Mercurial > hg > nginx
comparison src/http/modules/ngx_http_quic_module.c @ 8871:74b43926b470 quic
HTTP/3: fixed segfault when using SSL certificates with variables.
A QUIC connection doesn't have c->log->data and friends initialized to sensible
values. Yet, a request can be created in the certificate callback with such an
assumption, which leads to a segmentation fault due to null pointer dereference
in ngx_http_free_request(). The fix is to adjust initializing the QUIC part of
a connection such that it has all of that in place.
Further, this appends logging error context for unsuccessful QUIC handshakes:
- cannot load certificate .. while handling frames
- SSL_do_handshake() failed .. while sending frames
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 29 Sep 2021 15:01:59 +0300 |
| parents | 59d2d47ad3c6 |
| children | 4b2d259bdadd |
comparison
equal
deleted
inserted
replaced
| 8870:a550d4fa3581 | 8871:74b43926b470 |
|---|---|
| 196 hc = c->data; | 196 hc = c->data; |
| 197 | 197 |
| 198 hc->ssl = 1; | 198 hc->ssl = 1; |
| 199 | 199 |
| 200 if (c->quic == NULL) { | 200 if (c->quic == NULL) { |
| 201 c->log->connection = c->number; | |
| 202 | |
| 203 qcf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_quic_module); | 201 qcf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_quic_module); |
| 204 | 202 |
| 205 ngx_quic_run(c, qcf); | 203 ngx_quic_run(c, qcf); |
| 206 | 204 |
| 207 return NGX_DONE; | 205 return NGX_DONE; |