[nginx] HTTP/2: fixed saving preread buffer to temp file (ticket #1143).
Maxim Dounin
mdounin at mdounin.ru
Tue Jan 31 13:40:56 UTC 2017
details: http://hg.nginx.org/nginx/rev/16487f9e6665
branches: stable-1.10
changeset: 6890:16487f9e6665
user: Valentin Bartenev <vbart at nginx.com>
date: Mon Nov 28 19:19:21 2016 +0300
description:
HTTP/2: fixed saving preread buffer to temp file (ticket #1143).
Previously, a request body bigger than "client_body_buffer_size" wasn't written
into a temporary file if it has been pre-read entirely. The preread buffer
is freed after processing, thus subsequent use of it might result in sending
corrupted body or cause a segfault.
diffstat:
src/http/v2/ngx_http_v2.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diffs (13 lines):
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -3560,6 +3560,9 @@ ngx_http_v2_read_request_body(ngx_http_r
rb->buf = ngx_create_temp_buf(r->pool, (size_t) len);
} else {
+ /* enforce writing body to file */
+ r->request_body_in_file_only = 1;
+
rb->buf = ngx_calloc_buf(r->pool);
if (rb->buf != NULL) {
More information about the nginx-devel
mailing list