[PATCH 2 of 2] Stream: limit SOCK_DGRAM preread to a single datagram
Roman Arutyunyan
arut at nginx.com
Fri Jun 7 15:47:43 UTC 2024
# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1717774526 -14400
# Fri Jun 07 19:35:26 2024 +0400
# Node ID 231701a85ca1943113f3a3cd9174bd9c9dea1b2f
# Parent e2f6f5d01ff6f0dd2e3f0c9328e794af52e65881
Stream: limit SOCK_DGRAM preread to a single datagram.
Previously, returning NGX_AGAIN from a preread handler for a datagram resulted
in an attempt to read another datagram from the socket. This attempt could
fail or result in a datagram unrelated to the current client session. Now
an error is triggered if bytes beyond the first datagram are requested by a
preread handler.
The only preread module available in nginx is ngx_stream_ssl_preread_module,
which does not support SOCK_DGRAM. However a SOCK_DGRAM preread handler can
be implemented in njs or a third-party module.
diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c
--- a/src/stream/ngx_stream_core_module.c
+++ b/src/stream/ngx_stream_core_module.c
@@ -254,6 +254,12 @@ ngx_stream_core_preread_phase(ngx_stream
}
}
+ if (c->type == SOCK_DGRAM) {
+ ngx_log_error(NGX_LOG_ERR, c->log, 0, "datagram preread failed");
+ rc = NGX_STREAM_BAD_REQUEST;
+ goto done;
+ }
+
if (c->buffer == NULL) {
c->buffer = ngx_create_temp_buf(c->pool, cscf->preread_buffer_size);
if (c->buffer == NULL) {
More information about the nginx-devel
mailing list