Mercurial > hg > nginx
annotate src/core/ngx_proxy_protocol.h @ 7667:1ece2ac2555a
OCSP: fixed use-after-free on error.
When validating second and further certificates, ssl callback could be called
twice to report the error. After the first call client connection is
terminated and its memory is released. Prior to the second call and in it
released connection memory is accessed.
Errors triggering this behavior:
- failure to create the request
- failure to start resolving OCSP responder name
- failure to start connecting to the OCSP responder
The fix is to rearrange the code to eliminate the second call.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Mon, 15 Jun 2020 20:17:16 +0300 |
| parents | 89adf49fe76a |
| children | cca4c8a715de |
| rev | line source |
|---|---|
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
1 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
2 /* |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Roman Arutyunyan |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
4 * Copyright (C) Nginx, Inc. |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
5 */ |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
6 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
7 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
8 #ifndef _NGX_PROXY_PROTOCOL_H_INCLUDED_ |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
9 #define _NGX_PROXY_PROTOCOL_H_INCLUDED_ |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
10 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
11 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
12 #include <ngx_config.h> |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
13 #include <ngx_core.h> |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
14 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
15 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
16 #define NGX_PROXY_PROTOCOL_MAX_HEADER 107 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
17 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
18 |
|
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
19 struct ngx_proxy_protocol_s { |
|
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
20 ngx_str_t src_addr; |
|
7591
89adf49fe76a
Parsing server PROXY protocol address and port (ticket #1206).
Roman Arutyunyan <arut@nginx.com>
parents:
7590
diff
changeset
|
21 ngx_str_t dst_addr; |
|
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
22 in_port_t src_port; |
|
7591
89adf49fe76a
Parsing server PROXY protocol address and port (ticket #1206).
Roman Arutyunyan <arut@nginx.com>
parents:
7590
diff
changeset
|
23 in_port_t dst_port; |
|
7590
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
24 }; |
|
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
25 |
|
06b01840bd42
Core: moved PROXY protocol fields out of ngx_connection_t.
Roman Arutyunyan <arut@nginx.com>
parents:
6185
diff
changeset
|
26 |
|
6185
a420cb1c170b
Core: renamed ngx_proxy_protocol_parse to ngx_proxy_protocol_read.
Roman Arutyunyan <arut@nginx.com>
parents:
6184
diff
changeset
|
27 u_char *ngx_proxy_protocol_read(ngx_connection_t *c, u_char *buf, |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
28 u_char *last); |
|
6184
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
29 u_char *ngx_proxy_protocol_write(ngx_connection_t *c, u_char *buf, |
|
fa663739e115
Stream: client-side PROXY protocol.
Roman Arutyunyan <arut@nginx.com>
parents:
5605
diff
changeset
|
30 u_char *last); |
|
5605
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
31 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
32 |
|
3a72b1805c52
Added server-side support for PROXY protocol v1 (ticket #355).
Roman Arutyunyan <arut@nginx.com>
parents:
diff
changeset
|
33 #endif /* _NGX_PROXY_PROTOCOL_H_INCLUDED_ */ |