Mercurial > hg > nginx
comparison src/http/ngx_http_request_body.c @ 5111:57c3f84d72ce
Request body: avoid linking rb->buf to r->header_in.
Code to reuse of r->request_body->buf in upstream module assumes it's
dedicated buffer, hence after 1.3.9 (r4931) it might reuse r->header_in
if client_body_in_file_only was set, resulting in original request
corruption. It is considered to be safer to always create a dedicated
buffer for rb->bufs to avoid such problems.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Thu, 14 Mar 2013 12:30:26 +0000 |
| parents | 0bbdd966a383 |
| children | c0f7b94e88ba |
comparison
equal
deleted
inserted
replaced
| 5110:0bbdd966a383 | 5111:57c3f84d72ce |
|---|---|
| 102 && rb->rest > 0 | 102 && rb->rest > 0 |
| 103 && rb->rest <= (off_t) (r->header_in->end - r->header_in->last)) | 103 && rb->rest <= (off_t) (r->header_in->end - r->header_in->last)) |
| 104 { | 104 { |
| 105 /* the whole request body may be placed in r->header_in */ | 105 /* the whole request body may be placed in r->header_in */ |
| 106 | 106 |
| 107 rb->buf = r->header_in; | 107 b = ngx_calloc_buf(r->pool); |
| 108 if (b == NULL) { | |
| 109 rc = NGX_HTTP_INTERNAL_SERVER_ERROR; | |
| 110 goto done; | |
| 111 } | |
| 112 | |
| 113 b->temporary = 1; | |
| 114 b->start = r->header_in->pos; | |
| 115 b->pos = r->header_in->pos; | |
| 116 b->last = r->header_in->last; | |
| 117 b->end = r->header_in->end; | |
| 118 | |
| 119 rb->buf = b; | |
| 120 | |
| 108 r->read_event_handler = ngx_http_read_client_request_body_handler; | 121 r->read_event_handler = ngx_http_read_client_request_body_handler; |
| 109 r->write_event_handler = ngx_http_request_empty_handler; | 122 r->write_event_handler = ngx_http_request_empty_handler; |
| 110 | 123 |
| 111 rc = ngx_http_do_read_client_request_body(r); | 124 rc = ngx_http_do_read_client_request_body(r); |
| 112 goto done; | 125 goto done; |