[PATCH]Fixed segmentation fault with error_page for 400 to named location
Maxim Dounin
mdounin at mdounin.ru
Wed Feb 26 11:38:55 UTC 2014
Hello!
On Mon, Feb 24, 2014 at 11:10:50AM +0800, flygoast wrote:
> Is this ok? Or return a 500?
>
>
> # HG changeset patch
> # User FengGu <flygoast at 126.com>
> # Date 1393211386 -28800
> # Node ID 8f1937a9f3f632cf060d18053f153bbf6097f5ba
> # Parent f47c844acbd453c05174200af8df132c33171b35
> Fixed segmentation fault with error_page for 400 to named location.
>
>
> When using error_page for code 400 to named location, the bad request's
> uri would be { 0, NULL }, it would result in segmentation fault in
> ngx_http_index_handler() and so on.
>
>
> diff -r f47c844acbd4 -r 8f1937a9f3f6 src/http/ngx_http_core_module.c
> --- a/src/http/ngx_http_core_module.c Sat Feb 22 12:08:31 2014 +0400
> +++ b/src/http/ngx_http_core_module.c Mon Feb 24 11:09:46 2014 +0800
> @@ -2647,6 +2647,11 @@
> continue;
> }
>
>
> + if (r->uri.len == 0) {
> + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
> + return NGX_DONE;
> + }
> +
> ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
> "using location: %V \"%V?%V\"",
> name, &r->uri, &r->args);
>
This one doesn't looks good either. I would rather suggest
something like this:
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -2632,6 +2632,14 @@ ngx_http_named_location(ngx_http_request
return NGX_DONE;
}
+ if (r->uri.len == 0) {
+ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+ "empty URI in redirect to named location \"%V\"", name);
+
+ ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+ return NGX_DONE;
+ }
+
cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
if (cscf->named_locations) {
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list