Google Git
Sign in
nginx/nginx/f7303e1fbd79214cdcba5a5ed12ef75700f54b1e^!/.
commit
f7303e1fbd79214cdcba5a5ed12ef75700f54b1e
[log]
author
Maxim Dounin <mdounin@mdounin.ru>
Thu Oct 17 16:02:03 2019 +0300
committer
Maxim Dounin <mdounin@mdounin.ru>
Thu Oct 17 16:02:03 2019 +0300
tree
4ce6f5cfca54d0762e8d10f34465411143abcd4f
parent
b4880dadec2100893c6dc6a3c25ebf606ea941e2 [diff]
Event pipe: disabled c->read->available checking for SSL.

In SSL connections, data can be buffered by the SSL layer, and it is
wrong to avoid doing c->recv_chain() if c->read->available is 0 and
c->read->pending_eof is set.  And tests show that the optimization in
question indeed can result in incorrect detection of premature connection
close if upstream closes the connection without sending a close notify
alert at the same time.  Fix is to disable c->read->available optimization
for SSL connections.

diff --git a/src/event/ngx_event_pipe.c b/src/event/ngx_event_pipe.c
index da7c4ee..531b13a 100644
--- a/src/event/ngx_event_pipe.c
+++ b/src/event/ngx_event_pipe.c

@@ -172,7 +172,11 @@
              */
 
             if (p->upstream->read->available == 0
-                && p->upstream->read->pending_eof)
+                && p->upstream->read->pending_eof
+#if (NGX_SSL)
+                && !p->upstream->ssl
+#endif
+                )
             {
                 p->upstream->read->ready = 0;
                 p->upstream->read->eof = 1;