nginx: src/http/v2/ngx_http

comparison src/http/v2/ngx_http_v2.c @ 7385:1c6b6163c039 stable-1.14

HTTP/2: flood detection. Fixed uncontrolled memory growth in case peer is flooding us with some frames (e.g., SETTINGS and PING) and doesn't read data. Fix is to limit the number of allocated control frames.

author	Ruslan Ermilov <ru@nginx.com>
date	Tue, 06 Nov 2018 16:29:35 +0300
parents	190591ab0d76
children	9200b41db765

comparison

equal deleted inserted replaced

-:fdc19a3289c1
+:1c6b6163c039
 ngx_destroy_pool(h2c->pool);
 h2c->pool = NULL;
 h2c->free_frames = NULL;
+h2c->frames = 0;
 h2c->free_fake_connections = NULL;
 #if (NGX_HTTP_SSL)
 if (c->ssl) {
 ngx_ssl_free_buffer(c);
 buf = frame->first->buf;
 buf->pos = buf->start;
 frame->blocked = 0;
-} else {
+} else if (h2c->frames < 10000) {
 pool = h2c->pool ? h2c->pool : h2c->connection->pool;
 frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t));
 if (frame == NULL) {
 return NULL;
 frame->first->buf = buf;
 frame->last = frame->first;
 frame->handler = ngx_http_v2_frame_handler;
+h2c->frames++;
+} else {
+ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+"http2 flood detected");
+h2c->connection->error = 1;
+return NULL;
 }
 #if (NGX_DEBUG)
 if (length > NGX_HTTP_V2_FRAME_BUFFER_SIZE - NGX_HTTP_V2_FRAME_HEADER_SIZE)
 {

Mercurial > hg > nginx

comparison src/http/v2/ngx_http_v2.c @ 7385:1c6b6163c039 stable-1.14