From bfa56738af63907a719b054d0743b98ebc661d3c Mon Sep 17 00:00:00 2001 From: FengGu Date: Wed, 30 Jul 2014 14:45:08 +0800 Subject: [PATCH] Dav: ngx_http_map_uri_to_path() errors were not checked. Once error occured, it could lead to use uninitialized variables to log, even more segmentation fault. --- src/http/modules/ngx_http_dav_module.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/src/http/modules/ngx_http_dav_module.c b/src/http/modules/ngx_http_dav_module.c index e7f9e9ae3..529aba533 100644 --- a/src/http/modules/ngx_http_dav_module.c +++ b/src/http/modules/ngx_http_dav_module.c @@ -212,7 +212,10 @@ ngx_http_dav_put_handler(ngx_http_request_t *r) return; } - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } path.len--; @@ -320,7 +323,9 @@ ngx_http_dav_delete_handler(ngx_http_request_t *r) ok: - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http delete filename: \"%s\"", path.data); @@ -488,6 +493,9 @@ ngx_http_dav_mkcol_handler(ngx_http_request_t *r, ngx_http_dav_loc_conf_t *dlcf) } p = ngx_http_map_uri_to_path(r, &path, &root, 0); + if (p == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } *(p - 1) = '\0'; r->uri.len--; @@ -666,7 +674,9 @@ destination_done: overwrite_done: - ngx_http_map_uri_to_path(r, &path, &root, 0); + if (ngx_http_map_uri_to_path(r, &path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http copy from: \"%s\"", path.data); @@ -674,7 +684,9 @@ overwrite_done: uri = r->uri; r->uri = duri; - ngx_http_map_uri_to_path(r, ©.path, &root, 0); + if (ngx_http_map_uri_to_path(r, ©.path, &root, 0) == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } r->uri = uri;