[nginx] svn commit: r5112 - trunk/src/http

mdounin at mdounin.ru mdounin at mdounin.ru
Thu Mar 14 12:30:26 UTC 2013


Author: mdounin
Date: 2013-03-14 12:30:26 +0000 (Thu, 14 Mar 2013)
New Revision: 5112
URL: http://trac.nginx.org/nginx/changeset/5112/nginx

Log:
Request body: avoid linking rb->buf to r->header_in.

Code to reuse of r->request_body->buf in upstream module assumes it's
dedicated buffer, hence after 1.3.9 (r4931) it might reuse r->header_in
if client_body_in_file_only was set, resulting in original request
corruption.  It is considered to be safer to always create a dedicated
buffer for rb->bufs to avoid such problems.


Modified:
   trunk/src/http/ngx_http_request_body.c

Modified: trunk/src/http/ngx_http_request_body.c
===================================================================
--- trunk/src/http/ngx_http_request_body.c	2013-03-14 12:28:53 UTC (rev 5111)
+++ trunk/src/http/ngx_http_request_body.c	2013-03-14 12:30:26 UTC (rev 5112)
@@ -104,7 +104,20 @@
         {
             /* the whole request body may be placed in r->header_in */
 
-            rb->buf = r->header_in;
+            b = ngx_calloc_buf(r->pool);
+            if (b == NULL) {
+                rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+                goto done;
+            }
+
+            b->temporary = 1;
+            b->start = r->header_in->pos;
+            b->pos = r->header_in->pos;
+            b->last = r->header_in->last;
+            b->end = r->header_in->end;
+
+            rb->buf = b;
+
             r->read_event_handler = ngx_http_read_client_request_body_handler;
             r->write_event_handler = ngx_http_request_empty_handler;
 



More information about the nginx-devel mailing list