Mercurial > hg > nginx
view src/http/v3/ngx_http_v3.c @ 9274:46ecad404a29 default tip
Mail: reset imap tag to empty after authentication attempt.
We need to reset the imap tag to empty after an authentication attempt
completes, otherwise if the next line parsed is incomplete with no tag
(e.g. empty line) then we use the "tag" from the previous buffer which
is now definitely wrong and has been partially overwritten with the most
recently read data (e.g. CRLF).
An example before this patch:
S: * OK IMAP4 ready
C: foobar login a b
S: foobar NO Incorrect username or password.
C:
S:
S: obar BAD invalid command
Then with this patch:
S: * OK IMAP4 ready
C: foobar login a b
S: foobar NO Incorrect username or password.
C:
S: * BAD invalid command
author | Rob Mueller <robm@fastmailteam.com> |
---|---|
date | Wed, 15 May 2024 10:06:00 +0300 |
parents | 4939fd04737f |
children |
line wrap: on
line source
/* * Copyright (C) Roman Arutyunyan * Copyright (C) Nginx, Inc. */ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_http.h> static void ngx_http_v3_keepalive_handler(ngx_event_t *ev); static void ngx_http_v3_cleanup_session(void *data); ngx_int_t ngx_http_v3_init_session(ngx_connection_t *c) { ngx_pool_cleanup_t *cln; ngx_http_connection_t *hc; ngx_http_v3_session_t *h3c; hc = c->data; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http3 init session"); h3c = ngx_pcalloc(c->pool, sizeof(ngx_http_v3_session_t)); if (h3c == NULL) { goto failed; } h3c->http_connection = hc; ngx_queue_init(&h3c->blocked); h3c->keepalive.log = c->log; h3c->keepalive.data = c; h3c->keepalive.handler = ngx_http_v3_keepalive_handler; h3c->table.send_insert_count.log = c->log; h3c->table.send_insert_count.data = c; h3c->table.send_insert_count.handler = ngx_http_v3_inc_insert_count_handler; cln = ngx_pool_cleanup_add(c->pool, 0); if (cln == NULL) { goto failed; } cln->handler = ngx_http_v3_cleanup_session; cln->data = h3c; c->data = h3c; return NGX_OK; failed: ngx_log_error(NGX_LOG_ERR, c->log, 0, "failed to create http3 session"); return NGX_ERROR; } static void ngx_http_v3_keepalive_handler(ngx_event_t *ev) { ngx_connection_t *c; c = ev->data; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http3 keepalive handler"); ngx_http_v3_finalize_connection(c, NGX_HTTP_V3_ERR_NO_ERROR, "keepalive timeout"); } static void ngx_http_v3_cleanup_session(void *data) { ngx_http_v3_session_t *h3c = data; ngx_http_v3_cleanup_table(h3c); if (h3c->keepalive.timer_set) { ngx_del_timer(&h3c->keepalive); } if (h3c->table.send_insert_count.posted) { ngx_delete_posted_event(&h3c->table.send_insert_count); } } ngx_int_t ngx_http_v3_check_flood(ngx_connection_t *c) { ngx_http_v3_session_t *h3c; h3c = ngx_http_v3_get_session(c); if (h3c->total_bytes / 8 > h3c->payload_bytes + 1048576) { ngx_log_error(NGX_LOG_INFO, c->log, 0, "http3 flood detected"); ngx_http_v3_finalize_connection(c, NGX_HTTP_V3_ERR_NO_ERROR, "HTTP/3 flood detected"); return NGX_ERROR; } return NGX_OK; }