nginx: fix failure to serve on aliases with regex captures #66532
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yorickvP
force-pushed
the
nginx-etag-fix
branch
from
e0ea75c
to
5702f25
Compare
|
@GrahamcOfBorg test nginx |
7c6f434c
approved these changes
Aug 13, 2019
lukateras
reviewed
Aug 13, 2019
|
Git mv is a shorthand for git add && git rm. It won't help rename
detection. I can split this patch into a change and a rename commit,
though.
…On Tue, Aug 13, 2019, 10:47 Yegor Timoshenko ***@***.***> wrote:
***@***.**** commented on this pull request.
Would be able to review after git mv.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#66532?email_source=notifications&email_token=AAE57JG2N6UGVP3YMPRFQFTQEJYLDA5CNFSM4ILCCUGKYY3PNVWWK3TUL52HS4DFWFIHK3DMKJSXC5LFON2FEZLWNFSXPKTDN5WW2ZLOORPWSZGOCBLQXIY#pullrequestreview-274140067>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAE57JBIDUHTJCUMLUJ2UALQEJYLDANCNFSM4ILCCUGA>
.
|
|
It seems that my choice of file name and format was unfortunate, maybe this could be better off as a diff (instead of a patch) and without Nginx version in the file name? |
aszlig
reviewed
Aug 13, 2019
| ngx_int_t ngx_http_set_content_type(ngx_http_request_t *r); | ||
| void ngx_http_set_exten(ngx_http_request_t *r); | ||
| -ngx_int_t ngx_http_set_etag(ngx_http_request_t *r); | ||
| +ngx_int_t ngx_http_set_etag(ngx_http_request_t *r, ngx_str_t *path); |
There was a problem hiding this comment.
This is a bit unfortunate here, because this changes the API for third-party extension modules.
There was a problem hiding this comment.
Same concern, I don't think we should ever change API of any programs that we patch (i.e. no headers changes).
aszlig
reviewed
Aug 13, 2019
| + | ||
| + if (etag->value.data == NULL) { | ||
| + etag->hash = 0; | ||
| + return NGX_ERROR; |
There was a problem hiding this comment.
Memleak: ngx_free(real);
Addendum: The reason why this could memleak is when real is not NULL but it's not pointing to the Nix store.
aszlig
reviewed
Aug 13, 2019
| + - etag->value.data; | ||
| + } | ||
|
|
||
| r->headers_out.etag = etag; |
aszlig
reviewed
Aug 13, 2019
| + } | ||
| + | ||
| + ngx_memcpy(etag->value.data, ptr1, etag->value.len); | ||
| + ngx_free(real); |
There was a problem hiding this comment.
This isn't needed if you just move it past the else branch below.
aszlig
requested changes
Aug 13, 2019
There was a problem hiding this comment.
As mentioned by @yegortimoshenko, it would probably make sense to just use a plain diff and either keep the versioned name (it still applies on version 1.15.4) or drop it entirely.
Apart from the mentioned memleaks, the API change is something I'd try to avoid as we don't know which external modules people might use.
yorickvP
force-pushed
the
nginx-etag-fix
branch
from
5702f25
to
261f85d
Compare
|
updated: renamed the patch file in separate commits. Fixed API compatibility. Fixed memleaks. |
|
I wonder if it makes sense to allow NULL path and provide the old external API as a wrapper. |
|
@7c6f434c that's what I'm doing now, at least |
7c6f434c
reviewed
Aug 15, 2019
| + | ||
| + if (etag->value.data == NULL) { | ||
| + etag->hash = 0; | ||
| + if (real != NULL) ngx_free(real); |
There was a problem hiding this comment.
In other places you don't do a NULL check (and apparently at least glibc version of free is OK with free(NULL)) — why is this place different?
There was a problem hiding this comment.
I do a NULL check everywhere it could be null, which isn't in the other branch of the if
There was a problem hiding this comment.
ngx_free is just an alias for free of the corresponding C library, from http://www.open-std.org/JTC1/SC22/wg14/www/docs/n1124.pdf section 7.20.3.2:
If ptr is a null pointer, no action occurs.
So we don't need to do explicit checks like this.
7c6f434c
reviewed
Aug 15, 2019
|
|
||
| etag = ngx_list_push(&r->headers_out.headers); | ||
| if (etag == NULL) { | ||
| + ngx_free(real); |
There was a problem hiding this comment.
If you do NULL checks before free, this seems reachable without setting real when path is NULL
|
@yorickvP do you plan to address feedback? |
|
I'd like to see this get more attention/merged. Without it, my nginx config was unable to serve user directories (eg |
|
Yes! I'll try to get to this this week.
