diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2017-10-11 17:38:21 +0300 |
|---|---|---|
| committer | Roman Arutyunyan <arut@nginx.com> | 2017-10-11 17:38:21 +0300 |
| commit | 80f2e8f656267251c7d053307b82a382f5bb7744 (patch) | |
| tree | 156af2530fe416258b7eb7bdb789e71ec0d6104b /src | |
| parent | f1be23bc8aed6c6e6bbba1320d85a8943550b253 (diff) | |
| download | nginx-80f2e8f656267251c7d053307b82a382f5bb7744.tar.gz nginx-80f2e8f656267251c7d053307b82a382f5bb7744.zip | |
Upstream: disabled upgrading in subrequests.
Upgrading an upstream connection is usually followed by reading from the client
which a subrequest is not allowed to do. Moreover, accessing the header_in
request field while processing upgraded connection ends up with a null pointer
dereference since the header_in buffer is only created for the the main request.
Diffstat (limited to 'src')
| -rw-r--r-- | src/http/ngx_http_upstream.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index c29ee97d8..75f463ba7 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -3206,6 +3206,13 @@ ngx_http_upstream_upgrade(ngx_http_request_t *r, ngx_http_upstream_t *u) /* TODO: prevent upgrade if not requested or not possible */ + if (r != r->main) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, + "connection upgrade in subrequest"); + ngx_http_upstream_finalize_request(r, u, NGX_ERROR); + return; + } + r->keepalive = 0; c->log->action = "proxying upgraded connection"; |