[nginx] svn commit: r4853 - in branches/stable-1.2: . src/core src/event src/http/modules src/os/unix

mdounin at mdounin.ru mdounin at mdounin.ru
Mon Sep 24 18:54:29 UTC 2012


Author: mdounin
Date: 2012-09-24 18:54:28 +0000 (Mon, 24 Sep 2012)
New Revision: 4853
URL: http://trac.nginx.org/nginx/changeset/4853/nginx

Log:
Merge of r4785, r4795, r4811, r4812, r4816, r4822: coverity.

*) Resolver: fixed possible memory leak in ngx_resolver_create().

*) Explicitly ignore returned value from unlink() in ngx_open_tempfile().

*) Explicitly ignore returned value from close() in ngx_event_core_init_conf().

*) Added three missing checks for NULL after ngx_array_push() calls.

*) Crypt: fixed handling of corrupted SSHA entries in password file.

*) Mark logically dead code with corresponding comment.

Found by / prodded by Coverity.


Modified:
   branches/stable-1.2/
   branches/stable-1.2/src/core/ngx_crypt.c
   branches/stable-1.2/src/core/ngx_resolver.c
   branches/stable-1.2/src/event/ngx_event.c
   branches/stable-1.2/src/http/modules/ngx_http_fastcgi_module.c
   branches/stable-1.2/src/http/modules/ngx_http_limit_conn_module.c
   branches/stable-1.2/src/http/modules/ngx_http_limit_req_module.c
   branches/stable-1.2/src/http/modules/ngx_http_ssi_filter_module.c
   branches/stable-1.2/src/os/unix/ngx_files.c

Index: branches/stable-1.2
===================================================================
--- branches/stable-1.2	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2	2012-09-24 18:54:28 UTC (rev 4853)

Property changes on: branches/stable-1.2
___________________________________________________________________
Modified: svn:mergeinfo
## -1 +1 ##
-/trunk:4611-4632,4636-4657,4671-4672,4674-4676,4682,4684-4699,4704-4706,4713,4736-4741,4754,4756-4771,4775,4777-4780,4782-4784,4824,4830-4832,4834,4840,4842-4844
+/trunk:4611-4632,4636-4657,4671-4672,4674-4676,4682,4684-4699,4704-4706,4713,4736-4741,4754,4756-4771,4775,4777-4780,4782-4785,4795,4811-4812,4816,4822,4824,4830-4832,4834,4840,4842-4844
\ No newline at end of property
Modified: branches/stable-1.2/src/core/ngx_crypt.c
===================================================================
--- branches/stable-1.2/src/core/ngx_crypt.c	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2/src/core/ngx_crypt.c	2012-09-24 18:54:28 UTC (rev 4853)
@@ -194,6 +194,7 @@
 ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
 {
     size_t       len;
+    ngx_int_t    rc;
     ngx_str_t    encoded, decoded;
     ngx_sha1_t   sha1;
 
@@ -204,13 +205,19 @@
     encoded.data = salt + sizeof("{SSHA}") - 1;
     encoded.len = ngx_strlen(encoded.data);
 
-    decoded.data = ngx_pnalloc(pool, ngx_base64_decoded_length(encoded.len));
+    len = ngx_max(ngx_base64_decoded_length(encoded.len), 20);
+
+    decoded.data = ngx_pnalloc(pool, len);
     if (decoded.data == NULL) {
         return NGX_ERROR;
     }
 
-    ngx_decode_base64(&decoded, &encoded);
+    rc = ngx_decode_base64(&decoded, &encoded);
 
+    if (rc != NGX_OK || decoded.len < 20) {
+        decoded.len = 20;
+    }
+
     /* update SHA1 from key and salt */
 
     ngx_sha1_init(&sha1);

Modified: branches/stable-1.2/src/core/ngx_resolver.c
===================================================================
--- branches/stable-1.2/src/core/ngx_resolver.c	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2/src/core/ngx_resolver.c	2012-09-24 18:54:28 UTC (rev 4853)
@@ -113,15 +113,6 @@
         return NULL;
     }
 
-    if (n) {
-        if (ngx_array_init(&r->udp_connections, cf->pool, n,
-                           sizeof(ngx_udp_connection_t))
-            != NGX_OK)
-        {
-            return NULL;
-        }
-    }
-
     cln->data = r;
 
     r->event = ngx_calloc(sizeof(ngx_event_t), cf->log);
@@ -153,6 +144,15 @@
     r->log = &cf->cycle->new_log;
     r->log_level = NGX_LOG_ERR;
 
+    if (n) {
+        if (ngx_array_init(&r->udp_connections, cf->pool, n,
+                           sizeof(ngx_udp_connection_t))
+            != NGX_OK)
+        {
+            return NULL;
+        }
+    }
+
     for (i = 0; i < n; i++) {
         if (ngx_strncmp(names[i].data, "valid=", 6) == 0) {
             s.len = names[i].len - 6;

Modified: branches/stable-1.2/src/event/ngx_event.c
===================================================================
--- branches/stable-1.2/src/event/ngx_event.c	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2/src/event/ngx_event.c	2012-09-24 18:54:28 UTC (rev 4853)
@@ -1214,7 +1214,7 @@
     fd = epoll_create(100);
 
     if (fd != -1) {
-        close(fd);
+        (void) close(fd);
         module = &ngx_epoll_module;
 
     } else if (ngx_errno != NGX_ENOSYS) {

Modified: branches/stable-1.2/src/http/modules/ngx_http_fastcgi_module.c
===================================================================
--- branches/stable-1.2/src/http/modules/ngx_http_fastcgi_module.c	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2/src/http/modules/ngx_http_fastcgi_module.c	2012-09-24 18:54:28 UTC (rev 4853)
@@ -1626,6 +1626,9 @@
         }
 
         part = ngx_array_push(f->split_parts);
+        if (part == NULL) {
+            return NGX_ERROR;
+        }
 
         part->start = part_start;
         part->end = part_end;

Modified: branches/stable-1.2/src/http/modules/ngx_http_limit_conn_module.c
===================================================================
--- branches/stable-1.2/src/http/modules/ngx_http_limit_conn_module.c	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2/src/http/modules/ngx_http_limit_conn_module.c	2012-09-24 18:54:28 UTC (rev 4853)
@@ -721,6 +721,10 @@
     }
 
     limit = ngx_array_push(&lccf->limits);
+    if (limit == NULL) {
+        return NGX_CONF_ERROR;
+    }
+
     limit->conn = n;
     limit->shm_zone = shm_zone;
 

Modified: branches/stable-1.2/src/http/modules/ngx_http_limit_req_module.c
===================================================================
--- branches/stable-1.2/src/http/modules/ngx_http_limit_req_module.c	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2/src/http/modules/ngx_http_limit_req_module.c	2012-09-24 18:54:28 UTC (rev 4853)
@@ -937,6 +937,9 @@
     }
 
     limit = ngx_array_push(&lrcf->limits);
+    if (limit == NULL) {
+        return NGX_CONF_ERROR;
+    }
 
     limit->shm_zone = shm_zone;
     limit->burst = burst * 1000;

Modified: branches/stable-1.2/src/http/modules/ngx_http_ssi_filter_module.c
===================================================================
--- branches/stable-1.2/src/http/modules/ngx_http_ssi_filter_module.c	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2/src/http/modules/ngx_http_ssi_filter_module.c	2012-09-24 18:54:28 UTC (rev 4853)
@@ -1024,6 +1024,7 @@
         switch (state) {
 
         case ssi_start_state:
+            /* not reached */
             break;
 
         case ssi_tag_state:

Modified: branches/stable-1.2/src/os/unix/ngx_files.c
===================================================================
--- branches/stable-1.2/src/os/unix/ngx_files.c	2012-09-24 18:50:25 UTC (rev 4852)
+++ branches/stable-1.2/src/os/unix/ngx_files.c	2012-09-24 18:54:28 UTC (rev 4853)
@@ -139,7 +139,7 @@
               access ? access : 0600);
 
     if (fd != -1 && !persistent) {
-        unlink((const char *) name);
+        (void) unlink((const char *) name);
     }
 
     return fd;



More information about the nginx-devel mailing list