# HG changeset patch # User Piotr Sikora <pi...@aviatrix.com> # Date 1708977619 0 # Mon Feb 26 20:00:19 2024 +0000 # Branch patch004 # Node ID 52936793ac076072c3544aa4e27f973d2f8fecda # Parent 8edb4003177dac56301aed7f86f8d2a564b47552 Correctly initialize ngx_str_t.
Previously, only the "len" field was set, which resulted in an uninitialized "data" field accessed elsewhere in the code. Note that "r->uri" is initialized to an empty string to avoid changing the existing value for "$uri" in case of invalid URI. Found with MemorySanitizer. Signed-off-by: Piotr Sikora <pi...@aviatrix.com> diff -r 8edb4003177d -r 52936793ac07 src/event/ngx_event_openssl.c --- a/src/event/ngx_event_openssl.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/event/ngx_event_openssl.c Mon Feb 26 20:00:19 2024 +0000 @@ -5064,7 +5064,7 @@ n = SSL_get0_raw_cipherlist(c->ssl->connection, &ciphers); if (n <= 0) { - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5116,7 +5116,7 @@ if (SSL_get_shared_ciphers(c->ssl->connection, (char *) buf, 4096) == NULL) { - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5165,7 +5165,7 @@ #endif - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5182,7 +5182,7 @@ n = SSL_get1_curves(c->ssl->connection, NULL); if (n <= 0) { - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5233,7 +5233,7 @@ #else - s->len = 0; + ngx_str_null(s); #endif @@ -5250,7 +5250,7 @@ sess = SSL_get0_session(c->ssl->connection); if (sess == NULL) { - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5285,7 +5285,7 @@ ngx_int_t ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s) { - s->len = 0; + ngx_str_null(s); #ifdef SSL_ERROR_EARLY_DATA_REJECTED @@ -5335,7 +5335,7 @@ #endif - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5365,7 +5365,7 @@ #endif - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5377,10 +5377,9 @@ BIO *bio; X509 *cert; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5433,7 +5432,7 @@ } if (cert.len == 0) { - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5476,7 +5475,7 @@ } if (cert.len == 0) { - s->len = 0; + ngx_str_null(s); return NGX_OK; } @@ -5501,10 +5500,9 @@ X509 *cert; X509_NAME *name; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5555,10 +5553,9 @@ X509 *cert; X509_NAME *name; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5611,10 +5608,9 @@ X509 *cert; X509_NAME *name; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5659,10 +5655,9 @@ X509 *cert; X509_NAME *name; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5705,10 +5700,9 @@ X509 *cert; BIO *bio; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5745,10 +5739,9 @@ unsigned int len; u_char buf[EVP_MAX_MD_SIZE]; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5818,10 +5811,9 @@ X509 *cert; size_t len; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5863,10 +5855,9 @@ X509 *cert; size_t len; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } @@ -5907,10 +5898,9 @@ X509 *cert; time_t now, end; - s->len = 0; - cert = SSL_get_peer_certificate(c->ssl->connection); if (cert == NULL) { + ngx_str_null(s); return NGX_OK; } diff -r 8edb4003177d -r 52936793ac07 src/event/quic/ngx_event_quic_streams.c --- a/src/event/quic/ngx_event_quic_streams.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/event/quic/ngx_event_quic_streams.c Mon Feb 26 20:00:19 2024 +0000 @@ -719,8 +719,7 @@ addr_text.len = c->addr_text.len; } else { - addr_text.len = 0; - addr_text.data = NULL; + ngx_str_null(&addr_text); } reusable = c->reusable; diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_auth_request_module.c --- a/src/http/modules/ngx_http_auth_request_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_auth_request_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -373,9 +373,7 @@ value = cf->args->elts; if (ngx_strcmp(value[1].data, "off") == 0) { - arcf->uri.len = 0; - arcf->uri.data = (u_char *) ""; - + ngx_str_set(&arcf->uri, ""); return NGX_CONF_OK; } diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_autoindex_module.c --- a/src/http/modules/ngx_http_autoindex_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_autoindex_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -816,7 +816,7 @@ ngx_uint_t i; if (ngx_http_arg(r, (u_char *) "callback", 8, callback) != NGX_OK) { - callback->len = 0; + ngx_str_null(callback); return NGX_OK; } diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_charset_filter_module.c --- a/src/http/modules/ngx_http_charset_filter_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_charset_filter_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -437,7 +437,7 @@ charset = lcf->source_charset; if (charset == NGX_HTTP_CHARSET_OFF) { - name->len = 0; + ngx_str_null(name); return charset; } @@ -502,7 +502,7 @@ * use this charset instead of the next page charset */ - r->headers_out.charset.len = 0; + ngx_str_null(&r->headers_out.charset); return; } diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_limit_conn_module.c --- a/src/http/modules/ngx_http_limit_conn_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_limit_conn_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -587,7 +587,7 @@ } size = 0; - name.len = 0; + ngx_str_null(&name); for (i = 2; i < cf->args->nelts; i++) { diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_limit_req_module.c --- a/src/http/modules/ngx_http_limit_req_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_limit_req_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -862,7 +862,7 @@ size = 0; rate = 1; scale = 1; - name.len = 0; + ngx_str_null(&name); for (i = 2; i < cf->args->nelts; i++) { diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_not_modified_filter_module.c --- a/src/http/modules/ngx_http_not_modified_filter_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_not_modified_filter_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -92,8 +92,8 @@ /* not modified */ r->headers_out.status = NGX_HTTP_NOT_MODIFIED; - r->headers_out.status_line.len = 0; - r->headers_out.content_type.len = 0; + ngx_str_null(&r->headers_out.status_line); + ngx_str_null(&r->headers_out.content_type); ngx_http_clear_content_length(r); ngx_http_clear_accept_ranges(r); diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_proxy_module.c --- a/src/http/modules/ngx_http_proxy_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_proxy_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -4223,7 +4223,7 @@ return NGX_CONF_ERROR; } - plcf->location.len = 0; + ngx_str_null(&plcf->location); } plcf->url = *url; diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_range_filter_module.c --- a/src/http/modules/ngx_http_range_filter_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_range_filter_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -232,7 +232,7 @@ ngx_http_set_ctx(r, ctx, ngx_http_range_body_filter_module); r->headers_out.status = NGX_HTTP_PARTIAL_CONTENT; - r->headers_out.status_line.len = 0; + ngx_str_null(&r->headers_out.status_line); if (ctx->ranges.nelts == 1) { return ngx_http_range_singlepart_header(r, ctx); @@ -551,7 +551,7 @@ r->headers_out.content_type_len = r->headers_out.content_type.len; - r->headers_out.charset.len = 0; + ngx_str_null(&r->headers_out.charset); /* the size of the last boundary CRLF "--0123456789--" CRLF */ diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_slice_filter_module.c --- a/src/http/modules/ngx_http_slice_filter_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/ngx_http_slice_filter_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -174,7 +174,7 @@ ctx->active = 1; r->headers_out.status = NGX_HTTP_OK; - r->headers_out.status_line.len = 0; + ngx_str_null(&r->headers_out.status_line); r->headers_out.content_length_n = cr.complete_length; r->headers_out.content_offset = cr.start; r->headers_out.content_range->hash = 0; diff -r 8edb4003177d -r 52936793ac07 src/http/modules/perl/ngx_http_perl_module.c --- a/src/http/modules/perl/ngx_http_perl_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/modules/perl/ngx_http_perl_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -240,11 +240,11 @@ uri = ctx->redirect_uri; } else { - uri.len = 0; + ngx_str_null(&uri); } - ctx->filename.data = NULL; - ctx->redirect_uri.len = 0; + ngx_str_null(&ctx->filename); + ngx_str_null(&ctx->redirect_uri); if (rc == NGX_ERROR) { ngx_http_finalize_request(r, rc); @@ -366,8 +366,8 @@ } ctx->variable = saved; - ctx->filename.data = NULL; - ctx->redirect_uri.len = 0; + ngx_str_null(&ctx->filename); + ngx_str_null(&ctx->redirect_uri); ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "perl variable done"); @@ -469,8 +469,8 @@ } - ctx->filename.data = NULL; - ctx->redirect_uri.len = 0; + ngx_str_null(&ctx->filename); + ngx_str_null(&ctx->redirect_uri); ctx->ssi = NULL; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "perl ssi done"); @@ -793,7 +793,7 @@ return NGX_ERROR; } - ctx->redirect_uri.len = 0; + ngx_str_null(&ctx->redirect_uri); if (ctx->header_sent) { return NGX_ERROR; diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/ngx_http_core_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -1843,7 +1843,7 @@ if (r->err_status) { r->headers_out.status = r->err_status; - r->headers_out.status_line.len = 0; + ngx_str_null(&r->headers_out.status_line); } return ngx_http_top_header_filter(r); diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_file_cache.c --- a/src/http/ngx_http_file_cache.