Mercurial > hg > nginx-quic
comparison src/http/ngx_http_request.c @ 8633:74b43926b470 quic
HTTP/3: fixed segfault when using SSL certificates with variables.
A QUIC connection doesn't have c->log->data and friends initialized to sensible
values. Yet, a request can be created in the certificate callback with such an
assumption, which leads to a segmentation fault due to null pointer dereference
in ngx_http_free_request(). The fix is to adjust initializing the QUIC part of
a connection such that it has all of that in place.
Further, this appends logging error context for unsuccessful QUIC handshakes:
- cannot load certificate .. while handling frames
- SSL_do_handshake() failed .. while sending frames
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Wed, 29 Sep 2021 15:01:59 +0300 |
| parents | 6a383020d61e |
| children | 7f4b2687ac80 |
comparison
equal
deleted
inserted
replaced
| 8632:a550d4fa3581 | 8633:74b43926b470 |
|---|---|
| 297 } | 297 } |
| 298 | 298 |
| 299 /* the default server configuration for the address:port */ | 299 /* the default server configuration for the address:port */ |
| 300 hc->conf_ctx = hc->addr_conf->default_server->ctx; | 300 hc->conf_ctx = hc->addr_conf->default_server->ctx; |
| 301 | 301 |
| 302 ctx = ngx_palloc(c->pool, sizeof(ngx_http_log_ctx_t)); | |
| 303 if (ctx == NULL) { | |
| 304 ngx_http_close_connection(c); | |
| 305 return; | |
| 306 } | |
| 307 | |
| 308 ctx->connection = c; | |
| 309 ctx->request = NULL; | |
| 310 ctx->current_request = NULL; | |
| 311 | |
| 312 c->log->connection = c->number; | |
| 313 c->log->handler = ngx_http_log_error; | |
| 314 c->log->data = ctx; | |
| 315 c->log->action = "waiting for request"; | |
| 316 | |
| 317 c->log_error = NGX_ERROR_INFO; | |
| 318 | |
| 302 #if (NGX_HTTP_QUIC) | 319 #if (NGX_HTTP_QUIC) |
| 303 if (hc->addr_conf->quic) { | 320 if (hc->addr_conf->quic) { |
| 304 if (ngx_http_quic_init(c) == NGX_DONE) { | 321 if (ngx_http_quic_init(c) == NGX_DONE) { |
| 305 return; | 322 return; |
| 306 } | 323 } |
| 307 } | 324 } |
| 308 #endif | 325 #endif |
| 309 | |
| 310 ctx = ngx_palloc(c->pool, sizeof(ngx_http_log_ctx_t)); | |
| 311 if (ctx == NULL) { | |
| 312 ngx_http_close_connection(c); | |
| 313 return; | |
| 314 } | |
| 315 | |
| 316 ctx->connection = c; | |
| 317 ctx->request = NULL; | |
| 318 ctx->current_request = NULL; | |
| 319 | |
| 320 c->log->connection = c->number; | |
| 321 c->log->handler = ngx_http_log_error; | |
| 322 c->log->data = ctx; | |
| 323 c->log->action = "waiting for request"; | |
| 324 | |
| 325 c->log_error = NGX_ERROR_INFO; | |
| 326 | 326 |
| 327 rev = c->read; | 327 rev = c->read; |
| 328 rev->handler = ngx_http_wait_request_handler; | 328 rev->handler = ngx_http_wait_request_handler; |
| 329 c->write->handler = ngx_http_empty_handler; | 329 c->write->handler = ngx_http_empty_handler; |
| 330 | 330 |