Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 8871:74b43926b470 quic
HTTP/3: fixed segfault when using SSL certificates with variables.
A QUIC connection doesn't have c->log->data and friends initialized to sensible
values. Yet, a request can be created in the certificate callback with such an
assumption, which leads to a segmentation fault due to null pointer dereference
in ngx_http_free_request(). The fix is to adjust initializing the QUIC part of
a connection such that it has all of that in place.
Further, this appends logging error context for unsuccessful QUIC handshakes:
- cannot load certificate .. while handling frames
- SSL_do_handshake() failed .. while sending frames
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Wed, 29 Sep 2021 15:01:59 +0300 |
parents | 6a383020d61e |
children | 7f4b2687ac80 |
comparison
equal
deleted
inserted
replaced
8870:a550d4fa3581 | 8871:74b43926b470 |
---|---|
297 } | 297 } |
298 | 298 |
299 /* the default server configuration for the address:port */ | 299 /* the default server configuration for the address:port */ |
300 hc->conf_ctx = hc->addr_conf->default_server->ctx; | 300 hc->conf_ctx = hc->addr_conf->default_server->ctx; |
301 | 301 |
302 ctx = ngx_palloc(c->pool, sizeof(ngx_http_log_ctx_t)); | |
303 if (ctx == NULL) { | |
304 ngx_http_close_connection(c); | |
305 return; | |
306 } | |
307 | |
308 ctx->connection = c; | |
309 ctx->request = NULL; | |
310 ctx->current_request = NULL; | |
311 | |
312 c->log->connection = c->number; | |
313 c->log->handler = ngx_http_log_error; | |
314 c->log->data = ctx; | |
315 c->log->action = "waiting for request"; | |
316 | |
317 c->log_error = NGX_ERROR_INFO; | |
318 | |
302 #if (NGX_HTTP_QUIC) | 319 #if (NGX_HTTP_QUIC) |
303 if (hc->addr_conf->quic) { | 320 if (hc->addr_conf->quic) { |
304 if (ngx_http_quic_init(c) == NGX_DONE) { | 321 if (ngx_http_quic_init(c) == NGX_DONE) { |
305 return; | 322 return; |
306 } | 323 } |
307 } | 324 } |
308 #endif | 325 #endif |
309 | |
310 ctx = ngx_palloc(c->pool, sizeof(ngx_http_log_ctx_t)); | |
311 if (ctx == NULL) { | |
312 ngx_http_close_connection(c); | |
313 return; | |
314 } | |
315 | |
316 ctx->connection = c; | |
317 ctx->request = NULL; | |
318 ctx->current_request = NULL; | |
319 | |
320 c->log->connection = c->number; | |
321 c->log->handler = ngx_http_log_error; | |
322 c->log->data = ctx; | |
323 c->log->action = "waiting for request"; | |
324 | |
325 c->log_error = NGX_ERROR_INFO; | |
326 | 326 |
327 rev = c->read; | 327 rev = c->read; |
328 rev->handler = ngx_http_wait_request_handler; | 328 rev->handler = ngx_http_wait_request_handler; |
329 c->write->handler = ngx_http_empty_handler; | 329 c->write->handler = ngx_http_empty_handler; |
330 | 330 |