Merge branch 'nginx:master' into master

.github/workflows/cifuzz.yml

@@ -0,0 +1,41 @@
+name: CIFuzz
+on:
+  pull_request:
+    paths:
+      - 'src/**'
+      - 'fuzzing/**'
+      - '.github/workflows/cifuzz.yml'
+
+permissions: {}
+jobs:
+  Fuzzing:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+    - name: Build Fuzzers
+      id: build
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'unit'
+        language: c
+    - name: Run Fuzzers
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      with:
+        oss-fuzz-project-name: 'unit'
+        language: c
+        fuzz-seconds: 300
+        output-sarif: true
+    - name: Upload Crash
+      uses: actions/upload-artifact@v3
+      if: failure() && steps.build.outcome == 'success'
+      with:
+        name: artifacts
+        path: ./out/artifacts
+    - name: Upload Sarif
+      if: always() && steps.build.outcome == 'success'
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        # Path to SARIF file relative to the root of the repository
+        sarif_file: cifuzz-sarif/results.sarif
+        checkout_path: cifuzz-sarif

fuzzing/README.md

@@ -43,11 +43,11 @@ $ mkdir -p build/fuzz_http_h1p_seed
 $ mkdir -p build/fuzz_http_h1p_peer_seed
 $ mkdir -p build/fuzz_json_seed
 
-$ ./build/fuzz_basic            build/fuzz_basic_seed            src/fuzz/fuzz_basic_seed_corpus
-$ ./build/fuzz_http_controller  build/fuzz_http_controller_seed  src/fuzz/fuzz_http_controller_seed_corpus
-$ ./build/fuzz_http_h1p         build/fuzz_http_h1p_seed         src/fuzz/fuzz_http_h1p_seed_corpus
-$ ./build/fuzz_http_h1p_peer    build/fuzz_http_h1p_peer_seed    src/fuzz/fuzz_http_h1p_peer_seed_corpus
-$ ./build/fuzz_json             build/fuzz_json_seed             src/fuzz/fuzz_json_seed_corpus
+$ ./build/fuzz_basic            build/fuzz_basic_seed            fuzzing/fuzz_basic_seed_corpus
+$ ./build/fuzz_http_controller  build/fuzz_http_controller_seed  fuzzing/fuzz_http_seed_corpus
+$ ./build/fuzz_http_h1p         build/fuzz_http_h1p_seed         fuzzing/fuzz_http_seed_corpus
+$ ./build/fuzz_http_h1p_peer    build/fuzz_http_h1p_peer_seed    fuzzing/fuzz_http_seed_corpus
+$ ./build/fuzz_json             build/fuzz_json_seed             fuzzing/fuzz_json_seed_corpus
 ```
 
 Here is more information about [LibFuzzer](https://llvm.org/docs/LibFuzzer.html).

