Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 6288:0f4b7800e681
HTTP/2: backed out 16905ecbb49e (ticket #822).
It caused inconsistency between setting "in_closed" flag and the moment when
the last DATA frame was actually read. As a result, the body buffer might not
be initialized properly in ngx_http_v2_init_request_body(), which led to a
segmentation fault in ngx_http_v2_state_read_data(). Also it might cause
start processing of incomplete body.
This issue could be triggered when the processing of a request was delayed,
e.g. in the limit_req or auth_request modules.
| author | Valentin Bartenev <vbart@nginx.com> |
|---|---|
| date | Thu, 05 Nov 2015 15:01:01 +0300 |
| parents | 1f26bf65b1bc |
| children | 932a465537ef |
comparison
equal
deleted
inserted
replaced
| 6287:4ccb37b04454 | 6288:0f4b7800e681 |
|---|---|
| 868 } | 868 } |
| 869 | 869 |
| 870 return ngx_http_v2_state_skip_padded(h2c, pos, end); | 870 return ngx_http_v2_state_skip_padded(h2c, pos, end); |
| 871 } | 871 } |
| 872 | 872 |
| 873 stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; | |
| 874 | |
| 875 h2c->state.stream = stream; | 873 h2c->state.stream = stream; |
| 876 | 874 |
| 877 return ngx_http_v2_state_read_data(h2c, pos, end); | 875 return ngx_http_v2_state_read_data(h2c, pos, end); |
| 878 } | 876 } |
| 879 | 877 |
| 897 if (stream == NULL) { | 895 if (stream == NULL) { |
| 898 return ngx_http_v2_state_skip_padded(h2c, pos, end); | 896 return ngx_http_v2_state_skip_padded(h2c, pos, end); |
| 899 } | 897 } |
| 900 | 898 |
| 901 if (stream->skip_data) { | 899 if (stream->skip_data) { |
| 900 stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; | |
| 901 | |
| 902 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | 902 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, |
| 903 "skipping http2 DATA frame, reason: %d", | 903 "skipping http2 DATA frame, reason: %d", |
| 904 stream->skip_data); | 904 stream->skip_data); |
| 905 | 905 |
| 906 return ngx_http_v2_state_skip_padded(h2c, pos, end); | 906 return ngx_http_v2_state_skip_padded(h2c, pos, end); |
| 986 if (h2c->state.length) { | 986 if (h2c->state.length) { |
| 987 return ngx_http_v2_state_save(h2c, pos, end, | 987 return ngx_http_v2_state_save(h2c, pos, end, |
| 988 ngx_http_v2_state_read_data); | 988 ngx_http_v2_state_read_data); |
| 989 } | 989 } |
| 990 | 990 |
| 991 if (stream->in_closed) { | 991 if (h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) { |
| 992 stream->in_closed = 1; | |
| 993 | |
| 992 if (r->headers_in.content_length_n < 0) { | 994 if (r->headers_in.content_length_n < 0) { |
| 993 r->headers_in.content_length_n = rb->rest; | 995 r->headers_in.content_length_n = rb->rest; |
| 994 | 996 |
| 995 } else if (r->headers_in.content_length_n != rb->rest) { | 997 } else if (r->headers_in.content_length_n != rb->rest) { |
| 996 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 998 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |