Welcome! Log In Create A New Profile

[nginx] Dav: ngx_http_map_uri_to_path() errors were not checked.

Forum List Message List New Topic Print View

Maxim Dounin

July 31, 2014 11:32PM

details: http://hg.nginx.org/nginx/rev/1f70fe0d9576
branches:
changeset: 5781:1f70fe0d9576
user: FengGu <flygoast@126.com>
date: Wed Jul 30 14:45:08 2014 +0800
description:
Dav: ngx_http_map_uri_to_path() errors were not checked.

Once error occured, it could lead to use uninitialized variables to log,
even more segmentation fault.

diffstat:

src/http/modules/ngx_http_dav_module.c | 20 ++++++++++++++++----
1 files changed, 16 insertions(+), 4 deletions(-)

diffs (58 lines):

diff --git a/src/http/modules/ngx_http_dav_module.c b/src/http/modules/ngx_http_dav_module.c
--- a/src/http/modules/ngx_http_dav_module.c
+++ b/src/http/modules/ngx_http_dav_module.c
@@ -212,7 +212,10 @@ ngx_http_dav_put_handler(ngx_http_reques
return;
}

- ngx_http_map_uri_to_path(r, &path, &root, 0);
+ if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) {
+ ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ return;
+ }

path.len--;

@@ -320,7 +323,9 @@ ngx_http_dav_delete_handler(ngx_http_req

ok:

- ngx_http_map_uri_to_path(r, &path, &root, 0);
+ if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }

ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"http delete filename: \"%s\"", path.data);
@@ -488,6 +493,9 @@ ngx_http_dav_mkcol_handler(ngx_http_requ
}

p = ngx_http_map_uri_to_path(r, &path, &root, 0);
+ if (p == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }

*(p - 1) = '\0';
r->uri.len--;
@@ -666,7 +674,9 @@ destination_done:

overwrite_done:

- ngx_http_map_uri_to_path(r, &path, &root, 0);
+ if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }

ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
"http copy from: \"%s\"", path.data);
@@ -674,7 +684,9 @@ overwrite_done:
uri = r->uri;
r->uri = duri;

- ngx_http_map_uri_to_path(r, &copy.path, &root, 0);
+ if (ngx_http_map_uri_to_path(r, &copy.path, &root, 0) == NULL) {
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }

r->uri = uri;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] Dav: ngx_http_map_uri_to_path() errors were not checked.	Maxim Dounin	729	July 31, 2014 11:32PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 139

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018