<div dir="ltr"><br><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername"></b> <span dir="ltr"><<a href="mailto:nginx-devel-request@nginx.org">nginx-devel-request@nginx.org</a>></span><br>
Date: 2014-05-16 5:00 GMT-07:00<br>Subject: nginx-devel Digest, Vol 55, Issue 15<br>To: <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br><br><br>Send nginx-devel mailing list submissions to<br>
<a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:nginx-devel-request@nginx.org">nginx-devel-request@nginx.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:nginx-devel-owner@nginx.org">nginx-devel-owner@nginx.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of nginx-devel digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. [nginx] SPDY: set log action for PROXY protocol only while<br>
parsi... (Valentin Bartenev)<br>
2. [nginx] SPDY: improved logging. (Valentin Bartenev)<br>
3. [nginx] SPDY: refactored ngx_http_spdy_state_headers().<br>
(Valentin Bartenev)<br>
4. [nginx] SPDY: added a debug point to the state buffer<br>
overflow p... (Valentin Bartenev)<br>
5. [nginx] SPDY: added protection from overrun of the receive<br>
buffer. (Valentin Bartenev)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Thu, 15 May 2014 15:25:50 +0000<br>
From: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
To: <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
Subject: [nginx] SPDY: set log action for PROXY protocol only while<br>
parsi...<br>
Message-ID:<br>
<<a href="mailto:hg.ed5fb7d22d46.1400167550.6369085454036692193@ns.nginx.org">hg.ed5fb7d22d46.1400167550.6369085454036692193@ns.nginx.org</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
details: <a href="http://hg.nginx.org/nginx/rev/ed5fb7d22d46" target="_blank">http://hg.nginx.org/nginx/rev/ed5fb7d22d46</a><br>
branches:<br>
changeset: 5692:ed5fb7d22d46<br>
user: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
date: Thu May 15 19:22:06 2014 +0400<br>
description:<br>
SPDY: set log action for PROXY protocol only while parsing it.<br>
<br>
Handling of PROXY protocol for SPDY connection is currently implemented as<br>
a SPDY state. And while nginx waiting for PROXY protocol data it continues<br>
to process SPDY connection: initializes zlib context, sends control frames.<br>
<br>
diffstat:<br>
<br>
src/http/ngx_http_spdy.c | 17 +++++++++--------<br>
1 files changed, 9 insertions(+), 8 deletions(-)<br>
<br>
diffs (40 lines):<br>
<br>
diff -r 31349361558e -r ed5fb7d22d46 src/http/ngx_http_spdy.c<br>
--- a/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400<br>
+++ b/src/http/ngx_http_spdy.c Thu May 15 19:22:06 2014 +0400<br>
@@ -424,12 +424,8 @@ ngx_http_spdy_init(ngx_event_t *rev)<br>
<br>
sc->init_window = NGX_SPDY_INIT_STREAM_WINDOW;<br>
<br>
- sc->handler = ngx_http_spdy_state_head;<br>
-<br>
- if (hc->proxy_protocol) {<br>
- c->log->action = "reading PROXY protocol";<br>
- sc->handler = ngx_http_spdy_proxy_protocol;<br>
- }<br>
+ sc->handler = hc->proxy_protocol ? ngx_http_spdy_proxy_protocol<br>
+ : ngx_http_spdy_state_head;<br>
<br>
sc->zstream_in.zalloc = ngx_http_spdy_zalloc;<br>
sc->zstream_in.zfree = ngx_http_spdy_zfree;<br>
@@ -823,14 +819,19 @@ static u_char *<br>
ngx_http_spdy_proxy_protocol(ngx_http_spdy_connection_t *sc, u_char *pos,<br>
u_char *end)<br>
{<br>
+ ngx_log_t *log;<br>
+<br>
+ log = sc->connection->log;<br>
+ log->action = "reading PROXY protocol";<br>
+<br>
pos = ngx_proxy_protocol_parse(sc->connection, pos, end);<br>
<br>
+ log->action = "processing SPDY";<br>
+<br>
if (pos == NULL) {<br>
return ngx_http_spdy_state_protocol_error(sc);<br>
}<br>
<br>
