[nginx] gRPC: generate error when response size is wrong.
Maxim Dounin
mdounin at mdounin.ru
Mon Jul 6 18:01:08 UTC 2020
details: https://hg.nginx.org/nginx/rev/39501ce97e29
branches:
changeset: 7680:39501ce97e29
user: Maxim Dounin <mdounin at mdounin.ru>
date: Mon Jul 06 18:36:25 2020 +0300
description:
gRPC: generate error when response size is wrong.
As long as the "Content-Length" header is given, we now make sure
it exactly matches the size of the response. If it doesn't,
the response is considered malformed and must not be forwarded
(https://tools.ietf.org/html/rfc7540#section-8.1.2.6). While it
is not really possible to "not forward" the response which is already
being forwarded, we generate an error instead, which is the closest
equivalent.
Previous behaviour was to pass everything to the client, but this
seems to be suboptimal and causes issues (ticket #1695). Also this
directly contradicts HTTP/2 specification requirements.
Note that the new behaviour for the gRPC proxy is more strict than that
applied in other variants of proxying. This is intentional, as HTTP/2
specification requires us to do so, while in other types of proxying
malformed responses from backends are well known and historically
tolerated.
diffstat:
src/http/modules/ngx_http_grpc_module.c | 39 ++++++++++++++++++++++++++++++++-
1 files changed, 38 insertions(+), 1 deletions(-)
diffs (73 lines):
diff -r 05e42236e95b -r 39501ce97e29 src/http/modules/ngx_http_grpc_module.c
--- a/src/http/modules/ngx_http_grpc_module.c Mon Jul 06 18:36:23 2020 +0300
+++ b/src/http/modules/ngx_http_grpc_module.c Mon Jul 06 18:36:25 2020 +0300
@@ -84,6 +84,8 @@ typedef struct {
ngx_uint_t pings;
ngx_uint_t settings;
+ off_t length;
+
ssize_t send_window;
size_t recv_window;
@@ -1953,10 +1955,28 @@ ngx_http_grpc_filter_init(void *data)
r = ctx->request;
u = r->upstream;
- u->length = 1;
+ if (u->headers_in.status_n == NGX_HTTP_NO_CONTENT
+ || u->headers_in.status_n == NGX_HTTP_NOT_MODIFIED
+ || r->method == NGX_HTTP_HEAD)
+ {
+ ctx->length = 0;
+
+ } else {
+ ctx->length = u->headers_in.content_length_n;
+ }
if (ctx->end_stream) {
+
+ if (ctx->length > 0) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream prematurely closed stream");
+ return NGX_ERROR;
+ }
+
u->length = 0;
+
+ } else {
+ u->length = 1;
}
return NGX_OK;
@@ -1999,6 +2019,12 @@ ngx_http_grpc_filter(void *data, ssize_t
if (ctx->done) {
+ if (ctx->length > 0) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream prematurely closed stream");
+ return NGX_ERROR;
+ }
+
/*
* We have finished parsing the response and the
* remaining control frames. If there are unsent
@@ -2052,6 +2078,17 @@ ngx_http_grpc_filter(void *data, ssize_t
return NGX_ERROR;
}
+ if (ctx->length != -1) {
+ if ((off_t) ctx->rest > ctx->length) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "upstream sent response body larger "
+ "than indicated content length");
+ return NGX_ERROR;
+ }
+
+ ctx->length -= ctx->rest;
+ }
+
if (ctx->rest > ctx->recv_window) {
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"upstream violated stream flow control, "
More information about the nginx-devel
mailing list