Hello world samples ? #8

maxired · 2017-09-07T11:11:00Z

Hey,

this project looks very promising, but I got hard time trying to understand what you expect an application to look like.

Is there a place where I could find hello world application for the different supported language?

defanator · 2017-09-07T11:13:46Z

@maxired you can find "hello world" examples for PHP, Python and Go in pre-compiled packages:
http://unit.nginx.org/docs-installation.html#precompiled-packages

(Also, we're going to add package sources to this repo as well.)

maxired · 2017-09-07T11:29:04Z

@defanator thanks.
so from what I could read in examples files of http://nginx.org/packages/mainline/ubuntu/pool/nginx/u/unit/unit_0.1-1~xenial_amd64.deb

For php : just write regular php that would be executed on any webserver

For python: use wsgi for now. Here Hello world from wikipedia :

def application(environ, start_response):
    start_response('200 OK', [('Content-Type', 'text/plain')])
    yield 'Hello World\n'

For go: this is a different story. you should write an app, creating a net/http server, and bind it with unit.ListenAndServe("8000", nil) . Does this port value mean anything ?

defanator · 2017-09-07T12:08:47Z

@maxired no, in case of plugging Go app into unit you may use any address/port there. In order to build and test "hello world" Go app from examples provided in the package, please do the following:

# sudo apt-get install unit-dev
# go build -o /tmp/go-app /usr/share/doc/unit/examples/go-app/let-my-people.go
# sudo service unitd restoreconfig /usr/share/doc/unit/examples/example.config
# curl http://localhost:8500/foo/bar/
Method : GET
URL    : /foo/bar/
Host   : localhost:8500

Jim-Lin · 2017-09-08T06:33:41Z

Hi @maxired

If the Go application is executed directly, the unit module will fall back to the http module. If the Go application is launched by Unit, it will communicate with the Unit router via shared memory.

from http://unit.nginx.org/docs-installation.html#source-code

docteurklein · 2017-09-12T09:01:13Z

yould you have an example application for php as well?

maxired · 2017-09-12T09:48:35Z

@docteurklein, looks like you can't just write any php code as you would with apache or any other php cgi.

for example the sample in the repo is

<?php phpinfo(); ?>

igorsysoev · 2017-09-12T10:49:17Z

On 12 Sep 2017, at 12:48, Maxence Dalmais ***@***.***> wrote: @docteurklein, looks like you can't just write any php code as you would with apache or any other php cgi.

No. You should be able to run any existent PHP code without changes.

…

-- Igor Sysoev http://nginx.com

docteurklein · 2017-09-12T11:19:22Z

I can confirm it starts working on my legacy app.
here is a working config for symfony:

{
    "listeners": {
        "*:8300": {
            "application": "api"
        }
    },
    "applications": {
        "api": {
            "type": "php",
            "workers": 20,
            "root": "/usr/src/app/web",
            "index": "app.php",
            "script": "app.php"
        }
    }
}

on debian, the php.ini is located at /etc/php/7.0/embed/php.ini

centminmod · 2017-09-28T04:33:38Z

Would love to see a official list of usage examples of Nginx Unit submitted by users especially for python and go apps which I am not that familiar with.

rpv-tomsk · 2018-02-10T05:14:05Z

Example is also needed for recently-added Perl support.

Thanks!

defanator · 2018-02-10T07:39:37Z

@rpv-tomsk here they are:

https://github.com/nginx/unit/blob/master/pkg/deb/debian.module/unit.example-perl-config
https://github.com/nginx/unit/blob/master/pkg/deb/debian.module/unit.example-perl-app

VBart · 2018-02-10T13:22:03Z

@rpv-tomsk there's one in the blog post: https://www.nginx.com/blog/unit-0-6-beta-release-available-now/

lth2015 · 2018-05-28T16:02:35Z

@defanator @maxired
when I use these command, it doesn't work:

# yum install unit-devel 
# go build -o /tmp/go-app /usr/share/doc/unit/examples/go-app/let-my-people.go
# sudo service unitd restoreconfig /usr/share/doc/unit/examples/example.config

{
	"success": "Reconfiguration done."
}

curl http://localhost:8500/foo/bar/
Read header timeout

Golang example doesn't work in my centos7 system, can you help me?

