Mercurial > hg > nginx

diff src/http/v2/ngx_http_v2.c @ 7377:d4448892a294
HTTP/2: flood detection. Fixed uncontrolled memory growth in case peer is flooding us with some frames (e.g., SETTINGS and PING) and doesn't read data. Fix is to limit the number of allocated control frames.
author: Ruslan Ermilov <ru@nginx.com>
date: Tue, 06 Nov 2018 16:29:35 +0300
parents: 1812f1d79d84
children: e7f19d268c72
--- a/src/http/v2/ngx_http_v2.c	Tue Nov 06 16:29:18 2018 +0300
+++ b/src/http/v2/ngx_http_v2.c	Tue Nov 06 16:29:35 2018 +0300
@@ -662,6 +662,7 @@
 
     h2c->pool = NULL;
     h2c->free_frames = NULL;
+    h2c->frames = 0;
     h2c->free_fake_connections = NULL;
 
 #if (NGX_HTTP_SSL)
@@ -2895,7 +2896,7 @@
 
         frame->blocked = 0;
 
-    } else {
+    } else if (h2c->frames < 10000) {
         pool = h2c->pool ? h2c->pool : h2c->connection->pool;
 
         frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t));
@@ -2919,6 +2920,15 @@
         frame->last = frame->first;
 
         frame->handler = ngx_http_v2_frame_handler;
+
+        h2c->frames++;
+
+    } else {
+        ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+                      "http2 flood detected");
+
+        h2c->connection->error = 1;
+        return NULL;
     }
 
 #if (NGX_DEBUG)
author	Ruslan Ermilov <ru@nginx.com>
date	Tue, 06 Nov 2018 16:29:35 +0300
parents	1812f1d79d84
children	e7f19d268c72