Op wo 4 dec. 2019 om 23:12 schreef Casey Ransom <notifications@github.com>:
… I'd like to see this get more attention/merged. Without it, my nginx
config was unable to serve user directories (eg example.com/~user/foo)
which caused some good head scratching for a while until I found the PR.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#66532?email_source=notifications&email_token=AAE57JFND2L6QNZRSJ7LVQTQW7JFRA5CNFSM4ILCCUGKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEF5RPMA#issuecomment-561715120>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE57JFQ6S4WBCILUEWZYQTQW7JFRANCNFSM4ILCCUGA>
.
|
|
+1 on this getting more attention, this breaks my dynamic subdomain setup. I've been able to workaround this by overriding the |
|
@jglukasik: See also #80671. |
dtzWill
pushed a commit
to dtzWill/nixpkgs
that referenced
this pull request
Feb 25, 2020
While our ETag patch works pretty fine if it comes to serving data off store paths, it unfortunately broke something that might be a bit more common, namely when using regexes to extract path components of location directives for example. Recently, @devhell has reported a bug with a nginx location directive like this: location ~^/\~([a-z0-9_]+)(/.*)?$" { alias /home/$1/public_html$2; } While this might look harmless at first glance, it does however cause issues with our ETag patch. The alias directive gets broken up by nginx like this: *2 http script copy: "/home/" *2 http script capture: "foo" *2 http script copy: "/public_html/" *2 http script capture: "bar.txt" In our patch however, we use realpath(3) to get the canonicalised path from ngx_http_core_loc_conf_s.root, which returns the *configured* value from the root or alias directive. So in the example above, realpath(3) boils down to the following syscalls: lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory) During my review[1] of the initial patch, I didn't actually notice that what we're doing here is returning NGX_ERROR if the realpath(3) call fails, which in turn causes an HTTP 500 error. Since our patch actually made the canonicalisation (and thus additional syscalls) necessary, we really shouldn't introduce an additional error so let's - at least for now - silently skip return value if realpath(3) has failed. However since we're using the unaltered root from the config we have another issue, consider this root: /nix/store/...-abcde/$1 Calling realpath(3) on this path will fail (except if there's a file called "$1" of course), so even this fix is not enough because it results in the ETag not being set to the store path hash. While this is very ugly and we should fix this very soon, it's not as serious as getting HTTP 500 errors for serving static files. I added a small NixOS VM test, which uses the example above as a regression test. It seems that my memory is failing these days, since apparently I *knew* about this issue since digging for existing issues in nixpkgs, I found this similar pull request which I even reviewed: NixOS#66532 However, since the comments weren't addressed and the author hasn't responded to the pull request, I decided to keep this very commit and do a follow-up pull request. [1]: NixOS#48337 Signed-off-by: aszlig <aszlig@nix.build> Reported-by: @devhell (cherry picked from commit f6c7635)
aszlig
added a commit
that referenced
this pull request
Mar 28, 2020
While our ETag patch works pretty fine if it comes to serving data off store paths, it unfortunately broke something that might be a bit more common, namely when using regexes to extract path components of location directives for example. Recently, @devhell has reported a bug with a nginx location directive like this: location ~^/\~([a-z0-9_]+)(/.*)?$" { alias /home/$1/public_html$2; } While this might look harmless at first glance, it does however cause issues with our ETag patch. The alias directive gets broken up by nginx like this: *2 http script copy: "/home/" *2 http script capture: "foo" *2 http script copy: "/public_html/" *2 http script capture: "bar.txt" In our patch however, we use realpath(3) to get the canonicalised path from ngx_http_core_loc_conf_s.root, which returns the *configured* value from the root or alias directive. So in the example above, realpath(3) boils down to the following syscalls: lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory) During my review[1] of the initial patch, I didn't actually notice that what we're doing here is returning NGX_ERROR if the realpath(3) call fails, which in turn causes an HTTP 500 error. Since our patch actually made the canonicalisation (and thus additional syscalls) necessary, we really shouldn't introduce an additional error so let's - at least for now - silently skip return value if realpath(3) has failed. However since we're using the unaltered root from the config we have another issue, consider this root: /nix/store/...-abcde/$1 Calling realpath(3) on this path will fail (except if there's a file called "$1" of course), so even this fix is not enough because it results in the ETag not being set to the store path hash. While this is very ugly and we should fix this very soon, it's not as serious as getting HTTP 500 errors for serving static files. I added a small NixOS VM test, which uses the example above as a regression test. It seems that my memory is failing these days, since apparently I *knew* about this issue since digging for existing issues in nixpkgs, I found this similar pull request which I even reviewed: #66532 However, since the comments weren't addressed and the author hasn't responded to the pull request, I decided to keep this very commit and do a follow-up pull request. [1]: #48337 Signed-off-by: aszlig <aszlig@nix.build> Reported-by: @devhell Acked-by: @7c6f434c Acked-by: @yorickvP Merges: #80671 Fixes: #66532 (cherry picked from commit e1d63ad)
