nginx.git/src/http, branch release-1.21.2 nginx HTTP/2: avoid memcpy() with NULL source and zero length. 2021-08-31T13:44:13+00:00 Maxim Dounin mdounin@mdounin.ru 2021-08-31T13:44:13+00:00 15bf6d8cc950d3aec2d1c3152b39f62be4939025 Prodded by Clang Static Analyzer. 
Prodded by Clang Static Analyzer.
Request body: reading body buffering in filters. 2021-08-29T19:22:02+00:00 Maxim Dounin mdounin@mdounin.ru 2021-08-29T19:22:02+00:00 67d160bf25e02ba6679bb6c3b9cbdfeb29b759de If a filter wants to buffer the request body during reading (for example, to check an external scanner), it can now do so. To make it possible, the code now checks rb->last_saved (introduced in the previous change) along with rb->rest == 0. Since in HTTP/2 this requires flow control to avoid overflowing the request body buffer, so filters which need buffering have to set the rb->filter_need_buffering flag on the first filter call. (Note that each filter is expected to call the next filter, so all filters will be able set the flag if needed.) 
If a filter wants to buffer the request body during reading (for
example, to check an external scanner), it can now do so.  To make
it possible, the code now checks rb->last_saved (introduced in the
previous change) along with rb->rest == 0.

Since in HTTP/2 this requires flow control to avoid overflowing the
request body buffer, so filters which need buffering have to set
the rb->filter_need_buffering flag on the first filter call.  (Note
that each filter is expected to call the next filter, so all filters
will be able set the flag if needed.)
Request body: introduced rb->last_saved flag. 2021-08-29T19:21:03+00:00 Maxim Dounin mdounin@mdounin.ru 2021-08-29T19:21:03+00:00 2a709213800fd3fd2809881374eb110562b53c08 It indicates that the last buffer was received by the save filter, and can be used to check this at higher levels. To be used in the following changes. 
It indicates that the last buffer was received by the save filter,
and can be used to check this at higher levels.  To be used in the
following changes.
Request body: added alert to catch duplicate body saving. 2021-08-29T19:20:54+00:00 Maxim Dounin mdounin@mdounin.ru 2021-08-29T19:20:54+00:00 fd9d43b087b4247f8cb5f91845be46bd624c175a If due to an error ngx_http_request_body_save_filter() is called more than once with rb->rest == 0, this used to result in a segmentation fault. Added an alert to catch such errors, just in case. 
If due to an error ngx_http_request_body_save_filter() is called
more than once with rb->rest == 0, this used to result in a segmentation
fault.  Added an alert to catch such errors, just in case.
Request body: missing comments about initialization. 2021-08-29T19:20:49+00:00 Maxim Dounin mdounin@mdounin.ru 2021-08-29T19:20:49+00:00 aa02695f5ea70f6628317b56f93e7e8733d4a029 






HTTP/2: improved handling of preread unbuffered requests.
2021-08-29T19:20:44+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-08-29T19:20:44+00:00

2862eb40e86190bf4d337a6483150f4385fb5358

Previously, fully preread unbuffered requests larger than client body
buffer size were saved to disk, despite the fact that "unbuffered" is
expected to imply no disk buffering.





Previously, fully preread unbuffered requests larger than client body
buffer size were saved to disk, despite the fact that "unbuffered" is
expected to imply no disk buffering.







HTTP/2: improved handling of END_STREAM in a separate DATA frame.
2021-08-29T19:20:38+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-08-29T19:20:38+00:00

9f90d11cf52ccb0a8d086525aa7e4218d31d529a

The save body filter saves the request body to disk once the buffer is full.
Yet in HTTP/2 this might happen even if there is no need to save anything
to disk, notably when content length is known and the END_STREAM flag is
sent in a separate empty DATA frame.  Workaround is to provide additional
byte in the buffer, so saving the request body won't be triggered.

This fixes unexpected request body disk buffering in HTTP/2 observed after
the previous change when content length is known and the END_STREAM flag
is sent in a separate empty DATA frame.





The save body filter saves the request body to disk once the buffer is full.
Yet in HTTP/2 this might happen even if there is no need to save anything
to disk, notably when content length is known and the END_STREAM flag is
sent in a separate empty DATA frame.  Workaround is to provide additional
byte in the buffer, so saving the request body won't be triggered.

This fixes unexpected request body disk buffering in HTTP/2 observed after
the previous change when content length is known and the END_STREAM flag
is sent in a separate empty DATA frame.







HTTP/2: reworked body reading to better match HTTP/1.x code.
2021-08-29T19:20:36+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-08-29T19:20:36+00:00

78d9a3af91a31bb77ad74aca7286f1ef2dad89d6

In particular, now the code always uses a buffer limited by
client_body_buffer_size.  At the cost of an additional copy it
ensures that small DATA frames are not directly mapped to small
write() syscalls, but rather buffered in memory before writing.
Further, requests without Content-Length are no longer forced
to use temporary files.





In particular, now the code always uses a buffer limited by
client_body_buffer_size.  At the cost of an additional copy it
ensures that small DATA frames are not directly mapped to small
write() syscalls, but rather buffered in memory before writing.
Further, requests without Content-Length are no longer forced
to use temporary files.







HTTP/2: improved body reading logging.
2021-08-29T19:20:34+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-08-29T19:20:34+00:00

301efb8a73b7f14e41e2238cfef50b2b98137eab












Upstream: fixed timeouts with gRPC, SSL and select (ticket #2229).
2021-08-20T00:53:56+00:00

Maxim Dounin
mdounin@mdounin.ru

2021-08-20T00:53:56+00:00

c231640eba9e26e963460c83f2907ac6f9abf3fc

With SSL it is possible that an established connection is ready for
reading after the handshake.  Further, events might be already disabled
in case of level-triggered event methods.  If this happens and
ngx_http_upstream_send_request() blocks waiting for some data from
the upstream, such as flow control in case of gRPC, the connection
will time out due to no read events on the upstream connection.

Fix is to explicitly check the c->read->ready flag if sending request
blocks and post a read event if it is set.

Note that while it is possible to modify ngx_ssl_handshake() to keep
read events active, this won't completely resolve the issue, since
there can be data already received during the SSL handshake
(see 573bd30e46b4).





With SSL it is possible that an established connection is ready for
reading after the handshake.  Further, events might be already disabled
in case of level-triggered event methods.  If this happens and
ngx_http_upstream_send_request() blocks waiting for some data from
the upstream, such as flow control in case of gRPC, the connection
will time out due to no read events on the upstream connection.

Fix is to explicitly check the c->read->ready flag if sending request
blocks and post a read event if it is set.

Note that while it is possible to modify ngx_ssl_handshake() to keep
read events active, this won't completely resolve the issue, since
there can be data already received during the SSL handshake
(see 573bd30e46b4).