[PATCH] HTTP/3: skip empty request body buffers (ticket #2374)
Roman Arutyunyan
arut at nginx.com
Thu Aug 4 09:43:43 UTC 2022
# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1659531591 -14400
# Wed Aug 03 16:59:51 2022 +0400
# Branch quic
# Node ID 999e6a73ff50a41bdbce467e9572f4ad52bbf2cf
# Parent f919f13cb11e3bc106e9c4bc2aeadd12b43e7e97
HTTP/3: skip empty request body buffers (ticket #2374).
When client DATA frame header and its content come in different QUIC packets,
it may happen that only the header is processed by the first
ngx_http_v3_request_body_filter() call. In this case an empty request body
buffer is added to r->request_body->bufs, which is later reused in a
subsequent ngx_http_v3_request_body_filter() call without being removed from
the body chain. As a result, rb->request_body->bufs ends up with two copies of
the same buffer.
The fix is to avoid adding empty request body buffers to r->request_body->bufs.
diff --git a/src/http/v3/ngx_http_v3_request.c b/src/http/v3/ngx_http_v3_request.c
--- a/src/http/v3/ngx_http_v3_request.c
+++ b/src/http/v3/ngx_http_v3_request.c
@@ -1552,15 +1552,17 @@ ngx_http_v3_request_body_filter(ngx_http
}
/* rc == NGX_OK */
- }
- if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
- ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
- "client intended to send too large "
- "body: %O+%ui bytes",
- rb->received, st->length);
+ if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "client intended to send too large "
+ "body: %O+%ui bytes",
+ rb->received, st->length);
- return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
+ return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
+ }
+
+ continue;
}
if (b
More information about the nginx-devel
mailing list