[PATCH] Added logging to PROXY protocol write buffer check
Maxim Dounin
mdounin at mdounin.ru
Fri Nov 18 13:53:56 UTC 2022
Hello!
On Wed, Nov 09, 2022 at 01:18:51PM +0300, Maxim Dounin wrote:
> On Tue, Nov 08, 2022 at 02:45:10PM +0400, Roman Arutyunyan wrote:
>
> > On Tue, Nov 08, 2022 at 12:46:42PM +0300, Maxim Dounin wrote:
> > > # HG changeset patch
> > > # User Maxim Dounin <mdounin at mdounin.ru>
> > > # Date 1667891773 -10800
> > > # Tue Nov 08 10:16:13 2022 +0300
> > > # Node ID 22c65e5f1c372f251e2cefdd7aae743794ecfa9e
> > > # Parent 17d6a537fb1bb587e4de22961bf5be5f0c648fa8
> > > Added logging to PROXY protocol write buffer check.
> > >
> > > The check is not expected to fail unless there is a bug in the calling
> > > code. But given the check is here, it should log an alert if it fails
> > > instead of silently closing the connection.
> > >
> > > diff --git a/src/core/ngx_proxy_protocol.c b/src/core/ngx_proxy_protocol.c
> > > --- a/src/core/ngx_proxy_protocol.c
> > > +++ b/src/core/ngx_proxy_protocol.c
> > > @@ -282,6 +282,8 @@ ngx_proxy_protocol_write(ngx_connection_
> > > ngx_uint_t port, lport;
> > >
> > > if (last - buf < NGX_PROXY_PROTOCOL_V1_MAX_HEADER) {
> > > + ngx_log_error(NGX_LOG_ALERT, c->log, 0,
> > > + "too small buffer for PROXY protocol");
> > > return NULL;
> > > }
> > >
> >
> > Looks fine
>
> Pushed to http://mdounin.ru/hg/nginx along with the second patch,
> thnx.
Ping. That's still not pulled into http://hg.nginx.org/nginx.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list