gRPC: limited allocations due to ping and settings frames.

diff --git a/src/http/modules/ngx_http_grpc_module.c b/src/http/modules/ngx_http_grpc_module.c
index 837ad9a2ea33816418474940fa5646fbd5bb7e02..758f89eb222f31509f8a1a9a52a29f99698dd9d5 100644 (file)
--- a/src/http/modules/ngx_http_grpc_module.c
+++ b/src/http/modules/ngx_http_grpc_module.c
@@ -78,6 +78,9 @@ typedef struct {
 
     ngx_uint_t                 id;
 
+    ngx_uint_t                 pings;
+    ngx_uint_t                 settings;
+
     ssize_t                    send_window;
     size_t                     recv_window;
 
@@ -3531,6 +3534,12 @@ ngx_http_grpc_parse_settings(ngx_http_request_t *r, ngx_http_grpc_ctx_t *ctx,
                           ctx->rest);
             return NGX_ERROR;
         }
+
+        if (ctx->free == NULL && ctx->settings++ > 1000) {
+            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                          "upstream sent too many settings frames");
+            return NGX_ERROR;
+        }
     }
 
     for (p = b->pos; p < last; p++) {
@@ -3683,6 +3692,12 @@ ngx_http_grpc_parse_ping(ngx_http_request_t *r,
                           "upstream sent ping frame with ack flag");
             return NGX_ERROR;
         }
+
+        if (ctx->free == NULL && ctx->pings++ > 1000) {
+            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                          "upstream sent too many ping frames");
+            return NGX_ERROR;
+        }
     }
 
     for (p = b->pos; p < last; p++) {