[PATCH 2 of 2] Stream: limit SOCK_DGRAM preread to a single datagram

Roman Arutyunyan arut at nginx.com
Fri Jun 7 15:47:43 UTC 2024


# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1717774526 -14400
#      Fri Jun 07 19:35:26 2024 +0400
# Node ID 231701a85ca1943113f3a3cd9174bd9c9dea1b2f
# Parent  e2f6f5d01ff6f0dd2e3f0c9328e794af52e65881
Stream: limit SOCK_DGRAM preread to a single datagram.

Previously, returning NGX_AGAIN from a preread handler for a datagram resulted
in an attempt to read another datagram from the socket.  This attempt could
fail or result in a datagram unrelated to the current client session.  Now
an error is triggered if bytes beyond the first datagram are requested by a
preread handler.

The only preread module available in nginx is ngx_stream_ssl_preread_module,
which does not support SOCK_DGRAM.  However a SOCK_DGRAM preread handler can
be implemented in njs or a third-party module.

diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c
--- a/src/stream/ngx_stream_core_module.c
+++ b/src/stream/ngx_stream_core_module.c
@@ -254,6 +254,12 @@ ngx_stream_core_preread_phase(ngx_stream
         }
     }
 
+    if (c->type == SOCK_DGRAM) {
+        ngx_log_error(NGX_LOG_ERR, c->log, 0, "datagram preread failed");
+        rc = NGX_STREAM_BAD_REQUEST;
+        goto done;
+    }
+
     if (c->buffer == NULL) {
         c->buffer = ngx_create_temp_buf(c->pool, cscf->preread_buffer_size);
         if (c->buffer == NULL) {


More information about the nginx-devel mailing list