Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2_module.c @ 9179:ea1f29c2010c
HTTP/2: fixed buffer management with HTTP/2 auto-detection.
As part of normal HTTP/2 processing, incomplete frames are saved in the
control state using a fixed size memcpy of NGX_HTTP_V2_STATE_BUFFER_SIZE.
For this matter, two state buffers are reserved in the HTTP/2 recv buffer.
As part of HTTP/2 auto-detection on plain TCP connections, initial data
is first read into a buffer specified by the client_header_buffer_size
directive that doesn't have state reservation. Previously, this made it
possible to over-read the buffer as part of saving the state.
The fix is to read the available buffer size rather than a fixed size.
Although memcpy of a fixed size can produce a better optimized code,
handling of incomplete frames isn't a common execution path, so it was
sacrificed for the sake of simplicity of the fix.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Sat, 21 Oct 2023 18:48:24 +0400 |
| parents | 262c01782566 |
| children |
comparison
equal
deleted
inserted
replaced
| 9178:b74f891053c7 | 9179:ea1f29c2010c |
|---|---|
| 386 static char * | 386 static char * |
| 387 ngx_http_v2_recv_buffer_size(ngx_conf_t *cf, void *post, void *data) | 387 ngx_http_v2_recv_buffer_size(ngx_conf_t *cf, void *post, void *data) |
| 388 { | 388 { |
| 389 size_t *sp = data; | 389 size_t *sp = data; |
| 390 | 390 |
| 391 if (*sp <= 2 * NGX_HTTP_V2_STATE_BUFFER_SIZE) { | 391 if (*sp <= NGX_HTTP_V2_STATE_BUFFER_SIZE) { |
| 392 return "value is too small"; | 392 return "value is too small"; |
| 393 } | 393 } |
| 394 | 394 |
| 395 return NGX_CONF_OK; | 395 return NGX_CONF_OK; |
| 396 } | 396 } |