Commit b5802dbf51cf713f84c763180bc45069fb3bf320 - nginx

HTTP/2: limit the number of idle state switches. An attack that continuously switches HTTP/2 connection between idle and active states can result in excessive CPU usage. This is because when a connection switches to the idle state, all of its memory pool caches are freed. This change limits the maximum allowed number of idle state switches to 10 * http2_max_requests (i.e., 10000 by default). This limits possible CPU usage in one connection, and also imposes a limit on the maximum lifetime of a connection. Initially reported by Gal Goldshtein from F5 Networks. Ruslan Ermilov 3 years ago

2 changed file(s) with 11 addition(s) and 3 deletion(s). Raw diff Collapse all Expand all

+10

-3

src/http/v2/ngx_http_v2.c less more

4480	4480
4481	4481	#endif
4482	4482
	4483	h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx,
	4484	ngx_http_v2_module);
	4485
	4486	if (h2c->idle++ > 10 * h2scf->max_requests) {
	4487	ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
	4488	"http2 flood detected");
	4489	ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_NO_ERROR);
	4490	return;
	4491	}
	4492
4483	4493	c->destroyed = 0;
4484	4494	ngx_reusable_connection(c, 0);
4485
4486		h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx,
4487		ngx_http_v2_module);
4488	4495
4489	4496	h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log);
4490	4497	if (h2c->pool == NULL) {

-0

src/http/v2/ngx_http_v2.h less more

120	120
121	121	ngx_uint_t processing;
122	122	ngx_uint_t frames;
	123	ngx_uint_t idle;
123	124
124	125	ngx_uint_t pushing;
125	126	ngx_uint_t concurrent_pushes;