Mercurial > hg > nginx-quic
view src/core/ngx_radix_tree.h @ 7367:bf1ac3dc1e68
SSL: fixed segfault on renegotiation (ticket #1646).
In e3ba4026c02d (1.15.4) nginx own renegotiation checks were disabled
if SSL_OP_NO_RENEGOTIATION is available. But since SSL_OP_NO_RENEGOTIATION
is only set on a connection, not in an SSL context, SSL_clear_option()
removed it as long as a matching virtual server was found. This resulted
in a segmentation fault similar to the one fixed in a6902a941279 (1.9.8),
affecting nginx built with OpenSSL 1.1.0h or higher.
To fix this, SSL_OP_NO_RENEGOTIATION is now explicitly set in
ngx_http_ssl_servername() after adjusting options. Additionally, instead
of c->ssl->renegotiation we now check c->ssl->handshaked, which seems
to be a more correct flag to test, and will prevent the segmentation fault
from happening even if SSL_OP_NO_RENEGOTIATION is not working.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 02 Oct 2018 17:46:18 +0300 |
parents | 3be3de31d7dd |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_RADIX_TREE_H_INCLUDED_ #define _NGX_RADIX_TREE_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #define NGX_RADIX_NO_VALUE (uintptr_t) -1 typedef struct ngx_radix_node_s ngx_radix_node_t; struct ngx_radix_node_s { ngx_radix_node_t *right; ngx_radix_node_t *left; ngx_radix_node_t *parent; uintptr_t value; }; typedef struct { ngx_radix_node_t *root; ngx_pool_t *pool; ngx_radix_node_t *free; char *start; size_t size; } ngx_radix_tree_t; ngx_radix_tree_t *ngx_radix_tree_create(ngx_pool_t *pool, ngx_int_t preallocate); ngx_int_t ngx_radix32tree_insert(ngx_radix_tree_t *tree, uint32_t key, uint32_t mask, uintptr_t value); ngx_int_t ngx_radix32tree_delete(ngx_radix_tree_t *tree, uint32_t key, uint32_t mask); uintptr_t ngx_radix32tree_find(ngx_radix_tree_t *tree, uint32_t key); #if (NGX_HAVE_INET6) ngx_int_t ngx_radix128tree_insert(ngx_radix_tree_t *tree, u_char *key, u_char *mask, uintptr_t value); ngx_int_t ngx_radix128tree_delete(ngx_radix_tree_t *tree, u_char *key, u_char *mask); uintptr_t ngx_radix128tree_find(ngx_radix_tree_t *tree, u_char *key); #endif #endif /* _NGX_RADIX_TREE_H_INCLUDED_ */