Mercurial > hg > nginx-quic
view src/os/unix/ngx_send.c @ 5094:e0a3714a36f8
SNI: reset to default server if requested host was not found.
Not only this is consistent with a case without SNI, but this also
prevents abusing configurations that assume that the $host variable
is limited to one of the configured names for a server.
An example of potentially unsafe configuration:
server {
listen 443 ssl default_server;
...
}
server {
listen 443;
server_name example.com;
location / {
proxy_pass http://$host;
}
}
Note: it is possible to negotiate "example.com" by SNI, and to request
arbitrary host name that does not exist in the configuration above.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Wed, 27 Feb 2013 17:38:54 +0000 |
parents | d620f497c50f |
children | f01ab2dbcfdc |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_event.h> ssize_t ngx_unix_send(ngx_connection_t *c, u_char *buf, size_t size) { ssize_t n; ngx_err_t err; ngx_event_t *wev; wev = c->write; #if (NGX_HAVE_KQUEUE) if ((ngx_event_flags & NGX_USE_KQUEUE_EVENT) && wev->pending_eof) { (void) ngx_connection_error(c, wev->kq_errno, "kevent() reported about an closed connection"); wev->error = 1; return NGX_ERROR; } #endif for ( ;; ) { n = send(c->fd, buf, size, 0); ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, "send: fd:%d %d of %d", c->fd, n, size); if (n > 0) { if (n < (ssize_t) size) { wev->ready = 0; } c->sent += n; return n; } err = ngx_socket_errno; if (n == 0) { ngx_log_error(NGX_LOG_ALERT, c->log, err, "send() returned zero"); wev->ready = 0; return n; } if (err == NGX_EAGAIN || err == NGX_EINTR) { wev->ready = 0; ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, err, "send() not ready"); if (err == NGX_EAGAIN) { return NGX_AGAIN; } } else { wev->error = 1; (void) ngx_connection_error(c, err, "send() failed"); return NGX_ERROR; } } }