[PATCH 2 of 2] Stream: do not reallocate a parsed SNI host

Roman Arutyunyan arut at nginx.com
Thu May 30 16:48:07 UTC 2024


Hi,

On Mon, May 27, 2024 at 02:21:44PM +0400, Sergey Kandaurov wrote:
> # HG changeset patch
> # User Sergey Kandaurov <pluknet at nginx.com>
> # Date 1716805288 -14400
> #      Mon May 27 14:21:28 2024 +0400
> # Node ID 88fa18a0f05f7dead38a127bb24e5cf861f3d66d
> # Parent  e82a7318ed48fdbc1273771bc96357e9dc232975
> Stream: do not reallocate a parsed SNI host.
> 
> Unlike in http SNI callback, it doesn't need to be saved here.
> 
> diff --git a/src/stream/ngx_stream_ssl_module.c b/src/stream/ngx_stream_ssl_module.c
> --- a/src/stream/ngx_stream_ssl_module.c
> +++ b/src/stream/ngx_stream_ssl_module.c
> @@ -501,7 +501,7 @@ ngx_stream_ssl_servername(ngx_ssl_conn_t
>  
>      host.data = (u_char *) servername;
>  
> -    rc = ngx_stream_validate_host(&host, c->pool, 1);
> +    rc = ngx_stream_validate_host(&host, c->pool, 0);
>  
>      if (rc == NGX_ERROR) {
>          goto error;

While it's true the host variable is only used within this function, its
content can be referenced by session after exiting it.  And that's why we
should keep the reallocation here.

ngx_stream_find_virtual_server() calls ngx_stream_regex_exec() for server
name regex, which can save references to parts of the host in capture variables.

> diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
> --- a/src/stream/ngx_stream_ssl_preread_module.c
> +++ b/src/stream/ngx_stream_ssl_preread_module.c
> @@ -519,7 +519,7 @@ ngx_stream_ssl_preread_servername(ngx_st
>  
>      host = *servername;
>  
> -    rc = ngx_stream_validate_host(&host, c->pool, 1);
> +    rc = ngx_stream_validate_host(&host, c->pool, 0);
>  
>      if (rc == NGX_ERROR) {
>          return NGX_ERROR;
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx-devel

--
Roman Arutyunyan


More information about the nginx-devel mailing list