Mercurial > hg > nginx
annotate src/core/ngx_list.c @ 5386:2d947c2e3ea1
Core: fix misallocation at ngx_crypt_apr1 (ticket #412).
Found by using auth_basic.t from mdounin nginx-tests under valgrind.
==10470== Invalid write of size 1
==10470== at 0x43603D: ngx_crypt_to64 (ngx_crypt.c:168)
==10470== by 0x43648E: ngx_crypt (ngx_crypt.c:153)
==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470== by 0x456A91: ngx_http_process_request_line (ngx_http_request.c:964)
==10470== by 0x457097: ngx_http_wait_request_handler (ngx_http_request.c:486)
==10470== by 0x4411EE: ngx_epoll_process_events (ngx_epoll_module.c:691)
==10470== Address 0x5866fab is 0 bytes after a block of size 27 alloc'd
==10470== at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==10470== by 0x43B251: ngx_alloc (ngx_alloc.c:22)
==10470== by 0x421B0D: ngx_malloc (ngx_palloc.c:119)
==10470== by 0x421B65: ngx_pnalloc (ngx_palloc.c:147)
==10470== by 0x436368: ngx_crypt (ngx_crypt.c:140)
==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470==
| author | Markus Linnala <Markus.Linnala@cybercom.com> |
|---|---|
| date | Fri, 20 Sep 2013 17:57:21 +0300 |
| parents | a82f305487c2 |
| children |
| rev | line source |
|---|---|
|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
416
diff
changeset
|
1 |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
416
diff
changeset
|
2 /* |
|
444
42d11f017717
nginx-0.1.0-2004-09-29-20:00:49 import; remove years from copyright
Igor Sysoev <igor@sysoev.ru>
parents:
441
diff
changeset
|
3 * Copyright (C) Igor Sysoev |
| 4412 | 4 * Copyright (C) Nginx, Inc. |
|
441
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
416
diff
changeset
|
5 */ |
|
da8c5707af39
nginx-0.1.0-2004-09-28-12:34:51 import; set copyright and remove unused files
Igor Sysoev <igor@sysoev.ru>
parents:
416
diff
changeset
|
6 |
|
414
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
7 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
10 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
11 |
| 766 | 12 ngx_list_t * |
| 13 ngx_list_create(ngx_pool_t *pool, ngx_uint_t n, size_t size) | |
| 14 { | |
| 15 ngx_list_t *list; | |
| 16 | |
| 17 list = ngx_palloc(pool, sizeof(ngx_list_t)); | |
| 18 if (list == NULL) { | |
| 19 return NULL; | |
| 20 } | |
| 21 | |
|
5253
a82f305487c2
Simplified ngx_list_create().
Ruslan Ermilov <ru@nginx.com>
parents:
4412
diff
changeset
|
22 if (ngx_list_init(list, pool, n, size) != NGX_OK) { |
| 766 | 23 return NULL; |
| 24 } | |
| 25 | |
| 26 return list; | |
| 27 } | |
| 28 | |
| 29 | |
| 30 void * | |
| 31 ngx_list_push(ngx_list_t *l) | |
|
414
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
32 { |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
33 void *elt; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
34 ngx_list_part_t *last; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
35 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
36 last = l->last; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
37 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
38 if (last->nelts == l->nalloc) { |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
39 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
40 /* the last part is full, allocate a new list part */ |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
41 |
| 501 | 42 last = ngx_palloc(l->pool, sizeof(ngx_list_part_t)); |
| 43 if (last == NULL) { | |
|
414
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
44 return NULL; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
45 } |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
46 |
| 501 | 47 last->elts = ngx_palloc(l->pool, l->nalloc * l->size); |
| 48 if (last->elts == NULL) { | |
|
414
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
49 return NULL; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
50 } |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
51 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
52 last->nelts = 0; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
53 last->next = NULL; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
54 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
55 l->last->next = last; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
56 l->last = last; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
57 } |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
58 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
59 elt = (char *) last->elts + l->size * last->nelts; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
60 last->nelts++; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
61 |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
62 return elt; |
|
388a842cbbe1
nginx-0.0.10-2004-09-03-19:50:30 import
Igor Sysoev <igor@sysoev.ru>
parents:
diff
changeset
|
63 } |