From 2dc9a4edaf4ffc9fb43b1d9563ea57c80d889d5a Mon Sep 17 00:00:00 2001 From: Ava Hahn Date: Mon, 6 Jan 2025 18:47:47 -0800 Subject: otel: fix segfaults when otel not configured This commit adds NULL checks for the request->otel object that were missed in the Traceparent and Tracestate routines. Closes: https://github.com/nginx/unit/issues/1523 Closes: https://github.com/nginx/unit/issues/1526 Fixes: 9d3dcb800 ("otel: add build tooling to include otel code") Signed-off-by: Ava Hahn --- src/nxt_otel.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/nxt_otel.c b/src/nxt_otel.c index eea12e24..ef796a7c 100644 --- a/src/nxt_otel.c +++ b/src/nxt_otel.c @@ -311,17 +311,13 @@ nxt_otel_test_and_call_state(nxt_task_t *task, nxt_http_request_t *r) void nxt_otel_request_error_path(nxt_task_t *task, nxt_http_request_t *r) { - if (r->otel->trace == NULL) { + if (r->otel == NULL || r->otel->trace == NULL) { return; } // response headers have been cleared nxt_otel_propagate_header(task, r); - - // collect span immediately - if (r->otel) { - nxt_otel_state_transition(r->otel, NXT_OTEL_COLLECT_STATE); - } + nxt_otel_state_transition(r->otel, NXT_OTEL_COLLECT_STATE); nxt_otel_test_and_call_state(task, r); } @@ -344,6 +340,9 @@ nxt_otel_parse_traceparent(void *ctx, nxt_http_field_t *field, uintptr_t data) */ r = ctx; + if (r->otel == NULL) { + return NXT_OK; + } if (field->value_length != NXT_OTEL_TRACEPARENT_LEN) { goto error_state; @@ -391,6 +390,10 @@ nxt_otel_parse_tracestate(void *ctx, nxt_http_field_t *field, uintptr_t data) s.start = field->value; r = ctx; + if (r->otel == NULL) { + return NXT_OK; + } + r->otel->trace_state = s; /* -- cgit From b5db00124153ed4caa84d826d63820c42b1d1f11 Mon Sep 17 00:00:00 2001 From: Ava Hahn Date: Tue, 7 Jan 2025 15:27:26 -0800 Subject: otel: remove deadcode The superfluous else condition in nxt_otel_propagate_header was dead code. This commit removes it. Signed-off-by: Ava Hahn --- src/nxt_otel.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'src') diff --git a/src/nxt_otel.c b/src/nxt_otel.c index ef796a7c..38ef02ea 100644 --- a/src/nxt_otel.c +++ b/src/nxt_otel.c @@ -67,7 +67,7 @@ nxt_otel_propagate_header(nxt_task_t *task, nxt_http_request_t *r) * if we didn't inherit a trace id then we need to add the * traceparent header to the request */ - } else if (r->otel->trace_id == NULL) { + } else { nxt_otel_rs_copy_traceparent(traceval, r->otel->trace); @@ -92,15 +92,6 @@ nxt_otel_propagate_header(nxt_task_t *task, nxt_http_request_t *r) nxt_otel_rs_add_event_to_trace(r->otel->trace, &traceparent_name, &traceparent); - - /* - * potentially nxt_http_request_error called before headers - * finished parsing - */ - } else { - nxt_log(task, NXT_LOG_DEBUG, - "not propagating tracing headers for missing trace"); - return; } f = nxt_list_add(r->resp.fields); -- cgit From c1372d1e43bd0457c8a00b055f667022c54d7219 Mon Sep 17 00:00:00 2001 From: Mark Thomas Date: Mon, 29 Jun 2020 15:08:25 +0100 Subject: java: websocket: Fix calculation of payload length for > 32bit values Patch taken from [ Subject / message tweak - Andrew ] Signed-off-by: Andrew Clayton --- src/java/nginx/unit/websocket/WsFrameBase.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/java/nginx/unit/websocket/WsFrameBase.java b/src/java/nginx/unit/websocket/WsFrameBase.java index 06d20bf4..2057ff3f 100644 --- a/src/java/nginx/unit/websocket/WsFrameBase.java +++ b/src/java/nginx/unit/websocket/WsFrameBase.java @@ -670,7 +670,7 @@ public abstract class WsFrameBase { int shift = 0; long result = 0; for (int i = start + len - 1; i >= start; i--) { - result = result + ((b[i] & 0xFF) << shift); + result = result + ((b[i] & 0xFFL) << shift); shift += 8; } return result; -- cgit From e857293f5aae004403490cf0f62187959951769c Mon Sep 17 00:00:00 2001 From: Mark Thomas Date: Mon, 29 Jun 2020 14:02:59 +0100 Subject: java: websocket: Additional payload length validation Patch taken from [ Subject / message tweak - Andrew ] Signed-off-by: Andrew Clayton --- src/java/nginx/unit/websocket/WsFrameBase.java | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src') diff --git a/src/java/nginx/unit/websocket/WsFrameBase.java b/src/java/nginx/unit/websocket/WsFrameBase.java index 2057ff3f..f07a8962 100644 --- a/src/java/nginx/unit/websocket/WsFrameBase.java +++ b/src/java/nginx/unit/websocket/WsFrameBase.java @@ -260,6 +260,13 @@ public abstract class WsFrameBase { } else if (payloadLength == 127) { payloadLength = byteArrayToLong(inputBuffer.array(), inputBuffer.arrayOffset() + inputBuffer.position(), 8); + // The most significant bit of those 8 bytes is required to be zero + // (see RFC 6455, section 5.2). If the most significant bit is set, + // the resulting payload length will be negative so test for that. + if (payloadLength < 0) { + throw new WsIOException( + new CloseReason(CloseCodes.PROTOCOL_ERROR, sm.getString("wsFrame.payloadMsbInvalid"))); + } inputBuffer.position(inputBuffer.position() + 8); } if (Util.isControl(opCode)) { -- cgit