My compiled unitd verson:

#unitd version
unit version: 0.1
configured as ./configure --prefix=/usr --modules=/usr/lib64/unit/modules --control=unix:/var/run/control.unit.sock --pid=/var/run/unitd.pid --log=/var/log/unitd.log --debug --tests

lth2015 · 2018-05-30T07:03:33Z

My problem is: Unit binary version and Unit source code version is not same, details in here: #126.

ghost · 2018-06-21T15:17:14Z

@defanator - would it be possible to get a POST example, ideally in Perl? thanks.

sysdef · 2018-06-21T15:42:36Z

@DAC88

should work like that:

app.psgi

package APP;

use 5.24.0;
use strict;
use warnings;

use Data::Dumper;

my $app = sub {

  my $env = shift;

  warn( Dumper($env) );

  my $method = $env->{'REQUEST_METHOD'};
  my $uri    = $env->{'REQUEST_URI'};

  my $input;
  if ( $method eq 'POST' ) {
    $env->{'psgi.input'}->read( $input, 5000 );
  }

  # POST -> /ping
  if ( $method.$uri eq 'POST/ping' ) {
    return [
      '200',
      [ 'Content-Type' => 'text/plain' ],
      [ "Hello World!\nPOST:\n" . $input . "\nENV:\n" . Dumper($env) ],
    ];
  }

};

1;

ghost · 2018-06-22T08:20:46Z

@sysdef - much appreciated.

gkapad · 2019-06-19T01:25:52Z

Asimple php/html page :

<!DOCTYPE html>
<link rel="stylesheet" type="text/css" href="/index.css">
<?php echo "Hello, "; ?>
<span class="red">app1</span>
<pre><?php print_r($_SERVER); ?>
</pre>

this kind of php code dont work. cuse 'index.css' is fetched as
Content-type:text/html
so the browser dont apply it.
I do something wrong, or this is normal fot unit ???

----- index.css:
.red{ color:red;}

VBart · 2019-06-19T10:44:40Z

@gkapad It's not related to php code. Similar to php-fpm, Unit doesn't serve static files. Currently, you need to put static files to CDN or use nginx to serve them.

dbuelow · 2020-06-22T14:23:31Z

Static file support is available since v1.11.0. See documentation for configuration and a lot of examples.

@VBart: could be closed, right?

VBart · 2021-09-24T15:48:52Z

The "Hello world" samples in all supported languages are available here: https://unit.nginx.org/howto/samples/

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with header value types of T_STRING & T_NIL we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", nil, "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <nginx#974> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with header value types of T_STRING & T_NIL we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", nil, "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <nginx#974> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with header value types of T_STRING & T_NIL we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", nil, "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <nginx#974> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with header value types of T_STRING & T_NIL we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", nil, "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <nginx#974> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with a header value type of T_STRING we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", "", "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <nginx#974> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with a header value type of T_STRING we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", "", "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <nginx#974> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with a header value type of T_STRING we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", "", "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <nginx#974> Link: <nginx#998> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 nginx#1 0x102598ad0 in njs_value_property njs_value.c:1175 nginx#2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 nginx#3 0x102559d74 in nxt_js_call nxt_js.c:445 nginx#4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 nginx#5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 nginx#6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 nginx#7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 nginx#8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 nginx#10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: http://hg.nginx.org/njs/rev/4fba78789fe4

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 nginx#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 nginx#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 nginx#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 nginx#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 nginx#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 nginx#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 nginx#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 nginx#1 0x102598ad0 in njs_value_property njs_value.c:1175 nginx#2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 nginx#3 0x102559d74 in nxt_js_call nxt_js.c:445 nginx#4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 nginx#5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 nginx#6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 nginx#7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 nginx#8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 nginx#10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: http://hg.nginx.org/njs/rev/4fba78789fe4

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 nginx#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 nginx#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 nginx#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 nginx#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 nginx#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 nginx#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 nginx#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17

