1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# HG changeset patch
# User Ruslan Ermilov <ru@nginx.com>
# Date 1541510975 -10800
# Node ID 1c6b6163c03945bcc65c252cc42b0af18744c085
# Parent fdc19a3289c1138bfe49ddbde310778ddc495729
HTTP/2: flood detection.
Fixed uncontrolled memory growth in case peer is flooding us with
some frames (e.g., SETTINGS and PING) and doesn't read data. Fix
is to limit the number of allocated control frames.
Patch-Source: http://hg.nginx.org/nginx/rev/1c6b6163c039
diff -r fdc19a3289c1 -r 1c6b6163c039 src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Tue Nov 06 16:29:18 2018 +0300
+++ b/src/http/v2/ngx_http_v2.c Tue Nov 06 16:29:35 2018 +0300
@@ -664,6 +664,7 @@
h2c->pool = NULL;
h2c->free_frames = NULL;
+ h2c->frames = 0;
h2c->free_fake_connections = NULL;
#if (NGX_HTTP_SSL)
@@ -2895,7 +2896,7 @@
frame->blocked = 0;
- } else {
+ } else if (h2c->frames < 10000) {
pool = h2c->pool ? h2c->pool : h2c->connection->pool;
frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t));
@@ -2919,6 +2920,15 @@
frame->last = frame->first;
frame->handler = ngx_http_v2_frame_handler;
+
+ h2c->frames++;
+
+ } else {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "http2 flood detected");
+
+ h2c->connection->error = 1;
+ return NULL;
}
#if (NGX_DEBUG)
diff -r fdc19a3289c1 -r 1c6b6163c039 src/http/v2/ngx_http_v2.h
--- a/src/http/v2/ngx_http_v2.h Tue Nov 06 16:29:18 2018 +0300
+++ b/src/http/v2/ngx_http_v2.h Tue Nov 06 16:29:35 2018 +0300
@@ -120,6 +120,7 @@
ngx_http_connection_t *http_connection;
ngx_uint_t processing;
+ ngx_uint_t frames;
ngx_uint_t pushing;
ngx_uint_t concurrent_pushes;
|
