[nginx] gRPC: limited allocations due to ping and settings frames.

Maxim Dounin mdounin at mdounin.ru
Tue Nov 6 15:23:56 UTC 2018


details:   http://hg.nginx.org/nginx/rev/6afba58cd5a3
branches:  stable-1.14
changeset: 7387:6afba58cd5a3
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Tue Nov 06 16:29:59 2018 +0300
description:
gRPC: limited allocations due to ping and settings frames.

diffstat:

 src/http/modules/ngx_http_grpc_module.c |  15 +++++++++++++++
 1 files changed, 15 insertions(+), 0 deletions(-)

diffs (39 lines):

diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -78,6 +78,9 @@ typedef struct {
 
     ngx_uint_t                 id;
 
+    ngx_uint_t                 pings;
+    ngx_uint_t                 settings;
+
     ssize_t                    send_window;
     size_t                     recv_window;
 
@@ -3531,6 +3534,12 @@ ngx_http_grpc_parse_settings(ngx_http_re
                           ctx->rest);
             return NGX_ERROR;
         }
+
+        if (ctx->free == NULL && ctx->settings++ > 1000) {
+            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                          "upstream sent too many settings frames");
+            return NGX_ERROR;
+        }
     }
 
     for (p = b->pos; p < last; p++) {
@@ -3683,6 +3692,12 @@ ngx_http_grpc_parse_ping(ngx_http_reques
                           "upstream sent ping frame with ack flag");
             return NGX_ERROR;
         }
+
+        if (ctx->free == NULL && ctx->pings++ > 1000) {
+            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                          "upstream sent too many ping frames");
+            return NGX_ERROR;
+        }
     }
 
     for (p = b->pos; p < last; p++) {


More information about the nginx-devel mailing list