Changes with nginx 1.1.17 15 Mar 2012

*) Security: content of previously freed memory might be sent to a
client if backend returned specially crafted response.
Thanks to Matthew Daley.

*) Bugfix: in the embedded perl module if used from SSI.
Thanks to Matthew Daley.

*) Bugfix: in the ngx_http_uwsgi_module.

Author: NGINX team

CHANGES

@@ -1,11 +1,23 @@
 
+Changes with nginx 1.1.17                                        15 Mar 2012
+
+    *) Security: content of previously freed memory might be sent to a
+       client if backend returned specially crafted response.
+       Thanks to Matthew Daley.
+
+    *) Bugfix: in the embedded perl module if used from SSI.
+       Thanks to Matthew Daley.
+
+    *) Bugfix: in the ngx_http_uwsgi_module.
+
+
 Changes with nginx 1.1.16                                        29 Feb 2012
 
     *) Change: the simultaneous subrequest limit has been raised to 200.
 
     *) Feature: the "from" parameter of the "disable_symlinks" directive.
 
-    *) Feature: the "return" and "error_page" directives can be used to
+    *) Feature: the "return" and "error_page" directives can now be used to
        return 307 redirections.
 
     *) Bugfix: a segmentation fault might occur in a worker process if the
@@ -45,13 +57,14 @@ Changes with nginx 1.1.15                                        15 Feb 2012
     *) Bugfix: nginx could not be built with the ngx_http_perl_module if the
        --with-openssl option was used.
 
-    *) Bugfix: internal redirects to named locations were not limited.
+    *) Bugfix: the number of internal redirects to named locations was not
+       limited.
 
     *) Bugfix: calling $r->flush() multiple times might cause errors in the
        ngx_http_gzip_filter_module.
 
     *) Bugfix: temporary files might be not removed if the "proxy_store"
-       directive were used with SSI includes.
+       directive was used with SSI includes.
 
     *) Bugfix: in some cases non-cacheable variables (such as the $args
        variable) returned old empty cached value.
@@ -72,8 +85,8 @@ Changes with nginx 1.1.14                                        30 Jan 2012
 
     *) Bugfix: in the OpenSSL library initialization.
 
-    *) Bugfix: the "proxy_redirect" directives might not be correctly
-       inherited.
+    *) Bugfix: the "proxy_redirect" directives might be inherited
+       incorrectly.
 
     *) Bugfix: memory leak during reconfiguration if the "pcre_jit"
        directive was used.

CHANGES.ru

@@ -1,4 +1,16 @@
 
+Изменения в nginx 1.1.17                                          15.03.2012
+
+    *) Безопасность: содержимое ранее освобождённой памяти могло быть
+       отправлено клиенту, если бэкенд возвращал специально созданный ответ.
+       Спасибо Matthew Daley.
+
+    *) Исправление: при использовании встроенного перла из SSI.
+       Спасибо Matthew Daley.
+
+    *) Исправление: в модуле ngx_http_uwsgi_module.
+
+
 Изменения в nginx 1.1.16                                          29.02.2012
 
     *) Изменение: ограничение на количество одновременных подзапросов

man/nginx.8

@@ -25,33 +25,30 @@
 .\" SUCH DAMAGE.
 .\"
 .\"
-.Dd August 10, 2011
+.Dd March 6, 2012
 .Dt NGINX 8
 .Os
 .Sh NAME
 .Nm nginx
 .Nd "HTTP and reverse proxy server, mail proxy server"
 .Sh SYNOPSIS
 .Nm
-.Op Fl hqtvV?
+.Op Fl ?hqtVv
 .Op Fl c Ar file
 .Op Fl g Ar directives
 .Op Fl p Ar prefix
 .Op Fl s Ar signal
 .Sh DESCRIPTION
-The
 .Nm
-(spelled
+(pronounced
 .Dq engine x )
 is an HTTP and reverse proxy server, as well as a mail proxy server.
-The
-.Nm
-is known for its high performance, stability, rich feature set, simple
+It is known for its high performance, stability, rich feature set, simple
 configuration, and low resource consumption.
 .Pp
 The options are as follows:
 .Bl -tag -width ".Fl d Ar directives"
-.It Fl ?\& | h
+.It Fl ?\& , h
 Print help.
 .It Fl c Ar file
 Use an alternative configuration
@@ -62,20 +59,20 @@ See
 .Sx EXAMPLES
 for details.
 .It Fl p Ar prefix
-Set prefix path.
-Default value is
+Set the prefix path.
+The default value is
 .Pa %%PREFIX%% .
 .It Fl q
 Suppress non-error messages during configuration testing.
 .It Fl s Ar signal
-Send signal to the master process.
+Send a signal to the master process.
 The argument
 .Ar signal
 can be one of:
 .Cm stop , quit , reopen , reload .
-The following table shows the corresponding system signals.
+The following table shows the corresponding system signals:
 .Pp
-.Bl -tag -width ".It Cm reopen" -compact
+.Bl -tag -width ".Cm reopen" -compact
 .It Cm stop
 .Dv SIGTERM
 .It Cm quit
@@ -86,49 +83,48 @@ The following table shows the corresponding system signals.
 .Dv SIGHUP
 .El
 .It Fl t
-Don't run, just test the configuration file.
-The
+Do not run, just test the configuration file.
 .Nm
-checks configuration for correct syntax and then tries to open files
-referred in configuration.
-.It Fl v
-Print
-.Nm
-version.
+checks the configuration file syntax and then tries to open files
+referenced in the configuration file.
 .It Fl V
-Print
+Print the
 .Nm
-version, compiler version and
+version, compiler version, and
 .Pa configure
 script parameters.
+.It Fl v
+Print the
+.Nm
+version.
 .El
 .Sh SIGNALS
 The master process of
 .Nm
-can handle the following signals.
+can handle the following signals:
 .Pp
-.Bl -tag -width ".It Dv SIGINT , SIGTERM" -compact
+.Bl -tag -width ".Dv SIGINT , SIGTERM" -compact
 .It Dv SIGINT , SIGTERM
 Shut down quickly.
 .It Dv SIGHUP
 Reload configuration, start the new worker process with a new
-configuration, gracefully shut down old worker processes.
+configuration, and gracefully shut down old worker processes.
 .It Dv SIGQUIT
 Shut down gracefully.
 .It Dv SIGUSR1
 Reopen log files.
 .It Dv SIGUSR2
-Upgrade
+Upgrade the
 .Nm
 executable on the fly.
 .It Dv SIGWINCH
-Shut down gracefully worker processes.
+Shut down worker processes gracefully.
 .El
 .Pp
-While there's no need to explicitly control worker processes normally,
-they support some signals, too:
+While there is no need to explicitly control worker processes normally,
+they support some signals too:
 .Pp
-.Bl -tag -width ".It Dv SIGINT , SIGTERM" -compact
+.Bl -tag -width ".Dv SIGINT , SIGTERM" -compact
 .It Dv SIGTERM
 Shut down quickly.
 .It Dv SIGQUIT
@@ -150,40 +146,44 @@ level of the
 .Pp
 .Dl "error_log /path/to/log debug;"
 .Pp
-It is also possible to enable the debugging for some IP address:
+It is also possible to enable the debugging for a particular IP address:
 .Bd -literal -offset indent
 events {
 	debug_connection 127.0.0.1;
 }
 .Ed
+.Sh ENVIRONMENT
+The
+.Ev NGINX
+environment variable is used internally by
+.Nm
+and should not be set directly by the user.
 .Sh FILES
-.Bl -tag -width indent -compact
+.Bl -tag -width indent
 .It Pa %%PID_PATH%%
-Contains the process ID of the
-.Nm
-listening for connections.
-The content of this file is not sensitive; it can be world-readable.
+Contains the process ID of
+.Nm .
+The contents of this file are not sensitive, so it can be world-readable.
 .It Pa %%CONF_PATH%%
-Main configuration file.
+The main configuration file.
 .It Pa %%ERROR_LOG_PATH%%
 Error log file.
 .El
 .Sh EXIT STATUS
 Exit status is 0 on success, or 1 if the command fails.
 .Sh EXAMPLES
-.Bd -literal
-nginx -t -c ~/mynginx.conf -g "pid /var/run/mynginx.pid; worker_processes 2;"
-.Ed
 Test configuration file
 .Pa ~/mynginx.conf
-with global directives for PID and quantity of worker processes.
+with global directives for PID and quantity of worker processes:
+.Bd -literal -offset indent
+nginx -t -c ~/mynginx.conf \e
+	-g "pid /var/run/mynginx.pid; worker_processes 2;"
+.Ed
 .Sh SEE ALSO
 .\"Xr nginx.conf 5
 .\"Pp
 Documentation at
-.Pa http://nginx.org/
-and
-.Pa http://sysoev.ru/nginx/ .
+.Pa http://nginx.org/en/docs/ .
 .Pp
 For questions and technical support, please refer to
 .Pa http://nginx.org/en/support.html .
@@ -193,10 +193,10 @@ Development of
 started in 2002, with the first public release on October 4, 2004.
 .Sh AUTHORS
 .An -nosplit
-.An Igor Sysoev Aq igor@sysoev.ru
+.An Igor Sysoev Aq igor@sysoev.ru .
 .Pp
-This manual page was written by
+This manual page was originally written by
 .An Sergey A. Osokin Aq osa@FreeBSD.org.ru
-as a result of compilation of many
+as a result of compiling many
 .Nm
-documents all over the world.
+documents from all over the world.