- sc->connection->log->action = "processing SPDY";<br>
-<br>
return ngx_http_spdy_state_complete(sc, pos, end);<br>
}<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Thu, 15 May 2014 15:25:52 +0000<br>
From: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
To: <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
Subject: [nginx] SPDY: improved logging.<br>
Message-ID:<br>
<<a href="mailto:hg.701d6e17e42c.1400167552.6369085454036692193@ns.nginx.org">hg.701d6e17e42c.1400167552.6369085454036692193@ns.nginx.org</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
details: <a href="http://hg.nginx.org/nginx/rev/701d6e17e42c" target="_blank">http://hg.nginx.org/nginx/rev/701d6e17e42c</a><br>
branches:<br>
changeset: 5693:701d6e17e42c<br>
user: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
date: Wed Apr 30 20:34:20 2014 +0400<br>
description:<br>
SPDY: improved logging.<br>
<br>
diffstat:<br>
<br>
src/http/ngx_http_spdy.c | 210 +++++++++++++++++++++++---------<br>
src/http/ngx_http_spdy_filter_module.c | 3 +-<br>
2 files changed, 151 insertions(+), 62 deletions(-)<br>
<br>
diffs (truncated from 656 to 300 lines):<br>
<br>
diff -r ed5fb7d22d46 -r 701d6e17e42c src/http/ngx_http_spdy.c<br>
--- a/src/http/ngx_http_spdy.c Thu May 15 19:22:06 2014 +0400<br>
+++ b/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400<br>
@@ -395,8 +395,7 @@ ngx_http_spdy_init(ngx_event_t *rev)<br>
c = rev->data;<br>
hc = c->data;<br>
<br>
- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0,<br>
- "init spdy request");<br>
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "init spdy request");<br>
<br>
c->log->action = "processing SPDY";<br>
<br>
@@ -556,7 +555,7 @@ ngx_http_spdy_read_handler(ngx_event_t *<br>
<br>
if (n == 0 && (sc->incomplete || sc->processing)) {<br>
ngx_log_error(NGX_LOG_INFO, c->log, 0,<br>
- "client closed prematurely connection");<br>
+ "client prematurely closed connection");<br>
}<br>
<br>
if (n == 0 || n == NGX_ERROR) {<br>
@@ -644,7 +643,7 @@ ngx_http_spdy_write_handler(ngx_event_t<br>
stream->handled = 0;<br>
<br>
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,<br>
- "spdy run stream %ui", stream->id);<br>
+ "run spdy stream %ui", stream->id);<br>
<br>
wev = stream->request->connection->write;<br>
wev->handler(wev);<br>
@@ -860,7 +859,7 @@ ngx_http_spdy_state_head(ngx_http_spdy_c<br>
pos += sizeof(uint32_t);<br>
<br>
ngx_log_debug3(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,<br>
- "spdy process frame head:%08XD f:%Xd l:%uz",<br>
+ "process spdy frame head:%08XD f:%Xd l:%uz",<br>
head, sc->flags, sc->length);<br>
<br>
if (ngx_spdy_ctl_frame_check(head)) {<br>
@@ -872,6 +871,8 @@ ngx_http_spdy_state_head(ngx_http_spdy_c<br>
return ngx_http_spdy_state_syn_stream(sc, pos, end);<br>
<br>
case NGX_SPDY_SYN_REPLY:<br>
+ ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
+ "client sent unexpected SYN_REPLY frame");<br>
return ngx_http_spdy_state_protocol_error(sc);<br>
<br>
case NGX_SPDY_RST_STREAM:<br>
@@ -887,6 +888,8 @@ ngx_http_spdy_state_head(ngx_http_spdy_c<br>
return ngx_http_spdy_state_skip(sc, pos, end); /* TODO */<br>
<br>
case NGX_SPDY_HEADERS:<br>
+ ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
+ "client sent unexpected HEADERS frame");<br>
return ngx_http_spdy_state_protocol_error(sc);<br>
<br>
case NGX_SPDY_WINDOW_UPDATE:<br>
@@ -904,10 +907,8 @@ ngx_http_spdy_state_head(ngx_http_spdy_c<br>
return ngx_http_spdy_state_data(sc, pos, end);<br>
}<br>
<br>
-<br>
- /* TODO version & type check */<br>
- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,<br>
- "spdy unknown frame");<br>
+ ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
+ "client sent invalid frame");<br>
<br>
return ngx_http_spdy_state_protocol_error(sc);<br>
}<br>
@@ -927,7 +928,10 @@ ngx_http_spdy_state_syn_stream(ngx_http_<br>
}<br>
<br>
if (sc->length <= NGX_SPDY_SYN_STREAM_SIZE) {<br>
- /* TODO logging */<br>
+ ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
+ "client sent SYN_STREAM frame with incorrect length %uz",<br>
+ sc->length);<br>
+<br>
return ngx_http_spdy_state_protocol_error(sc);<br>
}<br>
<br>
@@ -968,7 +972,7 @@ ngx_http_spdy_state_syn_stream(ngx_http_<br>
if (sc->processing >= sscf->concurrent_streams) {<br>
<br>
ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
- "spdy concurrent streams exceeded %ui", sc->processing);<br>
+ "concurrent streams exceeded %ui", sc->processing);<br>
<br>
if (ngx_http_spdy_send_rst_stream(sc, sid, NGX_SPDY_REFUSED_STREAM,<br>
prio)<br>
@@ -1026,7 +1030,7 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
r = sc->stream->request;<br>
<br>
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,<br>
- "spdy process HEADERS %uz of %uz", size, sc->length);<br>
+ "process spdy header block %uz of %uz", size, sc->length);<br>
<br>
buf = r->header_in;<br>
<br>
@@ -1101,7 +1105,7 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
buf->pos += NGX_SPDY_NV_NUM_SIZE;<br>
<br>
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,<br>
- "spdy HEADERS block consists of %ui entries",<br>
+ "spdy header block has %ui entries",<br>
sc->entries);<br>
<br>
if (ngx_list_init(&r->headers_in.headers, r->pool, 20,<br>
@@ -1142,7 +1146,6 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
rc = ngx_http_spdy_alloc_large_header_buffer(r);<br>
<br>
if (rc == NGX_DECLINED) {<br>
- /* TODO logging */<br>
ngx_http_finalize_request(r,<br>
NGX_HTTP_REQUEST_HEADER_TOO_LARGE);<br>
return ngx_http_spdy_state_headers_skip(sc, pos, end);<br>
@@ -1179,9 +1182,8 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
}<br>
<br>
if (complete) {<br>
- /* TODO: improve error message */<br>
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,<br>
- "spdy again while last chunk");<br>
+ "premature end of spdy header block");<br>
<br>
return ngx_http_spdy_state_headers_error(sc, pos, end);<br>
}<br>
@@ -1190,13 +1192,7 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
ngx_http_spdy_state_headers);<br>
<br>
case NGX_HTTP_PARSE_INVALID_HEADER:<br>
-<br>
- /* TODO: improve error message */<br>
- ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,<br>
- "client sent invalid header line");<br>
-<br>
ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);<br>
-<br>
return ngx_http_spdy_state_headers_skip(sc, pos, end);<br>
<br>
default: /* NGX_ERROR */<br>
@@ -1262,6 +1258,9 @@ ngx_http_spdy_state_headers_skip(ngx_htt<br>
ngx_http_spdy_state_headers_skip);<br>
}<br>
<br>
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,<br>
+ "spdy header block skip %uz of %uz", size, sc->length);<br>
+<br>
sc->zstream_in.next_in = pos;<br>
sc->zstream_in.avail_in = (size < sc->length) ? size : sc->length;<br>
<br>
@@ -1364,7 +1363,7 @@ ngx_http_spdy_state_window_update(ngx_ht<br>
ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
"client violated flow control for stream %ui: "<br>
"received WINDOW_UPDATE frame with delta %uz "<br>
- "that is not allowed for window %z",<br>
+ "not allowed for window %z",<br>
sid, delta, stream->send_window);<br>
<br>
if (ngx_http_spdy_terminate_stream(sc, stream,<br>
@@ -1397,7 +1396,7 @@ ngx_http_spdy_state_window_update(ngx_ht<br>
ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
"client violated connection flow control: "<br>
