# HG changeset patch # User Roman Arutyunyan <a...@nginx.com> # Date 1717774526 -14400 # Fri Jun 07 19:35:26 2024 +0400 # Node ID 231701a85ca1943113f3a3cd9174bd9c9dea1b2f # Parent e2f6f5d01ff6f0dd2e3f0c9328e794af52e65881 Stream: limit SOCK_DGRAM preread to a single datagram.
Previously, returning NGX_AGAIN from a preread handler for a datagram resulted in an attempt to read another datagram from the socket. This attempt could fail or result in a datagram unrelated to the current client session. Now an error is triggered if bytes beyond the first datagram are requested by a preread handler. The only preread module available in nginx is ngx_stream_ssl_preread_module, which does not support SOCK_DGRAM. However a SOCK_DGRAM preread handler can be implemented in njs or a third-party module. diff --git a/src/stream/ngx_stream_core_module.c b/src/stream/ngx_stream_core_module.c --- a/src/stream/ngx_stream_core_module.c +++ b/src/stream/ngx_stream_core_module.c @@ -254,6 +254,12 @@ ngx_stream_core_preread_phase(ngx_stream } } + if (c->type == SOCK_DGRAM) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, "datagram preread failed"); + rc = NGX_STREAM_BAD_REQUEST; + goto done; + } + if (c->buffer == NULL) { c->buffer = ngx_create_temp_buf(c->pool, cscf->preread_buffer_size); if (c->buffer == NULL) { _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel