wrapper/nginx-sid
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nginx-sid/debian/patches/bug-1024605.patch
Jan Mojžíš fa37bc17ab
d/p/bug-1024605.patch add, bugfix 1024605 
fixes problem when a subrequest has SSI
enabled but its main request does not, the SSI module may crash the worker
due to NULL-pointer dereference. The patch is backported from the upstream
2022-11-26 15:49:52 +01:00

101 lines
3.4 KiB
Diff
Raw Permalink Blame History

Description: SSI: handling of subrequests from other modules
Author: User Ciel Zhao <i@ciel.dev>
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024605
Last-Update: 2022-11-21
Origin: https://hg.nginx.org/nginx/raw-rev/49e7db44b57c
---
# HG changeset patch
# User Ciel Zhao <i@ciel.dev>
# Date 1669039294 -10800
# Node ID 49e7db44b57c9f4d54b87d19a696178b913aec5c
# Parent 42bc158a47ecb3c2bd0396c723c307c757f2770e
SSI: handling of subrequests from other modules (ticket #1263).
As the SSI parser always uses the context from the main request for storing
variables and blocks, that context should always exist for subrequests using
SSI, even though the main request does not necessarily have SSI enabled.
However, `ngx_http_get_module_ctx(r->main, ...)` is getting NULL in such cases,
resulting in the worker crashing SIGSEGV when accessing its attributes.
This patch links the first initialized context to the main request, and
upgrades it only when main context is initialized.
diff -r 42bc158a47ec -r 49e7db44b57c src/http/modules/ngx_http_ssi_filter_module.c
--- a/src/http/modules/ngx_http_ssi_filter_module.c Tue Nov 08 12:48:21 2022 +0300
+++ b/src/http/modules/ngx_http_ssi_filter_module.c Mon Nov 21 17:01:34 2022 +0300
@@ -329,7 +329,7 @@
static ngx_int_t
ngx_http_ssi_header_filter(ngx_http_request_t *r)
{
- ngx_http_ssi_ctx_t *ctx;
+ ngx_http_ssi_ctx_t *ctx, *mctx;
ngx_http_ssi_loc_conf_t *slcf;
slcf = ngx_http_get_module_loc_conf(r, ngx_http_ssi_filter_module);
@@ -341,6 +341,8 @@
return ngx_http_next_header_filter(r);
}
+ mctx = ngx_http_get_module_ctx(r->main, ngx_http_ssi_filter_module);
+
ctx = ngx_pcalloc(r->pool, sizeof(ngx_http_ssi_ctx_t));
if (ctx == NULL) {
return NGX_ERROR;
@@ -367,6 +369,26 @@
r->filter_need_in_memory = 1;
if (r == r->main) {
+
+ if (mctx) {
+
+ /*
+ * if there was a shared context previously used as main,
+ * copy variables and blocks
+ */
+
+ ctx->variables = mctx->variables;
+ ctx->blocks = mctx->blocks;
+
+#if (NGX_PCRE)
+ ctx->ncaptures = mctx->ncaptures;
+ ctx->captures = mctx->captures;
+ ctx->captures_data = mctx->captures_data;
+#endif
+
+ mctx->shared = 0;
+ }
+
ngx_http_clear_content_length(r);
ngx_http_clear_accept_ranges(r);
@@ -379,6 +401,10 @@
} else {
ngx_http_weak_etag(r);
}
+
+ } else if (mctx == NULL) {
+ ngx_http_set_ctx(r->main, ctx, ngx_http_ssi_filter_module);
+ ctx->shared = 1;
}
return ngx_http_next_header_filter(r);
@@ -405,6 +431,7 @@
ctx = ngx_http_get_module_ctx(r, ngx_http_ssi_filter_module);
if (ctx == NULL
+ || (ctx->shared && r == r->main)
|| (in == NULL
&& ctx->buf == NULL
&& ctx->in == NULL
diff -r 42bc158a47ec -r 49e7db44b57c src/http/modules/ngx_http_ssi_filter_module.h
--- a/src/http/modules/ngx_http_ssi_filter_module.h Tue Nov 08 12:48:21 2022 +0300
+++ b/src/http/modules/ngx_http_ssi_filter_module.h Mon Nov 21 17:01:34 2022 +0300
@@ -71,6 +71,7 @@
u_char *captures_data;
#endif
+ unsigned shared:1;
unsigned conditional:2;
unsigned encoding:2;
unsigned block:1;
Reference in a new issue View git blame Copy permalink