[PATCH]Dav: ngx_http_map_uri_to_path() errors were not checked.

flygoast flygoast at 126.com
Wed Jul 30 06:58:04 UTC 2014 

# HG changeset patch
# User FengGu <flygoast at 126.com>
# Date 1406702708 -28800
#      Wed Jul 30 14:45:08 2014 +0800
# Node ID 9a9f7c2783b1afe0e5d374450daa5df6acbfd332
# Parent  4d092aa2f4637ce50284d2accd99a8e91aae2b4c
Dav: ngx_http_map_uri_to_path() errors were not checked.


Once error occured, it could lead to use uninitialized variables to log,
even more segmentation fault.


diff -r 4d092aa2f463 -r 9a9f7c2783b1 src/http/modules/ngx_http_dav_module.c
--- a/src/http/modules/ngx_http_dav_module.cMon Jul 28 12:27:57 2014 -0700
+++ b/src/http/modules/ngx_http_dav_module.cWed Jul 30 14:45:08 2014 +0800
@@ -212,7 +212,10 @@
         return;
     }
 
-    ngx_http_map_uri_to_path(r, &path, &root, 0);
+    if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) {
+        ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR);
+        return;
+    }
 
     path.len--;
 
@@ -320,7 +323,9 @@
 
 ok:
 
-    ngx_http_map_uri_to_path(r, &path, &root, 0);
+    if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) {
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+    }
 
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "http delete filename: \"%s\"", path.data);
@@ -488,6 +493,9 @@
     }
 
     p = ngx_http_map_uri_to_path(r, &path, &root, 0);
+    if (p == NULL) {
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+    }
 
     *(p - 1) = '\0';
     r->uri.len--;
@@ -666,7 +674,9 @@
 
 overwrite_done:
 
-    ngx_http_map_uri_to_path(r, &path, &root, 0);
+    if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) {
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+    }
 
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "http copy from: \"%s\"", path.data);
@@ -674,7 +684,9 @@
     uri = r->uri;
     r->uri = duri;
 
-    ngx_http_map_uri_to_path(r, &copy.path, &root, 0);
+    if (ngx_http_map_uri_to_path(r, &copy.path, &root, 0) == NULL) {
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+    }
 
     r->uri = uri;
 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20140730/bb81675e/attachment-0001.html>

More information about the nginx-devel mailing list