These tests cause router crash when run with AddressSanitizer: ================================================================= ==77196==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c000079340 at pc 0x55d56b132d4b bp 0x7f8cc7f346b0 sp 0x7f8cc7f346a0 READ of size 1 at 0x60c000079340 thread T1 #0 0x55d56b132d4a in nxt_openssl_conn_io_shutdown src/nxt_openssl.c:1466 nginx#1 0x55d56b0f6a25 in nxt_h1p_closing src/nxt_h1proto.c:2069 nginx#2 0x55d56b1009a6 in nxt_h1p_shutdown src/nxt_h1proto.c:2038 nginx#3 0x55d56b1014c3 in nxt_h1p_request_close src/nxt_h1proto.c:1718 nginx#4 0x55d56b1045c0 in nxt_http_request_close_handler src/nxt_http_request.c:864 nginx#5 0x55d56b104988 in nxt_http_request_done src/nxt_http_request.c:795 nginx#6 0x55d56b0ba0c3 in nxt_event_engine_start src/nxt_event_engine.c:542 nginx#7 0x55d56b0dcac2 in nxt_router_thread_start src/nxt_router.c:3645 nginx#8 0x55d56b0b421b in nxt_thread_trampoline src/nxt_thread.c:126 nginx#9 0x7f8ccab95ac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) nginx#10 0x7f8ccac2784f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 nginx#1 0x102598ad0 in njs_value_property njs_value.c:1175 nginx#2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 nginx#3 0x102559d74 in nxt_js_call nxt_js.c:445 nginx#4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 nginx#5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 nginx#6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 nginx#7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 nginx#8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 nginx#10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: <http://hg.nginx.org/njs/rev/4fba78789fe4>

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 nginx#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 nginx#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 nginx#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 nginx#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 nginx#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 nginx#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 nginx#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 nginx#1 0x102598ad0 in njs_value_property njs_value.c:1175 nginx#2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 nginx#3 0x102559d74 in nxt_js_call nxt_js.c:445 nginx#4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 nginx#5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 nginx#6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 nginx#7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 nginx#8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 nginx#10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: <http://hg.nginx.org/njs/rev/4fba78789fe4>

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 nginx#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 nginx#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 nginx#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 nginx#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 nginx#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 nginx#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 nginx#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17

These tests cause router crash when run with AddressSanitizer: ================================================================= ==77196==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c000079340 at pc 0x55d56b132d4b bp 0x7f8cc7f346b0 sp 0x7f8cc7f346a0 READ of size 1 at 0x60c000079340 thread T1 #0 0x55d56b132d4a in nxt_openssl_conn_io_shutdown src/nxt_openssl.c:1466 #1 0x55d56b0f6a25 in nxt_h1p_closing src/nxt_h1proto.c:2069 #2 0x55d56b1009a6 in nxt_h1p_shutdown src/nxt_h1proto.c:2038 #3 0x55d56b1014c3 in nxt_h1p_request_close src/nxt_h1proto.c:1718 #4 0x55d56b1045c0 in nxt_http_request_close_handler src/nxt_http_request.c:864 #5 0x55d56b104988 in nxt_http_request_done src/nxt_http_request.c:795 #6 0x55d56b0ba0c3 in nxt_event_engine_start src/nxt_event_engine.c:542 #7 0x55d56b0dcac2 in nxt_router_thread_start src/nxt_router.c:3645 #8 0x55d56b0b421b in nxt_thread_trampoline src/nxt_thread.c:126 #9 0x7f8ccab95ac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) #10 0x7f8ccac2784f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 nginx#1 0x102598ad0 in njs_value_property njs_value.c:1175 nginx#2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 nginx#3 0x102559d74 in nxt_js_call nxt_js.c:445 nginx#4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 nginx#5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 nginx#6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 nginx#7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 nginx#8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 nginx#10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: <http://hg.nginx.org/njs/rev/4fba78789fe4> Reviewed-by: Andrew Clayton <[email protected]>

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 nginx#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 nginx#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 nginx#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 nginx#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 nginx#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 nginx#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 nginx#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 nginx#1 0x102598ad0 in njs_value_property njs_value.c:1175 nginx#2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 nginx#3 0x102559d74 in nxt_js_call nxt_js.c:445 nginx#4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 nginx#5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 nginx#6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 nginx#7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 nginx#8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 nginx#10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: <http://hg.nginx.org/njs/rev/4fba78789fe4> Reviewed-by: Andrew Clayton <[email protected]>

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 nginx#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 nginx#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 nginx#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 nginx#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 nginx#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 nginx#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 nginx#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 nginx#1 0x102598ad0 in njs_value_property njs_value.c:1175 nginx#2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 nginx#3 0x102559d74 in nxt_js_call nxt_js.c:445 nginx#4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 nginx#5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 nginx#6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 nginx#7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 nginx#8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 nginx#10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: <http://hg.nginx.org/njs/rev/4fba78789fe4> Reviewed-by: Andrew Clayton <[email protected]>

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 nginx#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 nginx#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 nginx#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 nginx#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 nginx#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 nginx#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 nginx#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17 Reviewed-by: Andrew Clayton <[email protected]>

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] #8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] #8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with a header value type of T_STRING we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", "", "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <#974> Link: <#998> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

