Mercurial > hg > nginx
view src/core/ngx_parse.c @ 5386:2d947c2e3ea1
Core: fix misallocation at ngx_crypt_apr1 (ticket #412).
Found by using auth_basic.t from mdounin nginx-tests under valgrind.
==10470== Invalid write of size 1
==10470== at 0x43603D: ngx_crypt_to64 (ngx_crypt.c:168)
==10470== by 0x43648E: ngx_crypt (ngx_crypt.c:153)
==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470== by 0x456A91: ngx_http_process_request_line (ngx_http_request.c:964)
==10470== by 0x457097: ngx_http_wait_request_handler (ngx_http_request.c:486)
==10470== by 0x4411EE: ngx_epoll_process_events (ngx_epoll_module.c:691)
==10470== Address 0x5866fab is 0 bytes after a block of size 27 alloc'd
==10470== at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==10470== by 0x43B251: ngx_alloc (ngx_alloc.c:22)
==10470== by 0x421B0D: ngx_malloc (ngx_palloc.c:119)
==10470== by 0x421B65: ngx_pnalloc (ngx_palloc.c:147)
==10470== by 0x436368: ngx_crypt (ngx_crypt.c:140)
==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470==
author | Markus Linnala <Markus.Linnala@cybercom.com> |
---|---|
date | Fri, 20 Sep 2013 17:57:21 +0300 |
parents | d620f497c50f |
children | 15a15f6ae3a2 |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #include <ngx_config.h> #include <ngx_core.h> ssize_t ngx_parse_size(ngx_str_t *line) { u_char unit; size_t len; ssize_t size; ngx_int_t scale; len = line->len; unit = line->data[len - 1]; switch (unit) { case 'K': case 'k': len--; scale = 1024; break; case 'M': case 'm': len--; scale = 1024 * 1024; break; default: scale = 1; } size = ngx_atosz(line->data, len); if (size == NGX_ERROR) { return NGX_ERROR; } size *= scale; return size; } off_t ngx_parse_offset(ngx_str_t *line) { u_char unit; off_t offset; size_t len; ngx_int_t scale; len = line->len; unit = line->data[len - 1]; switch (unit) { case 'K': case 'k': len--; scale = 1024; break; case 'M': case 'm': len--; scale = 1024 * 1024; break; case 'G': case 'g': len--; scale = 1024 * 1024 * 1024; break; default: scale = 1; } offset = ngx_atoof(line->data, len); if (offset == NGX_ERROR) { return NGX_ERROR; } offset *= scale; return offset; } ngx_int_t ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec) { u_char *p, *last; ngx_int_t value, total, scale; ngx_uint_t max, valid; enum { st_start = 0, st_year, st_month, st_week, st_day, st_hour, st_min, st_sec, st_msec, st_last } step; valid = 0; value = 0; total = 0; step = is_sec ? st_start : st_month; scale = is_sec ? 1 : 1000; p = line->data; last = p + line->len; while (p < last) { if (*p >= '0' && *p <= '9') { value = value * 10 + (*p++ - '0'); valid = 1; continue; } switch (*p++) { case 'y': if (step > st_start) { return NGX_ERROR; } step = st_year; max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 365); scale = 60 * 60 * 24 * 365; break; case 'M': if (step >= st_month) { return NGX_ERROR; } step = st_month; max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 30); scale = 60 * 60 * 24 * 30; break; case 'w': if (step >= st_week) { return NGX_ERROR; } step = st_week; max = NGX_MAX_INT32_VALUE / (60 * 60 * 24 * 7); scale = 60 * 60 * 24 * 7; break; case 'd': if (step >= st_day) { return NGX_ERROR; } step = st_day; max = NGX_MAX_INT32_VALUE / (60 * 60 * 24); scale = 60 * 60 * 24; break; case 'h': if (step >= st_hour) { return NGX_ERROR; } step = st_hour; max = NGX_MAX_INT32_VALUE / (60 * 60); scale = 60 * 60; break; case 'm': if (*p == 's') { if (is_sec || step >= st_msec) { return NGX_ERROR; } p++; step = st_msec; max = NGX_MAX_INT32_VALUE; scale = 1; break; } if (step >= st_min) { return NGX_ERROR; } step = st_min; max = NGX_MAX_INT32_VALUE / 60; scale = 60; break; case 's': if (step >= st_sec) { return NGX_ERROR; } step = st_sec; max = NGX_MAX_INT32_VALUE; scale = 1; break; case ' ': if (step >= st_sec) { return NGX_ERROR; } step = st_last; max = NGX_MAX_INT32_VALUE; scale = 1; break; default: return NGX_ERROR; } if (step != st_msec && !is_sec) { scale *= 1000; max /= 1000; } if ((ngx_uint_t) value > max) { return NGX_ERROR; } total += value * scale; if ((ngx_uint_t) total > NGX_MAX_INT32_VALUE) { return NGX_ERROR; } value = 0; scale = is_sec ? 1 : 1000; while (p < last && *p == ' ') { p++; } } if (valid) { return total + value * scale; } return NGX_ERROR; }