[nginx] HTTP/2: refuse streams with data until SETTINGS is acknowledged.
Valentin Bartenev
vbart at nginx.com
Thu Apr 14 12:25:34 UTC 2016
details: http://hg.nginx.org/nginx/rev/0aa07850922f
branches:
changeset: 6514:0aa07850922f
user: Valentin Bartenev <vbart at nginx.com>
date: Thu Apr 14 15:14:15 2016 +0300
description:
HTTP/2: refuse streams with data until SETTINGS is acknowledged.
A client is allowed to send requests before receiving and acknowledging
the SETTINGS frame. Such a client having a wrong idea about the stream's
could send the request body that nginx isn't ready to process.
The previous behavior was to send RST_STREAM with FLOW_CONTROL_ERROR in
such case, but it didn't allow retrying requests that have been rejected.
diffstat:
src/http/v2/ngx_http_v2.c | 8 +++++++-
src/http/v2/ngx_http_v2.h | 1 +
2 files changed, 8 insertions(+), 1 deletions(-)
diffs (36 lines):
diff -r 80ba811112ed -r 0aa07850922f src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Thu Apr 14 15:14:15 2016 +0300
+++ b/src/http/v2/ngx_http_v2.c Thu Apr 14 15:14:15 2016 +0300
@@ -1058,6 +1058,12 @@ ngx_http_v2_state_headers(ngx_http_v2_co
goto rst_stream;
}
+ if (!h2c->settings_ack && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG))
+ {
+ status = NGX_HTTP_V2_REFUSED_STREAM;
+ goto rst_stream;
+ }
+
node = ngx_http_v2_get_node_by_id(h2c, h2c->state.sid, 1);
if (node == NULL) {
@@ -1878,7 +1884,7 @@ ngx_http_v2_state_settings(ngx_http_v2_c
return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_SIZE_ERROR);
}
- /* TODO settings acknowledged */
+ h2c->settings_ack = 1;
return ngx_http_v2_state_complete(h2c, pos, end);
}
diff -r 80ba811112ed -r 0aa07850922f src/http/v2/ngx_http_v2.h
--- a/src/http/v2/ngx_http_v2.h Thu Apr 14 15:14:15 2016 +0300
+++ b/src/http/v2/ngx_http_v2.h Thu Apr 14 15:14:15 2016 +0300
@@ -141,6 +141,7 @@ struct ngx_http_v2_connection_s {
ngx_uint_t last_sid;
unsigned closed_nodes:8;
+ unsigned settings_ack:1;
unsigned blocked:1;
};
More information about the nginx-devel
mailing list