These tests cause router crash when run with AddressSanitizer: ================================================================= ==77196==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c000079340 at pc 0x55d56b132d4b bp 0x7f8cc7f346b0 sp 0x7f8cc7f346a0 READ of size 1 at 0x60c000079340 thread T1 #0 0x55d56b132d4a in nxt_openssl_conn_io_shutdown src/nxt_openssl.c:1466 #1 0x55d56b0f6a25 in nxt_h1p_closing src/nxt_h1proto.c:2069 #2 0x55d56b1009a6 in nxt_h1p_shutdown src/nxt_h1proto.c:2038 #3 0x55d56b1014c3 in nxt_h1p_request_close src/nxt_h1proto.c:1718 #4 0x55d56b1045c0 in nxt_http_request_close_handler src/nxt_http_request.c:864 #5 0x55d56b104988 in nxt_http_request_done src/nxt_http_request.c:795 #6 0x55d56b0ba0c3 in nxt_event_engine_start src/nxt_event_engine.c:542 #7 0x55d56b0dcac2 in nxt_router_thread_start src/nxt_router.c:3645 #8 0x55d56b0b421b in nxt_thread_trampoline src/nxt_thread.c:126 #9 0x7f8ccab95ac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) #10 0x7f8ccac2784f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 #1 0x102598ad0 in njs_value_property njs_value.c:1175 #2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 #3 0x102559d74 in nxt_js_call nxt_js.c:445 #4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 #5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 #6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 #7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 #8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 #9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 #10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) #11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: <http://hg.nginx.org/njs/rev/4fba78789fe4> Reviewed-by: Andrew Clayton <[email protected]>

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 #1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 #2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 #3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 #4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 #5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 #6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 #7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 #8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) #9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17 Reviewed-by: Andrew Clayton <[email protected]>

@xeron

@xeron on GitHub reported an issue whereby with a Rails 7.1 application they were getting the following error 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Wrong header entry 'value' from application 2023/10/22 20:57:28 [error] 56#56 [unit] nginx#8: Ruby: Failed to run ruby script After some back and forth debugging it turns out rack was trying to send back a header comprised of an array of values. E.g app = Proc.new do |env| ["200", { "Content-Type" => "text/plain", "X-Array-Header" => ["Item-1", "Item-2"], }, ["Hello World\n"]] end run app It seems this became a possibility in rack v3.0[0] So along with a header value type of T_STRING we need to also allow T_ARRAY. If we get a T_ARRAY we need to build up the header field using the given values. E.g "X-Array-Header" => ["Item-1", "", "Item-3", "Item-4"], becomes X-Array-Header: Item-1; ; Item-3; Item-4 [0]: <https://github.com/rack/rack/blob/main/UPGRADE-GUIDE.md?plain=1#L26> Reported-by: Ivan Larionov <[email protected]> Closes: <nginx#974> Link: <nginx#998> Tested-by: Timo Stark <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>

These tests cause router crash when run with AddressSanitizer: ================================================================= ==77196==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c000079340 at pc 0x55d56b132d4b bp 0x7f8cc7f346b0 sp 0x7f8cc7f346a0 READ of size 1 at 0x60c000079340 thread T1 #0 0x55d56b132d4a in nxt_openssl_conn_io_shutdown src/nxt_openssl.c:1466 nginx#1 0x55d56b0f6a25 in nxt_h1p_closing src/nxt_h1proto.c:2069 nginx#2 0x55d56b1009a6 in nxt_h1p_shutdown src/nxt_h1proto.c:2038 nginx#3 0x55d56b1014c3 in nxt_h1p_request_close src/nxt_h1proto.c:1718 nginx#4 0x55d56b1045c0 in nxt_http_request_close_handler src/nxt_http_request.c:864 nginx#5 0x55d56b104988 in nxt_http_request_done src/nxt_http_request.c:795 nginx#6 0x55d56b0ba0c3 in nxt_event_engine_start src/nxt_event_engine.c:542 nginx#7 0x55d56b0dcac2 in nxt_router_thread_start src/nxt_router.c:3645 nginx#8 0x55d56b0b421b in nxt_thread_trampoline src/nxt_thread.c:126 nginx#9 0x7f8ccab95ac2 (/lib/x86_64-linux-gnu/libc.so.6+0x94ac2) nginx#10 0x7f8ccac2784f (/lib/x86_64-linux-gnu/libc.so.6+0x12684f)

