Welcome! Log In Create A New Profile

Advanced

[nginx] gRPC: fixed handling of padding on DATA frames.

Maxim Dounin
March 23, 2021 11:12AM
details: https://hg.nginx.org/nginx/rev/6df9d7df2784
branches:
changeset: 7803:6df9d7df2784
user: Maxim Dounin <mdounin@mdounin.ru>
date: Tue Mar 23 16:52:23 2021 +0300
description:
gRPC: fixed handling of padding on DATA frames.

The response size check introduced in 39501ce97e29 did not take into
account possible padding on DATA frames, resulting in incorrect
"upstream sent response body larger than indicated content length" errors
if upstream server used padding in responses with known length.

Fix is to check the actual size of response buffers produced by the code,
similarly to how it is done in other protocols, instead of checking
the size of DATA frames.

Reported at:
http://mailman.nginx.org/pipermail/nginx-devel/2021-March/013907.html

diffstat:

src/http/modules/ngx_http_grpc_module.c | 35 ++++++++++++++++++++++----------
1 files changed, 24 insertions(+), 11 deletions(-)

diffs (59 lines):

diff -r 0215ec9aaa8a -r 6df9d7df2784 src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c Thu Mar 11 09:58:45 2021 +0300
+++ b/src/http/modules/ngx_http_grpc_module.c Tue Mar 23 16:52:23 2021 +0300
@@ -2074,17 +2074,6 @@ ngx_http_grpc_filter(void *data, ssize_t
return NGX_ERROR;
}

- if (ctx->length != -1) {
- if ((off_t) ctx->rest > ctx->length) {
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "upstream sent response body larger "
- "than indicated content length");
- return NGX_ERROR;
- }
-
- ctx->length -= ctx->rest;
- }
-
if (ctx->rest > ctx->recv_window) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"upstream violated stream flow control, "
@@ -2450,6 +2439,18 @@ ngx_http_grpc_filter(void *data, ssize_t
b->pos = b->last;
buf->last = b->pos;

+ if (ctx->length != -1) {
+
+ if (buf->last - buf->pos > ctx->length) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent response body larger "
+ "than indicated content length");
+ return NGX_ERROR;
+ }
+
+ ctx->length -= buf->last - buf->pos;
+ }
+
return NGX_AGAIN;
}

@@ -2457,6 +2458,18 @@ ngx_http_grpc_filter(void *data, ssize_t
buf->last = b->pos;
ctx->rest = ctx->padding;

+ if (ctx->length != -1) {
+
+ if (buf->last - buf->pos > ctx->length) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent response body larger "
+ "than indicated content length");
+ return NGX_ERROR;
+ }
+
+ ctx->length -= buf->last - buf->pos;
+ }
+
done:

if (ctx->padding) {
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] gRPC: fixed handling of padding on DATA frames.

Maxim Dounin 59 March 23, 2021 11:12AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 63
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready