details: http://hg.nginx.org/nginx/rev/6afba58cd5a3
branches: stable-1.14
changeset: 7387:6afba58cd5a3
user: Maxim Dounin <mdou...@mdounin.ru>
date: Tue Nov 06 16:29:59 2018 +0300
description:
gRPC: limited allocations due to ping and settings frames.
diffstat:
src/http/modules/ngx_http_grpc_module.c | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
diffs (39 lines):
diff --git a/src/http/modules/ngx_http_grpc_module.c
b/src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -78,6 +78,9 @@ typedef struct {
ngx_uint_t id;
+ ngx_uint_t pings;
+ ngx_uint_t settings;
+
ssize_t send_window;
size_t recv_window;
@@ -3531,6 +3534,12 @@ ngx_http_grpc_parse_settings(ngx_http_re
ctx->rest);
return NGX_ERROR;
}
+
+ if (ctx->free == NULL && ctx->settings++ > 1000) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent too many settings frames");
+ return NGX_ERROR;
+ }
}
for (p = b->pos; p < last; p++) {
@@ -3683,6 +3692,12 @@ ngx_http_grpc_parse_ping(ngx_http_reques
"upstream sent ping frame with ack flag");
return NGX_ERROR;
}
+
+ if (ctx->free == NULL && ctx->pings++ > 1000) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent too many ping frames");
+ return NGX_ERROR;
+ }
}
for (p = b->pos; p < last; p++) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
