Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2_filter_module.c @ 7548:99257b06b0bd
HTTP/2: limited number of DATA frames.
Fixed excessive memory growth and CPU usage if stream windows are
manipulated in a way that results in generating many small DATA frames.
Fix is to limit the number of simultaneously allocated DATA frames.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 13 Aug 2019 15:43:36 +0300 |
parents | 01e26357916a |
children | 80359395b345 |
comparison
equal
deleted
inserted
replaced
7547:4f4b83f00cf1 | 7548:99257b06b0bd |
---|---|
1667 | 1667 |
1668 static ngx_http_v2_out_frame_t * | 1668 static ngx_http_v2_out_frame_t * |
1669 ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream, | 1669 ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream, |
1670 size_t len, ngx_chain_t *first, ngx_chain_t *last) | 1670 size_t len, ngx_chain_t *first, ngx_chain_t *last) |
1671 { | 1671 { |
1672 u_char flags; | 1672 u_char flags; |
1673 ngx_buf_t *buf; | 1673 ngx_buf_t *buf; |
1674 ngx_chain_t *cl; | 1674 ngx_chain_t *cl; |
1675 ngx_http_v2_out_frame_t *frame; | 1675 ngx_http_v2_out_frame_t *frame; |
1676 ngx_http_v2_connection_t *h2c; | |
1676 | 1677 |
1677 frame = stream->free_frames; | 1678 frame = stream->free_frames; |
1679 h2c = stream->connection; | |
1678 | 1680 |
1679 if (frame) { | 1681 if (frame) { |
1680 stream->free_frames = frame->next; | 1682 stream->free_frames = frame->next; |
1681 | 1683 |
1682 } else { | 1684 } else if (h2c->frames < 10000) { |
1683 frame = ngx_palloc(stream->request->pool, | 1685 frame = ngx_palloc(stream->request->pool, |
1684 sizeof(ngx_http_v2_out_frame_t)); | 1686 sizeof(ngx_http_v2_out_frame_t)); |
1685 if (frame == NULL) { | 1687 if (frame == NULL) { |
1686 return NULL; | 1688 return NULL; |
1687 } | 1689 } |
1690 | |
1691 stream->frames++; | |
1692 h2c->frames++; | |
1693 | |
1694 } else { | |
1695 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
1696 "http2 flood detected"); | |
1697 | |
1698 h2c->connection->error = 1; | |
1699 return NULL; | |
1688 } | 1700 } |
1689 | 1701 |
1690 flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0; | 1702 flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0; |
1691 | 1703 |
1692 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, stream->request->connection->log, 0, | 1704 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, stream->request->connection->log, 0, |