Can be reproduced by test/test_rewrite.py::test_rewrite_njs with enabled UndefinedBehaviorSanitizer: src/nxt_http_js.c:169:52: runtime error: applying zero offset to null pointer #0 0x10255b044 in nxt_http_js_ext_get_args nxt_http_js.c:169 nginx#1 0x102598ad0 in njs_value_property njs_value.c:1175 nginx#2 0x10259c2c8 in njs_vm_object_prop njs_vm.c:1398 nginx#3 0x102559d74 in nxt_js_call nxt_js.c:445 nginx#4 0x1023c0da0 in nxt_tstr_query nxt_tstr.c:276 nginx#5 0x102516ec4 in nxt_http_rewrite nxt_http_rewrite.c:56 nginx#6 0x1024fd86c in nxt_http_request_action nxt_http_request.c:565 nginx#7 0x1024d71b0 in nxt_h1p_request_body_read nxt_h1proto.c:998 nginx#8 0x1023f5c48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#9 0x1023e2838 in nxt_thread_trampoline nxt_thread.c:126 nginx#10 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#11 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_js.c:169:52 Same fix was introduced in NJS: <http://hg.nginx.org/njs/rev/4fba78789fe4> Reviewed-by: Andrew Clayton <[email protected]>

Can be reproduced by test/test_variables.py::test_variables_dynamic_arguments with enabled UndefinedBehaviorSanitizer: src/nxt_http_request.c:961:17: runtime error: applying zero offset to null pointer #0 0x1050d95a4 in nxt_http_arguments_parse nxt_http_request.c:961 nginx#1 0x105102bf8 in nxt_http_var_arg nxt_http_variables.c:621 nginx#2 0x104f95d74 in nxt_var_interpreter nxt_var.c:507 nginx#3 0x104f98c98 in nxt_tstr_query nxt_tstr.c:265 nginx#4 0x1050abfd8 in nxt_router_access_log_writer nxt_router_access_log.c:194 nginx#5 0x1050d81f4 in nxt_http_request_close_handler nxt_http_request.c:838 nginx#6 0x104fcdc48 in nxt_event_engine_start nxt_event_engine.c:542 nginx#7 0x104fba838 in nxt_thread_trampoline nxt_thread.c:126 nginx#8 0x18133e030 in _pthread_start+0x84 (libsystem_pthread.dylib:arm64e+0x7030) nginx#9 0x181338e38 in thread_start+0x4 (libsystem_pthread.dylib:arm64e+0x1e38) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/nxt_http_request.c:961:17 Reviewed-by: Andrew Clayton <[email protected]>

This issue was found with oss-fuzz. ==18420==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55dd798a5797 in nxt_vsprintf unit/src/nxt_sprintf.c:163:31 #1 0x55dd798d5bdb in nxt_conf_vldt_error unit/src/nxt_conf_validation.c:1525:11 #2 0x55dd798dd4cd in nxt_conf_vldt_var unit/src/nxt_conf_validation.c:1560:16 #3 0x55dd798dd4cd in nxt_conf_vldt_if unit/src/nxt_conf_validation.c:1592:16 nginx#4 0x55dd798d55f4 in nxt_conf_vldt_object unit/src/nxt_conf_validation.c:2815:23 nginx#5 0x55dd798d6f84 in nxt_conf_vldt_access_log unit/src/nxt_conf_validation.c:3426:11 nginx#6 0x55dd798d55f4 in nxt_conf_vldt_object unit/src/nxt_conf_validation.c:2815:23 nginx#7 0x55dd798d47bd in nxt_conf_validate unit/src/nxt_conf_validation.c:1421:11 nginx#8 0x55dd79871c82 in LLVMFuzzerTestOneInput unit/fuzzing/nxt_json_fuzz.c:67:5 nginx#9 0x55dd79770620 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 nginx#10 0x55dd7975adb4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6 nginx#11 0x55dd7976084a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9 nginx#12 0x55dd7978cc42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 nginx#13 0x7e8192213082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16 nginx#14 0x55dd7975188d in _start Uninitialized value was created by an allocation of 'error.i' in the stack frame #0 0x55dd798dd42b in nxt_conf_vldt_var unit/src/nxt_conf_validation.c:1557:5 #1 0x55dd798dd42b in nxt_conf_vldt_if unit/src/nxt_conf_validation.c:1592:16 The issue was in nxt_tstr_test() where we create an error message with nxt_sprintf(), where this error message is then later used with the '%s' format specifier which expects a nul-terminated string, but by default nxt_sprintf() doesn't nul-terminate, you must use the '%Z' specifier to signify a '\0' at the end of the string. Link: <https://github.com/google/oss-fuzz> Link: <https://oss-fuzz.com/testcase-detail/5545917827055616> Co-developed-by: Zhidao HONG <[email protected]> Signed-off-by: Zhidao HONG <[email protected]> Reviewed-by: Andrew Clayton <[email protected]> Signed-off-by: Arjun <[email protected]> [ Commit message/subject - Andrew ] Signed-off-by: Andrew Clayton <[email protected]>

This issue was found with oss-fuzz. ==18420==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55dd798a5797 in nxt_vsprintf unit/src/nxt_sprintf.c:163:31 #1 0x55dd798d5bdb in nxt_conf_vldt_error unit/src/nxt_conf_validation.c:1525:11 #2 0x55dd798dd4cd in nxt_conf_vldt_var unit/src/nxt_conf_validation.c:1560:16 #3 0x55dd798dd4cd in nxt_conf_vldt_if unit/src/nxt_conf_validation.c:1592:16 nginx#4 0x55dd798d55f4 in nxt_conf_vldt_object unit/src/nxt_conf_validation.c:2815:23 nginx#5 0x55dd798d6f84 in nxt_conf_vldt_access_log unit/src/nxt_conf_validation.c:3426:11 nginx#6 0x55dd798d55f4 in nxt_conf_vldt_object unit/src/nxt_conf_validation.c:2815:23 nginx#7 0x55dd798d47bd in nxt_conf_validate unit/src/nxt_conf_validation.c:1421:11 nginx#8 0x55dd79871c82 in LLVMFuzzerTestOneInput unit/fuzzing/nxt_json_fuzz.c:67:5 nginx#9 0x55dd79770620 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 nginx#10 0x55dd7975adb4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6 nginx#11 0x55dd7976084a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9 nginx#12 0x55dd7978cc42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 nginx#13 0x7e8192213082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16 nginx#14 0x55dd7975188d in _start Uninitialized value was created by an allocation of 'error.i' in the stack frame #0 0x55dd798dd42b in nxt_conf_vldt_var unit/src/nxt_conf_validation.c:1557:5 #1 0x55dd798dd42b in nxt_conf_vldt_if unit/src/nxt_conf_validation.c:1592:16 The issue was in nxt_tstr_test() where we create an error message with nxt_sprintf(), where this error message is then later used with the '%s' format specifier which expects a nul-terminated string, but by default nxt_sprintf() doesn't nul-terminate, you must use the '%Z' specifier to signify a '\0' at the end of the string. Signed-off-by: Arjun <[email protected]> Co-developed-by: Zhidao HONG <[email protected]> Signed-off-by: Zhidao HONG <[email protected]> Link: <https://github.com/google/oss-fuzz> Link: <https://oss-fuzz.com/testcase-detail/5545917827055616> Reviewed-by: Andrew Clayton <[email protected]> [ Commit message/subject - Andrew ] Signed-off-by: Andrew Clayton <[email protected]>

This issue was found with oss-fuzz. ==18420==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55dd798a5797 in nxt_vsprintf unit/src/nxt_sprintf.c:163:31 #1 0x55dd798d5bdb in nxt_conf_vldt_error unit/src/nxt_conf_validation.c:1525:11 #2 0x55dd798dd4cd in nxt_conf_vldt_var unit/src/nxt_conf_validation.c:1560:16 #3 0x55dd798dd4cd in nxt_conf_vldt_if unit/src/nxt_conf_validation.c:1592:16 nginx#4 0x55dd798d55f4 in nxt_conf_vldt_object unit/src/nxt_conf_validation.c:2815:23 nginx#5 0x55dd798d6f84 in nxt_conf_vldt_access_log unit/src/nxt_conf_validation.c:3426:11 nginx#6 0x55dd798d55f4 in nxt_conf_vldt_object unit/src/nxt_conf_validation.c:2815:23 nginx#7 0x55dd798d47bd in nxt_conf_validate unit/src/nxt_conf_validation.c:1421:11 nginx#8 0x55dd79871c82 in LLVMFuzzerTestOneInput unit/fuzzing/nxt_json_fuzz.c:67:5 nginx#9 0x55dd79770620 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13 nginx#10 0x55dd7975adb4 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6 nginx#11 0x55dd7976084a in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9 nginx#12 0x55dd7978cc42 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 nginx#13 0x7e8192213082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/libc-start.c:308:16 nginx#14 0x55dd7975188d in _start Uninitialized value was created by an allocation of 'error.i' in the stack frame #0 0x55dd798dd42b in nxt_conf_vldt_var unit/src/nxt_conf_validation.c:1557:5 #1 0x55dd798dd42b in nxt_conf_vldt_if unit/src/nxt_conf_validation.c:1592:16 The issue was in nxt_tstr_test() where we create an error message with nxt_sprintf(), where this error message is then later used with the '%s' format specifier which expects a nul-terminated string, but by default nxt_sprintf() doesn't nul-terminate, you must use the '%Z' specifier to signify a '\0' at the end of the string. Signed-off-by: Arjun <[email protected]> Co-developed-by: Zhidao HONG <[email protected]> Signed-off-by: Zhidao HONG <[email protected]> Link: <https://github.com/google/oss-fuzz> Reviewed-by: Andrew Clayton <[email protected]> [ Commit message/subject - Andrew ] Signed-off-by: Andrew Clayton <[email protected]>