"received WINDOW_UPDATE frame with delta %uz "<br>
- "that is not allowed for window %uz",<br>
+ "not allowed for window %uz",<br>
delta, sc->send_window);<br>
<br>
return ngx_http_spdy_state_protocol_error(sc);<br>
@@ -1440,8 +1439,8 @@ ngx_http_spdy_state_data(ngx_http_spdy_c<br>
<br>
if (sc->length > sc->recv_window) {<br>
ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
- "client violated connection flow control: length of "<br>
- "received DATA frame %uz, while available window %uz",<br>
+ "client violated connection flow control: "<br>
+ "received DATA frame length %uz, available window %uz",<br>
sc->length, sc->recv_window);<br>
<br>
return ngx_http_spdy_state_protocol_error(sc);<br>
@@ -1465,13 +1464,16 @@ ngx_http_spdy_state_data(ngx_http_spdy_c<br>
stream = sc->stream;<br>
<br>
if (stream == NULL) {<br>
+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,<br>
+ "unknown spdy stream");<br>
+<br>
return ngx_http_spdy_state_skip(sc, pos, end);<br>
}<br>
<br>
if (sc->length > stream->recv_window) {<br>
ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
- "client violated flow control for stream %ui: length of "<br>
- "received DATA frame %uz, while available window %uz",<br>
+ "client violated flow control for stream %ui: "<br>
+ "received DATA frame length %uz, available window %uz",<br>
stream->id, sc->length, stream->recv_window);<br>
<br>
if (ngx_http_spdy_terminate_stream(sc, stream,<br>
@@ -1501,7 +1503,7 @@ ngx_http_spdy_state_data(ngx_http_spdy_c<br>
<br>
if (stream->in_closed) {<br>
ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
- "client sent DATA frame for half closed stream %ui",<br>
+ "client sent DATA frame for half-closed stream %ui",<br>
stream->id);<br>
<br>
if (ngx_http_spdy_terminate_stream(sc, stream,<br>
@@ -1544,7 +1546,10 @@ ngx_http_spdy_state_read_data(ngx_http_s<br>
stream->in_closed = 1;<br>
}<br>
<br>
- /* TODO log and accounting */<br>
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,<br>
+ "skipping spdy DATA frame, reason: %d",<br>
+ stream->skip_data);<br>
+<br>
return ngx_http_spdy_state_skip(sc, pos, end);<br>
}<br>
<br>
@@ -1573,7 +1578,10 @@ ngx_http_spdy_state_read_data(ngx_http_s<br>
if (r->headers_in.content_length_n != -1<br>
&& r->headers_in.content_length_n < rb->rest)<br>
{<br>
- /* TODO logging */<br>
+ ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,<br>
+ "client intended to send body data "<br>
+ "larger than declared");<br>
+<br>
stream->skip_data = NGX_SPDY_DATA_ERROR;<br>
goto error;<br>
<br>
@@ -1584,9 +1592,8 @@ ngx_http_spdy_state_read_data(ngx_http_s<br>
&& clcf->client_max_body_size < rb->rest)<br>
{<br>
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,<br>
- "client intended to send too large chunked "<br>
- "body: %O bytes",<br>
- rb->rest);<br>
+ "client intended to send "<br>
+ "too large chunked body: %O bytes", rb->rest);<br>
<br>
stream->skip_data = NGX_SPDY_DATA_ERROR;<br>
goto error;<br>
@@ -1638,7 +1645,7 @@ ngx_http_spdy_state_read_data(ngx_http_s<br>
} else if (r->headers_in.content_length_n != rb->rest) {<br>
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,<br>
"client prematurely closed stream: "<br>
- "%O of %O bytes of request body received",<br>
+ "only %O out of %O bytes of request body received",<br>
rb->rest, r->headers_in.content_length_n);<br>
<br>
stream->skip_data = NGX_SPDY_DATA_ERROR;<br>
@@ -1717,9 +1724,11 @@ ngx_http_spdy_state_rst_stream(ngx_http_<br>
"spdy RST_STREAM sid:%ui st:%ui", sid, status);<br>
<br>
stream = ngx_http_spdy_get_stream_by_id(sc, sid);<br>
+<br>
if (stream == NULL) {<br>
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,<br>
- "unknown stream, probably it has been closed already");<br>
+ "unknown spdy stream");<br>
+<br>
return ngx_http_spdy_state_complete(sc, pos, end);<br>
}<br>
<br>
@@ -1738,7 +1747,7 @@ ngx_http_spdy_state_rst_stream(ngx_http_<br>
<br>
case NGX_SPDY_INTERNAL_ERROR:<br>
ngx_log_error(NGX_LOG_INFO, fc->log, 0,<br>
- "client terminated stream %ui because of internal error",<br>
+ "client terminated stream %ui due to internal error",<br>
sid);<br>
break;<br>
<br>
@@ -1770,7 +1779,10 @@ ngx_http_spdy_state_ping(ngx_http_spdy_c<br>
}<br>
<br>
if (sc->length != NGX_SPDY_PING_SIZE) {<br>
- /* TODO logging */<br>
+ ngx_log_error(NGX_LOG_INFO, sc->connection->log, 0,<br>
+ "client sent PING frame with incorrect length %uz",<br>
+ sc->length);<br>
+<br>
return ngx_http_spdy_state_protocol_error(sc);<br>
}<br>
<br>
@@ -1810,6 +1822,9 @@ ngx_http_spdy_state_skip(ngx_http_spdy_c<br>
<br>
size = end - pos;<br>
<br>
+ ngx_log_debug2(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,<br>
+ "spdy frame skip %uz of %uz", size, sc->length);<br>
+<br>
if (size < sc->length) {<br>
sc->length -= size;<br>
return ngx_http_spdy_state_save(sc, end, end,<br>
@@ -1839,13 +1854,16 @@ ngx_http_spdy_state_settings(ngx_http_sp<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Thu, 15 May 2014 15:25:53 +0000<br>
From: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
To: <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
Subject: [nginx] SPDY: refactored ngx_http_spdy_state_headers().<br>
Message-ID:<br>
<<a href="mailto:hg.9a95eb9f448b.1400167553.6369085454036692193@ns.nginx.org">hg.9a95eb9f448b.1400167553.6369085454036692193@ns.nginx.org</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
details: <a href="http://hg.nginx.org/nginx/rev/9a95eb9f448b" target="_blank">http://hg.nginx.org/nginx/rev/9a95eb9f448b</a><br>
branches:<br>
changeset: 5694:9a95eb9f448b<br>
user: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
date: Wed Apr 30 20:34:20 2014 +0400<br>
description:<br>
SPDY: refactored ngx_http_spdy_state_headers().<br>
<br>
This change is similar to d2ac5cf4056d. Special flag of completeness looks<br>
surplus when there is also a counter of frame bytes left.<br>
<br>
diffstat:<br>
<br>
src/http/ngx_http_spdy.c | 13 ++++---------<br>
1 files changed, 4 insertions(+), 9 deletions(-)<br>
<br>
diffs (52 lines):<br>
<br>
diff -r 701d6e17e42c -r 9a95eb9f448b src/http/ngx_http_spdy.c<br>
--- a/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400<br>
+++ b/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400<br>
@@ -1009,7 +1009,6 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
size_t size;<br>
ngx_buf_t *buf;<br>
ngx_int_t rc;<br>
- ngx_uint_t complete;<br>
ngx_http_request_t *r;<br>
<br>
size = end - pos;<br>
@@ -1019,12 +1018,8 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
ngx_http_spdy_state_headers);<br>
}<br>
<br>
- if (size >= sc->length) {<br>
+ if (size > sc->length) {<br>
size = sc->length;<br>
- complete = 1;<br>
-<br>
- } else {<br>
- complete = 0;<br>
}<br>
<br>
r = sc->stream->request;<br>
@@ -1089,7 +1084,7 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
<br>
if (buf->last - buf->pos < NGX_SPDY_NV_NUM_SIZE) {<br>
<br>
- if (complete) {<br>
+ if (sc->length == 0) {<br>
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,<br>
"premature end of spdy header block");<br>
<br>
@@ -1181,7 +1176,7 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
continue;<br>
}<br>
<br>
- if (complete) {<br>
+ if (sc->length == 0) {<br>
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,<br>
"premature end of spdy header block");<br>
