Welcome! Log In Create A New Profile

Advanced

[nginx] HTTP/2: fixed null pointer dereference with server push.

Previous Message Next Message
Forum List Message List New Topic Print View
ru@nginx.com
February 12, 2018 04:18AM
details: http://hg.nginx.org/nginx/rev/8b0553239592
branches:
changeset: 7203:8b0553239592
user: Ruslan Ermilov <ru@nginx.com>
date: Fri Feb 09 23:20:08 2018 +0300
description:
HTTP/2: fixed null pointer dereference with server push.

r->headers_in.host can be NULL in ngx_http_v2_push_resource().

This happens when a request is terminated with 400 before the :authority
or Host header is parsed, and either pushing is enabled on the server{}
level or error_page 400 redirects to a location with pushes configured.

Found by Coverity (CID 1429156).

diffstat:

src/http/v2/ngx_http_v2_filter_module.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)

diffs (16 lines):

diff -r a49af443656f -r 8b0553239592 src/http/v2/ngx_http_v2_filter_module.c
--- a/src/http/v2/ngx_http_v2_filter_module.c Thu Feb 08 12:11:30 2018 +0300
+++ b/src/http/v2/ngx_http_v2_filter_module.c Fri Feb 09 23:20:08 2018 +0300
@@ -946,7 +946,11 @@ ngx_http_v2_push_resource(ngx_http_reque

host = r->headers_in.host;

- if (authority->len == 0 && host) {
+ if (host == NULL) {
+ return NGX_ABORT;
+ }
+
+ if (authority->len == 0) {

len = 1 + NGX_HTTP_V2_INT_OCTETS + host->value.len;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[nginx] HTTP/2: fixed null pointer dereference with server push.

ru@nginx.com 710 February 12, 2018 04:18AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 317
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready