[nginx] HTTP/2: fixed a segfault while processing unbuffered upload.
Maxim Dounin
mdounin at mdounin.ru
Tue Oct 18 14:47:58 UTC 2016
details: http://hg.nginx.org/nginx/rev/0708285115fa
branches: stable-1.10
changeset: 6752:0708285115fa
user: Valentin Bartenev <vbart at nginx.com>
date: Thu Jun 16 20:55:11 2016 +0300
description:
HTTP/2: fixed a segfault while processing unbuffered upload.
The ngx_http_v2_finalize_connection() closes current stream, but that is an
invalid operation while processing unbuffered upload. This results in access
to already freed memory, since the upstream module sets a cleanup handler that
also finalizes the request.
diffstat:
src/http/v2/ngx_http_v2.c | 4 ----
1 files changed, 0 insertions(+), 4 deletions(-)
diffs (14 lines):
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -4169,10 +4169,6 @@ ngx_http_v2_finalize_connection(ngx_http
c->error = 1;
- if (h2c->state.stream) {
- ngx_http_v2_close_stream(h2c->state.stream, NGX_HTTP_BAD_REQUEST);
- }
-
if (!h2c->processing) {
ngx_http_close_connection(c);
return;
More information about the nginx-devel
mailing list