[PATCH 0 of 2] Two allocation failure path errors

Markus Linnala Markus.Linnala at cybercom.com
Sun Aug 17 20:00:28 UTC 2014


I've found two of allocation failure path problems with clear way to
test them.

ngx_regex_compile logs uninitialized memory if allocation
fails. Mark error message as zero length to prevent errors.
Example valgrind output of a case when usin nginx-test rewrite.t:

src/core/ngx_regex.c
   150      rc->regex = NULL; // ngx_pcalloc(rc->pool, sizeof(ngx_regex_t));

==20818== Syscall param write(buf) points to uninitialised byte(s)
==20818==    at 0x3EEB00E800: __write_nocancel (in /usr/lib64/libpthread-2.18.so)
==20818==    by 0x404B1F: ngx_log_error_core (ngx_files.h:147)
==20818==    by 0x412AD3: ngx_conf_log_error (ngx_conf_file.c:936)
==20818==    by 0x43CF37: ngx_http_regex_compile (ngx_http_variables.c:2312)
==20818==    by 0x45F980: ngx_http_rewrite (ngx_http_rewrite_module.c:337)
==20818==    by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818==    by 0x42A080: ngx_http_core_location (ngx_http_core_module.c:3286)
==20818==    by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818==    by 0x42A2BB: ngx_http_core_server (ngx_http_core_module.c:3058)
==20818==    by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818==    by 0x425C52: ngx_http_block (ngx_http.c:239)
==20818==    by 0x4135C0: ngx_conf_parse (ngx_conf_file.c:391)
==20818==  Address 0xffeffd955 is on thread 1's stack
==20818== 

And there is emerg message with cleary uninitialized memory.



Allocating etags can fail and we still print it when sending
Internal Server Error message because we set hash to 1 before
failing allocation. This can be tested with not_modified.t from
nginx-tests. Exceprt error message when allocation fails:

src/http/ngx_http_core_module.c
  1838      etag->value.data = NULL; // ngx_pnalloc(r->pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3);

#                   'HTTP/1.1 500 Internal Server Error
# Server: nginx/1.7.5
# Date: Sun, 17 Aug 2014 19:30:15 GMT
# Content-Type: text/html
# Content-Length: 192
# Connection: close
# ETag: 
# 
# <html>
# <head><title>500 Internal Server Error</title></head>
# <body bgcolor="white">
# <center><h1>500 Internal Server Error</h1></center>
# <hr><center>nginx/1.7.5</center>
# </body>
# </html>
# '



More information about the nginx-devel mailing list