[PATCH] Correctly initialize ngx_str_t

Piotr Sikora piotr at aviatrix.com
Wed Feb 28 01:21:32 UTC 2024


# HG changeset patch
# User Piotr Sikora <piotr at aviatrix.com>
# Date 1708977619 0
#      Mon Feb 26 20:00:19 2024 +0000
# Branch patch004
# Node ID 52936793ac076072c3544aa4e27f973d2f8fecda
# Parent  8edb4003177dac56301aed7f86f8d2a564b47552
Correctly initialize ngx_str_t.

Previously, only the "len" field was set, which resulted in
an uninitialized "data" field accessed elsewhere in the code.

Note that "r->uri" is initialized to an empty string to avoid
changing the existing value for "$uri" in case of invalid URI.

Found with MemorySanitizer.

Signed-off-by: Piotr Sikora <piotr at aviatrix.com>

diff -r 8edb4003177d -r 52936793ac07 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/event/ngx_event_openssl.c	Mon Feb 26 20:00:19 2024 +0000
@@ -5064,7 +5064,7 @@
     n = SSL_get0_raw_cipherlist(c->ssl->connection, &ciphers);
 
     if (n <= 0) {
-        s->len = 0;
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5116,7 +5116,7 @@
     if (SSL_get_shared_ciphers(c->ssl->connection, (char *) buf, 4096)
         == NULL)
     {
-        s->len = 0;
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5165,7 +5165,7 @@
 
 #endif
 
-    s->len = 0;
+    ngx_str_null(s);
     return NGX_OK;
 }
 
@@ -5182,7 +5182,7 @@
     n = SSL_get1_curves(c->ssl->connection, NULL);
 
     if (n <= 0) {
-        s->len = 0;
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5233,7 +5233,7 @@
 
 #else
 
-    s->len = 0;
+    ngx_str_null(s);
 
 #endif
 
@@ -5250,7 +5250,7 @@
 
     sess = SSL_get0_session(c->ssl->connection);
     if (sess == NULL) {
-        s->len = 0;
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5285,7 +5285,7 @@
 ngx_int_t
 ngx_ssl_get_early_data(ngx_connection_t *c, ngx_pool_t *pool, ngx_str_t *s)
 {
-    s->len = 0;
+    ngx_str_null(s);
 
 #ifdef SSL_ERROR_EARLY_DATA_REJECTED
 
@@ -5335,7 +5335,7 @@
 
 #endif
 
-    s->len = 0;
+    ngx_str_null(s);
     return NGX_OK;
 }
 
@@ -5365,7 +5365,7 @@
 
 #endif
 
-    s->len = 0;
+    ngx_str_null(s);
     return NGX_OK;
 }
 
@@ -5377,10 +5377,9 @@
     BIO     *bio;
     X509    *cert;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5433,7 +5432,7 @@
     }
 
     if (cert.len == 0) {
-        s->len = 0;
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5476,7 +5475,7 @@
     }
 
     if (cert.len == 0) {
-        s->len = 0;
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5501,10 +5500,9 @@
     X509       *cert;
     X509_NAME  *name;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5555,10 +5553,9 @@
     X509       *cert;
     X509_NAME  *name;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5611,10 +5608,9 @@
     X509       *cert;
     X509_NAME  *name;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5659,10 +5655,9 @@
     X509       *cert;
     X509_NAME  *name;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5705,10 +5700,9 @@
     X509    *cert;
     BIO     *bio;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5745,10 +5739,9 @@
     unsigned int   len;
     u_char         buf[EVP_MAX_MD_SIZE];
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5818,10 +5811,9 @@
     X509    *cert;
     size_t   len;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5863,10 +5855,9 @@
     X509    *cert;
     size_t   len;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
@@ -5907,10 +5898,9 @@
     X509    *cert;
     time_t   now, end;
 
-    s->len = 0;
-
     cert = SSL_get_peer_certificate(c->ssl->connection);
     if (cert == NULL) {
+        ngx_str_null(s);
         return NGX_OK;
     }
 
diff -r 8edb4003177d -r 52936793ac07 src/event/quic/ngx_event_quic_streams.c
--- a/src/event/quic/ngx_event_quic_streams.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/event/quic/ngx_event_quic_streams.c	Mon Feb 26 20:00:19 2024 +0000
@@ -719,8 +719,7 @@
         addr_text.len = c->addr_text.len;
 
