HTTP/2: flushing of the SSL buffer in transition to the idle state.

It fixes potential connection leak if some unsent data was left in the SSL buffer. Particularly, that could happen when a client canceled the stream after the HEADERS frame has already been created. In this case no other frames might be produced and the HEADERS frame alone didn't flush the buffer.
wendal · Jul 19, 2016 · a85edfe · a85edfe
1 parent 3c81c08
commit a85edfe
Showing 1 changed file with 18 additions and 2 deletions.
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
@@ -599,7 +599,8 @@ ngx_http_v2_send_output_queue(ngx_http_v2_connection_t *h2c)
 static void
 ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c)
 {
-    ngx_connection_t          *c;
+    ngx_int_t                rc;
+    ngx_connection_t        *c;
     ngx_http_v2_srv_conf_t  *h2scf;
 
     if (h2c->last_out || h2c->processing) {
@@ -614,7 +615,22 @@ ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c)
     }
 
     if (c->buffered) {
-        return;
+        h2c->blocked = 1;
+
+        rc = ngx_http_v2_send_output_queue(h2c);
+
+        h2c->blocked = 0;
+
+        if (rc == NGX_ERROR) {
+            ngx_http_close_connection(c);
+            return;
+        }
+
+        if (rc == NGX_AGAIN) {
+            return;
+        }
+
+        /* rc == NGX_OK */
     }
 
     h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx,