From 01e200c4341a3e0694d59d88ea24920d7f271238 Mon Sep 17 00:00:00 2001 From: Roman Arutyunyan Date: Wed, 11 Oct 2017 17:38:21 +0300 Subject: [PATCH] Upstream: disabled upgrading in subrequests. Upgrading an upstream connection is usually followed by reading from the client which a subrequest is not allowed to do. Moreover, accessing the header_in request field while processing upgraded connection ends up with a null pointer dereference since the header_in buffer is only created for the the main request. --- src/http/ngx_http_upstream.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index c29ee97d8..75f463ba7 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -3206,6 +3206,13 @@ ngx_http_upstream_upgrade(ngx_http_request_t *r, ngx_http_upstream_t *u) /* TODO: prevent upgrade if not requested or not possible */ + if (r != r->main) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, + "connection upgrade in subrequest"); + ngx_http_upstream_finalize_request(r, u, NGX_ERROR); + return; + } + r->keepalive = 0; c->log->action = "proxying upgraded connection";