     } else {
-        addr_text.len = 0;
-        addr_text.data = NULL;
+        ngx_str_null(&addr_text);
     }
 
     reusable = c->reusable;
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_auth_request_module.c
--- a/src/http/modules/ngx_http_auth_request_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_auth_request_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -373,9 +373,7 @@
     value = cf->args->elts;
 
     if (ngx_strcmp(value[1].data, "off") == 0) {
-        arcf->uri.len = 0;
-        arcf->uri.data = (u_char *) "";
-
+        ngx_str_set(&arcf->uri, "");
         return NGX_CONF_OK;
     }
 
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_autoindex_module.c
--- a/src/http/modules/ngx_http_autoindex_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_autoindex_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -816,7 +816,7 @@
     ngx_uint_t   i;
 
     if (ngx_http_arg(r, (u_char *) "callback", 8, callback) != NGX_OK) {
-        callback->len = 0;
+        ngx_str_null(callback);
         return NGX_OK;
     }
 
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_charset_filter_module.c
--- a/src/http/modules/ngx_http_charset_filter_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_charset_filter_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -437,7 +437,7 @@
     charset = lcf->source_charset;
 
     if (charset == NGX_HTTP_CHARSET_OFF) {
-        name->len = 0;
+        ngx_str_null(name);
         return charset;
     }
 
@@ -502,7 +502,7 @@
          * use this charset instead of the next page charset
          */
 
-        r->headers_out.charset.len = 0;
+        ngx_str_null(&r->headers_out.charset);
         return;
     }
 
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_limit_conn_module.c
--- a/src/http/modules/ngx_http_limit_conn_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_limit_conn_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -587,7 +587,7 @@
     }
 
     size = 0;
-    name.len = 0;
+    ngx_str_null(&name);
 
     for (i = 2; i < cf->args->nelts; i++) {
 
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_limit_req_module.c
--- a/src/http/modules/ngx_http_limit_req_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_limit_req_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -862,7 +862,7 @@
     size = 0;
     rate = 1;
     scale = 1;
-    name.len = 0;
+    ngx_str_null(&name);
 
     for (i = 2; i < cf->args->nelts; i++) {
 
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_not_modified_filter_module.c
--- a/src/http/modules/ngx_http_not_modified_filter_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_not_modified_filter_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -92,8 +92,8 @@
         /* not modified */
 
         r->headers_out.status = NGX_HTTP_NOT_MODIFIED;
-        r->headers_out.status_line.len = 0;
-        r->headers_out.content_type.len = 0;
+        ngx_str_null(&r->headers_out.status_line);
+        ngx_str_null(&r->headers_out.content_type);
         ngx_http_clear_content_length(r);
         ngx_http_clear_accept_ranges(r);
 
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_proxy_module.c
--- a/src/http/modules/ngx_http_proxy_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_proxy_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -4223,7 +4223,7 @@
             return NGX_CONF_ERROR;
         }
 
-        plcf->location.len = 0;
+        ngx_str_null(&plcf->location);
     }
 
     plcf->url = *url;
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_range_filter_module.c
--- a/src/http/modules/ngx_http_range_filter_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_range_filter_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -232,7 +232,7 @@
         ngx_http_set_ctx(r, ctx, ngx_http_range_body_filter_module);
 
         r->headers_out.status = NGX_HTTP_PARTIAL_CONTENT;
-        r->headers_out.status_line.len = 0;
+        ngx_str_null(&r->headers_out.status_line);
 
         if (ctx->ranges.nelts == 1) {
             return ngx_http_range_singlepart_header(r, ctx);
@@ -551,7 +551,7 @@
 
     r->headers_out.content_type_len = r->headers_out.content_type.len;
 
-    r->headers_out.charset.len = 0;
+    ngx_str_null(&r->headers_out.charset);
 
