Mercurial > hg > nginx-quic
annotate src/http/ngx_http_postpone_filter_module.c @ 7119:fef61d26da39
Fixed buffer overread with unix sockets after accept().
Some OSes (notably macOS, NetBSD, and Solaris) allow unix socket addresses
larger than struct sockaddr_un. Moreover, some of them (macOS, Solaris)
return socklen of the socket address before it was truncated to fit the
buffer provided. As such, on these systems socklen must not be used without
additional check that it is within the buffer provided.
Appropriate checks added to ngx_event_accept() (after accept()),
ngx_event_recvmsg() (after recvmsg()), and ngx_set_inherited_sockets()
(after getsockname()).
We also obtain socket addresses via getsockname() in
ngx_connection_local_sockaddr(), but it does not need any checks as
it is only used for INET and INET6 sockets (as there can be no
wildcard unix sockets).
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 04 Oct 2017 21:19:33 +0300 |
parents | f026adb935ad |
children | d87f29d764ce |
rev | line source |
---|---|
509 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
509 | 5 */ |
6 | |
7 | |
8 #include <ngx_config.h> | |
9 #include <ngx_core.h> | |
10 #include <ngx_http.h> | |
11 | |
12 | |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
13 static ngx_int_t ngx_http_postpone_filter_add(ngx_http_request_t *r, |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
14 ngx_chain_t *in); |
681 | 15 static ngx_int_t ngx_http_postpone_filter_init(ngx_conf_t *cf); |
509 | 16 |
17 | |
18 static ngx_http_module_t ngx_http_postpone_filter_module_ctx = { | |
19 NULL, /* preconfiguration */ | |
681 | 20 ngx_http_postpone_filter_init, /* postconfiguration */ |
509 | 21 |
22 NULL, /* create main configuration */ | |
23 NULL, /* init main configuration */ | |
24 | |
25 NULL, /* create server configuration */ | |
26 NULL, /* merge server configuration */ | |
27 | |
28 NULL, /* create location configuration */ | |
29 NULL /* merge location configuration */ | |
30 }; | |
31 | |
32 | |
33 ngx_module_t ngx_http_postpone_filter_module = { | |
34 NGX_MODULE_V1, | |
35 &ngx_http_postpone_filter_module_ctx, /* module context */ | |
36 NULL, /* module directives */ | |
37 NGX_HTTP_MODULE, /* module type */ | |
541 | 38 NULL, /* init master */ |
681 | 39 NULL, /* init module */ |
541 | 40 NULL, /* init process */ |
41 NULL, /* init thread */ | |
42 NULL, /* exit thread */ | |
43 NULL, /* exit process */ | |
44 NULL, /* exit master */ | |
45 NGX_MODULE_V1_PADDING | |
509 | 46 }; |
47 | |
48 | |
4542
586969d972b9
Local variable "ngx_http_next_filter" renamed to "ngx_http_next_body_filter"
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
49 static ngx_http_output_body_filter_pt ngx_http_next_body_filter; |
509 | 50 |
51 | |
52 static ngx_int_t | |
53 ngx_http_postpone_filter(ngx_http_request_t *r, ngx_chain_t *in) | |
54 { | |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
55 ngx_connection_t *c; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
56 ngx_http_postponed_request_t *pr; |
509 | 57 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
58 c = r->connection; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
59 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
60 ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, |
583 | 61 "http postpone filter \"%V?%V\" %p", &r->uri, &r->args, in); |
527 | 62 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
63 if (r != c->data) { |
509 | 64 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
65 if (in) { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
66 ngx_http_postpone_filter_add(r, in); |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
67 return NGX_OK; |
509 | 68 } |
69 | |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
70 #if 0 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
71 /* TODO: SSI may pass NULL */ |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
72 ngx_log_error(NGX_LOG_ALERT, c->log, 0, |
5218 | 73 "http postpone filter NULL inactive request"); |
641 | 74 #endif |
75 | |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
76 return NGX_OK; |
583 | 77 } |
78 | |
79 if (r->postponed == NULL) { | |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
80 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
81 if (in || c->buffered) { |
4542
586969d972b9
Local variable "ngx_http_next_filter" renamed to "ngx_http_next_body_filter"
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
82 return ngx_http_next_body_filter(r->main, in); |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
83 } |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
84 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
85 return NGX_OK; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
86 } |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
87 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
88 if (in) { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
89 ngx_http_postpone_filter_add(r, in); |
583 | 90 } |
91 | |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
92 do { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
93 pr = r->postponed; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
94 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
