Mercurial > hg > nginx
view src/http/ngx_http_script.h @ 5386:2d947c2e3ea1
Core: fix misallocation at ngx_crypt_apr1 (ticket #412).
Found by using auth_basic.t from mdounin nginx-tests under valgrind.
==10470== Invalid write of size 1
==10470== at 0x43603D: ngx_crypt_to64 (ngx_crypt.c:168)
==10470== by 0x43648E: ngx_crypt (ngx_crypt.c:153)
==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470== by 0x456A91: ngx_http_process_request_line (ngx_http_request.c:964)
==10470== by 0x457097: ngx_http_wait_request_handler (ngx_http_request.c:486)
==10470== by 0x4411EE: ngx_epoll_process_events (ngx_epoll_module.c:691)
==10470== Address 0x5866fab is 0 bytes after a block of size 27 alloc'd
==10470== at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==10470== by 0x43B251: ngx_alloc (ngx_alloc.c:22)
==10470== by 0x421B0D: ngx_malloc (ngx_palloc.c:119)
==10470== by 0x421B65: ngx_pnalloc (ngx_palloc.c:147)
==10470== by 0x436368: ngx_crypt (ngx_crypt.c:140)
==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470==
author | Markus Linnala <Markus.Linnala@cybercom.com> |
---|---|
date | Fri, 20 Sep 2013 17:57:21 +0300 |
parents | d620f497c50f |
children | e4590dfd97ff |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_HTTP_SCRIPT_H_INCLUDED_ #define _NGX_HTTP_SCRIPT_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_http.h> typedef struct { u_char *ip; u_char *pos; ngx_http_variable_value_t *sp; ngx_str_t buf; ngx_str_t line; /* the start of the rewritten arguments */ u_char *args; unsigned flushed:1; unsigned skip:1; unsigned quote:1; unsigned is_args:1; unsigned log:1; ngx_int_t status; ngx_http_request_t *request; } ngx_http_script_engine_t; typedef struct { ngx_conf_t *cf; ngx_str_t *source; ngx_array_t **flushes; ngx_array_t **lengths; ngx_array_t **values; ngx_uint_t variables; ngx_uint_t ncaptures; ngx_uint_t captures_mask; ngx_uint_t size; void *main; unsigned compile_args:1; unsigned complete_lengths:1; unsigned complete_values:1; unsigned zero:1; unsigned conf_prefix:1; unsigned root_prefix:1; unsigned dup_capture:1; unsigned args:1; } ngx_http_script_compile_t; typedef struct { ngx_str_t value; ngx_uint_t *flushes; void *lengths; void *values; } ngx_http_complex_value_t; typedef struct { ngx_conf_t *cf; ngx_str_t *value; ngx_http_complex_value_t *complex_value; unsigned zero:1; unsigned conf_prefix:1; unsigned root_prefix:1; } ngx_http_compile_complex_value_t; typedef void (*ngx_http_script_code_pt) (ngx_http_script_engine_t *e); typedef size_t (*ngx_http_script_len_code_pt) (ngx_http_script_engine_t *e); typedef struct { ngx_http_script_code_pt code; uintptr_t len; } ngx_http_script_copy_code_t; typedef struct { ngx_http_script_code_pt code; uintptr_t index; } ngx_http_script_var_code_t; typedef struct { ngx_http_script_code_pt code; ngx_http_set_variable_pt handler; uintptr_t data; } ngx_http_script_var_handler_code_t; typedef struct { ngx_http_script_code_pt code; uintptr_t n; } ngx_http_script_copy_capture_code_t; #if (NGX_PCRE) typedef struct { ngx_http_script_code_pt code; ngx_http_regex_t *regex; ngx_array_t *lengths; uintptr_t size; uintptr_t status; uintptr_t next; uintptr_t test:1; uintptr_t negative_test:1; uintptr_t uri:1; uintptr_t args:1; /* add the r->args to the new arguments */ uintptr_t add_args:1; uintptr_t redirect:1; uintptr_t break_cycle:1; ngx_str_t name; } ngx_http_script_regex_code_t; typedef struct { ngx_http_script_code_pt code; uintptr_t uri:1; uintptr_t args:1; /* add the r->args to the new arguments */ uintptr_t add_args:1; uintptr_t redirect:1; } ngx_http_script_regex_end_code_t; #endif typedef struct { ngx_http_script_code_pt code; uintptr_t conf_prefix; } ngx_http_script_full_name_code_t; typedef struct { ngx_http_script_code_pt code; uintptr_t status; ngx_http_complex_value_t text; } ngx_http_script_return_code_t; typedef enum { ngx_http_script_file_plain = 0, ngx_http_script_file_not_plain, ngx_http_script_file_dir, ngx_http_script_file_not_dir, ngx_http_script_file_exists, ngx_http_script_file_not_exists, ngx_http_script_file_exec, ngx_http_script_file_not_exec } ngx_http_script_file_op_e; typedef struct { ngx_http_script_code_pt code; uintptr_t op; } ngx_http_script_file_code_t; typedef struct { ngx_http_script_code_pt code; uintptr_t next; void **loc_conf; } ngx_http_script_if_code_t; typedef struct { ngx_http_script_code_pt code; ngx_array_t *lengths; } ngx_http_script_complex_value_code_t; typedef struct { ngx_http_script_code_pt code; uintptr_t value; uintptr_t text_len; uintptr_t text_data; } ngx_http_script_value_code_t; void ngx_http_script_flush_complex_value(ngx_http_request_t *r, ngx_http_complex_value_t *val); ngx_int_t ngx_http_complex_value(ngx_http_request_t *r, ngx_http_complex_value_t *val, ngx_str_t *value); ngx_int_t ngx_http_compile_complex_value(ngx_http_compile_complex_value_t *ccv); char *ngx_http_set_complex_value_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); ngx_int_t ngx_http_test_predicates(ngx_http_request_t *r, ngx_array_t *predicates); char *ngx_http_set_predicate_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); ngx_uint_t ngx_http_script_variables_count(ngx_str_t *value); ngx_int_t ngx_http_script_compile(ngx_http_script_compile_t *sc); u_char *ngx_http_script_run(ngx_http_request_t *r, ngx_str_t *value, void *code_lengths, size_t reserved, void *code_values); void ngx_http_script_flush_no_cacheable_variables(ngx_http_request_t *r, ngx_array_t *indices); void *ngx_http_script_start_code(ngx_pool_t *pool, ngx_array_t **codes, size_t size); void *ngx_http_script_add_code(ngx_array_t *codes, size_t size, void *code); size_t ngx_http_script_copy_len_code(ngx_http_script_engine_t *e); void ngx_http_script_copy_code(ngx_http_script_engine_t *e); size_t ngx_http_script_copy_var_len_code(ngx_http_script_engine_t *e); void ngx_http_script_copy_var_code(ngx_http_script_engine_t *e); size_t ngx_http_script_copy_capture_len_code(ngx_http_script_engine_t *e); void ngx_http_script_copy_capture_code(ngx_http_script_engine_t *e); size_t ngx_http_script_mark_args_code(ngx_http_script_engine_t *e); void ngx_http_script_start_args_code(ngx_http_script_engine_t *e); #if (NGX_PCRE) void ngx_http_script_regex_start_code(ngx_http_script_engine_t *e); void ngx_http_script_regex_end_code(ngx_http_script_engine_t *e); #endif void ngx_http_script_return_code(ngx_http_script_engine_t *e); void ngx_http_script_break_code(ngx_http_script_engine_t *e); void ngx_http_script_if_code(ngx_http_script_engine_t *e); void ngx_http_script_equal_code(ngx_http_script_engine_t *e); void ngx_http_script_not_equal_code(ngx_http_script_engine_t *e); void ngx_http_script_file_code(ngx_http_script_engine_t *e); void ngx_http_script_complex_value_code(ngx_http_script_engine_t *e); void ngx_http_script_value_code(ngx_http_script_engine_t *e); void ngx_http_script_set_var_code(ngx_http_script_engine_t *e); void ngx_http_script_var_set_handler_code(ngx_http_script_engine_t *e); void ngx_http_script_var_code(ngx_http_script_engine_t *e); void ngx_http_script_nop_code(ngx_http_script_engine_t *e); #endif /* _NGX_HTTP_SCRIPT_H_INCLUDED_ */