[nginx] Geo: fixed uninitialized memory access.

Wed, 27 Mar 2024 10:46:54 -0700 

details:   https://hg.nginx.org/nginx/rev/687c8306746f
branches:  
changeset: 9226:687c8306746f
user:      Piotr Sikora <pi...@aviatrix.com>
date:      Thu Mar 14 18:37:20 2024 +0400
description:
Geo: fixed uninitialized memory access.

While copying ngx_http_variable_value_t structures to geo binary base
in ngx_http_geo_copy_values(), and similarly in the stream module,
uninitialized parts of these structures are copied as well.  These
include the "escape" field and possible holes.  Calculating crc32 of
this data triggers uninitialized memory access.

Found with MemorySanitizer.

Signed-off-by: Piotr Sikora <pi...@aviatrix.com>

diffstat:

 src/http/modules/ngx_http_geo_module.c |  4 +---
 src/stream/ngx_stream_geo_module.c     |  4 +---
 2 files changed, 2 insertions(+), 6 deletions(-)

diffs (42 lines):

diff -r 96ff3f8b7e50 -r 687c8306746f src/http/modules/ngx_http_geo_module.c
--- a/src/http/modules/ngx_http_geo_module.c    Fri Mar 22 18:39:50 2024 +0400
+++ b/src/http/modules/ngx_http_geo_module.c    Thu Mar 14 18:37:20 2024 +0400
@@ -1259,7 +1259,7 @@ ngx_http_geo_value(ngx_conf_t *cf, ngx_h
         return gvvn->value;
     }
 
-    val = ngx_palloc(ctx->pool, sizeof(ngx_http_variable_value_t));
+    val = ngx_pcalloc(ctx->pool, sizeof(ngx_http_variable_value_t));
     if (val == NULL) {
         return NULL;
     }
@@ -1271,8 +1271,6 @@ ngx_http_geo_value(ngx_conf_t *cf, ngx_h
     }
 
     val->valid = 1;
-    val->no_cacheable = 0;
-    val->not_found = 0;
 
     gvvn = ngx_palloc(ctx->temp_pool,
                       sizeof(ngx_http_geo_variable_value_node_t));
diff -r 96ff3f8b7e50 -r 687c8306746f src/stream/ngx_stream_geo_module.c
--- a/src/stream/ngx_stream_geo_module.c        Fri Mar 22 18:39:50 2024 +0400
+++ b/src/stream/ngx_stream_geo_module.c        Thu Mar 14 18:37:20 2024 +0400
@@ -1209,7 +1209,7 @@ ngx_stream_geo_value(ngx_conf_t *cf, ngx
         return gvvn->value;
     }
 
-    val = ngx_palloc(ctx->pool, sizeof(ngx_stream_variable_value_t));
+    val = ngx_pcalloc(ctx->pool, sizeof(ngx_stream_variable_value_t));
     if (val == NULL) {
         return NULL;
     }
@@ -1221,8 +1221,6 @@ ngx_stream_geo_value(ngx_conf_t *cf, ngx
     }
 
     val->valid = 1;
-    val->no_cacheable = 0;
-    val->not_found = 0;
 
     gvvn = ngx_palloc(ctx->temp_pool,
                       sizeof(ngx_stream_geo_variable_value_node_t));
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply via email to