Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7118:b6dc472299da
HTTP/2: enforce writing the sync request body buffer to file.
The sync flag of HTTP/2 request body buffer is used when the size of request
body is unknown or bigger than configured "client_body_buffer_size". In this
case the buffer points to body data inside the global receive buffer that is
used for reading all HTTP/2 connections in the worker process. Thus, when the
sync flag is set, the buffer must be flushed to a temporary file, otherwise
the request body data can be overwritten.
Previously, the sync buffer wasn't flushed to a temporary file if the whole
body was received in one DATA frame with the END_STREAM flag and wasn't
copied into the HTTP/2 body preread buffer. As a result, the request body
might be corrupted (ticket #1384).
Now, setting r->request_body_in_file_only enforces writing the sync buffer
to a temporary file in all cases.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Wed, 04 Oct 2017 21:15:15 +0300 |
parents | 2bf605c6edf7 |
children | e11a0679d349 |
comparison
equal
deleted
inserted
replaced
7117:dbd77a638eb7 | 7118:b6dc472299da |
---|---|
3587 && !r->request_body_in_file_only) | 3587 && !r->request_body_in_file_only) |
3588 { | 3588 { |
3589 rb->buf = ngx_create_temp_buf(r->pool, (size_t) len); | 3589 rb->buf = ngx_create_temp_buf(r->pool, (size_t) len); |
3590 | 3590 |
3591 } else { | 3591 } else { |
3592 if (stream->preread) { | |
3593 /* enforce writing preread buffer to file */ | |
3594 r->request_body_in_file_only = 1; | |
3595 } | |
3596 | |
3597 rb->buf = ngx_calloc_buf(r->pool); | 3592 rb->buf = ngx_calloc_buf(r->pool); |
3598 | 3593 |
3599 if (rb->buf != NULL) { | 3594 if (rb->buf != NULL) { |
3600 rb->buf->sync = 1; | 3595 rb->buf->sync = 1; |
3601 } | 3596 } |
3691 | 3686 |
3692 if (size) { | 3687 if (size) { |
3693 if (buf->sync) { | 3688 if (buf->sync) { |
3694 buf->pos = buf->start = pos; | 3689 buf->pos = buf->start = pos; |
3695 buf->last = buf->end = pos + size; | 3690 buf->last = buf->end = pos + size; |
3691 | |
3692 r->request_body_in_file_only = 1; | |
3696 | 3693 |
3697 } else { | 3694 } else { |
3698 if (size > (size_t) (buf->end - buf->last)) { | 3695 if (size > (size_t) (buf->end - buf->last)) { |
3699 ngx_log_error(NGX_LOG_INFO, fc->log, 0, | 3696 ngx_log_error(NGX_LOG_INFO, fc->log, 0, |
3700 "client intended to send body data " | 3697 "client intended to send body data " |