Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8110:06c7d84cafdb
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.
This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).
With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 01 Dec 2022 04:22:31 +0300 |
| parents | 0b360747c74e |
| children | 69c7df4fe5d3 91ad1abfb285 |
comparison
equal
deleted
inserted
replaced
| 8109:2ffefe2f892e | 8110:06c7d84cafdb |
|---|---|
| 2202 return ngx_ssl_recv_early(c, buf, size); | 2202 return ngx_ssl_recv_early(c, buf, size); |
| 2203 } | 2203 } |
| 2204 #endif | 2204 #endif |
| 2205 | 2205 |
| 2206 if (c->ssl->last == NGX_ERROR) { | 2206 if (c->ssl->last == NGX_ERROR) { |
| 2207 c->read->ready = 0; | |
| 2207 c->read->error = 1; | 2208 c->read->error = 1; |
| 2208 return NGX_ERROR; | 2209 return NGX_ERROR; |
| 2209 } | 2210 } |
| 2210 | 2211 |
| 2211 if (c->ssl->last == NGX_DONE) { | 2212 if (c->ssl->last == NGX_DONE) { |
| 2268 } else { | 2269 } else { |
| 2269 | 2270 |
| 2270 #if (NGX_HAVE_FIONREAD) | 2271 #if (NGX_HAVE_FIONREAD) |
| 2271 | 2272 |
| 2272 if (ngx_socket_nread(c->fd, &c->read->available) == -1) { | 2273 if (ngx_socket_nread(c->fd, &c->read->available) == -1) { |
| 2274 c->read->ready = 0; | |
| 2273 c->read->error = 1; | 2275 c->read->error = 1; |
| 2274 ngx_connection_error(c, ngx_socket_errno, | 2276 ngx_connection_error(c, ngx_socket_errno, |
| 2275 ngx_socket_nread_n " failed"); | 2277 ngx_socket_nread_n " failed"); |
| 2276 return NGX_ERROR; | 2278 return NGX_ERROR; |
| 2277 } | 2279 } |
| 2304 c->read->ready = 0; | 2306 c->read->ready = 0; |
| 2305 c->read->eof = 1; | 2307 c->read->eof = 1; |
| 2306 return 0; | 2308 return 0; |
| 2307 | 2309 |
| 2308 case NGX_ERROR: | 2310 case NGX_ERROR: |
| 2311 c->read->ready = 0; | |
| 2309 c->read->error = 1; | 2312 c->read->error = 1; |
| 2310 | 2313 |
| 2311 /* fall through */ | 2314 /* fall through */ |
| 2312 | 2315 |
| 2313 case NGX_AGAIN: | 2316 case NGX_AGAIN: |
| 2324 { | 2327 { |
| 2325 int n, bytes; | 2328 int n, bytes; |
| 2326 size_t readbytes; | 2329 size_t readbytes; |
| 2327 | 2330 |
| 2328 if (c->ssl->last == NGX_ERROR) { | 2331 if (c->ssl->last == NGX_ERROR) { |
| 2332 c->read->ready = 0; | |
| 2329 c->read->error = 1; | 2333 c->read->error = 1; |
| 2330 return NGX_ERROR; | 2334 return NGX_ERROR; |
| 2331 } | 2335 } |
| 2332 | 2336 |
| 2333 if (c->ssl->last == NGX_DONE) { | 2337 if (c->ssl->last == NGX_DONE) { |
| 2423 c->read->ready = 0; | 2427 c->read->ready = 0; |
| 2424 c->read->eof = 1; | 2428 c->read->eof = 1; |
| 2425 return 0; | 2429 return 0; |
| 2426 | 2430 |
| 2427 case NGX_ERROR: | 2431 case NGX_ERROR: |
| 2432 c->read->ready = 0; | |
| 2428 c->read->error = 1; | 2433 c->read->error = 1; |
| 2429 | 2434 |
| 2430 /* fall through */ | 2435 /* fall through */ |
| 2431 | 2436 |
| 2432 case NGX_AGAIN: | 2437 case NGX_AGAIN: |