Welcome! Log In Create A New Profile

Advanced

[nginx] Upstream: fixed u->headers_in.headers allocation error handling.

Previous Message Next Message
Forum List Message List New Topic Print View
Sergey Kandaurov
May 18, 2017 07:38AM
details: http://hg.nginx.org/nginx/rev/08537eab4f23
branches:
changeset: 7001:08537eab4f23
user: Sergey Kandaurov <pluknet@nginx.com>
date: Thu May 18 14:17:00 2017 +0300
description:
Upstream: fixed u->headers_in.headers allocation error handling.

Previously, an allocation error resulted in uninitialized memory access
when evaluating $upstream_http_ variables.

On a related note, see r->headers_out.headers cleanup work in 0cdee26605f3.

diffstat:

src/http/modules/ngx_http_fastcgi_module.c | 3 +++
src/http/modules/ngx_http_proxy_module.c | 1 +
src/http/modules/ngx_http_scgi_module.c | 1 +
src/http/modules/ngx_http_uwsgi_module.c | 1 +
4 files changed, 6 insertions(+), 0 deletions(-)

diffs (60 lines):

diff -r d8e8ced78e77 -r 08537eab4f23 src/http/modules/ngx_http_fastcgi_module.c
--- a/src/http/modules/ngx_http_fastcgi_module.c Mon May 15 20:09:44 2017 +0300
+++ b/src/http/modules/ngx_http_fastcgi_module.c Thu May 18 14:17:00 2017 +0300
@@ -1878,6 +1878,7 @@ ngx_http_fastcgi_process_header(ngx_http

p = ngx_pnalloc(r->pool, size);
if (p == NULL) {
+ h->hash = 0;
return NGX_ERROR;
}

@@ -1900,6 +1901,7 @@ ngx_http_fastcgi_process_header(ngx_http
ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
"invalid header after joining "
"FastCGI records");
+ h->hash = 0;
return NGX_ERROR;
}

@@ -1925,6 +1927,7 @@ ngx_http_fastcgi_process_header(ngx_http
h->key.len + 1 + h->value.len + 1
+ h->key.len);
if (h->key.data == NULL) {
+ h->hash = 0;
return NGX_ERROR;
}

diff -r d8e8ced78e77 -r 08537eab4f23 src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c Mon May 15 20:09:44 2017 +0300
+++ b/src/http/modules/ngx_http_proxy_module.c Thu May 18 14:17:00 2017 +0300
@@ -1798,6 +1798,7 @@ ngx_http_proxy_process_header(ngx_http_r
h->key.data = ngx_pnalloc(r->pool,
h->key.len + 1 + h->value.len + 1 + h->key.len);
if (h->key.data == NULL) {
+ h->hash = 0;
return NGX_ERROR;
}

diff -r d8e8ced78e77 -r 08537eab4f23 src/http/modules/ngx_http_scgi_module.c
--- a/src/http/modules/ngx_http_scgi_module.c Mon May 15 20:09:44 2017 +0300
+++ b/src/http/modules/ngx_http_scgi_module.c Thu May 18 14:17:00 2017 +0300
@@ -1040,6 +1040,7 @@ ngx_http_scgi_process_header(ngx_http_re
h->key.len + 1 + h->value.len + 1
+ h->key.len);
if (h->key.data == NULL) {
+ h->hash = 0;
return NGX_ERROR;
}

diff -r d8e8ced78e77 -r 08537eab4f23 src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c Mon May 15 20:09:44 2017 +0300
+++ b/src/http/modules/ngx_http_uwsgi_module.c Thu May 18 14:17:00 2017 +0300
@@ -1244,6 +1244,7 @@ ngx_http_uwsgi_process_header(ngx_http_r
h->key.len + 1 + h->value.len + 1
+ h->key.len);
if (h->key.data == NULL) {
+ h->hash = 0;
return NGX_ERROR;
}

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] Upstream: fixed u->headers_in.headers allocation error handling.

Sergey Kandaurov 500 May 18, 2017 07:38AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 193
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready