Mercurial > hg > nginx
changeset 5518:ec9e9da4c1fb
SPDY: fixed possible uninitialized memory access.
The frame->stream pointer should always be initialized for control frames since
the check against it can be performed in ngx_http_spdy_filter_cleanup().
| author | Valentin Bartenev <vbart@nginx.com> |
|---|---|
| date | Wed, 15 Jan 2014 17:16:38 +0400 |
| parents | 9d1479234f3c |
| children | 22c249dac7c1 |
| files | src/http/ngx_http_spdy.c |
| diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_spdy.c +++ b/src/http/ngx_http_spdy.c @@ -1633,8 +1633,8 @@ ngx_http_spdy_send_settings(ngx_http_spd frame->first = cl; frame->last = cl; frame->handler = ngx_http_spdy_settings_frame_handler; + frame->stream = NULL; #if (NGX_DEBUG) - frame->stream = NULL; frame->size = NGX_SPDY_FRAME_HEADER_SIZE + NGX_SPDY_SETTINGS_NUM_SIZE + NGX_SPDY_SETTINGS_PAIR_SIZE; @@ -1722,6 +1722,7 @@ ngx_http_spdy_get_ctl_frame(ngx_http_spd frame->first = cl; frame->last = cl; frame->handler = ngx_http_spdy_ctl_frame_handler; + frame->stream = NULL; } frame->free = NULL; @@ -1733,7 +1734,6 @@ ngx_http_spdy_get_ctl_frame(ngx_http_spd return NULL; } - frame->stream = NULL; frame->size = size; #endif