details: http://hg.nginx.org/nginx/rev/0f4b7800e681
branches:
changeset: 6288:0f4b7800e681
user: Valentin Bartenev <vb...@nginx.com>
date: Thu Nov 05 15:01:01 2015 +0300
description:
HTTP/2: backed out 16905ecbb49e (ticket #822).
It caused inconsistency between setting "in_closed" flag and the moment when
the last DATA frame was actually read. As a result, the body buffer might not
be initialized properly in ngx_http_v2_init_request_body(), which led to a
segmentation fault in ngx_http_v2_state_read_data(). Also it might cause
start processing of incomplete body.
This issue could be triggered when the processing of a request was delayed,
e.g. in the limit_req or auth_request modules.
diffstat:
src/http/v2/ngx_http_v2.c | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diffs (32 lines):
diff -r 4ccb37b04454 -r 0f4b7800e681 src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Fri Oct 30 21:43:30 2015 +0300
+++ b/src/http/v2/ngx_http_v2.c Thu Nov 05 15:01:01 2015 +0300
@@ -870,8 +870,6 @@ ngx_http_v2_state_data(ngx_http_v2_conne
return ngx_http_v2_state_skip_padded(h2c, pos, end);
}
- stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG;
-
h2c->state.stream = stream;
return ngx_http_v2_state_read_data(h2c, pos, end);
@@ -899,6 +897,8 @@ ngx_http_v2_state_read_data(ngx_http_v2_
}
if (stream->skip_data) {
+ stream->in_closed = h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG;
+
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, h2c->connection->log, 0,
"skipping http2 DATA frame, reason: %d",
stream->skip_data);
@@ -988,7 +988,9 @@ ngx_http_v2_state_read_data(ngx_http_v2_
ngx_http_v2_state_read_data);
}
- if (stream->in_closed) {
+ if (h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) {
+ stream->in_closed = 1;
+
if (r->headers_in.content_length_n < 0) {
r->headers_in.content_length_n = rb->rest;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
