# HG changeset patch
# User Maxim Dounin <mdou...@mdounin.ru>
# Date 1713574637 -10800
# Sat Apr 20 03:57:17 2024 +0300
# Node ID 42c2333af8bacd65b50933119dcc47c9343f6cd2
# Parent 4476851eed617ebc2c0125ab208c98d9634742e1
Request body: block reading when returning errors.
If reading is not blocked, additional client activity can result in
undefined behaviour, including segfaults, as seen with proxying with
proxy_ignore_client_abort before 4072:cf334deeea66. While unlikely
with low-level errors being returned when reading the request body, it
might be the case, for example, when chunked transfer encoding is used,
and error_page 400 (or 413) is proxied with proxy_ignore_client_abort.
diff --git a/src/http/ngx_http_request_body.c b/src/http/ngx_http_request_body.c
--- a/src/http/ngx_http_request_body.c
+++ b/src/http/ngx_http_request_body.c
@@ -226,6 +226,7 @@ done:
if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
r->main->count--;
+ r->read_event_handler = ngx_http_block_reading;
}
return rc;
@@ -294,6 +295,7 @@ ngx_http_read_client_request_body_handle
rc = ngx_http_do_read_client_request_body(r);
if (rc >= NGX_HTTP_SPECIAL_RESPONSE) {
+ r->read_event_handler = ngx_http_block_reading;
ngx_http_finalize_request(r, rc);
}
}
--
nginx-devel mailing list
nginx-devel@freenginx.org
https://freenginx.org/mailman/listinfo/nginx-devel
