[PATCH]Fixed segmentation fault with error_page for 400 to named location

Maxim Dounin mdounin at mdounin.ru
Wed Feb 26 11:38:55 UTC 2014


Hello!

On Mon, Feb 24, 2014 at 11:10:50AM +0800, flygoast wrote:

> Is this ok? Or return a 500?
> 
> 
> # HG changeset patch
> # User FengGu <flygoast at 126.com>
> # Date 1393211386 -28800
> # Node ID 8f1937a9f3f632cf060d18053f153bbf6097f5ba
> # Parent  f47c844acbd453c05174200af8df132c33171b35
> Fixed segmentation fault with error_page for 400 to named location.
> 
> 
> When using error_page for code 400 to named location, the bad request's
> uri would be { 0, NULL }, it would result in segmentation fault in
> ngx_http_index_handler() and so on.
> 
> 
> diff -r f47c844acbd4 -r 8f1937a9f3f6 src/http/ngx_http_core_module.c
> --- a/src/http/ngx_http_core_module.c   Sat Feb 22 12:08:31 2014 +0400
> +++ b/src/http/ngx_http_core_module.c   Mon Feb 24 11:09:46 2014 +0800
> @@ -2647,6 +2647,11 @@
>                  continue;
>              }
> 
> 
> +            if (r->uri.len == 0) {
> +                ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST);
> +                return NGX_DONE;
> +            }
> +
>              ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
>                             "using location: %V \"%V?%V\"",
>                             name, &r->uri, &r->args);
> 

This one doesn't looks good either.  I would rather suggest 
something like this:

--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -2632,6 +2632,14 @@ ngx_http_named_location(ngx_http_request
         return NGX_DONE;
     }
 
+    if (r->uri.len == 0) {
+        ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                      "empty URI in redirect to named location \"%V\"", name);
+
+        ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+        return NGX_DONE;
+    }
+
     cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
 
     if (cscf->named_locations) {

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list