Mercurial > hg > nginx
comparison src/http/ngx_http_spdy.c @ 5518:ec9e9da4c1fb
SPDY: fixed possible uninitialized memory access.
The frame->stream pointer should always be initialized for control frames since
the check against it can be performed in ngx_http_spdy_filter_cleanup().
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Wed, 15 Jan 2014 17:16:38 +0400 |
parents | 3ff29c30effb |
children | 22c249dac7c1 |
comparison
equal
deleted
inserted
replaced
5517:9d1479234f3c | 5518:ec9e9da4c1fb |
---|---|
1631 cl->next = NULL; | 1631 cl->next = NULL; |
1632 | 1632 |
1633 frame->first = cl; | 1633 frame->first = cl; |
1634 frame->last = cl; | 1634 frame->last = cl; |
1635 frame->handler = ngx_http_spdy_settings_frame_handler; | 1635 frame->handler = ngx_http_spdy_settings_frame_handler; |
1636 frame->stream = NULL; | |
1636 #if (NGX_DEBUG) | 1637 #if (NGX_DEBUG) |
1637 frame->stream = NULL; | |
1638 frame->size = NGX_SPDY_FRAME_HEADER_SIZE | 1638 frame->size = NGX_SPDY_FRAME_HEADER_SIZE |
1639 + NGX_SPDY_SETTINGS_NUM_SIZE | 1639 + NGX_SPDY_SETTINGS_NUM_SIZE |
1640 + NGX_SPDY_SETTINGS_PAIR_SIZE; | 1640 + NGX_SPDY_SETTINGS_PAIR_SIZE; |
1641 #endif | 1641 #endif |
1642 frame->priority = NGX_SPDY_HIGHEST_PRIORITY; | 1642 frame->priority = NGX_SPDY_HIGHEST_PRIORITY; |
1720 cl->buf->last_buf = 1; | 1720 cl->buf->last_buf = 1; |
1721 | 1721 |
1722 frame->first = cl; | 1722 frame->first = cl; |
1723 frame->last = cl; | 1723 frame->last = cl; |
1724 frame->handler = ngx_http_spdy_ctl_frame_handler; | 1724 frame->handler = ngx_http_spdy_ctl_frame_handler; |
1725 frame->stream = NULL; | |
1725 } | 1726 } |
1726 | 1727 |
1727 frame->free = NULL; | 1728 frame->free = NULL; |
1728 | 1729 |
1729 #if (NGX_DEBUG) | 1730 #if (NGX_DEBUG) |
1731 ngx_log_error(NGX_LOG_ALERT, sc->pool->log, 0, | 1732 ngx_log_error(NGX_LOG_ALERT, sc->pool->log, 0, |
1732 "requested control frame is too big: %uz", size); | 1733 "requested control frame is too big: %uz", size); |
1733 return NULL; | 1734 return NULL; |
1734 } | 1735 } |
1735 | 1736 |
1736 frame->stream = NULL; | |
1737 frame->size = size; | 1737 frame->size = size; |
1738 #endif | 1738 #endif |
1739 | 1739 |
1740 frame->priority = priority; | 1740 frame->priority = priority; |
1741 frame->blocked = 0; | 1741 frame->blocked = 0; |