nginx: src/http/ngx_http_spdy.c comparison

comparison src/http/ngx_http_spdy.c @ 5518:ec9e9da4c1fb

SPDY: fixed possible uninitialized memory access. The frame->stream pointer should always be initialized for control frames since the check against it can be performed in ngx_http_spdy_filter_cleanup().

author	Valentin Bartenev <vbart@nginx.com>
date	Wed, 15 Jan 2014 17:16:38 +0400
parents	3ff29c30effb
children	22c249dac7c1

comparison

equal deleted inserted replaced

-:9d1479234f3c
+:ec9e9da4c1fb
 cl->next = NULL;
 frame->first = cl;
 frame->last = cl;
 frame->handler = ngx_http_spdy_settings_frame_handler;
+frame->stream = NULL;
 #if (NGX_DEBUG)
-frame->stream = NULL;
 frame->size = NGX_SPDY_FRAME_HEADER_SIZE
 + NGX_SPDY_SETTINGS_NUM_SIZE
 + NGX_SPDY_SETTINGS_PAIR_SIZE;
 #endif
 frame->priority = NGX_SPDY_HIGHEST_PRIORITY;
 cl->buf->last_buf = 1;
 frame->first = cl;
 frame->last = cl;
 frame->handler = ngx_http_spdy_ctl_frame_handler;
+frame->stream = NULL;
 }
 frame->free = NULL;
 #if (NGX_DEBUG)
 ngx_log_error(NGX_LOG_ALERT, sc->pool->log, 0,
 "requested control frame is too big: %uz", size);
 return NULL;
 }
-frame->stream = NULL;
 frame->size = size;
 #endif
 frame->priority = priority;
 frame->blocked = 0;

Mercurial > hg > nginx

comparison src/http/ngx_http_spdy.c @ 5518:ec9e9da4c1fb