[nginx] SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.

Tue, 06 Dec 2022 07:27:16 -0800 

details:   https://hg.nginx.org/nginx/rev/06c7d84cafdb
branches:  
changeset: 8110:06c7d84cafdb
user:      Maxim Dounin <mdou...@mdounin.ru>
date:      Thu Dec 01 04:22:31 2022 +0300
description:
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.

With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.

This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).

With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.

diffstat:

 src/event/ngx_event_openssl.c        |  5 +++++
 src/stream/ngx_stream_proxy_module.c |  5 ++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diffs (58 lines):

diff -r 2ffefe2f892e -r 06c7d84cafdb src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c     Wed Nov 30 18:01:53 2022 +0300
+++ b/src/event/ngx_event_openssl.c     Thu Dec 01 04:22:31 2022 +0300
@@ -2204,6 +2204,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char
 #endif
 
     if (c->ssl->last == NGX_ERROR) {
+        c->read->ready = 0;
         c->read->error = 1;
         return NGX_ERROR;
     }
@@ -2270,6 +2271,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char
 #if (NGX_HAVE_FIONREAD)
 
                     if (ngx_socket_nread(c->fd, &c->read->available) == -1) {
+                        c->read->ready = 0;
                         c->read->error = 1;
                         ngx_connection_error(c, ngx_socket_errno,
                                              ngx_socket_nread_n " failed");
@@ -2306,6 +2308,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char
             return 0;
 
         case NGX_ERROR:
+            c->read->ready = 0;
             c->read->error = 1;
 
             /* fall through */
@@ -2326,6 +2329,7 @@ ngx_ssl_recv_early(ngx_connection_t *c, 
     size_t     readbytes;
 
     if (c->ssl->last == NGX_ERROR) {
+        c->read->ready = 0;
         c->read->error = 1;
         return NGX_ERROR;
     }
@@ -2425,6 +2429,7 @@ ngx_ssl_recv_early(ngx_connection_t *c, 
             return 0;
 
         case NGX_ERROR:
+            c->read->ready = 0;
             c->read->error = 1;
 
             /* fall through */
diff -r 2ffefe2f892e -r 06c7d84cafdb src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c      Wed Nov 30 18:01:53 2022 +0300
+++ b/src/stream/ngx_stream_proxy_module.c      Thu Dec 01 04:22:31 2022 +0300
@@ -1675,9 +1675,8 @@ ngx_stream_proxy_process(ngx_stream_sess
 
         size = b->end - b->last;
 
-        if (size && src->read->ready && !src->read->delayed
-            && !src->read->error)
-        {
+        if (size && src->read->ready && !src->read->delayed) {
+
             if (limit_rate) {
                 limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1)
                         - *received;
_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-le...@nginx.org

Reply via email to