Ticket #788: posting-flag.patch

File posting-flag.patch, 2.6 KB (added by Roman Arutyunyan, 11 years ago)

  • src/http/ngx_http_request.c 

    # HG changeset patch
# User Roman Arutyunyan <arut@nginx.com>
# Date 1442578460 -10800
#      Fri Sep 18 15:14:20 2015 +0300
# Node ID de3b5bc41b8623e6f3fd9f670e5a92fc1a84701e
# Parent  257b51c37c5a76559d50c2a44011a7d3f45bd4b9
Prevented posted requests from running recursively (ticket #788).

When ngx_http_run_posted_requests() is called from a resolve handler after
a cached result is found, it runs the next posted request.  That request,
in turn, can follow the same code path and make the next recursive call of
ngx_http_run_posted_requests().  If a big number of requests was posted,
this can finally lead to stack overflow and nginx crash.

diff -r 257b51c37c5a -r de3b5bc41b86 src/http/ngx_http_request.c
    a b ngx_http_run_posted_requests(ngx_connect  
    21952195    ngx_http_request_t         *r;
    21962196    ngx_http_posted_request_t  *pr;
    21972197
     2198    if (c->destroyed) {
     2199        return;
     2200    }
     2201
     2202    r = c->data;
     2203
     2204    if (r->main->running_posted) {
     2205        return;
     2206    }
     2207
     2208    r->main->running_posted = 1;
     2209
    21982210    for ( ;; ) {
    21992211
     2212        r = c->data;
     2213        pr = r->main->posted_requests;
     2214
     2215        if (pr == NULL) {
     2216            r->main->running_posted = 0;
     2217            return;
     2218        }
     2219
     2220        r->main->posted_requests = pr->next;
     2221
     2222        r = pr->request;
     2223
     2224        ngx_http_set_log_request(c->log, r);
     2225
     2226        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
     2227                       "http posted request: \"%V?%V\"", &r->uri, &r->args);
     2228
     2229        r->write_event_handler(r);
     2230
    22002231        if (c->destroyed) {
    22012232            return;
    22022233        }
    2203 
    2204         r = c->data;
    2205         pr = r->main->posted_requests;
    2206 
    2207         if (pr == NULL) {
    2208             return;
    2209         }
    2210 
    2211         r->main->posted_requests = pr->next;
    2212 
    2213         r = pr->request;
    2214 
    2215         ngx_http_set_log_request(c->log, r);
    2216 
    2217         ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0,
    2218                        "http posted request: \"%V?%V\"", &r->uri, &r->args);
    2219 
    2220         r->write_event_handler(r);
    22212234    }
    22222235}
    22232236

  • src/http/ngx_http_request.h 

    diff -r 257b51c37c5a -r de3b5bc41b86 src/http/ngx_http_request.h
    a b struct ngx_http_request_s {  
    523523    unsigned                          root_tested:1;
    524524    unsigned                          done:1;
    525525    unsigned                          logged:1;
     526    unsigned                          running_posted:1;
    526527
    527528    unsigned                          buffered:4;
    528529