[nginx] Upstream: fixed zero size buf alerts on extra data (ticket #2117).

[Maxim Dounin]

details:   https://hg.nginx.org/nginx/rev/83c4622053b0
branches:  
changeset: 7760:83c4622053b0
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Tue Jan 12 16:59:31 2021 +0300
description:
Upstream: fixed zero size buf alerts on extra data (ticket #2117).

After 7675:9afa45068b8f and 7678:bffcc5af1d72 (1.19.1), during non-buffered
simple proxying, responses with extra data might result in zero size buffers
being generated and "zero size buf" alerts in writer.  This bug is similar
to the one with FastCGI proxying fixed in 7689:da8d758aabeb.

In non-buffered mode, normally the filter function is not called if
u->length is already 0, since u->length is checked after each call of
the filter function.  There is a case when this can happen though: if
the response length is 0, and there are pre-read response body data left
after reading response headers.  As such, a check for u->length is needed
at the start of non-buffered filter functions, similar to the one
for p->length present in buffered filter functions.

Appropriate checks added to the existing non-buffered copy filters
in the upstream (used by scgi and uwsgi proxying) and proxy modules.

diffstat:

 src/http/modules/ngx_http_proxy_module.c |  7 +++++++
 src/http/ngx_http_upstream.c             |  7 +++++++
 2 files changed, 14 insertions(+), 0 deletions(-)

diffs (34 lines):

diff -r a20eef9a1df2 -r 83c4622053b0 src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c	Tue Dec 29 13:13:57 2020 +0200
+++ b/src/http/modules/ngx_http_proxy_module.c	Tue Jan 12 16:59:31 2021 +0300
@@ -2334,6 +2334,13 @@ ngx_http_proxy_non_buffered_copy_filter(
 
     u = r->upstream;
 
+    if (u->length == 0) {
+        ngx_log_error(NGX_LOG_WARN, r->connection->log, 0,
+                      "upstream sent more data than specified in "
+                      "\"Content-Length\" header");
+        return NGX_OK;
+    }
+
     for (cl = u->out_bufs, ll = &u->out_bufs; cl; cl = cl->next) {
         ll = &cl->next;
     }
diff -r a20eef9a1df2 -r 83c4622053b0 src/http/ngx_http_upstream.c
--- a/src/http/ngx_http_upstream.c	Tue Dec 29 13:13:57 2020 +0200
+++ b/src/http/ngx_http_upstream.c	Tue Jan 12 16:59:31 2021 +0300
@@ -3721,6 +3721,13 @@ ngx_http_upstream_non_buffered_filter(vo
 
     u = r->upstream;
 
+    if (u->length == 0) {
+        ngx_log_error(NGX_LOG_WARN, r->connection->log, 0,
+                      "upstream sent more data than specified in "
+                      "\"Content-Length\" header");
+        return NGX_OK;
+    }
+
     for (cl = u->out_bufs, ll = &u->out_bufs; cl; cl = cl->next) {
         ll = &cl->next;
     }