HTTP/3: skip empty request body buffers (ticket #2374).
When client DATA frame header and its content come in different QUIC packets, it may happen that only the header is processed by the first ngx_http_v3_request_body_filter() call. In this case an empty request body buffer is added to r->request_body->bufs, which is later reused in a subsequent ngx_http_v3_request_body_filter() call without being removed from the body chain. As a result, rb->request_body->bufs ends up with two copies of the same buffer. The fix is to avoid adding empty request body buffers to r->request_body->bufs.
This commit is contained in:
parent
d3d5a9b8a4
commit
2d72193dc0
|
@ -1552,15 +1552,17 @@ ngx_http_v3_request_body_filter(ngx_http_request_t *r, ngx_chain_t *in)
|
|||
}
|
||||
|
||||
/* rc == NGX_OK */
|
||||
}
|
||||
|
||||
if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"client intended to send too large "
|
||||
"body: %O+%ui bytes",
|
||||
rb->received, st->length);
|
||||
if (max != -1 && (uint64_t) (max - rb->received) < st->length) {
|
||||
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
|
||||
"client intended to send too large "
|
||||
"body: %O+%ui bytes",
|
||||
rb->received, st->length);
|
||||
|
||||
return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
|
||||
return NGX_HTTP_REQUEST_ENTITY_TOO_LARGE;
|
||||
}
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if (b
|
||||
|
|
Loading…
Reference in New Issue