95 if (pr->request) { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
96 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
97 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
98 "http postpone filter wake \"%V?%V\"", |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
99 &pr->request->uri, &pr->request->args); |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
100 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
101 r->postponed = pr->next; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
102 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
103 c->data = pr->request; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
104 |
3064 | 105 return ngx_http_post_request(pr->request, NULL); |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
106 } |
583 | 107 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
108 if (pr->out == NULL) { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
109 ngx_log_error(NGX_LOG_ALERT, c->log, 0, |
5218 | 110 "http postpone filter NULL output"); |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
111 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
112 } else { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
113 ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
114 "http postpone filter output \"%V?%V\"", |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
115 &r->uri, &r->args); |
509 | 116 |
4542
586969d972b9
Local variable "ngx_http_next_filter" renamed to "ngx_http_next_body_filter"
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
117 if (ngx_http_next_body_filter(r->main, pr->out) == NGX_ERROR) { |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
118 return NGX_ERROR; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
119 } |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
120 } |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
121 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
122 r->postponed = pr->next; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
123 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
124 } while (r->postponed); |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
125 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
126 return NGX_OK; |
509 | 127 } |
128 | |
129 | |
130 static ngx_int_t | |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
131 ngx_http_postpone_filter_add(ngx_http_request_t *r, ngx_chain_t *in) |
583 | 132 { |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
133 ngx_http_postponed_request_t *pr, **ppr; |
583 | 134 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
135 if (r->postponed) { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
136 for (pr = r->postponed; pr->next; pr = pr->next) { /* void */ } |
583 | 137 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
138 if (pr->request == NULL) { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
139 goto found; |
583 | 140 } |
141 | |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
142 ppr = &pr->next; |
583 | 143 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
144 } else { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
145 ppr = &r->postponed; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
146 } |
595 | 147 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
148 pr = ngx_palloc(r->pool, sizeof(ngx_http_postponed_request_t)); |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
149 if (pr == NULL) { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
150 return NGX_ERROR; |
583 | 151 } |
2066
2bb4441a8c28
fix bug when inactive subrequest is truncated,
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
152 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
153 *ppr = pr; |
2066
2bb4441a8c28
fix bug when inactive subrequest is truncated,
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
154 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
155 pr->request = NULL; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
156 pr->out = NULL; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
157 pr->next = NULL; |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
158 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
159 found: |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
160 |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
161 if (ngx_chain_add_copy(r->pool, &pr->out, in) == NGX_OK) { |
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
162 return NGX_OK; |
2066
2bb4441a8c28
fix bug when inactive subrequest is truncated,
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
163 } |
2bb4441a8c28
fix bug when inactive subrequest is truncated,
Igor Sysoev <igor@sysoev.ru>
parents:
681
diff
changeset
|
164 |
2377
87b8c44906b5
*) refactor subrequest handling, now they run as separate posted requests
Igor Sysoev <igor@sysoev.ru>
parents:
2295
diff
changeset
|
165 return NGX_ERROR; |
583 | 166 } |
167 | |
168 | |
169 static ngx_int_t | |
681 | 170 ngx_http_postpone_filter_init(ngx_conf_t *cf) |
509 | 171 { |
4542
586969d972b9
Local variable "ngx_http_next_filter" renamed to "ngx_http_next_body_filter"
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
172 ngx_http_next_body_filter = ngx_http_top_body_filter; |
509 | 173 ngx_http_top_body_filter = ngx_http_postpone_filter; |
174 | |
175 return NGX_OK; | |
176 } |