Sergey Kandaurov
March 27, 2024 01:48PM
details: https://hg.nginx.org/nginx/rev/687c8306746f
branches:
changeset: 9226:687c8306746f
user: Piotr Sikora <piotr@aviatrix.com>
date: Thu Mar 14 18:37:20 2024 +0400
description:
Geo: fixed uninitialized memory access.

While copying ngx_http_variable_value_t structures to geo binary base
in ngx_http_geo_copy_values(), and similarly in the stream module,
uninitialized parts of these structures are copied as well. These
include the "escape" field and possible holes. Calculating crc32 of
this data triggers uninitialized memory access.

Found with MemorySanitizer.

Signed-off-by: Piotr Sikora <piotr@aviatrix.com>

diffstat:

src/http/modules/ngx_http_geo_module.c | 4 +---
src/stream/ngx_stream_geo_module.c | 4 +---
2 files changed, 2 insertions(+), 6 deletions(-)

diffs (42 lines):

diff -r 96ff3f8b7e50 -r 687c8306746f src/http/modules/ngx_http_geo_module.c
--- a/src/http/modules/ngx_http_geo_module.c Fri Mar 22 18:39:50 2024 +0400
+++ b/src/http/modules/ngx_http_geo_module.c Thu Mar 14 18:37:20 2024 +0400
@@ -1259,7 +1259,7 @@ ngx_http_geo_value(ngx_conf_t *cf, ngx_h
return gvvn->value;
}

- val = ngx_palloc(ctx->pool, sizeof(ngx_http_variable_value_t));
+ val = ngx_pcalloc(ctx->pool, sizeof(ngx_http_variable_value_t));
if (val == NULL) {
return NULL;
}
@@ -1271,8 +1271,6 @@ ngx_http_geo_value(ngx_conf_t *cf, ngx_h
}

val->valid = 1;
- val->no_cacheable = 0;
- val->not_found = 0;

gvvn = ngx_palloc(ctx->temp_pool,
sizeof(ngx_http_geo_variable_value_node_t));
diff -r 96ff3f8b7e50 -r 687c8306746f src/stream/ngx_stream_geo_module.c
--- a/src/stream/ngx_stream_geo_module.c Fri Mar 22 18:39:50 2024 +0400
+++ b/src/stream/ngx_stream_geo_module.c Thu Mar 14 18:37:20 2024 +0400
@@ -1209,7 +1209,7 @@ ngx_stream_geo_value(ngx_conf_t *cf, ngx
return gvvn->value;
}

- val = ngx_palloc(ctx->pool, sizeof(ngx_stream_variable_value_t));
+ val = ngx_pcalloc(ctx->pool, sizeof(ngx_stream_variable_value_t));
if (val == NULL) {
return NULL;
}
@@ -1221,8 +1221,6 @@ ngx_stream_geo_value(ngx_conf_t *cf, ngx
}

val->valid = 1;
- val->no_cacheable = 0;
- val->not_found = 0;

gvvn = ngx_palloc(ctx->temp_pool,
sizeof(ngx_stream_geo_variable_value_node_t));
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] Geo: fixed uninitialized memory access.

Sergey Kandaurov 209 March 27, 2024 01:48PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 120
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready