Mercurial > hg > nginx
view src/os/win32/ngx_errno.c @ 7048:80224192163c
Resolver: fixed possible use-after-free while resolving SRV.
Resolving an SRV record includes resolving its host names in subrequests.
Previously, if memory allocation failed while reporting a subrequest result
after receiving a response from a DNS server, the SRV resolve handler was
called immediately with the NGX_ERROR state. However, if the SRV record
included another copy of the resolved name, it was reported once again.
This could trigger the use-after-free memory access after SRV resolve
handler freed the resolve context by calling ngx_resolve_name_done().
Now the SRV resolve handler is called only when all its subrequests are
completed.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Tue, 04 Jul 2017 18:07:29 +0300 |
parents | f1a0de6eb505 |
children | 746567d633ac |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #include <ngx_config.h> #include <ngx_core.h> u_char * ngx_strerror(ngx_err_t err, u_char *errstr, size_t size) { u_int len; static u_long lang = MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US); if (size == 0) { return errstr; } len = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, err, lang, (char *) errstr, size, NULL); if (len == 0 && lang && GetLastError() == ERROR_RESOURCE_LANG_NOT_FOUND) { /* * Try to use English messages first and fallback to a language, * based on locale: non-English Windows have no English messages * at all. This way allows to use English messages at least on * Windows with MUI. */ lang = 0; len = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, err, lang, (char *) errstr, size, NULL); } if (len == 0) { return ngx_snprintf(errstr, size, "FormatMessage() error:(%d)", GetLastError()); } /* remove ".\r\n\0" */ while (errstr[len] == '\0' || errstr[len] == CR || errstr[len] == LF || errstr[len] == '.') { --len; } return &errstr[++len]; } ngx_int_t ngx_strerror_init(void) { return NGX_OK; }