Context Navigation

Back to Ticket #2374

Ticket #2374: h3-empty-rb-buf

File h3-empty-rb-buf, 2.0 KB (added by Roman Arutyunyan, 4 years ago)

Line
1	# HG changeset patch
2	# User Roman Arutyunyan <arut@nginx.com>
3	# Date 1659531591 -14400
4	# Wed Aug 03 16:59:51 2022 +0400
5	# Branch quic
6	# Node ID 999e6a73ff50a41bdbce467e9572f4ad52bbf2cf
7	# Parent f919f13cb11e3bc106e9c4bc2aeadd12b43e7e97
8	HTTP/3: skip empty request body buffers (ticket #2374).
9
10	When client DATA frame header and its content come in different QUIC packets,
11	it may happen that only the header is processed by the first
12	ngx_http_v3_request_body_filter() call. In this case an empty request body
13	buffer is added to r->request_body->bufs, which is later reused in a
14	subsequent ngx_http_v3_request_body_filter() call without being removed from
15	the body chain. As a result, rb->request_body->bufs ends up with two copies of
16	the same buffer.
17
18	The fix is to avoid adding empty request body buffers to r->request_body->bufs.
19
20	diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c
21	--- a/src/http/v3/ngx_http_v3_request.c
22	+++ b/src/http/v3/ngx_http_v3_request.c
23	@@ -1552,15 +1552,17 @@ ngx_http_v3_request_body_filter(ngx_http
24	}
25
26	/* rc == NGX_OK */
27	- }
28
29	- if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
30	- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
31	- "client intended to send too large "
32	- "body: %O+%ui bytes",
33	- rb->received, st->length);
34	+ if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
35	+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
36	+ "client intended to send too large "
37	+ "body: %O+%ui bytes",
38	+ rb->received, st->length);
39
40	- return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
41	+ return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
42	+ }
43	+
44	+ continue;
45	}
46
47	if (b

Download in other formats:

Original Format