[PATCH] Added logging to PROXY protocol write buffer check
Sergey Kandaurov
pluknet at nginx.com
Mon Nov 21 15:29:58 UTC 2022
> On 18 Nov 2022, at 17:53, Maxim Dounin <mdounin at mdounin.ru> wrote:
>
> Hello!
>
> On Wed, Nov 09, 2022 at 01:18:51PM +0300, Maxim Dounin wrote:
>
>> On Tue, Nov 08, 2022 at 02:45:10PM +0400, Roman Arutyunyan wrote:
>>
>>> On Tue, Nov 08, 2022 at 12:46:42PM +0300, Maxim Dounin wrote:
>>>> # HG changeset patch
>>>> # User Maxim Dounin <mdounin at mdounin.ru>
>>>> # Date 1667891773 -10800
>>>> # Tue Nov 08 10:16:13 2022 +0300
>>>> # Node ID 22c65e5f1c372f251e2cefdd7aae743794ecfa9e
>>>> # Parent 17d6a537fb1bb587e4de22961bf5be5f0c648fa8
>>>> Added logging to PROXY protocol write buffer check.
>>>>
>>>> The check is not expected to fail unless there is a bug in the calling
>>>> code. But given the check is here, it should log an alert if it fails
>>>> instead of silently closing the connection.
>>>>
>>>> diff --git a/src/core/ngx_proxy_protocol.c b/src/core/ngx_proxy_protocol.c
>>>> --- a/src/core/ngx_proxy_protocol.c
>>>> +++ b/src/core/ngx_proxy_protocol.c
>>>> @@ -282,6 +282,8 @@ ngx_proxy_protocol_write(ngx_connection_
>>>> ngx_uint_t port, lport;
>>>>
>>>> if (last - buf < NGX_PROXY_PROTOCOL_V1_MAX_HEADER) {
>>>> + ngx_log_error(NGX_LOG_ALERT, c->log, 0,
>>>> + "too small buffer for PROXY protocol");
>>>> return NULL;
>>>> }
>>>>
>>>
>>> Looks fine
>>
>> Pushed to http://mdounin.ru/hg/nginx along with the second patch,
>> thnx.
>
> Ping. That's still not pulled into http://hg.nginx.org/nginx.
Pulled now, sorry for the delay.
--
Sergey Kandaurov
More information about the nginx-devel
mailing list