Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 8110:06c7d84cafdb
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.
With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.
This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).
With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 01 Dec 2022 04:22:31 +0300 |
parents | 0b360747c74e |
children | 69c7df4fe5d3 91ad1abfb285 |
comparison
equal
deleted
inserted
replaced
8109:2ffefe2f892e | 8110:06c7d84cafdb |
---|---|
2202 return ngx_ssl_recv_early(c, buf, size); | 2202 return ngx_ssl_recv_early(c, buf, size); |
2203 } | 2203 } |
2204 #endif | 2204 #endif |
2205 | 2205 |
2206 if (c->ssl->last == NGX_ERROR) { | 2206 if (c->ssl->last == NGX_ERROR) { |
2207 c->read->ready = 0; | |
2207 c->read->error = 1; | 2208 c->read->error = 1; |
2208 return NGX_ERROR; | 2209 return NGX_ERROR; |
2209 } | 2210 } |
2210 | 2211 |
2211 if (c->ssl->last == NGX_DONE) { | 2212 if (c->ssl->last == NGX_DONE) { |
2268 } else { | 2269 } else { |
2269 | 2270 |
2270 #if (NGX_HAVE_FIONREAD) | 2271 #if (NGX_HAVE_FIONREAD) |
2271 | 2272 |
2272 if (ngx_socket_nread(c->fd, &c->read->available) == -1) { | 2273 if (ngx_socket_nread(c->fd, &c->read->available) == -1) { |
2274 c->read->ready = 0; | |
2273 c->read->error = 1; | 2275 c->read->error = 1; |
2274 ngx_connection_error(c, ngx_socket_errno, | 2276 ngx_connection_error(c, ngx_socket_errno, |
2275 ngx_socket_nread_n " failed"); | 2277 ngx_socket_nread_n " failed"); |
2276 return NGX_ERROR; | 2278 return NGX_ERROR; |
2277 } | 2279 } |
2304 c->read->ready = 0; | 2306 c->read->ready = 0; |
2305 c->read->eof = 1; | 2307 c->read->eof = 1; |
2306 return 0; | 2308 return 0; |
2307 | 2309 |
2308 case NGX_ERROR: | 2310 case NGX_ERROR: |
2311 c->read->ready = 0; | |
2309 c->read->error = 1; | 2312 c->read->error = 1; |
2310 | 2313 |
2311 /* fall through */ | 2314 /* fall through */ |
2312 | 2315 |
2313 case NGX_AGAIN: | 2316 case NGX_AGAIN: |
2324 { | 2327 { |
2325 int n, bytes; | 2328 int n, bytes; |
2326 size_t readbytes; | 2329 size_t readbytes; |
2327 | 2330 |
2328 if (c->ssl->last == NGX_ERROR) { | 2331 if (c->ssl->last == NGX_ERROR) { |
2332 c->read->ready = 0; | |
2329 c->read->error = 1; | 2333 c->read->error = 1; |
2330 return NGX_ERROR; | 2334 return NGX_ERROR; |
2331 } | 2335 } |
2332 | 2336 |
2333 if (c->ssl->last == NGX_DONE) { | 2337 if (c->ssl->last == NGX_DONE) { |
2423 c->read->ready = 0; | 2427 c->read->ready = 0; |
2424 c->read->eof = 1; | 2428 c->read->eof = 1; |
2425 return 0; | 2429 return 0; |
2426 | 2430 |
2427 case NGX_ERROR: | 2431 case NGX_ERROR: |
2432 c->read->ready = 0; | |
2428 c->read->error = 1; | 2433 c->read->error = 1; |
2429 | 2434 |
2430 /* fall through */ | 2435 /* fall through */ |
2431 | 2436 |
2432 case NGX_AGAIN: | 2437 case NGX_AGAIN: |