fuzzing/build-fuzz.sh

@@ -16,5 +16,5 @@ mkdir -p build/fuzz_http_h1p_peer_seed
 mkdir -p build/fuzz_json_seed
 
 echo ""
-echo "Run: ./build/\${fuzzer} build/\${fuzzer}_seed src/fuzz/\${fuzzer}_seed_corpus"
+echo "Run: ./build/\${fuzzer} build/\${fuzzer}_seed fuzzing/\${fuzzer}_seed_corpus"
 echo ""

fuzzing/nxt_http_controller_fuzz.c

@@ -76,6 +76,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         goto failed;
     }
 
+    r_controller->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t));
+    if (r_controller->conn == NULL) {
+        goto failed;
+    }
+
+    nxt_main_log.level = NXT_LOG_ALERT;
+    r_controller->conn->log = nxt_main_log;
+
     nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash,
                             r_controller);
 

fuzzing/nxt_http_h1p_fuzz.c

@@ -75,6 +75,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         goto failed;
     }
 
+    r_h1p->mem_pool = mp;
+
     nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, r_h1p);
 
 failed:

fuzzing/nxt_json_fuzz.c

@@ -4,7 +4,7 @@
 
 #include <nxt_main.h>
 #include <nxt_conf.h>
-
+#include <nxt_router.h>
 
 #define KMININPUTLENGTH 2
 #define KMAXINPUTLENGTH 1024
@@ -33,18 +33,30 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     nxt_mp_t               *mp;
     nxt_str_t              input;
+    nxt_thread_t           *thr;
+    nxt_runtime_t          *rt;
     nxt_conf_value_t       *conf;
     nxt_conf_validation_t  vldt;
 
     if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) {
         return 0;
     }
 
+    thr = nxt_thread();
+
     mp = nxt_mp_create(1024, 128, 256, 32);
     if (mp == NULL) {
         return 0;
     }
 
+    rt = nxt_mp_zget(mp, sizeof(nxt_runtime_t));
+    if (rt == NULL) {
+        goto failed;
+    }
+
+    thr->runtime = rt;
+    rt->mem_pool = mp;
+
     input.start = (u_char *)data;
     input.length = size;
 
@@ -64,6 +76,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     vldt.conf_pool = mp;
     vldt.ver = NXT_VERNUM;
 
+    rt->languages = nxt_array_create(mp, 1, sizeof(nxt_app_lang_module_t));
+    if (rt->languages == NULL) {
+        goto failed;
+    }
+
     nxt_conf_validate(&vldt);
 
     nxt_mp_destroy(vldt.pool);

src/nxt_application.c

@@ -32,6 +32,7 @@
 
 typedef struct {
     nxt_app_type_t  type;
+    nxt_str_t       name;
     nxt_str_t       version;
     nxt_str_t       file;
     nxt_array_t     *mounts;
@@ -257,12 +258,14 @@ nxt_discovery_modules(nxt_task_t *task, const char *path)
                   module[i].type, &module[i].version, &module[i].file);
 
         size += nxt_length("{\"type\": ,");
+        size += nxt_length(" \"name\": \"\",");
         size += nxt_length(" \"version\": \"\",");
         size += nxt_length(" \"file\": \"\",");
         size += nxt_length(" \"mounts\": []},");
 
         size += NXT_INT_T_LEN
                 + module[i].version.length
+                + module[i].name.length
                 + module[i].file.length;
 
         mounts = module[i].mounts;
@@ -294,9 +297,10 @@ nxt_discovery_modules(nxt_task_t *task, const char *path)
     for (i = 0; i < n; i++) {
         mounts = module[i].mounts;
 
-        p = nxt_sprintf(p, end, "{\"type\": %d, \"version\": \"%V\", "
-                        "\"file\": \"%V\", \"mounts\": [",
-                        module[i].type, &module[i].version, &module[i].file);
+        p = nxt_sprintf(p, end, "{\"type\": %d, \"name\": \"%V\", "
+                        "\"version\": \"%V\", \"file\": \"%V\", \"mounts\": [",
+                        module[i].type, &module[i].name, &module[i].version,
+                        &module[i].file);
 
         mnt = mounts->elts;
         for (j = 0; j < mounts->nelts; j++) {
@@ -412,6 +416,11 @@ nxt_discovery_module(nxt_task_t *task, nxt_mp_t *mp, nxt_array_t *modules,
             goto fail;
         }
 
+        nxt_str_dup(mp, &module->name, &app->type);
+        if (module->name.start == NULL) {
+            goto fail;
+        }
+
         module->file.length = nxt_strlen(name);
 
         module->file.start = nxt_mp_alloc(mp, module->file.length);

src/nxt_application.h

@@ -35,6 +35,7 @@ typedef nxt_int_t (*nxt_application_setup_t)(nxt_task_t *task,
 
 typedef struct {
     nxt_app_type_t            type;
+    char                      *name;
     u_char                    *version;
     char                      *file;
     nxt_app_module_t          *module;

src/nxt_buf.h

@@ -13,7 +13,7 @@
  * should be allocated by appropriate nxt_buf_XXX_alloc() function.
