HTTP/2: fixed saving preread buffer to temp file (ticket #1143).

Previously, a request body bigger than "client_body_buffer_size" wasn't written
into a temporary file if it has been pre-read entirely.  The preread buffer
is freed after processing, thus subsequent use of it might result in sending
corrupted body or cause a segfault.

diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
index 18f891b118159c9e3a9bd8ed411da6c22cc96a72..93f1a6d8e1277ab44c206e21facaf1d877eabec9 100644 (file)
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -3560,6 +3560,9 @@ ngx_http_v2_read_request_body(ngx_http_request_t *r,
         rb->buf = ngx_create_temp_buf(r->pool, (size_t) len);
 
     } else {
+        /* enforce writing body to file */
+        r->request_body_in_file_only = 1;
+
         rb->buf = ngx_calloc_buf(r->pool);
 
         if (rb->buf != NULL) {