From cff1b06f2b38e02093cc16db0eb319f3980b5214 Mon Sep 17 00:00:00 2001
From: Kleis Auke Wolthuizen <github@kleisauke.nl>
Date: Fri, 15 Mar 2024 18:54:15 +0100
Subject: [PATCH] Fix null-pointer dereference

`upstream_ctx->request` will be NULL in case of redirect errors.
---
 src/nginx/error.cpp | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/nginx/error.cpp b/src/nginx/error.cpp
index b3e5b414..0193a41b 100644
--- a/src/nginx/error.cpp
+++ b/src/nginx/error.cpp
@@ -23,11 +23,12 @@ ngx_int_t ngx_weserv_return_error(ngx_http_request_t *r,
         ngx_http_arg(r, (u_char *)"errorredirect", 13, &redirect_uri) ==
             NGX_OK) {
         ngx_str_t parsed_redirect = ngx_null_string;
-        if (upstream_ctx != nullptr && redirect_uri.len == 1 &&
-            redirect_uri.data[0] == '1') {
-            parsed_redirect = upstream_ctx->request->url();
-        } else {
+        if (redirect_uri.len != 1 || redirect_uri.data[0] != '1') {
             (void)parse_url(r->pool, redirect_uri, &parsed_redirect);
+        } else if (upstream_ctx != nullptr &&
+                   upstream_ctx->request != nullptr) {
+            // NB: ->request will be NULL in case of redirect errors.
+            parsed_redirect = upstream_ctx->request->url();
         }
 
         if (parsed_redirect.len > 0 &&