nginx: src/http/modules/ngx_http_headers_filter

comparison src/http/modules/ngx_http_headers_filter_module.c @ 6986:0cdee26605f3

Cleaned up r->headers_out.headers allocation error handling. If initialization of a header failed for some reason after ngx_list_push(), leaving the header as is can result in uninitialized memory access by the header filter or the log module. The fix is to clear partially initialized headers in case of errors. For the Cache-Control header, the fix is to postpone pushing r->headers_out.cache_control until its value is completed.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Thu, 20 Apr 2017 18:26:37 +0300
parents	be5cfa918bfc
children	057ec63be834

comparison

equal deleted inserted replaced

-:23ecffd5bcfe
+:0cdee26605f3
 != NGX_OK)
 {
 return NGX_ERROR;
 }
+cc = ngx_list_push(&r->headers_out.headers);
+if (cc == NULL) {
+return NGX_ERROR;
+}
+cc->hash = 1;
+ngx_str_set(&cc->key, "Cache-Control");
 ccp = ngx_array_push(&r->headers_out.cache_control);
 if (ccp == NULL) {
 return NGX_ERROR;
 }
-cc = ngx_list_push(&r->headers_out.headers);
-if (cc == NULL) {
-return NGX_ERROR;
-}
-cc->hash = 1;
-ngx_str_set(&cc->key, "Cache-Control");
 *ccp = cc;
 } else {
 for (i = 1; i < r->headers_out.cache_control.nelts; i++) {
 ccp[i]->hash = 0;
 {
 return NGX_ERROR;
 }
 }
+cc = ngx_list_push(&r->headers_out.headers);
+if (cc == NULL) {
+return NGX_ERROR;
+}
+cc->hash = 1;
+ngx_str_set(&cc->key, "Cache-Control");
+cc->value = *value;
 ccp = ngx_array_push(&r->headers_out.cache_control);
 if (ccp == NULL) {
 return NGX_ERROR;
 }
-cc = ngx_list_push(&r->headers_out.headers);
-if (cc == NULL) {
-return NGX_ERROR;
-}
-cc->hash = 1;
-ngx_str_set(&cc->key, "Cache-Control");
-cc->value = *value;
 *ccp = cc;
 return NGX_OK;
 }

Mercurial > hg > nginx

comparison src/http/modules/ngx_http_headers_filter_module.c @ 6986:0cdee26605f3