Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 7385:1c6b6163c039 stable-1.14
HTTP/2: flood detection.
Fixed uncontrolled memory growth in case peer is flooding us with
some frames (e.g., SETTINGS and PING) and doesn't read data. Fix
is to limit the number of allocated control frames.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 06 Nov 2018 16:29:35 +0300 |
parents | 190591ab0d76 |
children | 9200b41db765 |
comparison
equal
deleted
inserted
replaced
7384:fdc19a3289c1 | 7385:1c6b6163c039 |
---|---|
662 | 662 |
663 ngx_destroy_pool(h2c->pool); | 663 ngx_destroy_pool(h2c->pool); |
664 | 664 |
665 h2c->pool = NULL; | 665 h2c->pool = NULL; |
666 h2c->free_frames = NULL; | 666 h2c->free_frames = NULL; |
667 h2c->frames = 0; | |
667 h2c->free_fake_connections = NULL; | 668 h2c->free_fake_connections = NULL; |
668 | 669 |
669 #if (NGX_HTTP_SSL) | 670 #if (NGX_HTTP_SSL) |
670 if (c->ssl) { | 671 if (c->ssl) { |
671 ngx_ssl_free_buffer(c); | 672 ngx_ssl_free_buffer(c); |
2893 buf = frame->first->buf; | 2894 buf = frame->first->buf; |
2894 buf->pos = buf->start; | 2895 buf->pos = buf->start; |
2895 | 2896 |
2896 frame->blocked = 0; | 2897 frame->blocked = 0; |
2897 | 2898 |
2898 } else { | 2899 } else if (h2c->frames < 10000) { |
2899 pool = h2c->pool ? h2c->pool : h2c->connection->pool; | 2900 pool = h2c->pool ? h2c->pool : h2c->connection->pool; |
2900 | 2901 |
2901 frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t)); | 2902 frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t)); |
2902 if (frame == NULL) { | 2903 if (frame == NULL) { |
2903 return NULL; | 2904 return NULL; |
2917 | 2918 |
2918 frame->first->buf = buf; | 2919 frame->first->buf = buf; |
2919 frame->last = frame->first; | 2920 frame->last = frame->first; |
2920 | 2921 |
2921 frame->handler = ngx_http_v2_frame_handler; | 2922 frame->handler = ngx_http_v2_frame_handler; |
2923 | |
2924 h2c->frames++; | |
2925 | |
2926 } else { | |
2927 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
2928 "http2 flood detected"); | |
2929 | |
2930 h2c->connection->error = 1; | |
2931 return NULL; | |
2922 } | 2932 } |
2923 | 2933 |
2924 #if (NGX_DEBUG) | 2934 #if (NGX_DEBUG) |
2925 if (length > NGX_HTTP_V2_FRAME_BUFFER_SIZE - NGX_HTTP_V2_FRAME_HEADER_SIZE) | 2935 if (length > NGX_HTTP_V2_FRAME_BUFFER_SIZE - NGX_HTTP_V2_FRAME_HEADER_SIZE) |
2926 { | 2936 { |