nginx: src/http/v2/ngx_http

comparison src/http/v2/ngx_http_v2.c @ 7377:d4448892a294

HTTP/2: flood detection. Fixed uncontrolled memory growth in case peer is flooding us with some frames (e.g., SETTINGS and PING) and doesn't read data. Fix is to limit the number of allocated control frames.

author	Ruslan Ermilov <ru@nginx.com>
date	Tue, 06 Nov 2018 16:29:35 +0300
parents	1812f1d79d84
children	e7f19d268c72

comparison

equal deleted inserted replaced

-:e5069816039b
+:d4448892a294
 ngx_destroy_pool(h2c->pool);
 h2c->pool = NULL;
 h2c->free_frames = NULL;
+h2c->frames = 0;
 h2c->free_fake_connections = NULL;
 #if (NGX_HTTP_SSL)
 if (c->ssl) {
 ngx_ssl_free_buffer(c);
 buf = frame->first->buf;
 buf->pos = buf->start;
 frame->blocked = 0;
-} else {
+} else if (h2c->frames < 10000) {
 pool = h2c->pool ? h2c->pool : h2c->connection->pool;
 frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t));
 if (frame == NULL) {
 return NULL;
 frame->first->buf = buf;
 frame->last = frame->first;
 frame->handler = ngx_http_v2_frame_handler;
+h2c->frames++;
+} else {
+ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+"http2 flood detected");
+h2c->connection->error = 1;
+return NULL;
 }
 #if (NGX_DEBUG)
 if (length > NGX_HTTP_V2_FRAME_BUFFER_SIZE - NGX_HTTP_V2_FRAME_HEADER_SIZE)
 {

Mercurial > hg > nginx

comparison src/http/v2/ngx_http_v2.c @ 7377:d4448892a294