Mercurial > hg > nginx

changeset 5518:ec9e9da4c1fb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SPDY: fixed possible uninitialized memory access. The frame->stream pointer should always be initialized for control frames since the check against it can be performed in ngx_http_spdy_filter_cleanup().
author Valentin Bartenev <vbart@nginx.com>
date Wed, 15 Jan 2014 17:16:38 +0400
parents 9d1479234f3c
children 22c249dac7c1
files src/http/ngx_http_spdy.c
diffstat 1 files changed, 2 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/http/ngx_http_spdy.c	Wed Jan 15 13:23:31 2014 +0400
+++ b/src/http/ngx_http_spdy.c	Wed Jan 15 17:16:38 2014 +0400
@@ -1633,8 +1633,8 @@
     frame->first = cl;
     frame->last = cl;
     frame->handler = ngx_http_spdy_settings_frame_handler;
+    frame->stream = NULL;
 #if (NGX_DEBUG)
-    frame->stream = NULL;
     frame->size = NGX_SPDY_FRAME_HEADER_SIZE
                   + NGX_SPDY_SETTINGS_NUM_SIZE
                   + NGX_SPDY_SETTINGS_PAIR_SIZE;
@@ -1722,6 +1722,7 @@
         frame->first = cl;
         frame->last = cl;
         frame->handler = ngx_http_spdy_ctl_frame_handler;
+        frame->stream = NULL;
     }
 
     frame->free = NULL;
@@ -1733,7 +1734,6 @@
         return NULL;
     }
 
-    frame->stream = NULL;
     frame->size = size;
 #endif