[nginx] Fixed invalid access to complex value defined as an empt...

Sergey Kandaurov pluknet at nginx.com
Tue Mar 31 16:23:26 UTC 2015 

details:   http://hg.nginx.org/nginx/rev/173561dfd567
branches:  
changeset: 6062:173561dfd567
user:      Sergey Kandaurov <pluknet at nginx.com>
date:      Tue Mar 31 17:45:50 2015 +0300
description:
Fixed invalid access to complex value defined as an empty string.

Found by Valgrind.

diffstat:

 src/http/modules/ngx_http_headers_filter_module.c |  6 +++---
 src/http/ngx_http_special_response.c              |  4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diffs (48 lines):

diff -r 953ef81705e1 -r 173561dfd567 src/http/modules/ngx_http_headers_filter_module.c
--- a/src/http/modules/ngx_http_headers_filter_module.c	Fri Mar 27 21:19:20 2015 +0300
+++ b/src/http/modules/ngx_http_headers_filter_module.c	Tue Mar 31 17:45:50 2015 +0300
@@ -378,7 +378,7 @@ ngx_http_parse_expires(ngx_str_t *value,
         }
     }
 
-    if (value->data[0] == '@') {
+    if (value->len && value->data[0] == '@') {
         value->data++;
         value->len--;
         minus = 0;
@@ -390,12 +390,12 @@ ngx_http_parse_expires(ngx_str_t *value,
 
         *expires = NGX_HTTP_EXPIRES_DAILY;
 
-    } else if (value->data[0] == '+') {
+    } else if (value->len && value->data[0] == '+') {
         value->data++;
         value->len--;
         minus = 0;
 
-    } else if (value->data[0] == '-') {
+    } else if (value->len && value->data[0] == '-') {
         value->data++;
         value->len--;
         minus = 1;
diff -r 953ef81705e1 -r 173561dfd567 src/http/ngx_http_special_response.c
--- a/src/http/ngx_http_special_response.c	Fri Mar 27 21:19:20 2015 +0300
+++ b/src/http/ngx_http_special_response.c	Tue Mar 31 17:45:50 2015 +0300
@@ -553,7 +553,7 @@ ngx_http_send_error_page(ngx_http_reques
         return NGX_ERROR;
     }
 
-    if (uri.data[0] == '/') {
+    if (uri.len && uri.data[0] == '/') {
 
         if (err_page->value.lengths) {
             ngx_http_split_args(r, &uri, &args);
@@ -570,7 +570,7 @@ ngx_http_send_error_page(ngx_http_reques
         return ngx_http_internal_redirect(r, &uri, &args);
     }
 
-    if (uri.data[0] == '@') {
+    if (uri.len && uri.data[0] == '@') {
         return ngx_http_named_location(r, &uri);
     }

More information about the nginx-devel mailing list