Klaus Demo nginx / 9df7bd3
HTTP/2: enforce writing the sync request body buffer to file. The sync flag of HTTP/2 request body buffer is used when the size of request body is unknown or bigger than configured "client_body_buffer_size". In this case the buffer points to body data inside the global receive buffer that is used for reading all HTTP/2 connections in the worker process. Thus, when the sync flag is set, the buffer must be flushed to a temporary file, otherwise the request body data can be overwritten. Previously, the sync buffer wasn't flushed to a temporary file if the whole body was received in one DATA frame with the END_STREAM flag and wasn't copied into the HTTP/2 body preread buffer. As a result, the request body might be corrupted (ticket #1384). Now, setting r->request_body_in_file_only enforces writing the sync buffer to a temporary file in all cases. Valentin Bartenev 4 years ago
1 changed file(s) with 2 addition(s) and 5 deletion(s). Raw diff Collapse all Expand all
35563556 rb->buf = ngx_create_temp_buf(r->pool, (size_t) len);
35573557
35583558 } else {
3559 if (stream->preread) {
3560 /* enforce writing preread buffer to file */
3561 r->request_body_in_file_only = 1;
3562 }
3563
35643559 rb->buf = ngx_calloc_buf(r->pool);
35653560
35663561 if (rb->buf != NULL) {
36583653 if (buf->sync) {
36593654 buf->pos = buf->start = pos;
36603655 buf->last = buf->end = pos + size;
3656
3657 r->request_body_in_file_only = 1;
36613658
36623659 } else {
36633660 if (size > (size_t) (buf->end - buf->last)) {