From 24d9b98900a5318778dcab3f765e85a8bed5d136 Mon Sep 17 00:00:00 2001 From: Valentin Bartenev Date: Thu, 16 Jun 2016 20:55:11 +0300 Subject: [PATCH] HTTP/2: fixed a segfault while processing unbuffered upload. The ngx_http_v2_finalize_connection() closes current stream, but that is an invalid operation while processing unbuffered upload. This results in access to already freed memory, since the upstream module sets a cleanup handler that also finalizes the request. --- src/http/v2/ngx_http_v2.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c index 208f0f325..94f57a717 100644 --- a/src/http/v2/ngx_http_v2.c +++ b/src/http/v2/ngx_http_v2.c @@ -4169,10 +4169,6 @@ ngx_http_v2_finalize_connection(ngx_http_v2_connection_t *h2c, c->error = 1; - if (h2c->state.stream) { - ngx_http_v2_close_stream(h2c->state.stream, NGX_HTTP_BAD_REQUEST); - } - if (!h2c->processing) { ngx_http_close_connection(c); return;