1berry/nginx
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SSL: fixed ngx_ssl_recv() to reset c->read->ready after errors.

Browse Source 
With this change, behaviour of ngx_ssl_recv() now matches ngx_unix_recv(),
which used to always reset c->read->ready to 0 when returning errors.

This fixes an infinite loop in unbuffered SSL proxying if writing to the
client is blocked and an SSL error happens (ticket #2418).

With this change, the fix for a similar issue in the stream module
(6868:ee3645078759), which used a different approach of explicitly
testing c->read->error instead, is no longer needed and was reverted.
This commit is contained in:
Maxim Dounin 2022-12-01 04:22:31 +03:00
parent a77cef0995
commit 39892c6265
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/event/ngx_event_openssl.c
View File

@ -2204,6 +2204,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
#endif #endif
if (c->ssl->last == NGX_ERROR) { if (c->ssl->last == NGX_ERROR) {
c->read->ready = 0;
c->read->error = 1; c->read->error = 1;
return NGX_ERROR; return NGX_ERROR;
} }
@ -2270,6 +2271,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
#if (NGX_HAVE_FIONREAD) #if (NGX_HAVE_FIONREAD)
if (ngx_socket_nread(c->fd, &c->read->available) == -1) { if (ngx_socket_nread(c->fd, &c->read->available) == -1) {
c->read->ready = 0;
c->read->error = 1; c->read->error = 1;
ngx_connection_error(c, ngx_socket_errno, ngx_connection_error(c, ngx_socket_errno,
ngx_socket_nread_n " failed"); ngx_socket_nread_n " failed");
@ -2306,6 +2308,7 @@ ngx_ssl_recv(ngx_connection_t *c, u_char *buf, size_t size)
return 0; return 0;
case NGX_ERROR: case NGX_ERROR:
c->read->ready = 0;
c->read->error = 1; c->read->error = 1;
/* fall through */ /* fall through */
@ -2326,6 +2329,7 @@ ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf, size_t size)
size_t readbytes; size_t readbytes;
if (c->ssl->last == NGX_ERROR) { if (c->ssl->last == NGX_ERROR) {
c->read->ready = 0;
c->read->error = 1; c->read->error = 1;
return NGX_ERROR; return NGX_ERROR;
} }
@ -2425,6 +2429,7 @@ ngx_ssl_recv_early(ngx_connection_t *c, u_char *buf, size_t size)
return 0; return 0;
case NGX_ERROR: case NGX_ERROR:
c->read->ready = 0;
c->read->error = 1; c->read->error = 1;
/* fall through */ /* fall through */

5
src/stream/ngx_stream_proxy_module.c
View File

@ -1675,9 +1675,8 @@ ngx_stream_proxy_process(ngx_stream_session_t *s, ngx_uint_t from_upstream,
size = b->end - b->last; size = b->end - b->last;
if (size && src->read->ready && !src->read->delayed if (size && src->read->ready && !src->read->delayed) {
&& !src->read->error)
{
if (limit_rate) { if (limit_rate) {
limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1) limit = (off_t) limit_rate * (ngx_time() - u->start_sec + 1)
- *received; - *received;