  *
  * 1) Memory-only buffers, their size is less than nxt_buf_t size, it
- *    is equal to offsetof(nxt_buf_t, file_pos), that is it is nxt_buf_t
+ *    is equal to offsetof(nxt_buf_t, file), that is it is nxt_buf_t
  *    without file and mmap part.  The buffers are frequently used, so
  *    the reduction allows to save 20-32 bytes depending on platform.
  *

src/nxt_main_process.c

@@ -1354,6 +1354,12 @@ static nxt_conf_map_t  nxt_app_lang_module_map[] = {
         offsetof(nxt_app_lang_module_t, type),
     },
 
+    {
+        nxt_string("name"),
+        NXT_CONF_MAP_CSTRZ,
+        offsetof(nxt_app_lang_module_t, name),
+    },
+
     {
         nxt_string("version"),
         NXT_CONF_MAP_CSTRZ,

src/nxt_status.c

@@ -6,40 +6,131 @@
 #include <nxt_main.h>
 #include <nxt_conf.h>
 #include <nxt_status.h>
+#include <nxt_application.h>
 
 
 nxt_conf_value_t *
 nxt_status_get(nxt_status_report_t *report, nxt_mp_t *mp)
 {
-    size_t            i;
-    nxt_str_t         name;
-    nxt_int_t         ret;
-    nxt_status_app_t  *app;
-    nxt_conf_value_t  *status, *obj, *apps, *app_obj;
-
-    static nxt_str_t conns_str = nxt_string("connections");
-    static nxt_str_t acc_str = nxt_string("accepted");
-    static nxt_str_t active_str = nxt_string("active");
-    static nxt_str_t idle_str = nxt_string("idle");
-    static nxt_str_t closed_str = nxt_string("closed");
-    static nxt_str_t reqs_str = nxt_string("requests");
-    static nxt_str_t total_str = nxt_string("total");
-    static nxt_str_t apps_str = nxt_string("applications");
-    static nxt_str_t procs_str = nxt_string("processes");
-    static nxt_str_t run_str = nxt_string("running");
-    static nxt_str_t start_str = nxt_string("starting");
-
-    status = nxt_conf_create_object(mp, 3);
+    size_t                 i, nr_langs;
+    uint16_t               lang_cnts[NXT_APP_UNKNOWN] = { 1 };
+    uint32_t               idx = 0;
+    nxt_str_t              name;
+    nxt_int_t              ret;
+    nxt_array_t            *langs;
+    nxt_thread_t           *thr;
+    nxt_app_type_t         type, prev_type;
+    nxt_status_app_t       *app;
+    nxt_conf_value_t       *status, *obj, *mods, *apps, *app_obj, *mod_obj;
+    nxt_app_lang_module_t  *modules;
+
+    static const nxt_str_t  modules_str = nxt_string("modules");
+    static const nxt_str_t  version_str = nxt_string("version");
+    static const nxt_str_t  lib_str = nxt_string("lib");
+    static const nxt_str_t  conns_str = nxt_string("connections");
+    static const nxt_str_t  acc_str = nxt_string("accepted");
+    static const nxt_str_t  active_str = nxt_string("active");
+    static const nxt_str_t  idle_str = nxt_string("idle");
+    static const nxt_str_t  closed_str = nxt_string("closed");
+    static const nxt_str_t  reqs_str = nxt_string("requests");
+    static const nxt_str_t  total_str = nxt_string("total");
+    static const nxt_str_t  apps_str = nxt_string("applications");
+    static const nxt_str_t  procs_str = nxt_string("processes");
+    static const nxt_str_t  run_str = nxt_string("running");
+    static const nxt_str_t  start_str = nxt_string("starting");
+
+    status = nxt_conf_create_object(mp, 4);
     if (nxt_slow_path(status == NULL)) {
         return NULL;
     }
 
+    thr = nxt_thread();
+    langs = thr->runtime->languages;
+
+    modules = langs->elts;
+    /*
+     * We need to count the number of unique languages to correctly
+     * allocate the below mods object.
