Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2_filter_module.c @ 7555:99b6733876c4 stable-1.16
HTTP/2: limited number of DATA frames.
Fixed excessive memory growth and CPU usage if stream windows are
manipulated in a way that results in generating many small DATA frames.
Fix is to limit the number of simultaneously allocated DATA frames.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Tue, 13 Aug 2019 15:43:36 +0300 |
parents | 8e6bb4e6045f |
children |
comparison
equal
deleted
inserted
replaced
7554:b19cd299f37c | 7555:99b6733876c4 |
---|---|
1661 | 1661 |
1662 static ngx_http_v2_out_frame_t * | 1662 static ngx_http_v2_out_frame_t * |
1663 ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream, | 1663 ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream, |
1664 size_t len, ngx_chain_t *first, ngx_chain_t *last) | 1664 size_t len, ngx_chain_t *first, ngx_chain_t *last) |
1665 { | 1665 { |
1666 u_char flags; | 1666 u_char flags; |
1667 ngx_buf_t *buf; | 1667 ngx_buf_t *buf; |
1668 ngx_chain_t *cl; | 1668 ngx_chain_t *cl; |
1669 ngx_http_v2_out_frame_t *frame; | 1669 ngx_http_v2_out_frame_t *frame; |
1670 ngx_http_v2_connection_t *h2c; | |
1670 | 1671 |
1671 frame = stream->free_frames; | 1672 frame = stream->free_frames; |
1673 h2c = stream->connection; | |
1672 | 1674 |
1673 if (frame) { | 1675 if (frame) { |
1674 stream->free_frames = frame->next; | 1676 stream->free_frames = frame->next; |
1675 | 1677 |
1676 } else { | 1678 } else if (h2c->frames < 10000) { |
1677 frame = ngx_palloc(stream->request->pool, | 1679 frame = ngx_palloc(stream->request->pool, |
1678 sizeof(ngx_http_v2_out_frame_t)); | 1680 sizeof(ngx_http_v2_out_frame_t)); |
1679 if (frame == NULL) { | 1681 if (frame == NULL) { |
1680 return NULL; | 1682 return NULL; |
1681 } | 1683 } |
1684 | |
1685 stream->frames++; | |
1686 h2c->frames++; | |
1687 | |
1688 } else { | |
1689 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | |
1690 "http2 flood detected"); | |
1691 | |
1692 h2c->connection->error = 1; | |
1693 return NULL; | |
1682 } | 1694 } |
1683 | 1695 |
1684 flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0; | 1696 flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0; |
1685 | 1697 |
1686 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, stream->request->connection->log, 0, | 1698 ngx_log_debug4(NGX_LOG_DEBUG_HTTP, stream->request->connection->log, 0, |