Klaus Demo nginx / a987f81
HTTP/2: limited number of DATA frames. Fixed excessive memory growth and CPU usage if stream windows are manipulated in a way that results in generating many small DATA frames. Fix is to limit the number of simultaneously allocated DATA frames. Ruslan Ermilov 3 months ago
3 changed file(s) with 21 addition(s) and 5 deletion(s). Raw diff Collapse all Expand all
43684368 */
43694369 pool = stream->pool;
43704370
4371 h2c->frames -= stream->frames;
4372
43714373 ngx_http_free_request(stream->request, rc);
43724374
43734375 if (pool != h2c->state.pool) {
191191
192192 ngx_buf_t *preread;
193193
194 ngx_uint_t frames;
195
194196 ngx_http_v2_out_frame_t *free_frames;
195197 ngx_chain_t *free_frame_headers;
196198 ngx_chain_t *free_bufs;
16681668 ngx_http_v2_filter_get_data_frame(ngx_http_v2_stream_t *stream,
16691669 size_t len, ngx_chain_t *first, ngx_chain_t *last)
16701670 {
1671 u_char flags;
1672 ngx_buf_t *buf;
1673 ngx_chain_t *cl;
1674 ngx_http_v2_out_frame_t *frame;
1671 u_char flags;
1672 ngx_buf_t *buf;
1673 ngx_chain_t *cl;
1674 ngx_http_v2_out_frame_t *frame;
1675 ngx_http_v2_connection_t *h2c;
16751676
16761677 frame = stream->free_frames;
1678 h2c = stream->connection;
16771679
16781680 if (frame) {
16791681 stream->free_frames = frame->next;
16801682
1681 } else {
1683 } else if (h2c->frames < 10000) {
16821684 frame = ngx_palloc(stream->request->pool,
16831685 sizeof(ngx_http_v2_out_frame_t));
16841686 if (frame == NULL) {
16851687 return NULL;
16861688 }
1689
1690 stream->frames++;
1691 h2c->frames++;
1692
1693 } else {
1694 ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
1695 "http2 flood detected");
1696
1697 h2c->connection->error = 1;
1698 return NULL;
16871699 }
16881700
16891701 flags = last->buf->last_buf ? NGX_HTTP_V2_END_STREAM_FLAG : 0;