Mercurial > hg > nginx
view src/os/win32/ngx_udp_wsarecv.c @ 5386:2d947c2e3ea1
Core: fix misallocation at ngx_crypt_apr1 (ticket #412).
Found by using auth_basic.t from mdounin nginx-tests under valgrind.
==10470== Invalid write of size 1
==10470== at 0x43603D: ngx_crypt_to64 (ngx_crypt.c:168)
==10470== by 0x43648E: ngx_crypt (ngx_crypt.c:153)
==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470== by 0x456A91: ngx_http_process_request_line (ngx_http_request.c:964)
==10470== by 0x457097: ngx_http_wait_request_handler (ngx_http_request.c:486)
==10470== by 0x4411EE: ngx_epoll_process_events (ngx_epoll_module.c:691)
==10470== Address 0x5866fab is 0 bytes after a block of size 27 alloc'd
==10470== at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==10470== by 0x43B251: ngx_alloc (ngx_alloc.c:22)
==10470== by 0x421B0D: ngx_malloc (ngx_palloc.c:119)
==10470== by 0x421B65: ngx_pnalloc (ngx_palloc.c:147)
==10470== by 0x436368: ngx_crypt (ngx_crypt.c:140)
==10470== by 0x489D8B: ngx_http_auth_basic_crypt_handler (ngx_http_auth_basic_module.c:297)
==10470== by 0x48A24A: ngx_http_auth_basic_handler (ngx_http_auth_basic_module.c:240)
==10470== by 0x44EAB9: ngx_http_core_access_phase (ngx_http_core_module.c:1121)
==10470== by 0x44A822: ngx_http_core_run_phases (ngx_http_core_module.c:895)
==10470== by 0x44A932: ngx_http_handler (ngx_http_core_module.c:878)
==10470== by 0x455EEF: ngx_http_process_request (ngx_http_request.c:1852)
==10470== by 0x456527: ngx_http_process_request_headers (ngx_http_request.c:1283)
==10470==
author | Markus Linnala <Markus.Linnala@cybercom.com> |
---|---|
date | Fri, 20 Sep 2013 17:57:21 +0300 |
parents | d620f497c50f |
children |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #include <ngx_config.h> #include <ngx_core.h> #include <ngx_event.h> ssize_t ngx_udp_wsarecv(ngx_connection_t *c, u_char *buf, size_t size) { int rc; u_long bytes, flags; WSABUF wsabuf[1]; ngx_err_t err; ngx_event_t *rev; wsabuf[0].buf = (char *) buf; wsabuf[0].len = size; flags = 0; bytes = 0; rc = WSARecv(c->fd, wsabuf, 1, &bytes, &flags, NULL, NULL); ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, "WSARecv: fd:%d rc:%d %ul of %z", c->fd, rc, bytes, size); rev = c->read; if (rc == -1) { rev->ready = 0; err = ngx_socket_errno; if (err == WSAEWOULDBLOCK) { ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, err, "WSARecv() not ready"); return NGX_AGAIN; } rev->error = 1; ngx_connection_error(c, err, "WSARecv() failed"); return NGX_ERROR; } return bytes; } ssize_t ngx_udp_overlapped_wsarecv(ngx_connection_t *c, u_char *buf, size_t size) { int rc; u_long bytes, flags; WSABUF wsabuf[1]; ngx_err_t err; ngx_event_t *rev; LPWSAOVERLAPPED ovlp; rev = c->read; if (!rev->ready) { ngx_log_error(NGX_LOG_ALERT, c->log, 0, "second wsa post"); return NGX_AGAIN; } ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, "rev->complete: %d", rev->complete); if (rev->complete) { rev->complete = 0; if (ngx_event_flags & NGX_USE_IOCP_EVENT) { if (rev->ovlp.error) { ngx_connection_error(c, rev->ovlp.error, "WSARecv() failed"); return NGX_ERROR; } ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, "WSARecv ovlp: fd:%d %ul of %z", c->fd, rev->available, size); return rev->available; } if (WSAGetOverlappedResult(c->fd, (LPWSAOVERLAPPED) &rev->ovlp, &bytes, 0, NULL) == 0) { ngx_connection_error(c, ngx_socket_errno, "WSARecv() or WSAGetOverlappedResult() failed"); return NGX_ERROR; } ngx_log_debug3(NGX_LOG_DEBUG_EVENT, c->log, 0, "WSARecv: fd:%d %ul of %z", c->fd, bytes, size); return bytes; } ovlp = (LPWSAOVERLAPPED) &rev->ovlp; ngx_memzero(ovlp, sizeof(WSAOVERLAPPED)); wsabuf[0].buf = (char *) buf; wsabuf[0].len = size; flags = 0; bytes = 0; rc = WSARecv(c->fd, wsabuf, 1, &bytes, &flags, ovlp, NULL); rev->complete = 0; ngx_log_debug4(NGX_LOG_DEBUG_EVENT, c->log, 0, "WSARecv ovlp: fd:%d rc:%d %ul of %z", c->fd, rc, bytes, size); if (rc == -1) { err = ngx_socket_errno; if (err == WSA_IO_PENDING) { rev->active = 1; ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, err, "WSARecv() posted"); return NGX_AGAIN; } rev->error = 1; ngx_connection_error(c, err, "WSARecv() failed"); return NGX_ERROR; } if (ngx_event_flags & NGX_USE_IOCP_EVENT) { /* * if a socket was bound with I/O completion port * then GetQueuedCompletionStatus() would anyway return its status * despite that WSARecv() was already complete */ rev->active = 1; return NGX_AGAIN; } rev->active = 0; return bytes; }