Welcome! Log In Create A New Profile

Advanced

[nginx] Resolver: fixed use-after-free memory access.

Previous Message Next Message
Forum List Message List New Topic Print View
Ruslan Ermilov
November 20, 2014 07:40AM
details: http://hg.nginx.org/nginx/rev/7420068c4d4b
branches:
changeset: 5920:7420068c4d4b
user: Ruslan Ermilov <ru@nginx.com>
date: Thu Nov 20 15:24:40 2014 +0300
description:
Resolver: fixed use-after-free memory access.

In 954867a2f0a6, we switched to using resolver node as the
timer event data, so make sure we do not free resolver node
memory until the corresponding timer is deleted.

diffstat:

src/core/ngx_resolver.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)

diffs (39 lines):

diff -r fddc6bed1e6e -r 7420068c4d4b src/core/ngx_resolver.c
--- a/src/core/ngx_resolver.c Wed Nov 19 21:46:01 2014 +0300
+++ b/src/core/ngx_resolver.c Thu Nov 20 15:24:40 2014 +0300
@@ -1568,8 +1568,6 @@ ngx_resolver_process_a(ngx_resolver_t *r

ngx_rbtree_delete(&r->name_rbtree, &rn->node);

- ngx_resolver_free_node(r, rn);
-
/* unlock name mutex */

while (next) {
@@ -1580,6 +1578,8 @@ ngx_resolver_process_a(ngx_resolver_t *r
ctx->handler(ctx);
}

+ ngx_resolver_free_node(r, rn);
+
return;
}

@@ -2143,8 +2143,6 @@ valid:

ngx_rbtree_delete(tree, &rn->node);

- ngx_resolver_free_node(r, rn);
-
/* unlock addr mutex */

while (next) {
@@ -2155,6 +2153,8 @@ valid:
ctx->handler(ctx);
}

+ ngx_resolver_free_node(r, rn);
+
return;
}


_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] Resolver: fixed use-after-free memory access.

Ruslan Ermilov 578 November 20, 2014 07:40AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 286
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready