Mercurial > hg > nginx
comparison src/http/modules/ngx_http_headers_filter_module.c @ 6986:0cdee26605f3
Cleaned up r->headers_out.headers allocation error handling.
If initialization of a header failed for some reason after ngx_list_push(),
leaving the header as is can result in uninitialized memory access by
the header filter or the log module. The fix is to clear partially
initialized headers in case of errors.
For the Cache-Control header, the fix is to postpone pushing
r->headers_out.cache_control until its value is completed.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 20 Apr 2017 18:26:37 +0300 |
parents | be5cfa918bfc |
children | 057ec63be834 |
comparison
equal
deleted
inserted
replaced
6985:23ecffd5bcfe | 6986:0cdee26605f3 |
---|---|
269 != NGX_OK) | 269 != NGX_OK) |
270 { | 270 { |
271 return NGX_ERROR; | 271 return NGX_ERROR; |
272 } | 272 } |
273 | 273 |
274 cc = ngx_list_push(&r->headers_out.headers); | |
275 if (cc == NULL) { | |
276 return NGX_ERROR; | |
277 } | |
278 | |
279 cc->hash = 1; | |
280 ngx_str_set(&cc->key, "Cache-Control"); | |
281 | |
274 ccp = ngx_array_push(&r->headers_out.cache_control); | 282 ccp = ngx_array_push(&r->headers_out.cache_control); |
275 if (ccp == NULL) { | 283 if (ccp == NULL) { |
276 return NGX_ERROR; | 284 return NGX_ERROR; |
277 } | 285 } |
278 | 286 |
279 cc = ngx_list_push(&r->headers_out.headers); | |
280 if (cc == NULL) { | |
281 return NGX_ERROR; | |
282 } | |
283 | |
284 cc->hash = 1; | |
285 ngx_str_set(&cc->key, "Cache-Control"); | |
286 *ccp = cc; | 287 *ccp = cc; |
287 | 288 |
288 } else { | 289 } else { |
289 for (i = 1; i < r->headers_out.cache_control.nelts; i++) { | 290 for (i = 1; i < r->headers_out.cache_control.nelts; i++) { |
290 ccp[i]->hash = 0; | 291 ccp[i]->hash = 0; |
468 { | 469 { |
469 return NGX_ERROR; | 470 return NGX_ERROR; |
470 } | 471 } |
471 } | 472 } |
472 | 473 |
474 cc = ngx_list_push(&r->headers_out.headers); | |
475 if (cc == NULL) { | |
476 return NGX_ERROR; | |
477 } | |
478 | |
479 cc->hash = 1; | |
480 ngx_str_set(&cc->key, "Cache-Control"); | |
481 cc->value = *value; | |
482 | |
473 ccp = ngx_array_push(&r->headers_out.cache_control); | 483 ccp = ngx_array_push(&r->headers_out.cache_control); |
474 if (ccp == NULL) { | 484 if (ccp == NULL) { |
475 return NGX_ERROR; | 485 return NGX_ERROR; |
476 } | 486 } |
477 | |
478 cc = ngx_list_push(&r->headers_out.headers); | |
479 if (cc == NULL) { | |
480 return NGX_ERROR; | |
481 } | |
482 | |
483 cc->hash = 1; | |
484 ngx_str_set(&cc->key, "Cache-Control"); | |
485 cc->value = *value; | |
486 | 487 |
487 *ccp = cc; | 488 *ccp = cc; |
488 | 489 |
489 return NGX_OK; | 490 return NGX_OK; |
490 } | 491 } |