Mercurial > hg > nginx
comparison src/http/v2/ngx_http_v2.c @ 6288:0f4b7800e681
HTTP/2: backed out 16905ecbb49e (ticket #822).
It caused inconsistency between setting "in_closed" flag and the moment when
the last DATA frame was actually read. As a result, the body buffer might not
be initialized properly in ngx_http_v2_init_request_body(), which led to a
segmentation fault in ngx_http_v2_state_read_data(). Also it might cause
start processing of incomplete body.
This issue could be triggered when the processing of a request was delayed,
e.g. in the limit_req or auth_request modules.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Thu, 05 Nov 2015 15:01:01 +0300 |
parents | 1f26bf65b1bc |
children | 932a465537ef |
comparison
equal
deleted
inserted
replaced
6287:4ccb37b04454 | 6288:0f4b7800e681 |
---|---|
868 } | 868 } |
869 | 869 |
870 return ngx_http_v2_state_skip_padded(h2c, pos, end); | 870 return ngx_http_v2_state_skip_padded(h2c, pos, end); |
871 } | 871 } |
872 | 872 |
873 stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; | |
874 | |
875 h2c->state.stream = stream; | 873 h2c->state.stream = stream; |
876 | 874 |
877 return ngx_http_v2_state_read_data(h2c, pos, end); | 875 return ngx_http_v2_state_read_data(h2c, pos, end); |
878 } | 876 } |
879 | 877 |
897 if (stream == NULL) { | 895 if (stream == NULL) { |
898 return ngx_http_v2_state_skip_padded(h2c, pos, end); | 896 return ngx_http_v2_state_skip_padded(h2c, pos, end); |
899 } | 897 } |
900 | 898 |
901 if (stream->skip_data) { | 899 if (stream->skip_data) { |
900 stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG; | |
901 | |
902 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, | 902 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0, |
903 "skipping http2 DATA frame, reason: %d", | 903 "skipping http2 DATA frame, reason: %d", |
904 stream->skip_data); | 904 stream->skip_data); |
905 | 905 |
906 return ngx_http_v2_state_skip_padded(h2c, pos, end); | 906 return ngx_http_v2_state_skip_padded(h2c, pos, end); |
986 if (h2c->state.length) { | 986 if (h2c->state.length) { |
987 return ngx_http_v2_state_save(h2c, pos, end, | 987 return ngx_http_v2_state_save(h2c, pos, end, |
988 ngx_http_v2_state_read_data); | 988 ngx_http_v2_state_read_data); |
989 } | 989 } |
990 | 990 |
991 if (stream->in_closed) { | 991 if (h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) { |
992 stream->in_closed = 1; | |
993 | |
992 if (r->headers_in.content_length_n < 0) { | 994 if (r->headers_in.content_length_n < 0) { |
993 r->headers_in.content_length_n = rb->rest; | 995 r->headers_in.content_length_n = rb->rest; |
994 | 996 |
995 } else if (r->headers_in.content_length_n != rb->rest) { | 997 } else if (r->headers_in.content_length_n != rb->rest) { |
996 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, | 998 ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |