Mercurial > hg > nginx

changeset 5111:57c3f84d72ce

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Request body: avoid linking rb->buf to r->header_in. Code to reuse of r->request_body->buf in upstream module assumes it's dedicated buffer, hence after 1.3.9 (r4931) it might reuse r->header_in if client_body_in_file_only was set, resulting in original request corruption. It is considered to be safer to always create a dedicated buffer for rb->bufs to avoid such problems.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 14 Mar 2013 12:30:26 +0000
parents 0bbdd966a383
children d3c15c7831eb
files src/http/ngx_http_request_body.c
diffstat 1 files changed, 14 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_request_body.c
+++ b/src/http/ngx_http_request_body.c
@@ -104,7 +104,20 @@ ngx_http_read_client_request_body(ngx_ht
         {
             /* the whole request body may be placed in r->header_in */
 
-            rb->buf = r->header_in;
+            b = ngx_calloc_buf(r->pool);
+            if (b == NULL) {
+                rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+                goto done;
+            }
+
+            b->temporary = 1;
+            b->start = r->header_in->pos;
+            b->pos = r->header_in->pos;
+            b->last = r->header_in->last;
+            b->end = r->header_in->end;
+
+            rb->buf = b;
+
             r->read_event_handler = ngx_http_read_client_request_body_handler;
             r->write_event_handler = ngx_http_request_empty_handler;