     /* the size of the last boundary CRLF "--0123456789--" CRLF */
 
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/ngx_http_slice_filter_module.c
--- a/src/http/modules/ngx_http_slice_filter_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/ngx_http_slice_filter_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -174,7 +174,7 @@
     ctx->active = 1;
 
     r->headers_out.status = NGX_HTTP_OK;
-    r->headers_out.status_line.len = 0;
+    ngx_str_null(&r->headers_out.status_line);
     r->headers_out.content_length_n = cr.complete_length;
     r->headers_out.content_offset = cr.start;
     r->headers_out.content_range->hash = 0;
diff -r 8edb4003177d -r 52936793ac07 src/http/modules/perl/ngx_http_perl_module.c
--- a/src/http/modules/perl/ngx_http_perl_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/modules/perl/ngx_http_perl_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -240,11 +240,11 @@
         uri = ctx->redirect_uri;
 
     } else {
-        uri.len = 0;
+        ngx_str_null(&uri);
     }
 
-    ctx->filename.data = NULL;
-    ctx->redirect_uri.len = 0;
+    ngx_str_null(&ctx->filename);
+    ngx_str_null(&ctx->redirect_uri);
 
     if (rc == NGX_ERROR) {
         ngx_http_finalize_request(r, rc);
@@ -366,8 +366,8 @@
     }
 
     ctx->variable = saved;
-    ctx->filename.data = NULL;
-    ctx->redirect_uri.len = 0;
+    ngx_str_null(&ctx->filename);
+    ngx_str_null(&ctx->redirect_uri);
 
     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
                    "perl variable done");
@@ -469,8 +469,8 @@
 
     }
 
-    ctx->filename.data = NULL;
-    ctx->redirect_uri.len = 0;
+    ngx_str_null(&ctx->filename);
+    ngx_str_null(&ctx->redirect_uri);
     ctx->ssi = NULL;
 
     ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "perl ssi done");
@@ -793,7 +793,7 @@
             return NGX_ERROR;
         }
 
-        ctx->redirect_uri.len = 0;
+        ngx_str_null(&ctx->redirect_uri);
 
         if (ctx->header_sent) {
             return NGX_ERROR;
diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/ngx_http_core_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -1843,7 +1843,7 @@
 
     if (r->err_status) {
         r->headers_out.status = r->err_status;
-        r->headers_out.status_line.len = 0;
+        ngx_str_null(&r->headers_out.status_line);
     }
 
     return ngx_http_top_header_filter(r);
diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_file_cache.c
--- a/src/http/ngx_http_file_cache.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/ngx_http_file_cache.c	Mon Feb 26 20:00:19 2024 +0000
@@ -1290,7 +1290,7 @@
     ngx_shmtx_unlock(&cache->shpool->mutex);
 
     c->secondary = 1;
-    c->file.name.len = 0;
+    ngx_str_null(&c->file.name);
     c->body_start = c->buffer_size;
 
     ngx_memcpy(c->key, c->variant, NGX_HTTP_CACHE_KEY_LEN);
@@ -1397,7 +1397,7 @@
 
     ngx_shmtx_unlock(&cache->shpool->mutex);
 
-    c->file.name.len = 0;
+    ngx_str_null(&c->file.name);
     c->update_variant = 1;
 
     ngx_memcpy(c->key, c->main, NGX_HTTP_CACHE_KEY_LEN);
@@ -2414,7 +2414,7 @@
     manager_sleep = 50;
     manager_threshold = 200;
 
-    name.len = 0;
+    ngx_str_null(&name);
     size = 0;
     max_size = NGX_MAX_OFF_T_VALUE;
     min_free = 0;
diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/ngx_http_parse.c	Mon Feb 26 20:00:19 2024 +0000
@@ -2133,7 +2133,7 @@
         args->data = p;
 
     } else {
-        args->len = 0;
+        ngx_str_null(args);
     }
 }
 
diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/ngx_http_request.c	Mon Feb 26 20:00:19 2024 +0000
@@ -1268,7 +1268,7 @@
         cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);
 
         if (ngx_http_parse_complex_uri(r, cscf->merge_slashes) != NGX_OK) {
-            r->uri.len = 0;
+            ngx_str_set(&r->uri, "");
 
             ngx_log_error(NGX_LOG_INFO, r->connection->log, 0,
                           "client sent invalid request");
@@ -3774,7 +3774,7 @@
     ctx = log->data;
     ctx->request = NULL;
 
-    r->request_line.len = 0;
+    ngx_str_null(&r->request_line);
 
     r->connection->destroyed = 1;
 
diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_script.c
--- a/src/http/ngx_http_script.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/ngx_http_script.c	Mon Feb 26 20:00:19 2024 +0000
@@ -469,7 +469,7 @@
 
     for (i = 0; i < sc->source->len; /* void */ ) {
 
-        name.len = 0;
+        ngx_str_null(&name);
 
         if (sc->source->data[i] == '$') {
 
@@ -1268,7 +1268,7 @@
         e->buf.len = e->pos - e->buf.data;
 
         if (!code->add_args) {
-            r->args.len = 0;
+            ngx_str_null(&r->args);
         }
     }
 
diff -r 8edb4003177d -r 52936793ac07 src/http/ngx_http_special_response.c
--- a/src/http/ngx_http_special_response.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/ngx_http_special_response.c	Mon Feb 26 20:00:19 2024 +0000
@@ -449,7 +449,7 @@
         }
     }
 
-    r->headers_out.content_type.len = 0;
+    ngx_str_null(&r->headers_out.content_type);
 
     clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
 
diff -r 8edb4003177d -r 52936793ac07 src/http/v3/ngx_http_v3_parse.c
--- a/src/http/v3/ngx_http_v3_parse.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/http/v3/ngx_http_v3_parse.c	Mon Feb 26 20:00:19 2024 +0000
@@ -1515,7 +1515,7 @@
 
             st->literal.length = st->pint.value;
             if (st->literal.length == 0) {
-                st->value.len = 0;
+                ngx_str_null(&st->value);
                 goto done;
             }
 
@@ -1634,7 +1634,7 @@
 
             st->literal.length = st->pint.value;
             if (st->literal.length == 0) {
-                st->value.len = 0;
+                ngx_str_null(&st->value);
                 goto done;
             }
 
diff -r 8edb4003177d -r 52936793ac07 src/mail/ngx_mail_imap_handler.c
--- a/src/mail/ngx_mail_imap_handler.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/mail/ngx_mail_imap_handler.c	Mon Feb 26 20:00:19 2024 +0000
@@ -149,7 +149,7 @@
     }
 
     tag = 1;
-    s->text.len = 0;
+    ngx_str_null(&s->text);
     ngx_str_set(&s->out, imap_ok);
 
     if (rc == NGX_OK) {
@@ -287,7 +287,7 @@
                 s->buffer->last = s->buffer->start;
             }
 
-            s->tag.len = 0;
+            ngx_str_null(&s->tag);
         }
     }
 
diff -r 8edb4003177d -r 52936793ac07 src/mail/ngx_mail_proxy_module.c
--- a/src/mail/ngx_mail_proxy_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/mail/ngx_mail_proxy_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -178,7 +178,7 @@
 
     s->proxy->proxy_protocol = pcf->proxy_protocol;
 
-    s->out.len = 0;
+    ngx_str_null(&s->out);
 
     switch (s->protocol) {
 
diff -r 8edb4003177d -r 52936793ac07 src/stream/ngx_stream_limit_conn_module.c
--- a/src/stream/ngx_stream_limit_conn_module.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/stream/ngx_stream_limit_conn_module.c	Mon Feb 26 20:00:19 2024 +0000
@@ -566,7 +566,7 @@
     }
 
     size = 0;
-    name.len = 0;
+    ngx_str_null(&name);
 
     for (i = 2; i < cf->args->nelts; i++) {
 
diff -r 8edb4003177d -r 52936793ac07 src/stream/ngx_stream_script.c
--- a/src/stream/ngx_stream_script.c	Mon Feb 26 20:00:18 2024 +0000
+++ b/src/stream/ngx_stream_script.c	Mon Feb 26 20:00:19 2024 +0000
@@ -373,7 +373,7 @@
 
     for (i = 0; i < sc->source->len; /* void */ ) {
 
-        name.len = 0;
+        ngx_str_null(&name);
 
         if (sc->source->data[i] == '$') {
 


More information about the nginx-devel mailing list