IntenseWebs/nginx
3
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-11-24 09:50:18 -06:00
Code Issues Packages Projects Releases Wiki Activity

Geo: fixed uninitialized memory access.

Browse Source 
While copying ngx_http_variable_value_t structures to geo binary base
in ngx_http_geo_copy_values(), and similarly in the stream module,
uninitialized parts of these structures are copied as well.  These
include the "escape" field and possible holes.  Calculating crc32 of
this data triggers uninitialized memory access.

Found with MemorySanitizer.

Signed-off-by: Piotr Sikora <piotr@aviatrix.com>
This commit is contained in:
Piotr Sikora 2024-03-14 18:37:20 +04:00
parent 5e79d98a59
commit d3d64cacb3
2 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/http/modules/ngx_http_geo_module.c
View File

@ -1259,7 +1259,7 @@ ngx_http_geo_value(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
return gvvn->value;
}
val = ngx_palloc(ctx->pool, sizeof(ngx_http_variable_value_t));
val = ngx_pcalloc(ctx->pool, sizeof(ngx_http_variable_value_t));
if (val == NULL) {
return NULL;
}
@ -1271,8 +1271,6 @@ ngx_http_geo_value(ngx_conf_t *cf, ngx_http_geo_conf_ctx_t *ctx,
}
val->valid = 1;
val->no_cacheable = 0;
val->not_found = 0;
gvvn = ngx_palloc(ctx->temp_pool,
sizeof(ngx_http_geo_variable_value_node_t));

4
src/stream/ngx_stream_geo_module.c
View File

@ -1209,7 +1209,7 @@ ngx_stream_geo_value(ngx_conf_t *cf, ngx_stream_geo_conf_ctx_t *ctx,
return gvvn->value;
}
val = ngx_palloc(ctx->pool, sizeof(ngx_stream_variable_value_t));
val = ngx_pcalloc(ctx->pool, sizeof(ngx_stream_variable_value_t));
if (val == NULL) {
return NULL;
}
@ -1221,8 +1221,6 @@ ngx_stream_geo_value(ngx_conf_t *cf, ngx_stream_geo_conf_ctx_t *ctx,
}
val->valid = 1;
val->no_cacheable = 0;
val->not_found = 0;
gvvn = ngx_palloc(ctx->temp_pool,
sizeof(ngx_stream_geo_variable_value_node_t));