Under Ubuntu 24.04 the pytest for test/test_php_isolation.py::test_php_isolation_rootfs fails due to Unit aborting (SIGABRT) in the PHP language module due to FORIFY_SOURCE hardening detecting a buffer overflow 2024/10/16 16:46:54 [info] 11661#11661 "phpinfo" application started *** buffer overflow detected ***: terminated 2024/10/16 16:46:54 [alert] 11660#11660 app process 11661 exited on signal 6 After spending an extraordinary amount of time faffing around with Ubuntu and pytests (they don't make for a pleasant combination) I was able to reproduce it. The crash was occurring here nginx#4 0x00007ebe818288ff in __GI_abort () at ./stdlib/abort.c:79 nginx#5 0x00007ebe818297b6 in __libc_message_impl ( fmt=fmt@entry=0x7ebe819ce765 "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132 nginx#6 0x00007ebe81936c19 in __GI___fortify_fail ( msg=msg@entry=0x7ebe819ce74c "buffer overflow detected") at ./debug/fortify_fail.c:24 nginx#7 0x00007ebe819365d4 in __GI___chk_fail () at ./debug/chk_fail.c:28 nginx#8 0x00007ebe8134a055 in mempcpy (__len=10, __src=0x7ebe8160ade8, __dest=0x571ba9bd0930) at /usr/include/x86_64-linux-gnu/bits/string_fortified.h:45 nginx#9 fake_data_segment (info=0x0, sysdb=0x571ba9bcf080) at /usr/src/php8.1-8.1.30-1+ubuntu24.04.1+deb.sury.org+1/ext/date/lib/parse_tz.c:921 nginx#10 timelib_builtin_db () at /usr/src/php8.1-8.1.30-1+ubuntu24.04.1+deb.sury.org+1/ext/date/lib/parse_tz.c:1084 nginx#11 0x00007ebe812e0885 in zm_info_date (zend_module=0x571ba9a14420) [Well as best as I can tell, as this is from the php 8.1 packages from <https://github.com/oerdnj/deb.sury.org>, I don't know where the packages (I'm assuming it's packages) shivammathur/setup-php@v2 installs come from.] So we get killed in fake_data_segment(), the thing is, that function (as well as timelib_builtin_db()) doesn't exist in upstream PHP. It turns out these come from a patch that is applied by distributions to make PHP use the system installed timezone database rather than the one built into PHP. I was unable to reproduce this with vanilla PHP 8.1. It can be triggered on affected builds with the following config { "listeners": { "[::1]:8080": { "pass": "applications/php" } }, "applications": { "php": { "type": "php", "root": "/app/php", "isolation": { "rootfs": "/tmp/unit-root", "namespaces": { "mount": true, "credential": true, "pid": true } } } } } The crux of the issue seems to come down to in this case PHP can't open the tz database as it's not contained in the new mount namespace. 190437 openat(AT_FDCWD, "/usr/share/zoneinfo/", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 ENOENT (No such file or directory) 190437 openat(AT_FDCWD, "/usr/share/zoneinfo/zone.tab", O_RDONLY) = -1 ENOENT (No such file or directory) 190437 writev(2, [{iov_base="*** ", iov_len=4}, {iov_base="buffer overflow detected", iov_len=24}, {iov_base=" ***: terminated\n", iov_len=17}], 3) = 45 ... 190437 --- SIGABRT {si_signo=SIGABRT, si_code=SI_TKILL, si_pid=2, si_uid=65534} --- 190437 +++ killed by SIGABRT +++ Specifically the issue is with the following code in the patch (certainly an earlier version of the patch, this is from a Debian patch <https://sources.debian.org/src/php8.2/8.2.20-1~deb12u1/debian/patches/0007-Add-support-for-use-of-the-system-timezone-database.patch/>) + data = malloc(3 * sysdb->index_size + 7); + + p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1); If the zone file hasn't been found then sysdb->index_size is 0. So we malloc(3) a total of 7 bytes. However, sizeof(FAKE_HEADER) - 1 is 10. (Hence the __len=10 in the mempcpy(3) in the above backtrace). Of course 10 doesn't fit into 7 and the FORTIFY_SOURCE hardening kicks in and SIGABRTs the process. Now, it's worth noting that this issue doesn't occur with PHP 8.2 and 8.3. As can been seen from the Fedora patch for this <https://src.fedoraproject.org/rpms/php/blob/rawhide/f/php-8.4.0-systzdata-v24.patch> They actually have a fix incorporated r23: fix possible buffer overflow So the above patch now does + data = malloc(3 * sysdb->index_size + sizeof(FAKE_HEADER) - 1); + + p = mempcpy(data, FAKE_HEADER, sizeof(FAKE_HEADER) - 1); So you will always get at least the required 10 bytes allocated. I assume the PHP 8.2 & 8.3 packages either no longer use this patch or have the fixed version. I don't know... I haven't found the sources... Anyway the above was more about satisfying myself that the problem wasn't with Unit. PHP 8.1 is now in security maintenance mode and people are actively encouraged to upgrade to 8.2/8.3 So lets just remove 8.1 from our testing... [It's also worth noting that after all this, the ubuntu-latest runners seemed to have switched back from 24.04 to 22.04. However lets stick with this and the other ci fixes as who knows when it'll go back to 24.04 (or some other version) again...] Link: <https://www.php.net/supported-versions.php> Signed-off-by: Andrew Clayton <[email protected]>

VBart closed this as completed Sep 24, 2021

VBart added the z-documentation-update-needed This type of issues likely have a link to an issue in the Unit Docs repo label Sep 24, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hello world samples ? #8

Hello world samples ? #8

maxired commented Sep 7, 2017

defanator commented Sep 7, 2017

maxired commented Sep 7, 2017 •

edited

Loading

defanator commented Sep 7, 2017

Jim-Lin commented Sep 8, 2017

docteurklein commented Sep 12, 2017

maxired commented Sep 12, 2017

igorsysoev commented Sep 12, 2017 via email

docteurklein commented Sep 12, 2017 •

edited

Loading

centminmod commented Sep 28, 2017

rpv-tomsk commented Feb 10, 2018

defanator commented Feb 10, 2018

VBart commented Feb 10, 2018

lth2015 commented May 28, 2018 •

edited

Loading

lth2015 commented May 30, 2018 •

edited

Loading

ghost commented Jun 21, 2018

sysdef commented Jun 21, 2018 •

edited

Loading

ghost commented Jun 22, 2018

gkapad commented Jun 19, 2019 •

edited

Loading

VBart commented Jun 19, 2019

dbuelow commented Jun 22, 2020

VBart commented Sep 24, 2021

Hello world samples ? #8

Hello world samples ? #8

Comments

maxired commented Sep 7, 2017

defanator commented Sep 7, 2017

maxired commented Sep 7, 2017 • edited Loading

defanator commented Sep 7, 2017

Jim-Lin commented Sep 8, 2017

docteurklein commented Sep 12, 2017

maxired commented Sep 12, 2017

igorsysoev commented Sep 12, 2017 via email

docteurklein commented Sep 12, 2017 • edited Loading

centminmod commented Sep 28, 2017

rpv-tomsk commented Feb 10, 2018

defanator commented Feb 10, 2018

VBart commented Feb 10, 2018

lth2015 commented May 28, 2018 • edited Loading

lth2015 commented May 30, 2018 • edited Loading

ghost commented Jun 21, 2018

sysdef commented Jun 21, 2018 • edited Loading

ghost commented Jun 22, 2018

gkapad commented Jun 19, 2019 • edited Loading

VBart commented Jun 19, 2019

dbuelow commented Jun 22, 2020

VBart commented Sep 24, 2021

maxired commented Sep 7, 2017 •

edited

Loading

docteurklein commented Sep 12, 2017 •

edited

Loading

lth2015 commented May 28, 2018 •

edited

Loading

lth2015 commented May 30, 2018 •

edited

Loading

sysdef commented Jun 21, 2018 •

edited

Loading

gkapad commented Jun 19, 2019 •

edited

Loading