Home
last modified time | relevance | path

Searched hist:60 (Results 1 – 14 of 14) sorted by relevance

/unit/test/unit/applications/
H A Dwebsockets.pydiff 1433:bcdf5daaf688 Fri Mar 27 15:48:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: increase default "read_timeout" to 60s in message_read().
diff 1424:449e7e7d25c9 Mon Mar 23 19:18:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: increase default "read_timeout" value to 60s.

This change is necessary to avoid errors on slow hosts.

Also slightly reworked argument passing to the recvall() function.
/unit/test/unit/
H A Dhttp.pydiff 1424:449e7e7d25c9 Mon Mar 23 19:18:00 UTC 2020 Andrei Zeliankou <zelenkov@nginx.com> Tests: increase default "read_timeout" value to 60s.

This change is necessary to avoid errors on slow hosts.

Also slightly reworked argument passing to the recvall() function.
diff 1256:60e5df142860 Fri Nov 08 11:04:00 UTC 2019 Andrey Zelenkov <zelenkov@nginx.com> Tests: fixed operator in http.py.
/unit/src/wasm/
H A Dnxt_wasm.hdiff 2558:9bcb190bc8be Thu Sep 14 19:35:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Wasm: Allow uploads larger than 4GiB.

Currently Wasm modules are limited to a 32bit address space (until at
least the memory64 work is completed). All the counters etc in the
request structure were u32's. Which matched with 32bit memory
limitation.

However there is really no need to not allow >4GiB uploads that can be
saved off to disk or some such.

To do this we just need to increase the ->content_len &
->total_content_sent members to u64's.

However because we need the request structure to have the exact same
layout on 32bit (for Wasm modules) as it does on 64bit we need to re-jig
the order of some of these members and add a four-byte padding member.

Thus the request structure now looks like on 64bit (as shown by
pahole(1))

struct nxt_wasm_request_s {
uint32_t method_off; /* 0 4 */
uint32_t method_len; /* 4 4 */
uint32_t version_off; /* 8 4 */
uint32_t version_len; /* 12 4 */
uint32_t path_off; /* 16 4 */
uint32_t path_len; /* 20 4 */
uint32_t query_off; /* 24 4 */
uint32_t query_len; /* 28 4 */
uint32_t remote_off; /* 32 4 */
uint32_t remote_len; /* 36 4 */
uint32_t local_addr_off; /* 40 4 */
uint32_t local_addr_len; /* 44 4 */
uint32_t local_port_off; /* 48 4 */
uint32_t local_port_len; /* 52 4 */
uint32_t server_name_off; /* 56 4 */
uint32_t server_name_len; /* 60 4 */
/* --- cacheline 1 boundary (64 bytes) --- */
uint64_t content_len; /* 64 8 */
uint64_t total_content_sent; /* 72 8 */
uint32_t content_sent; /* 80 4 */
uint32_t content_off; /* 84 4 */
uint32_t request_size; /* 88 4 */
uint32_t nfields; /* 92 4 */
uint32_t tls; /* 96 4 */
char __pad[4]; /* 100 4 */
nxt_wasm_http_field_t fields[]; /* 104 0 */

/* size: 104, cachelines: 2, members: 25 */
/* last cacheline: 40 bytes */
};

and the same structure (taken from unit-wasm) compiled as 32bit

struct luw_req {
u32 method_off; /* 0 4 */
u32 method_len; /* 4 4 */
u32 version_off; /* 8 4 */
u32 version_len; /* 12 4 */
u32 path_off; /* 16 4 */
u32 path_len; /* 20 4 */
u32 query_off; /* 24 4 */
u32 query_len; /* 28 4 */
u32 remote_off; /* 32 4 */
u32 remote_len; /* 36 4 */
u32 local_addr_off; /* 40 4 */
u32 local_addr_len; /* 44 4 */
u32 local_port_off; /* 48 4 */
u32 local_port_len; /* 52 4 */
u32 server_name_off; /* 56 4 */
u32 server_name_len; /* 60 4 */
/* --- cacheline 1 boundary (64 bytes) --- */
u64 content_len; /* 64 8 */
u64 total_content_sent; /* 72 8 */
u32 content_sent; /* 80 4 */
u32 content_off; /* 84 4 */
u32 request_size; /* 88 4 */
u32 nr_fields; /* 92 4 */
u32 tls; /* 96 4 */
char __pad[4]; /* 100 4 */
struct luw_hdr_field fields[]; /* 104 0 */

/* size: 104, cachelines: 2, members: 25 */
/* last cacheline: 40 bytes */
};

We can see the structures have the same layout, same size and no
padding.