+     *
+     * We also need to count how many of each language.
+     *
+     * Start by skipping past NXT_APP_EXTERNAL which is always the
+     * first entry.
+     */
+    for (i = 1, nr_langs = 0, prev_type = NXT_APP_UNKNOWN; i < langs->nelts;
+         i++)
+    {
+        type = modules[i].type;
+
+        lang_cnts[type]++;
+
+        if (type == prev_type) {
+            continue;
+        }
+
+        nr_langs++;
+        prev_type = type;
+    }
+
+    mods = nxt_conf_create_object(mp, nr_langs);
+    if (nxt_slow_path(mods == NULL)) {
+        return NULL;
+    }
+
+    nxt_conf_set_member(status, &modules_str, mods, idx++);
+
+    i = 1;
+    obj = mod_obj = NULL;
+    prev_type = NXT_APP_UNKNOWN;
+    for (size_t l = 0, a = 0; i < langs->nelts; i++) {
+        nxt_str_t  item, mod_name;
+
+        type = modules[i].type;
+        if (type != prev_type) {
+            a = 0;
+
+            if (lang_cnts[type] == 1) {
+                mod_obj = nxt_conf_create_object(mp, 2);
+                obj = mod_obj;
+            } else {
+                mod_obj = nxt_conf_create_array(mp, lang_cnts[type]);
+            }
+
+            if (nxt_slow_path(mod_obj == NULL)) {
+                return NULL;
+            }
+
+            mod_name.start = (u_char *)modules[i].name;
+            mod_name.length = strlen(modules[i].name);
+            nxt_conf_set_member(mods, &mod_name, mod_obj, l++);
+        }
+
+        if (lang_cnts[type] > 1) {
+            obj = nxt_conf_create_object(mp, 2);
+            if (nxt_slow_path(obj == NULL)) {
+                return NULL;
+            }
+
+            nxt_conf_set_element(mod_obj, a++, obj);
+        }
+
+        item.start = modules[i].version;
+        item.length = nxt_strlen(modules[i].version);
+        nxt_conf_set_member_string(obj, &version_str, &item, 0);
+
+        item.start = (u_char *)modules[i].file;
+        item.length = strlen(modules[i].file);
+        nxt_conf_set_member_string(obj, &lib_str, &item, 1);
+
+        prev_type = type;
+    }
+
     obj = nxt_conf_create_object(mp, 4);
     if (nxt_slow_path(obj == NULL)) {
         return NULL;
     }
 
-    nxt_conf_set_member(status, &conns_str, obj, 0);
+    nxt_conf_set_member(status, &conns_str, obj, idx++);
 
     nxt_conf_set_member_integer(obj, &acc_str, report->accepted_conns, 0);
     nxt_conf_set_member_integer(obj, &active_str, report->accepted_conns
@@ -53,7 +144,7 @@ nxt_status_get(nxt_status_report_t *report, nxt_mp_t *mp)
         return NULL;
     }
 
-    nxt_conf_set_member(status, &reqs_str, obj, 1);
+    nxt_conf_set_member(status, &reqs_str, obj, idx++);
 
     nxt_conf_set_member_integer(obj, &total_str, report->requests, 0);
 
@@ -62,7 +153,7 @@ nxt_status_get(nxt_status_report_t *report, nxt_mp_t *mp)
         return NULL;
     }
 
-    nxt_conf_set_member(status, &apps_str, apps, 2);
+    nxt_conf_set_member(status, &apps_str, apps, idx++);
 
     for (i = 0; i < report->apps_count; i++) {
         app = &report->apps[i];