Blame SOURCES/nginx-1.12.1-CVE-2018-16844.patch
|
|
502b04 |
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
|
|
|
502b04 |
index 429d06a..638ffaf 100644
|
|
|
502b04 |
--- a/src/http/v2/ngx_http_v2.c
|
|
|
502b04 |
+++ b/src/http/v2/ngx_http_v2.c
|
|
|
502b04 |
@@ -4206,12 +4206,19 @@ ngx_http_v2_idle_handler(ngx_event_t *rev)
|
|
|
502b04 |
|
|
|
502b04 |
#endif
|
|
|
502b04 |
|
|
|
502b04 |
- c->destroyed = 0;
|
|
|
502b04 |
- ngx_reusable_connection(c, 0);
|
|
|
502b04 |
-
|
|
|
502b04 |
h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx,
|
|
|
502b04 |
ngx_http_v2_module);
|
|
|
502b04 |
|
|
|
502b04 |
+ if (h2c->idle++ > 10 * h2scf->max_requests) {
|
|
|
502b04 |
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
|
|
|
502b04 |
+ "http2 flood detected");
|
|
|
502b04 |
+ ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_NO_ERROR);
|
|
|
502b04 |
+ return;
|
|
|
502b04 |
+ }
|
|
|
502b04 |
+
|
|
|
502b04 |
+ c->destroyed = 0;
|
|
|
502b04 |
+ ngx_reusable_connection(c, 0);
|
|
|
502b04 |
+
|
|
|
502b04 |
h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log);
|
|
|
502b04 |
if (h2c->pool == NULL) {
|
|
|
502b04 |
ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
|
|
|
502b04 |
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
|
|
|
502b04 |
index 49398b9..6c42fee 100644
|
|
|
502b04 |
--- a/src/http/v2/ngx_http_v2.h
|
|
|
502b04 |
+++ b/src/http/v2/ngx_http_v2.h
|
|
|
502b04 |
@@ -116,6 +116,7 @@ struct ngx_http_v2_connection_s {
|
|
|
502b04 |
|
|
|
502b04 |
ngx_uint_t processing;
|
|
|
502b04 |
ngx_uint_t frames;
|
|
|
502b04 |
+ ngx_uint_t idle;
|
|
|
502b04 |
|
|
|
502b04 |
size_t send_window;
|
|
|
502b04 |
size_t recv_window;
|