src/core/nginx.h

@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1001016
-#define NGINX_VERSION      "1.1.16"
+#define nginx_version      1001017
+#define NGINX_VERSION      "1.1.17"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"

src/core/ngx_connection.c

@@ -514,7 +514,7 @@ ngx_configure_listening_sockets(ngx_cycle_t *cycle)
             }
         }
 
-#if (NGX_HAVE_KEEPALIVE_TUNABLE) 
+#if (NGX_HAVE_KEEPALIVE_TUNABLE)
 
         if (ls[i].keepidle) {
             if (setsockopt(ls[i].fd, IPPROTO_TCP, TCP_KEEPIDLE,

src/event/ngx_event_openssl.c

@@ -478,6 +478,7 @@ ngx_ssl_dhparam(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *file)
     return NGX_OK;
 }
 
+
 ngx_int_t
 ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
 {
@@ -518,6 +519,7 @@ ngx_ssl_ecdh_curve(ngx_conf_t *cf, ngx_ssl_t *ssl, ngx_str_t *name)
     return NGX_OK;
 }
 
+
 ngx_int_t
 ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
 {

src/http/modules/ngx_http_fastcgi_module.c

@@ -1501,10 +1501,10 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
                     h->lowcase_key = h->key.data + h->key.len + 1
                                      + h->value.len + 1;
 
-                    ngx_cpystrn(h->key.data, r->header_name_start,
-                                h->key.len + 1);
-                    ngx_cpystrn(h->value.data, r->header_start,
-                                h->value.len + 1);
+                    ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
+                    h->key.data[h->key.len] = '\0';
+                    ngx_memcpy(h->value.data, r->header_start, h->value.len);
+                    h->value.data[h->value.len] = '\0';
                 }
 
                 h->hash = r->header_hash;
@@ -2432,7 +2432,8 @@ ngx_http_fastcgi_merge_params(ngx_conf_t *cf,
 
         if (prev->headers_hash.buckets
 #if (NGX_HTTP_CACHE)
-            && ((conf->upstream.cache == NULL) == (prev->upstream.cache == NULL))
+            && ((conf->upstream.cache == NULL)
+                == (prev->upstream.cache == NULL))
 #endif
            )
         {

src/http/modules/ngx_http_proxy_module.c

@@ -1381,8 +1381,10 @@ ngx_http_proxy_process_header(ngx_http_request_t *r)
             h->value.data = h->key.data + h->key.len + 1;
             h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;
 
-            ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1);
-            ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1);
+            ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
+            h->key.data[h->key.len] = '\0';
+            ngx_memcpy(h->value.data, r->header_start, h->value.len);
+            h->value.data[h->value.len] = '\0';
 
             if (h->key.len == r->lowcase_index) {
                 ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);

src/http/modules/ngx_http_scgi_module.c

@@ -941,8 +941,10 @@ ngx_http_scgi_process_header(ngx_http_request_t *r)
             h->value.data = h->key.data + h->key.len + 1;
             h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;
 
-            ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1);
-            ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1);
+            ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
+            h->key.data[h->key.len] = '\0';
+            ngx_memcpy(h->value.data, r->header_start, h->value.len);
+            h->value.data[h->value.len] = '\0';
 
             if (h->key.len == r->lowcase_index) {
                 ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);
@@ -1384,7 +1386,8 @@ ngx_http_scgi_merge_params(ngx_conf_t *cf, ngx_http_scgi_loc_conf_t *conf,
 
         if (prev->headers_hash.buckets
 #if (NGX_HTTP_CACHE)
-            && ((conf->upstream.cache == NULL) == (prev->upstream.cache == NULL))
+            && ((conf->upstream.cache == NULL)
+                == (prev->upstream.cache == NULL))
 #endif
            )
         {