bugfix: when the nginx core does not properly initialize r->headers_in.headers (due to 400 bad requests and etc), more_set_input_headers might lead to crashes. thanks Marcin Teodorczyk for the report.

agentzh · agentzh · commit e21d9b55e587 · 2016-06-02T14:57:25.000-07:00
diff --git a/src/ngx_http_lua_headers_in.c b/src/ngx_http_lua_headers_in.c
@@ -263,6 +263,11 @@ ngx_http_set_header_helper(ngx_http_request_t *r, ngx_http_lua_header_val_t *hv,
 
 new_header:
 
+    if (r->headers_in.headers.last == NULL) {
+        /* must be 400 bad request */
+        return NGX_OK;
+    }
+
     h = ngx_list_push(&r->headers_in.headers);
 
     if (h == NULL) {
diff --git a/t/028-req-header.t b/t/028-req-header.t
@@ -8,7 +8,7 @@ use Test::Nginx::Socket::Lua;
 
 repeat_each(2);
 
-plan tests => repeat_each() * (2 * blocks() + 28);
+plan tests => repeat_each() * (2 * blocks() + 30);
 
 #no_diff();
 #no_long_string();
@@ -1582,3 +1582,41 @@ X-Forwarded-For: 8.8.8.8
 Foo: 127.0.0.1
 --- no_error_log
 [error]
+
+
+
+=== TEST 52: for bad requests (bad request method letter case)
+--- config
+    error_page 400 = /err;
+
+    location = /err {
+        content_by_lua_block {
+            ngx.req.set_header("Foo", "bar")
+            ngx.say("ok")
+        }
+    }
+--- raw_request
+GeT / HTTP/1.1
+--- response_body
+ok
+--- no_error_log
+[error]
+
+
+
+=== TEST 53: for bad requests (bad request method names)
+--- config
+    error_page 400 = /err;
+
+    location = /err {
+        content_by_lua_block {
+            ngx.req.set_header("Foo", "bar")
+            ngx.say("ok")
+        }
+    }
+--- raw_request
+GET x HTTP/1.1
+--- response_body
+ok
+--- no_error_log
+[error]
