[nginx] Upstream: fixed u->headers_in.headers allocation error handling.

Thu, 18 May 2017 04:36:24 -0700 

details:   http://hg.nginx.org/nginx/rev/08537eab4f23
branches:  
changeset: 7001:08537eab4f23
user:      Sergey Kandaurov <pluk...@nginx.com>
date:      Thu May 18 14:17:00 2017 +0300
description:
Upstream: fixed u->headers_in.headers allocation error handling.

Previously, an allocation error resulted in uninitialized memory access
when evaluating $upstream_http_ variables.

On a related note, see r->headers_out.headers cleanup work in 0cdee26605f3.

diffstat:

 src/http/modules/ngx_http_fastcgi_module.c |  3 +++
 src/http/modules/ngx_http_proxy_module.c   |  1 +
 src/http/modules/ngx_http_scgi_module.c    |  1 +
 src/http/modules/ngx_http_uwsgi_module.c   |  1 +
 4 files changed, 6 insertions(+), 0 deletions(-)

diffs (60 lines):

diff -r d8e8ced78e77 -r 08537eab4f23 src/http/modules/ngx_http_fastcgi_module.c
--- a/src/http/modules/ngx_http_fastcgi_module.c        Mon May 15 20:09:44 
2017 +0300
+++ b/src/http/modules/ngx_http_fastcgi_module.c        Thu May 18 14:17:00 
2017 +0300
@@ -1878,6 +1878,7 @@ ngx_http_fastcgi_process_header(ngx_http
 
                     p = ngx_pnalloc(r->pool, size);
                     if (p == NULL) {
+                        h->hash = 0;
                         return NGX_ERROR;
                     }
 
@@ -1900,6 +1901,7 @@ ngx_http_fastcgi_process_header(ngx_http
                         ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0,
                                       "invalid header after joining "
                                       "FastCGI records");
+                        h->hash = 0;
                         return NGX_ERROR;
                     }
 
@@ -1925,6 +1927,7 @@ ngx_http_fastcgi_process_header(ngx_http
                                               h->key.len + 1 + h->value.len + 1
                                               + h->key.len);
                     if (h->key.data == NULL) {
+                        h->hash = 0;
                         return NGX_ERROR;
                     }
 
diff -r d8e8ced78e77 -r 08537eab4f23 src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c  Mon May 15 20:09:44 2017 +0300
+++ b/src/http/modules/ngx_http_proxy_module.c  Thu May 18 14:17:00 2017 +0300
@@ -1798,6 +1798,7 @@ ngx_http_proxy_process_header(ngx_http_r
             h->key.data = ngx_pnalloc(r->pool,
                                h->key.len + 1 + h->value.len + 1 + h->key.len);
             if (h->key.data == NULL) {
+                h->hash = 0;
                 return NGX_ERROR;
             }
 
diff -r d8e8ced78e77 -r 08537eab4f23 src/http/modules/ngx_http_scgi_module.c
--- a/src/http/modules/ngx_http_scgi_module.c   Mon May 15 20:09:44 2017 +0300
+++ b/src/http/modules/ngx_http_scgi_module.c   Thu May 18 14:17:00 2017 +0300
@@ -1040,6 +1040,7 @@ ngx_http_scgi_process_header(ngx_http_re
                                       h->key.len + 1 + h->value.len + 1
                                       + h->key.len);
             if (h->key.data == NULL) {
+                h->hash = 0;
                 return NGX_ERROR;
             }
 
diff -r d8e8ced78e77 -r 08537eab4f23 src/http/modules/ngx_http_uwsgi_module.c
--- a/src/http/modules/ngx_http_uwsgi_module.c  Mon May 15 20:09:44 2017 +0300
+++ b/src/http/modules/ngx_http_uwsgi_module.c  Thu May 18 14:17:00 2017 +0300
@@ -1244,6 +1244,7 @@ ngx_http_uwsgi_process_header(ngx_http_r
                                       h->key.len + 1 + h->value.len + 1
                                       + h->key.len);
             if (h->key.data == NULL) {
+                h->hash = 0;
                 return NGX_ERROR;
             }
 
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply via email to