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/ngx_http_file_cache.c Mon Feb 26 20:00:19 2024 +0000 @@ -1290,7 +1290,7 @@ ngx_shmtx_unlock(&cache->shpool->mutex); c->secondary = 1; - c->file.name.len = 0; + ngx_str_null(&c->file.name); c->body_start = c->buffer_size; ngx_memcpy(c->key, c->variant, NGX_HTTP_CACHE_KEY_LEN); @@ -1397,7 +1397,7 @@ ngx_shmtx_unlock(&cache->shpool->mutex); - c->file.name.len = 0; + ngx_str_null(&c->file.name); c->update_variant = 1; ngx_memcpy(c->key, c->main, NGX_HTTP_CACHE_KEY_LEN); @@ -2414,7 +2414,7 @@ manager_sleep = 50; manager_threshold = 200; - name.len = 0; + ngx_str_null(&name); size = 0; max_size = NGX_MAX_OFF_T_VALUE; min_free = 0; diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_parse.c --- a/src/http/ngx_http_parse.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/ngx_http_parse.c Mon Feb 26 20:00:19 2024 +0000 @@ -2133,7 +2133,7 @@ args->data = p; } else { - args->len = 0; + ngx_str_null(args); } } diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/ngx_http_request.c Mon Feb 26 20:00:19 2024 +0000 @@ -1268,7 +1268,7 @@ cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); if (ngx_http_parse_complex_uri(r, cscf->merge_slashes) != NGX_OK) { - r->uri.len = 0; + ngx_str_set(&r->uri, ""); ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "client sent invalid request"); @@ -3774,7 +3774,7 @@ ctx = log->data; ctx->request = NULL; - r->request_line.len = 0; + ngx_str_null(&r->request_line); r->connection->destroyed = 1; diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_script.c --- a/src/http/ngx_http_script.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/ngx_http_script.c Mon Feb 26 20:00:19 2024 +0000 @@ -469,7 +469,7 @@ for (i = 0; i < sc->source->len; /* void */ ) { - name.len = 0; + ngx_str_null(&name); if (sc->source->data[i] == '$') { @@ -1268,7 +1268,7 @@ e->buf.len = e->pos - e->buf.data; if (!code->add_args) { - r->args.len = 0; + ngx_str_null(&r->args); } } diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_special_response.c --- a/src/http/ngx_http_special_response.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/ngx_http_special_response.c Mon Feb 26 20:00:19 2024 +0000 @@ -449,7 +449,7 @@ } } - r->headers_out.content_type.len = 0; + ngx_str_null(&r->headers_out.content_type); clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); diff -r 8edb4003177d -r 52936793ac07 src/http/v3/ngx_http_v3_parse.c --- a/src/http/v3/ngx_http_v3_parse.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/http/v3/ngx_http_v3_parse.c Mon Feb 26 20:00:19 2024 +0000 @@ -1515,7 +1515,7 @@ st->literal.length = st->pint.value; if (st->literal.length == 0) { - st->value.len = 0; + ngx_str_null(&st->value); goto done; } @@ -1634,7 +1634,7 @@ st->literal.length = st->pint.value; if (st->literal.length == 0) { - st->value.len = 0; + ngx_str_null(&st->value); goto done; } diff -r 8edb4003177d -r 52936793ac07 src/mail/ngx_mail_imap_handler.c --- a/src/mail/ngx_mail_imap_handler.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/mail/ngx_mail_imap_handler.c Mon Feb 26 20:00:19 2024 +0000 @@ -149,7 +149,7 @@ } tag = 1; - s->text.len = 0; + ngx_str_null(&s->text); ngx_str_set(&s->out, imap_ok); if (rc == NGX_OK) { @@ -287,7 +287,7 @@ s->buffer->last = s->buffer->start; } - s->tag.len = 0; + ngx_str_null(&s->tag); } } diff -r 8edb4003177d -r 52936793ac07 src/mail/ngx_mail_proxy_module.c --- a/src/mail/ngx_mail_proxy_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/mail/ngx_mail_proxy_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -178,7 +178,7 @@ s->proxy->proxy_protocol = pcf->proxy_protocol; - s->out.len = 0; + ngx_str_null(&s->out); switch (s->protocol) { diff -r 8edb4003177d -r 52936793ac07 src/stream/ngx_stream_limit_conn_module.c --- a/src/stream/ngx_stream_limit_conn_module.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/stream/ngx_stream_limit_conn_module.c Mon Feb 26 20:00:19 2024 +0000 @@ -566,7 +566,7 @@ } size = 0; - name.len = 0; + ngx_str_null(&name); for (i = 2; i < cf->args->nelts; i++) { diff -r 8edb4003177d -r 52936793ac07 src/stream/ngx_stream_script.c --- a/src/stream/ngx_stream_script.c Mon Feb 26 20:00:18 2024 +0000 +++ b/src/stream/ngx_stream_script.c Mon Feb 26 20:00:19 2024 +0000 @@ -373,7 +373,7 @@ for (i = 0; i < sc->source->len; /* void */ ) { - name.len = 0; + ngx_str_null(&name); if (sc->source->data[i] == '$') { _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel