Welcome! Log In Create A New Profile


[nginx] HTTP/2: fixed socket leak with an incomplete HEADERS frame.

Sergey Kandaurov
February 05, 2020 10:12AM
details: https://hg.nginx.org/nginx/rev/72b792bb3885
changeset: 7623:72b792bb3885
user: Sergey Kandaurov <pluknet@nginx.com>
date: Wed Feb 05 16:29:23 2020 +0300
HTTP/2: fixed socket leak with an incomplete HEADERS frame.

A connection could get stuck without timers if a client has partially sent
the HEADERS frame such that it was split on the individual header boundary.
In this case, it cannot be processed without the rest of the HEADERS frame.

The fix is to call ngx_http_v2_state_headers_save() in this case. Normally,
it would be called from the ngx_http_v2_state_header_block() handler on the
next iteration, when there is not enough data to continue processing. This
isn't the case if recv_buffer became empty and there's no more data to read.


src/http/v2/ngx_http_v2.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)

diffs (19 lines):

diff -r 2955192fb210 -r 72b792bb3885 src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Wed Feb 05 16:29:14 2020 +0300
+++ b/src/http/v2/ngx_http_v2.c Wed Feb 05 16:29:23 2020 +0300
@@ -1719,8 +1719,13 @@ ngx_http_v2_state_header_complete(ngx_ht
ngx_http_v2_stream_t *stream;

if (h2c->state.length) {
- h2c->state.handler = ngx_http_v2_state_header_block;
- return pos;
+ if (end - pos > 0) {
+ h2c->state.handler = ngx_http_v2_state_header_block;
+ return pos;
+ }
+ return ngx_http_v2_state_headers_save(h2c, pos, end,
+ ngx_http_v2_state_header_block);

if (!(h2c->state.flags & NGX_HTTP_V2_END_HEADERS_FLAG)) {
nginx-devel mailing list
Subject Author Views Posted

[nginx] HTTP/2: fixed socket leak with an incomplete HEADERS frame.

Sergey Kandaurov 108 February 05, 2020 10:12AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 78
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready