in "nxt_router.c".
Due to the missing "extern" keyword, building Unit with some linkers
(notably gold and LLD) caused WebSocket connections to get stuck or even
crash the router process.
|
|
|
|
|
|
|
|
Request state ready_handler required for further websocket events processing.
It is not required for regular response transferring.
|
|
Fields are filtered one by one before being added to fields list.
This avoids adding and then skipping connection-specific fields.
|
|
|
|
- nxt_req_app_link_t -> nxt_request_app_link_t
- nxt_req_conn_link_t -> nxt_request_rpc_data_t
Corresponding abbreviated field names also changed:
- ra -> req_app_link
- rc -> req_rpc_data
|