details: http://hg.nginx.org/nginx/rev/ec9e9da4c1fb
branches:
changeset: 5518:ec9e9da4c1fb
user: Valentin Bartenev <vb...@nginx.com>
date: Wed Jan 15 17:16:38 2014 +0400
description:
SPDY: fixed possible uninitialized memory access.
The frame->stream pointer should always be initialized for control frames since
the check against it can be performed in ngx_http_spdy_filter_cleanup().
diffstat:
src/http/ngx_http_spdy.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diffs (29 lines):
diff -r 9d1479234f3c -r ec9e9da4c1fb src/http/ngx_http_spdy.c
--- a/src/http/ngx_http_spdy.c Wed Jan 15 13:23:31 2014 +0400
+++ b/src/http/ngx_http_spdy.c Wed Jan 15 17:16:38 2014 +0400
@@ -1633,8 +1633,8 @@ ngx_http_spdy_send_settings(ngx_http_spd
frame->first = cl;
frame->last = cl;
frame->handler = ngx_http_spdy_settings_frame_handler;
+ frame->stream = NULL;
#if (NGX_DEBUG)
- frame->stream = NULL;
frame->size = NGX_SPDY_FRAME_HEADER_SIZE
+ NGX_SPDY_SETTINGS_NUM_SIZE
+ NGX_SPDY_SETTINGS_PAIR_SIZE;
@@ -1722,6 +1722,7 @@ ngx_http_spdy_get_ctl_frame(ngx_http_spd
frame->first = cl;
frame->last = cl;
frame->handler = ngx_http_spdy_ctl_frame_handler;
+ frame->stream = NULL;
}
frame->free = NULL;
@@ -1733,7 +1734,6 @@ ngx_http_spdy_get_ctl_frame(ngx_http_spd
return NULL;
}
- frame->stream = NULL;
frame->size = size;
#endif
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
