Mercurial > hg > nginx-quic
annotate src/core/ngx_proxy_protocol.h @ 7977:7731c710796f
Memcached: protect from too long responses.
If a memcached response was followed by a correct trailer, and then
the NUL character followed by some extra data - this was accepted by
the trailer checking code. This in turn resulted in ctx->rest underflow
and caused negative size buffer on the next reading from the upstream,
followed by the "negative size buf in writer" alert.
Fix is to always check for too long responses, so a correct trailer cannot
be followed by extra data.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 06 Jul 2020 18:36:17 +0300 |
parents | 89adf49fe76a |
children | cca4c8a715de |
rev | line source |
---|---|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Roman Arutyunyan |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 * Copyright (C) Nginx, Inc. |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 */ |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #ifndef _NGX_PROXY_PROTOCOL_H_INCLUDED_ |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 #define _NGX_PROXY_PROTOCOL_H_INCLUDED_ |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
10 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
11 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
12 #include <ngx_config.h> |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
13 #include <ngx_core.h> |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
14 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
15 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
16 #define NGX_PROXY_PROTOCOL_MAX_HEADER 107 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
17 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
18 |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
19 struct ngx_proxy_protocol_s { |
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
20 ngx_str_t src_addr; |
7591
89adf49fe76a
Parsing server PROXY protocol address and port (ticket #1206).
Roman Arutyunyan <arut@nginx.com>
parents:
7590
diff
changeset
|
21 ngx_str_t dst_addr; |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
22 in_port_t src_port; |
7591
89adf49fe76a
Parsing server PROXY protocol address and port (ticket #1206).
Roman Arutyunyan <arut@nginx.com>
parents:
7590
diff
changeset
|
23 in_port_t dst_port; |
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
24 }; |
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
25 |
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
26 |
6185
a420cb1c170b
Core: renamed ngx_proxy_protocol_parse to ngx_proxy_protocol_read.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
27 u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
28 u_char *last); |
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
29 u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, |
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
30 u_char *last); |
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
31 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
32 |
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
33 #endif /* _NGX_PROXY_PROTOCOL_H_INCLUDED_ */ |