[PATCH]Fixed segmentation fault with error_page for 400 to named location

flygoast flygoast at 126.com
Mon Feb 24 03:10:50 UTC 2014


Is this ok? Or return a 500?


# HG changeset patch
# User FengGu <flygoast at 126.com>
# Date 1393211386 -28800
# Node ID 8f1937a9f3f632cf060d18053f153bbf6097f5ba
# Parent  f47c844acbd453c05174200af8df132c33171b35
Fixed segmentation fault with error_page for 400 to named location.


When using error_page for code 400 to named location, the bad request's
uri would be { 0, NULL }, it would result in segmentation fault in
ngx_http_index_handler() and so on.


diff -r f47c844acbd4 -r 8f1937a9f3f6 src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c   Sat Feb 22 12:08:31 2014 +0400
+++ b/src/http/ngx_http_core_module.c   Mon Feb 24 11:09:46 2014 +0800
@@ -2647,6 +2647,11 @@
                 continue;
             }


+            if (r->uri.len == 0) {
+                ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
+                return NGX_DONE;
+            }
+
             ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                            "using location: %V \"%V?%V\"",
                            name, &r->uri, &r->args);





At 2014-02-22 01:37:54,"Maxim Dounin" <mdounin at mdounin.ru> wrote:
>Hello!
>
>On Sat, Feb 22, 2014 at 12:40:35AM +0800, flygoast wrote:
>
>> # HG changeset patch
>> 
>> # User FengGu <flygoast at 126.com>
>> # Date 1392981015 -28800
>> #          Fri Feb 21 19:10:15 2014 +0800
>> # Node ID 2dd8fd75f1646336b21cb2f4506f1d45b8771e56
>> # Parent  545a4d393e2fb8d5448dad89d25a110fa72e71d1
>> Fixed segmentation fault with error_page for 400 to named location
>> 
>> 
>> When using error_page for code 400 to named location, the bad request's uri
>> would be { 0, NULL }, it would result in segmentation fault in
>> ngx_http_index_handler() and so on.
>> 
>> 
>> diff -r 545a4d393e2f -r 2dd8fd75f164 src/http/ngx_http_core_module.c
>> --- a/src/http/ngx_http_core_module.c   Thu Feb 20 17:27:09 2014 +0400
>> +++ b/src/http/ngx_http_core_module.c   Fri Feb 21 19:10:15 2014 +0800
>> @@ -2651,6 +2651,12 @@
>>                             "using location: %V \"%V?%V\"",
>>                             name, &r->uri, &r->args);
>> 
>> 
>> +            if (r->uri.len == 0) {
>> +                ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
>> +                              "using \"/\" as uri for bad request");
>> +                ngx_str_set(&r->uri, "/");
>> +            }
>> +
>>              r->internal = 1;
>>              r->content_handler = NULL;
>>              r->uri_changed = 0;
>
>This doesn't looks like a good solution.
>I would rather return an error in such a case.
>
>-- 
>Maxim Dounin
>http://nginx.org/
>
>_______________________________________________
>nginx-devel mailing list
>nginx-devel at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140224/ceba8031/attachment.html>


More information about the nginx-devel mailing list