[nginx] Upstream: disabled upgrading in subrequests.

Thu Oct 12 08:58:09 UTC 2017

details:   http://hg.nginx.org/nginx/rev/6a5a91de5b74
branches:  
changeset: 7131:6a5a91de5b74
user:      Roman Arutyunyan <arut at nginx.com>
date:      Wed Oct 11 17:38:21 2017 +0300
description:
Upstream: disabled upgrading in subrequests.

Upgrading an upstream connection is usually followed by reading from the client
which a subrequest is not allowed to do.  Moreover, accessing the header_in
request field while processing upgraded connection ends up with a null pointer
dereference since the header_in buffer is only created for the the main request.

diffstat:

 src/http/ngx_http_upstream.c |  7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diffs (17 lines):

diff -r 882ad033d43c -r 6a5a91de5b74 src/http/ngx_http_upstream.c

--- a/src/http/ngx_http_upstream.c	Wed Oct 11 22:04:28 2017 +0300
+++ b/src/http/ngx_http_upstream.c	Wed Oct 11 17:38:21 2017 +0300
@@ -3206,6 +3206,13 @@ ngx_http_upstream_upgrade(ngx_http_reque
 
     /* TODO: prevent upgrade if not requested or not possible */
 
+    if (r != r->main) {
+        ngx_log_error(NGX_LOG_ERR, c->log, 0,
+                      "connection upgrade in subrequest");
+        ngx_http_upstream_finalize_request(r, u, NGX_ERROR);
+        return;
+    }
+
     r->keepalive = 0;
     c->log->action = "proxying upgraded connection";
 