aszlig
added a commit
that referenced
this pull request
Mar 28, 2020
While our ETag patch works pretty fine if it comes to serving data off store paths, it unfortunately broke something that might be a bit more common, namely when using regexes to extract path components of location directives for example. Recently, @devhell has reported a bug with a nginx location directive like this: location ~^/\~([a-z0-9_]+)(/.*)?$" { alias /home/$1/public_html$2; } While this might look harmless at first glance, it does however cause issues with our ETag patch. The alias directive gets broken up by nginx like this: *2 http script copy: "/home/" *2 http script capture: "foo" *2 http script copy: "/public_html/" *2 http script capture: "bar.txt" In our patch however, we use realpath(3) to get the canonicalised path from ngx_http_core_loc_conf_s.root, which returns the *configured* value from the root or alias directive. So in the example above, realpath(3) boils down to the following syscalls: lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory) During my review[1] of the initial patch, I didn't actually notice that what we're doing here is returning NGX_ERROR if the realpath(3) call fails, which in turn causes an HTTP 500 error. Since our patch actually made the canonicalisation (and thus additional syscalls) necessary, we really shouldn't introduce an additional error so let's - at least for now - silently skip return value if realpath(3) has failed. However since we're using the unaltered root from the config we have another issue, consider this root: /nix/store/...-abcde/$1 Calling realpath(3) on this path will fail (except if there's a file called "$1" of course), so even this fix is not enough because it results in the ETag not being set to the store path hash. While this is very ugly and we should fix this very soon, it's not as serious as getting HTTP 500 errors for serving static files. I added a small NixOS VM test, which uses the example above as a regression test. It seems that my memory is failing these days, since apparently I *knew* about this issue since digging for existing issues in nixpkgs, I found this similar pull request which I even reviewed: #66532 However, since the comments weren't addressed and the author hasn't responded to the pull request, I decided to keep this very commit and do a follow-up pull request. [1]: #48337 Signed-off-by: aszlig <aszlig@nix.build> Reported-by: @devhell Acked-by: @7c6f434c Acked-by: @yorickvP Merges: #80671 Fixes: #66532 (cherry picked from commit e1d63ad)
stigok
pushed a commit
to stigok/nixpkgs
that referenced
this pull request
Jun 12, 2020
While our ETag patch works pretty fine if it comes to serving data off store paths, it unfortunately broke something that might be a bit more common, namely when using regexes to extract path components of location directives for example. Recently, @devhell has reported a bug with a nginx location directive like this: location ~^/\~([a-z0-9_]+)(/.*)?$" { alias /home/$1/public_html$2; } While this might look harmless at first glance, it does however cause issues with our ETag patch. The alias directive gets broken up by nginx like this: *2 http script copy: "/home/" *2 http script capture: "foo" *2 http script copy: "/public_html/" *2 http script capture: "bar.txt" In our patch however, we use realpath(3) to get the canonicalised path from ngx_http_core_loc_conf_s.root, which returns the *configured* value from the root or alias directive. So in the example above, realpath(3) boils down to the following syscalls: lstat("/home", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat("/home/$1", 0x7ffd08da6f60) = -1 ENOENT (No such file or directory) During my review[1] of the initial patch, I didn't actually notice that what we're doing here is returning NGX_ERROR if the realpath(3) call fails, which in turn causes an HTTP 500 error. Since our patch actually made the canonicalisation (and thus additional syscalls) necessary, we really shouldn't introduce an additional error so let's - at least for now - silently skip return value if realpath(3) has failed. However since we're using the unaltered root from the config we have another issue, consider this root: /nix/store/...-abcde/$1 Calling realpath(3) on this path will fail (except if there's a file called "$1" of course), so even this fix is not enough because it results in the ETag not being set to the store path hash. While this is very ugly and we should fix this very soon, it's not as serious as getting HTTP 500 errors for serving static files. I added a small NixOS VM test, which uses the example above as a regression test. It seems that my memory is failing these days, since apparently I *knew* about this issue since digging for existing issues in nixpkgs, I found this similar pull request which I even reviewed: NixOS#66532 However, since the comments weren't addressed and the author hasn't responded to the pull request, I decided to keep this very commit and do a follow-up pull request. [1]: NixOS#48337 Signed-off-by: aszlig <aszlig@nix.build> Reported-by: @devhell Acked-by: @7c6f434c Acked-by: @yorickvP Merges: NixOS#80671 Fixes: NixOS#66532 (cherry picked from commit e1d63ad)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
It turns out the previous patch did not take in consideration that you could do
alias a/$1/b. This meansrealpathwould returnNULLon this and nginx would return a 500 error instead.Things done
This PR does the following:
realpathreturnsNULLsandboxinnix.confon non-NixOS)nix-shell -p nix-review --run "nix-review wip"./result/bin/)nix path-info -Sbefore and after)Notify maintainers
cc @edef1c @yegortimoshenko @aszlig @grahamc @domenkozar