We need the __pad member as otherwise I saw gcc and clang on Alpine
Linux automatically add the 'packed' attribute to the structure which
made the two structures not match.

Link: <https://github.com/WebAssembly/memory64>
Link: <https://github.com/nginx/unit-wasm>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2558:9bcb190bc8be Thu Sep 14 19:35:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Wasm: Allow uploads larger than 4GiB.

Currently Wasm modules are limited to a 32bit address space (until at
least the memory64 work is completed). All the counters etc in the
request structure were u32's. Which matched with 32bit memory
limitation.

However there is really no need to not allow >4GiB uploads that can be
saved off to disk or some such.

To do this we just need to increase the ->content_len &
->total_content_sent members to u64's.

However because we need the request structure to have the exact same
layout on 32bit (for Wasm modules) as it does on 64bit we need to re-jig
the order of some of these members and add a four-byte padding member.

Thus the request structure now looks like on 64bit (as shown by
pahole(1))

struct nxt_wasm_request_s {
uint32_t method_off; /* 0 4 */
uint32_t method_len; /* 4 4 */
uint32_t version_off; /* 8 4 */
uint32_t version_len; /* 12 4 */
uint32_t path_off; /* 16 4 */
uint32_t path_len; /* 20 4 */
uint32_t query_off; /* 24 4 */
uint32_t query_len; /* 28 4 */
uint32_t remote_off; /* 32 4 */
uint32_t remote_len; /* 36 4 */
uint32_t local_addr_off; /* 40 4 */
uint32_t local_addr_len; /* 44 4 */
uint32_t local_port_off; /* 48 4 */
uint32_t local_port_len; /* 52 4 */
uint32_t server_name_off; /* 56 4 */
uint32_t server_name_len; /* 60 4 */
/* --- cacheline 1 boundary (64 bytes) --- */
uint64_t content_len; /* 64 8 */
uint64_t total_content_sent; /* 72 8 */
uint32_t content_sent; /* 80 4 */
uint32_t content_off; /* 84 4 */
uint32_t request_size; /* 88 4 */
uint32_t nfields; /* 92 4 */
uint32_t tls; /* 96 4 */
char __pad[4]; /* 100 4 */
nxt_wasm_http_field_t fields[]; /* 104 0 */

/* size: 104, cachelines: 2, members: 25 */
/* last cacheline: 40 bytes */
};

and the same structure (taken from unit-wasm) compiled as 32bit

struct luw_req {
u32 method_off; /* 0 4 */
u32 method_len; /* 4 4 */
u32 version_off; /* 8 4 */
u32 version_len; /* 12 4 */
u32 path_off; /* 16 4 */
u32 path_len; /* 20 4 */
u32 query_off; /* 24 4 */
u32 query_len; /* 28 4 */
u32 remote_off; /* 32 4 */
u32 remote_len; /* 36 4 */
u32 local_addr_off; /* 40 4 */
u32 local_addr_len; /* 44 4 */
u32 local_port_off; /* 48 4 */
u32 local_port_len; /* 52 4 */
u32 server_name_off; /* 56 4 */
u32 server_name_len; /* 60 4 */
/* --- cacheline 1 boundary (64 bytes) --- */
u64 content_len; /* 64 8 */
u64 total_content_sent; /* 72 8 */
u32 content_sent; /* 80 4 */
u32 content_off; /* 84 4 */
u32 request_size; /* 88 4 */
u32 nr_fields; /* 92 4 */
u32 tls; /* 96 4 */
char __pad[4]; /* 100 4 */
struct luw_hdr_field fields[]; /* 104 0 */

/* size: 104, cachelines: 2, members: 25 */
/* last cacheline: 40 bytes */
};

We can see the structures have the same layout, same size and no
padding.

We need the __pad member as otherwise I saw gcc and clang on Alpine
Linux automatically add the 'packed' attribute to the structure which
made the two structures not match.

