comparison src/http/modules/ngx_http_auth_basic_module.c @ 6986:0cdee26605f3

Cleaned up r->headers_out.headers allocation error handling. If initialization of a header failed for some reason after ngx_list_push(), leaving the header as is can result in uninitialized memory access by the header filter or the log module. The fix is to clear partially initialized headers in case of errors. For the Cache-Control header, the fix is to postpone pushing r->headers_out.cache_control until its value is completed.
author Sergey Kandaurov <pluknet@nginx.com>
date Thu, 20 Apr 2017 18:26:37 +0300
parents f01ab2dbcfdc
children 4a670c18e5e6
comparison
equal deleted inserted replaced
6985:23ecffd5bcfe 6986:0cdee26605f3
359 359
360 len = sizeof("Basic realm=\"\"") - 1 + realm->len; 360 len = sizeof("Basic realm=\"\"") - 1 + realm->len;
361 361
362 basic = ngx_pnalloc(r->pool, len); 362 basic = ngx_pnalloc(r->pool, len);
363 if (basic == NULL) { 363 if (basic == NULL) {
364 r->headers_out.www_authenticate->hash = 0;
365 r->headers_out.www_authenticate = NULL;
364 return NGX_HTTP_INTERNAL_SERVER_ERROR; 366 return NGX_HTTP_INTERNAL_SERVER_ERROR;
365 } 367 }
366 368
367 p = ngx_cpymem(basic, "Basic realm=\"", sizeof("Basic realm=\"") - 1); 369 p = ngx_cpymem(basic, "Basic realm=\"", sizeof("Basic realm=\"") - 1);
368 p = ngx_cpymem(p, realm->data, realm->len); 370 p = ngx_cpymem(p, realm->data, realm->len);