Welcome! Log In Create A New Profile

Advanced

[PATCH 1 of 2] SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
November 28, 2022 05:22PM
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1669622597 -10800
# Mon Nov 28 11:03:17 2022 +0300
# Node ID 97a5a082c58ac91f278c7faf2286e0bc04b3c958
# Parent 0b360747c74e3fa7e439e0684a8cf1da2d14d8f6
SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.

With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.

This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).

With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2204,6 +2204,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char
#endif

if (c->ssl->last == NGX_ERROR) {
+ c->read->ready = 0;
c->read->error = 1;
return NGX_ERROR;
}
@@ -2270,6 +2271,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char
#if (NGX_HAVE_FIONREAD)

if (ngx_socket_nread(c->fd, &c->read->available) == -1) {
+ c->read->ready = 0;
c->read->error = 1;
ngx_connection_error(c, ngx_socket_errno,
ngx_socket_nread_n " failed");
@@ -2306,6 +2308,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char
return 0;

case NGX_ERROR:
+ c->read->ready = 0;
c->read->error = 1;

/* fall through */
@@ -2326,6 +2329,7 @@ ngx_ssl_recv_early(ngx_connection_t *c,
size_t readbytes;

if (c->ssl->last == NGX_ERROR) {
+ c->read->ready = 0;
c->read->error = 1;
return NGX_ERROR;
}
@@ -2425,6 +2429,7 @@ ngx_ssl_recv_early(ngx_connection_t *c,
return 0;

case NGX_ERROR:
+ c->read->ready = 0;
c->read->error = 1;

/* fall through */
diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -1675,9 +1675,8 @@ ngx_stream_proxy_process(ngx_stream_sess

size = b->end - b->last;

- if (size && src->read->ready && !src->read->delayed
- && !src->read->error)
- {
+ if (size && src->read->ready && !src->read->delayed) {
+
if (limit_rate) {
limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1)
- *received;

_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Reply Quote
RSS
Subject Author Views Posted

[PATCH 1 of 2] SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors

Maxim Dounin 452 November 28, 2022 05:22PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 300
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready