Mercurial > hg > nginx-quic
view src/http/v2/ngx_http_v2_module.h @ 8113:097f578a4a8f
HTTP/2: fixed segfault on DATA frames after 400 errors.
If 400 errors were redirected to an upstream server using the error_page
directive, DATA frames from the client might cause segmentation fault
due to null pointer dereference. The bug had appeared in 6989:2c4dbcd6f2e4
(1.13.0).
Fix is to skip such frames in ngx_http_v2_state_read_data() (similarly
to 7561:9f1f9d6e056a). With the fix, behaviour of 400 errors in HTTP/2
is now similar to one in HTTP/1.x, that is, nginx doesn't try to read the
request body.
Note that proxying 400 errors, as well as other early stage errors, to
upstream servers might not be a good idea anyway. These errors imply
that reading and processing of the request (and the request headers)
wasn't complete, and proxying of such incomplete request might lead to
various errors.
Reported by Chenglong Zhang.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 23 Sep 2020 19:50:49 +0300 |
| parents | 641306096f5b |
| children | 02be1baed382 |
line wrap: on
line source
/* * Copyright (C) Nginx, Inc. * Copyright (C) Valentin V. Bartenev */ #ifndef _NGX_HTTP_V2_MODULE_H_INCLUDED_ #define _NGX_HTTP_V2_MODULE_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_http.h> typedef struct { size_t recv_buffer_size; u_char *recv_buffer; } ngx_http_v2_main_conf_t; typedef struct { size_t pool_size; ngx_uint_t concurrent_streams; ngx_uint_t concurrent_pushes; ngx_uint_t max_requests; size_t max_field_size; size_t max_header_size; size_t preread_size; ngx_uint_t streams_index_mask; ngx_msec_t recv_timeout; ngx_msec_t idle_timeout; } ngx_http_v2_srv_conf_t; typedef struct { size_t chunk_size; ngx_flag_t push_preload; ngx_flag_t push; ngx_array_t *pushes; } ngx_http_v2_loc_conf_t; extern ngx_module_t ngx_http_v2_module; #endif /* _NGX_HTTP_V2_MODULE_H_INCLUDED_ */