nginx: src/http/v3/ngx_http_v3_request.c comparison

comparison src/http/v3/ngx_http_v3_request.c @ 9027:f9d7930d0eed quic

HTTP/3: skip empty request body buffers (ticket #2374). When client DATA frame header and its content come in different QUIC packets, it may happen that only the header is processed by the first ngx_http_v3_request_body_filter() call. In this case an empty request body buffer is added to r->request_body->bufs, which is later reused in a subsequent ngx_http_v3_request_body_filter() call without being removed from the body chain. As a result, rb->request_body->bufs ends up with two copies of the same buffer. The fix is to avoid adding empty request body buffers to r->request_body->bufs.

author	Roman Arutyunyan <arut@nginx.com>
date	Wed, 03 Aug 2022 16:59:51 +0400
parents	10522e8dea41
children	0f5fc7a320db

comparison

equal deleted inserted replaced

-:3550b00d9dc8
+:f9d7930d0eed
 if (rc == NGX_ERROR) {
 return NGX_HTTP_INTERNAL_SERVER_ERROR;
 }
 /* rc == NGX_OK */
-}
+if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
-if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
+ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
-ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+"client intended to send too large "
-"client intended to send too large "
+"body: %O+%ui bytes",
-"body: %O+%ui bytes",
+rb->received, st->length);
-rb->received, st->length);
+return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
-return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
+}
+continue;
 }
 if (b
 && st->length <= 128
 && (uint64_t) (cl->buf->last - cl->buf->pos) >= st->length)

Mercurial > hg > nginx

comparison src/http/v3/ngx_http_v3_request.c @ 9027:f9d7930d0eed quic