bugfix: when the nginx core does not properly initialize r->headers_in.headers (due to 400 bad requests and etc), more_set_input_headers might lead to crashes. thanks Marcin Teodorczyk for the report.

agentzh · agentzh · commit 0a5bad9073bc · 2016-06-02T14:19:41.000-07:00
diff --git a/src/ngx_http_headers_more_headers_in.c b/src/ngx_http_headers_more_headers_in.c
@@ -290,6 +290,11 @@ ngx_http_set_header_helper(ngx_http_request_t *r,
         return NGX_OK;
     }
 
+    if (r->headers_in.headers.last == NULL) {
+        /* must be 400 bad request */
+        return NGX_OK;
+    }
+
     h = ngx_list_push(&r->headers_in.headers);
 
     if (h == NULL) {
diff --git a/t/bug.t b/t/bug.t
@@ -4,7 +4,7 @@ use Test::Nginx::Socket; # 'no_plan';
 
 repeat_each(2);
 
-plan tests => 49 * repeat_each();
+plan tests => 53 * repeat_each();
 
 no_diff;
 
@@ -360,3 +360,32 @@ X-Foo: Bar
 --- response_body
 ok
 
+
+
+=== TEST 19: for bad requests (bad request method letter case)
+--- config
+    error_page 400 = /err;
+
+    location = /err {
+        more_set_input_headers "Foo: bar";
+        echo ok;
+    }
+--- raw_request
+GeT / HTTP/1.1
+--- response_body
+ok
+
+
+
+=== TEST 20: for bad requests (bad request method names)
+--- config
+    error_page 400 = /err;
+
+    location = /err {
+        more_set_input_headers "Foo: bar";
+        echo ok;
+    }
+--- raw_request
+GET x HTTP/1.1
+--- response_body
+ok
