Mercurial > hg > nginx

changeset 7221:43585e0e12a3

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Postpone filter: prevented uninitialized r->out. The r->out chain link could be left uninitialized in case of error. A segfault could happen if the subrequest handler accessed it. The issue was introduced in commit 20f139e9ffa8.
author Roman Arutyunyan <arut@nginx.com>
date Thu, 01 Mar 2018 18:38:39 +0300
parents 20f139e9ffa8
children 81fae70d6cb8
files src/http/ngx_http_postpone_filter_module.c
diffstat 1 files changed, 5 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_postpone_filter_module.c
+++ b/src/http/ngx_http_postpone_filter_module.c
@@ -191,11 +191,6 @@ ngx_http_postpone_filter_in_memory(ngx_h
                    "http postpone filter in memory");
 
     if (r->out == NULL) {
-        r->out = ngx_alloc_chain_link(r->pool);
-        if (r->out == NULL) {
-            return NGX_ERROR;
-        }
-
         clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
         if (r->headers_out.content_length_n != -1) {
@@ -218,6 +213,11 @@ ngx_http_postpone_filter_in_memory(ngx_h
 
         b->last_buf = 1;
 
+        r->out = ngx_alloc_chain_link(r->pool);
+        if (r->out == NULL) {
+            return NGX_ERROR;
+        }
+
         r->out->buf = b;
         r->out->next = NULL;
     }