summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2022-04-19 23:25:41 -0400
committerGlenn Strauss <gstrauss@gluelogic.com>2022-05-05 13:35:18 -0400
commitfbade1850f5ceffdb2cf4c561fa44f73093a484d (patch)
treeac3ac6c6d389b908b3463f09629cd0174d4a14c8 /src
parent1ed3a78ea9f51c33c348de6aaa02447d3ac54fae (diff)
downloadlighttpd-git-fbade1850f5ceffdb2cf4c561fa44f73093a484d.tar.gz
[multiple] reset http vers, avoid rare crash (fixes #3152)
(thx ultimator) do not set r->http_version to HTTP_VERSION_2 when selecting TLS ALPN if r->handler_module already set, since handler module is likely mod_sockproxy, and con->h2 will not get initialized. This does continue to select "h2", so the mod_sockproxy backend should be prepared to receive the HTTP/2 client connection preface. x-ref: "Random Segfaults with version 1.4.64 w/ mod_sockproxy and ALPN h2" https://redmine.lighttpd.net/issues/3152
Diffstat (limited to 'src')
-rw-r--r--src/mod_gnutls.c3
-rw-r--r--src/mod_mbedtls.c6
-rw-r--r--src/mod_nss.c3
-rw-r--r--src/mod_openssl.c3
-rw-r--r--src/mod_wolfssl.c3
5 files changed, 12 insertions, 6 deletions
diff --git a/src/mod_gnutls.c b/src/mod_gnutls.c
index 5ebba29e..848e14d2 100644
--- a/src/mod_gnutls.c
+++ b/src/mod_gnutls.c
@@ -1406,7 +1406,8 @@ mod_gnutls_ALPN (handler_ctx * const hctx, const unsigned char * const in, const
if (in[i] == 'h' && in[i+1] == '2') {
if (!hctx->r->conf.h2proto) continue;
hctx->alpn = MOD_GNUTLS_ALPN_H2;
- hctx->r->http_version = HTTP_VERSION_2;
+ if (hctx->r->handler_module == NULL)/*(e.g. not mod_sockproxy)*/
+ hctx->r->http_version = HTTP_VERSION_2;
return GNUTLS_E_SUCCESS;
}
continue;
diff --git a/src/mod_mbedtls.c b/src/mod_mbedtls.c
index 00acbaa5..f68b236a 100644
--- a/src/mod_mbedtls.c
+++ b/src/mod_mbedtls.c
@@ -1202,7 +1202,8 @@ mod_mbedtls_alpn_selected (handler_ctx * const hctx, const char * const in)
case 2: /* "h2" */
if (in[i] == 'h' && in[i+1] == '2') {
proto = MOD_MBEDTLS_ALPN_H2;
- hctx->r->http_version = HTTP_VERSION_2;
+ if (hctx->r->handler_module == NULL)/*(e.g. not mod_sockproxy)*/
+ hctx->r->http_version = HTTP_VERSION_2;
break;
}
return 0;
@@ -1247,7 +1248,8 @@ mod_mbedtls_alpn_select_cb (handler_ctx *hctx, const unsigned char *in, const un
if (in[i] == 'h' && in[i+1] == '2') {
if (!hctx->r->conf.h2proto) continue;
hctx->alpn = MOD_MBEDTLS_ALPN_H2;
- hctx->r->http_version = HTTP_VERSION_2;
+ if (hctx->r->handler_module == NULL)/*(e.g. not mod_sockproxy)*/
+ hctx->r->http_version = HTTP_VERSION_2;
return 0;
}
continue;
diff --git a/src/mod_nss.c b/src/mod_nss.c
index 83e848a1..ee081c25 100644
--- a/src/mod_nss.c
+++ b/src/mod_nss.c
@@ -1367,7 +1367,8 @@ mod_nss_alpn_select_cb (void *arg, PRFileDesc *ssl,
case 0:
if (!hctx->r->conf.h2proto) continue;
hctx->alpn = MOD_NSS_ALPN_H2;
- hctx->r->http_version = HTTP_VERSION_2;
+ if (hctx->r->handler_module == NULL)/*(not mod_sockproxy)*/
+ hctx->r->http_version = HTTP_VERSION_2;
break;
case 1:
hctx->alpn = MOD_NSS_ALPN_HTTP11;
diff --git a/src/mod_openssl.c b/src/mod_openssl.c
index 3bb59f51..6e2a479d 100644
--- a/src/mod_openssl.c
+++ b/src/mod_openssl.c
@@ -1883,7 +1883,8 @@ mod_openssl_alpn_select_cb (SSL *ssl, const unsigned char **out, unsigned char *
if (in[i] == 'h' && in[i+1] == '2') {
if (!hctx->r->conf.h2proto) continue;
proto = MOD_OPENSSL_ALPN_H2;
- hctx->r->http_version = HTTP_VERSION_2;
+ if (hctx->r->handler_module == NULL)/*(e.g. not mod_sockproxy)*/
+ hctx->r->http_version = HTTP_VERSION_2;
break;
}
continue;
diff --git a/src/mod_wolfssl.c b/src/mod_wolfssl.c
index 651de057..6ddfaa46 100644
--- a/src/mod_wolfssl.c
+++ b/src/mod_wolfssl.c
@@ -1823,7 +1823,8 @@ mod_openssl_alpn_select_cb (SSL *ssl, const unsigned char **out, unsigned char *
if (in[i] == 'h' && in[i+1] == '2') {
if (!hctx->r->conf.h2proto) continue;
proto = MOD_OPENSSL_ALPN_H2;
- hctx->r->http_version = HTTP_VERSION_2;
+ if (hctx->r->handler_module == NULL)/*(e.g. not mod_sockproxy)*/
+ hctx->r->http_version = HTTP_VERSION_2;
break;
}
continue;
View Lorry Controller Status