From 226c6ed567ad7b37019fbf8638be346b76b2531d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 5 May 2026 09:39:30 +0000 Subject: [PATCH 1/2] Initial plan From 57346157051713d51ceada4c85b6d30828ee95be Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 5 May 2026 09:41:29 +0000 Subject: [PATCH 2/2] Fix race condition causing segfaults in ntlm close handler and client conn cleanup Agent-Logs-Url: https://github.com/Securepoint/nginx-ntlm-module/sessions/39515b70-c60c-4797-87d5-a048779c5e98 Co-authored-by: dsabotta <262123149+dsabotta@users.noreply.github.com> --- ngx_http_upstream_ntlm_module.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/ngx_http_upstream_ntlm_module.c b/ngx_http_upstream_ntlm_module.c index 8d1179d..fdc2af0 100644 --- a/ngx_http_upstream_ntlm_module.c +++ b/ngx_http_upstream_ntlm_module.c @@ -370,20 +370,27 @@ static void ngx_http_upstream_free_ntlm_peer(ngx_peer_connection_t *pc, static void ngx_http_upstream_client_conn_cleanup(void *data) { ngx_http_upstream_ntlm_cache_t *item = data; - + ngx_connection_t *c; + ngx_log_debug2( NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0, - "ntlm client connection closed %p, droping peer connection %p", + "ntlm client connection closed %p, dropping peer connection %p", item->client_connection, item->peer_connection); // Check if the item was removed previously from the queue (backend drop) if (item->peer_connection != NULL) { + c = item->peer_connection; - item->peer_connection->read->timedout = 1; - ngx_post_event(item->peer_connection->read,&ngx_posted_events); + // Null out peer_connection BEFORE closing so the close_handler + // won't double-process this item + item->peer_connection = NULL; + // Remove from cache queue and move to free queue ngx_queue_remove(&item->queue); ngx_queue_insert_head(&item->conf->free, &item->queue); + + // Close the peer connection directly instead of posting an event + ngx_http_upstream_ntlm_close(c); } } @@ -425,9 +432,14 @@ static void ngx_http_upstream_ntlm_close_handler(ngx_event_t *ev) { item = c->data; conf = item->conf; - - // set the item peer connection to null to make sure we don't close it again - // when the client connection cleanup is triggered + + // Guard: if peer_connection is already NULL, the cleanup handler + // already processed this item — just close the connection. + if (item->peer_connection == NULL) { + ngx_http_upstream_ntlm_close(c); + return; + } + item->peer_connection = NULL; ngx_http_upstream_ntlm_close(c);