Link: <https://github.com/WebAssembly/memory64>
Link: <https://github.com/nginx/unit-wasm>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
/unit/src/
H A Dnxt_isolation.cdiff 2354:c6a613bd7bd0 Wed Feb 22 16:04:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

drwxrwxrwx. 3 root root 60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

drwxrwxrwt. 3 root root 60 Feb 22 11:57 tmp

[0]: To quote inode(7)

"The sticky bit (S_ISVTX) on a directory means that a file in that
directory can be renamed or deleted only by the owner of the file, by
the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2354:c6a613bd7bd0 Wed Feb 22 16:04:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

drwxrwxrwx. 3 root root 60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

drwxrwxrwt. 3 root root 60 Feb 22 11:57 tmp

[0]: To quote inode(7)

"The sticky bit (S_ISVTX) on a directory means that a file in that
directory can be renamed or deleted only by the owner of the file, by
the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2331:48798e038044 Wed Feb 22 16:04:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

drwxrwxrwx. 3 root root 60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

drwxrwxrwt. 3 root root 60 Feb 22 11:57 tmp

[0]: To quote inode(7)

"The sticky bit (S_ISVTX) on a directory means that a file in that
directory can be renamed or deleted only by the owner of the file, by
the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
diff 2331:48798e038044 Wed Feb 22 16:04:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

drwxrwxrwx. 3 root root 60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

drwxrwxrwt. 3 root root 60 Feb 22 11:57 tmp

[0]: To quote inode(7)

"The sticky bit (S_ISVTX) on a directory means that a file in that
directory can be renamed or deleted only by the owner of the file, by
the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <liam@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
H A Dnxt_http_parse.hdiff 60:b80bfbd9bddc Tue Jun 13 17:11:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> HTTP parser: decoupled header fields processing.
H A Dnxt_runtime.hdiff 233:60bb2517a61d Sat Aug 26 10:37:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Added configure and command line option --modules.
H A Dnxt_http_request.cdiff 2624:60a508df10ef Tue Jan 23 10:45:00 UTC 2024 Zhidao HONG <z.hong@f5.com> HTTP: refactored out nxt_http_request_access_log().

This is in preparation for adding conditional access logging.
No functional changes.
H A Dnxt_http_parse.cdiff 60:b80bfbd9bddc Tue Jun 13 17:11:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> HTTP parser: decoupled header fields processing.
H A Dnxt_controller.cdiff 60:b80bfbd9bddc Tue Jun 13 17:11:00 UTC 2017 Valentin Bartenev <vbart@nginx.com> HTTP parser: decoupled header fields processing.
H A Dnxt_application.cdiff 233:60bb2517a61d Sat Aug 26 10:37:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Added configure and command line option --modules.
H A Dnxt_php_sapi.cdiff 2424:70afa8cb85d4 Fri Mar 31 13:01:00 UTC 2023 Andrew Clayton <a.clayton@nginx.com> PHP: Make the filter_input() function work.

On GitHub, @jamesRUS52 reported that the PHP filter_input()[0] function
would just return NULL.

To enable this function we need to run the variables through the
sapi_module.input_filter() function when we call
php_register_variable_safe().

In PHP versions prior to 7.0.0, input_filter() takes 'len' as an
unsigned int, while later versions take it as a size_t.

Now, with this commit and the following PHP

<?php

var_dump(filter_input(INPUT_SERVER, 'REMOTE_ADDR'));
var_dump(filter_input(INPUT_SERVER, 'REQUEST_URI'));
var_dump(filter_input(INPUT_GET, 'get', FILTER_SANITIZE_SPECIAL_CHARS));

?>

you get

$ curl 'http://localhost:8080/854.php?get=foo<>'
string(3) "::1"
string(18) "/854.php?get=foo<>"
string(13) "foo&#60;&#62;"

[0]: <https://www.php.net/manual/en/function.filter-input.php>

Tested-by: <https://github.com/jamesRUS52>
Closes: <https://github.com/nginx/unit/issues/854>
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
H A Dnxt_runtime.cdiff 233:60bb2517a61d Sat Aug 26 10:37:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Added configure and command line option --modules.
/unit/auto/
H A Doptionsdiff 233:60bb2517a61d Sat Aug 26 10:37:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Added configure and command line option --modules.
/unit/
H A Dconfigurediff 233:60bb2517a61d Sat Aug 26 10:37:00 UTC 2017 Igor Sysoev <igor@sysoev.ru> Added configure and command line option --modules.