<br>
@@ -1225,7 +1220,7 @@ ngx_http_spdy_state_headers(ngx_http_spd<br>
return ngx_http_spdy_state_headers_error(sc, pos, end);<br>
}<br>
<br>
- if (!complete) {<br>
+ if (sc->length) {<br>
return ngx_http_spdy_state_save(sc, pos, end,<br>
ngx_http_spdy_state_headers);<br>
}<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Thu, 15 May 2014 15:25:55 +0000<br>
From: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
To: <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
Subject: [nginx] SPDY: added a debug point to the state buffer<br>
overflow p...<br>
Message-ID:<br>
<<a href="mailto:hg.231588611230.1400167555.6369085454036692193@ns.nginx.org">hg.231588611230.1400167555.6369085454036692193@ns.nginx.org</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
details: <a href="http://hg.nginx.org/nginx/rev/231588611230" target="_blank">http://hg.nginx.org/nginx/rev/231588611230</a><br>
branches:<br>
changeset: 5695:231588611230<br>
user: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
date: Wed Apr 30 20:34:20 2014 +0400<br>
description:<br>
SPDY: added a debug point to the state buffer overflow protection.<br>
<br>
diffstat:<br>
<br>
src/http/ngx_http_spdy.c | 1 +<br>
1 files changed, 1 insertions(+), 0 deletions(-)<br>
<br>
diffs (11 lines):<br>
<br>
diff -r 9a95eb9f448b -r 231588611230 src/http/ngx_http_spdy.c<br>
--- a/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400<br>
+++ b/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400<br>
@@ -1944,6 +1944,7 @@ ngx_http_spdy_state_save(ngx_http_spdy_c<br>
ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,<br>
"state buffer overflow: %uz bytes required", size);<br>
<br>
+ ngx_debug_point();<br>
return ngx_http_spdy_state_internal_error(sc);<br>
}<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Thu, 15 May 2014 15:25:57 +0000<br>
From: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
To: <a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
Subject: [nginx] SPDY: added protection from overrun of the receive<br>
buffer.<br>
Message-ID:<br>
<<a href="mailto:hg.19a14a484707.1400167557.6369085454036692193@ns.nginx.org">hg.19a14a484707.1400167557.6369085454036692193@ns.nginx.org</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
details: <a href="http://hg.nginx.org/nginx/rev/19a14a484707" target="_blank">http://hg.nginx.org/nginx/rev/19a14a484707</a><br>
branches:<br>
changeset: 5696:19a14a484707<br>
user: Valentin Bartenev <<a href="mailto:vbart@nginx.com">vbart@nginx.com</a>><br>
date: Wed Apr 30 20:34:20 2014 +0400<br>
description:<br>
SPDY: added protection from overrun of the receive buffer.<br>
<br>
diffstat:<br>
<br>
src/http/ngx_http_spdy.c | 8 ++++++++<br>
1 files changed, 8 insertions(+), 0 deletions(-)<br>
<br>
diffs (18 lines):<br>
<br>
diff -r 231588611230 -r 19a14a484707 src/http/ngx_http_spdy.c<br>
--- a/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400<br>
+++ b/src/http/ngx_http_spdy.c Wed Apr 30 20:34:20 2014 +0400<br>
@@ -1921,6 +1921,14 @@ ngx_http_spdy_state_complete(ngx_http_sp<br>
ngx_log_debug2(NGX_LOG_DEBUG_HTTP, sc->connection->log, 0,<br>
"spdy frame complete pos:%p end:%p", pos, end);<br>
<br>
+ if (pos > end) {<br>
+ ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,<br>
+ "receive buffer overrun");<br>
+<br>
+ ngx_debug_point();<br>
+ return ngx_http_spdy_state_internal_error(sc);<br>
+ }<br>
+<br>
sc->handler = ngx_http_spdy_state_head;<br>
sc->stream = NULL;<br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
<br>
End of nginx-devel Digest, Vol 55, Issue 15<br>
*******************************************<br>
</div><br></div>