diff options
| author | Roman Arutyunyan <arut@nginx.com> | 2026-01-29 13:27:32 +0400 |
|---|---|---|
| committer | Roman Arutyunyan <arutyunyan.roman@gmail.com> | 2026-02-04 21:22:23 +0400 |
| commit | 784fa05025cb8cd0c770f99bc79d2794b9f85b6e (patch) | |
| tree | ab90dc97fab2e3ce75e127e05bf713308c18335a /src/http | |
| parent | dc50b86db8844f3c243ac374fb08beb79495f3cf (diff) | |
| download | nginx-784fa05025cb8cd0c770f99bc79d2794b9f85b6e.tar.gz nginx-784fa05025cb8cd0c770f99bc79d2794b9f85b6e.tar.bz2 | |
Upstream: detect premature plain text response from SSL backend.
When connecting to a backend, the connection write event is triggered
first in most cases. However if a response arrives quickly enough, both
read and write events can be triggered together within the same event loop
iteration. In this case the read event handler is called first and the
write event handler is called after it.
SSL initialization for backend connections happens only in the write event
handler since SSL handshake starts with sending Client Hello. Previously,
if a backend sent a quick plain text response, it could be parsed by the
read event handler prior to starting SSL handshake on the connection.
The change adds protection against parsing such responses on SSL-enabled
connections.
Diffstat (limited to 'src/http')
| -rw-r--r-- | src/http/ngx_http_upstream.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/http/ngx_http_upstream.c b/src/http/ngx_http_upstream.c index df577ad67..cadc74479 100644 --- a/src/http/ngx_http_upstream.c +++ b/src/http/ngx_http_upstream.c @@ -2508,6 +2508,15 @@ ngx_http_upstream_process_header(ngx_http_request_t *r, ngx_http_upstream_t *u) return; } +#if (NGX_HTTP_SSL) + if (u->ssl && c->ssl == NULL) { + ngx_log_error(NGX_LOG_ERR, c->log, 0, + "upstream prematurely sent response"); + ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); + return; + } +#endif + u->state->bytes_received += n; u->buffer.last += n; |