nginx + my module crashes only when ignore client abort = on
Maxim Dounin
mdounin at mdounin.ru
Sun Mar 17 23:52:13 UTC 2013
Hello!
On Sun, Mar 17, 2013 at 05:47:24AM -0400, gadh wrote:
Below just couple of comments. Outlined problems are enough to
cause arbitrary segmentation faults, and I haven't looked for
more.
[...]
> ngx_memzero(&sr->headers_in, sizeof(sr->headers_in));
Note: this ruins original request headers. It's enough to cause
anything.
[...]
> // do not inherit rb from parent
> sr->request_body = ngx_palloc(r->pool, sizeof(ngx_http_request_body_t));
> NGX_aaa_CHECK_ALLOC_AND_RETURN(sr->request_body)
>
> // note: always alloc bufs even if ptr is lid - since its garbage from
> former request ! (caused seg fault in mod_proxy !)
> sr->request_body->bufs = ngx_alloc_chain_link(r->pool);
> NGX_aaa_CHECK_ALLOC_AND_RETURN(sr->request_body->bufs)
>
> // post body - re-populate , do not inherit from parent
> sr->request_body->bufs->buf = buf;
> sr->request_body->bufs->next = NULL;
> sr->request_body->buf = buf;
Note: you allocate request body structure and only initialize some
of it's members. E.g. sr->request_body->temp_file remains
uninitialized and will likely be dereferenced, resulting in
segmentation fault.
You have to at least change ngx_palloc() to ngx_pcalloc().
[...]
> BTW, is there any "nginx subrequest coding guide" documentation available ?
> its very confusing and lacks much info on the web, i got it working only
> thru alot of trial-and-error.
Subrequests are dead simple in it's supported form: you just call
ngx_http_subrequest() in a body filter, and the result is added to
the output at the appropriate point. Good sample is available in
ngx_http_addition_filter_module.c.
What you try to do with subrequests isn't really supported (the
fact that it works - is actually a side effect of subrequests
processing rewrite in 0.7.25), hence no guides.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx
mailing list