Mercurial > hg > nginx-quic
changeset 8596:1f7f98638dc2 quic
QUIC: fixed null pointer dereference in MAX_DATA handler.
If a MAX_DATA frame was received before any stream was created, then the worker
process would crash in nginx_quic_handle_max_data_frame() while traversing the
stream tree. The issue is solved by adding a check that makes sure the tree is
not empty.
author | Mariano Di Martino <mariano.dimartino@uhasselt.be> |
---|---|
date | Fri, 03 Sep 2021 14:23:50 +0300 |
parents | 4d871baeacd2 |
children | 486c6a9be111 |
files | src/event/quic/ngx_event_quic_streams.c |
diffstat | 1 files changed, 3 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/event/quic/ngx_event_quic_streams.c +++ b/src/event/quic/ngx_event_quic_streams.c @@ -1000,7 +1000,9 @@ ngx_quic_handle_max_data_frame(ngx_conne return NGX_OK; } - if (qc->streams.sent >= qc->streams.send_max_data) { + if (tree->root != tree->sentinel + && qc->streams.sent >= qc->streams.send_max_data) + { for (node = ngx_rbtree_min(tree->root, tree->sentinel); node;