Mercurial > hg > nginx
annotate src/event/quic/ngx_event_quic_tokens.h @ 9300:5be23505292b default tip
SSI: fixed incorrect or duplicate stub output.
Following 3518:eb3aaf8bd2a9 (0.8.37), r->request_output is only set
if there are data in the first buffer sent in the subrequest. As a
result, following the change mentioned this flag cannot be used to
prevent duplicate ngx_http_ssi_stub_output() calls, since it is not
set if there was already some output, but the first buffer was empty.
Still, when there are multiple subrequests, even an empty subrequest
response might be delayed by the postpone filter, leading to a second
call of ngx_http_ssi_stub_output() during finalization from
ngx_http_writer() the subreqest buffers are released by the postpone
filter. Since r->request_output is not set after the first call, this
resulted in duplicate stub output.
Additionally, checking only the first buffer might be wrong in some
unusual cases. For example, the first buffer might be empty if
$r->flush() is called before printing any data in the embedded Perl
module.
Depending on the postpone_output value and corresponding sizes, this
issue can result in either duplicate or unexpected stub output, or
"zero size buf in writer" alerts.
Following 8124:f5515e727656 (1.23.4), it became slightly easier to
reproduce the issue, as empty static files and empty cache items now
result in a response with an empty buffer. Before the change, an empty
proxied response can be used to reproduce the issue.
Fix is check all buffers and set r->request_output if any non-empty
buffers are sent. This ensures that all unusual cases of non-empty
responses are covered, and also that r->request_output will be set
after the first stub output, preventing duplicate output.
Reported by Jan Gassen.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 04 Jul 2024 17:41:28 +0300 |
parents | 77c1418916f7 |
children |
rev | line source |
---|---|
8752
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
1 |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
2 /* |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
4 */ |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
5 |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
6 |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
7 #ifndef _NGX_EVENT_QUIC_TOKENS_H_INCLUDED_ |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
8 #define _NGX_EVENT_QUIC_TOKENS_H_INCLUDED_ |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
9 |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
10 |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
11 #include <ngx_config.h> |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
12 #include <ngx_core.h> |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
13 |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
14 |
9026
3550b00d9dc8
QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8763
diff
changeset
|
15 #define NGX_QUIC_MAX_TOKEN_SIZE 64 |
3550b00d9dc8
QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8763
diff
changeset
|
16 /* SHA-1(addr)=20 + sizeof(time_t) + retry(1) + odcid.len(1) + odcid */ |
3550b00d9dc8
QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8763
diff
changeset
|
17 |
9132
77c1418916f7
QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents:
9026
diff
changeset
|
18 #define NGX_QUIC_AES_256_GCM_IV_LEN 12 |
77c1418916f7
QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents:
9026
diff
changeset
|
19 #define NGX_QUIC_AES_256_GCM_TAG_LEN 16 |
9026
3550b00d9dc8
QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8763
diff
changeset
|
20 |
9132
77c1418916f7
QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents:
9026
diff
changeset
|
21 #define NGX_QUIC_TOKEN_BUF_SIZE (NGX_QUIC_AES_256_GCM_IV_LEN \ |
9026
3550b00d9dc8
QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8763
diff
changeset
|
22 + NGX_QUIC_MAX_TOKEN_SIZE \ |
9132
77c1418916f7
QUIC: use AEAD to encrypt address validation tokens.
Roman Arutyunyan <arut@nginx.com>
parents:
9026
diff
changeset
|
23 + NGX_QUIC_AES_256_GCM_TAG_LEN) |
9026
3550b00d9dc8
QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8763
diff
changeset
|
24 |
3550b00d9dc8
QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8763
diff
changeset
|
25 |
8752
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
26 ngx_int_t ngx_quic_new_sr_token(ngx_connection_t *c, ngx_str_t *cid, |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
27 u_char *secret, u_char *token); |
9026
3550b00d9dc8
QUIC: avoided pool usage in token calculation.
Vladimir Homutov <vl@nginx.com>
parents:
8763
diff
changeset
|
28 ngx_int_t ngx_quic_new_token(ngx_log_t *log, struct sockaddr *sockaddr, |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8752
diff
changeset
|
29 socklen_t socklen, u_char *key, ngx_str_t *token, ngx_str_t *odcid, |
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8752
diff
changeset
|
30 time_t expires, ngx_uint_t is_retry); |
8752
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
31 ngx_int_t ngx_quic_validate_token(ngx_connection_t *c, |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
32 u_char *key, ngx_quic_header_t *pkt); |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
33 |
e19723c40d28
QUIC: separate files for tokens related processing.
Vladimir Homutov <vl@nginx.com>
parents:
diff
changeset
|
34 #endif /* _NGX_EVENT_QUIC_TOKENS_H_INCLUDED_ */ |