diff options
| author | Valentin Bartenev <vbart@nginx.com> | 2013-07-24 22:24:25 +0400 |
|---|---|---|
| committer | Valentin Bartenev <vbart@nginx.com> | 2013-07-24 22:24:25 +0400 |
| commit | 6f05c095a885b8834df0b5c2310e8dd528187a5a (patch) | |
| tree | 933a4c9d2236a498e2c474c32fdbddcdc1610876 /src | |
| parent | c32e9ab9547206da00295e0a4c72656c42b60129 (diff) | |
| download | nginx-6f05c095a885b8834df0b5c2310e8dd528187a5a.tar.gz nginx-6f05c095a885b8834df0b5c2310e8dd528187a5a.tar.bz2 | |
SPDY: fixed segfault with "client_body_in_file_only" enabled.
It is possible to send FLAG_FIN in additional empty data frame, even if it is
known from the content-length header that request body is empty. And Firefox
actually behaves like this (see ticket #357).
To simplify code we sacrificed our microoptimization that did not work right
due to missing check in the ngx_http_spdy_state_data() function for rb->buf
set to NULL.
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/ngx_http_spdy.c | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c index 3febc23e9..7c93dc49a 100644 --- a/src/http/ngx_http_spdy.c +++ b/src/http/ngx_http_spdy.c @@ -2529,13 +2529,6 @@ ngx_http_spdy_init_request_body(ngx_http_request_t *r) return NGX_ERROR; } - if (rb->rest == 0) { - buf->in_file = 1; - buf->file = &tf->file; - } else { - rb->buf = buf; - } - } else { if (rb->rest == 0) { @@ -2546,10 +2539,10 @@ ngx_http_spdy_init_request_body(ngx_http_request_t *r) if (buf == NULL) { return NGX_ERROR; } - - rb->buf = buf; } + rb->buf = buf; + rb->bufs = ngx_alloc_chain_link(r->pool); if (rb->bufs == NULL) { return NGX_ERROR; |