[PATCH] Perl: NULL-terminate argument list
Maxim Dounin
mdounin at mdounin.ru
Thu Jun 19 13:26:41 UTC 2014
Hello!
On Thu, Jun 19, 2014 at 04:17:23AM -0700, Piotr Sikora wrote:
> # HG changeset patch
> # User Piotr Sikora <piotr at cloudflare.com>
> # Date 1403176596 25200
> # Thu Jun 19 04:16:36 2014 -0700
> # Node ID 290f3fcb9cf552c235b9807cf0af3830b5add5af
> # Parent 675bda8dcfdbf66e4a17017839f39ed6c8cbb9f5
> Perl: NULL-terminate argument list.
>
> perl_parse() function expects argv/argc-style argument list,
> which according to the C standard must be NULL-terminated,
> that is: argv[argc] == NULL.
>
> This change fixes a crash (SIGSEGV) that could happen because
> of the buffer overrun during perl module initialization.
The perlembed manpage is full of examples without terminating
NULL, and it's the only documentation available for the
perl_parse() function, AFAIK.
Could you please elaborate a bit more on the problem the patch
tries to fix?
>
> Signed-off-by: Piotr Sikora <piotr at cloudflare.com>
>
> diff -r 675bda8dcfdb -r 290f3fcb9cf5 src/http/modules/perl/ngx_http_perl_module.c
> --- a/src/http/modules/perl/ngx_http_perl_module.c Thu Jun 19 13:55:59 2014 +0400
> +++ b/src/http/modules/perl/ngx_http_perl_module.c Thu Jun 19 04:16:36 2014 -0700
> @@ -577,7 +577,7 @@ ngx_http_perl_create_interpreter(ngx_con
>
> n = (pmcf->modules != NGX_CONF_UNSET_PTR) ? pmcf->modules->nelts * 2 : 0;
>
> - embedding = ngx_palloc(cf->pool, (4 + n) * sizeof(char *));
> + embedding = ngx_palloc(cf->pool, (5 + n) * sizeof(char *));
> if (embedding == NULL) {
> goto fail;
> }
> @@ -595,6 +595,7 @@ ngx_http_perl_create_interpreter(ngx_con
> embedding[n++] = "-Mnginx";
> embedding[n++] = "-e";
> embedding[n++] = "0";
> + embedding[n] = NULL;
>
> n = perl_parse(perl, ngx_http_perl_xs_init, n, embedding, NULL);
The patch itself looks fine.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list