mirror of
https://github.com/nginx/nginx.git
synced 2025-06-29 18:50:39 +08:00
SPDY: fixed possible uninitialized memory access.
The frame->stream pointer should always be initialized for control frames since the check against it can be performed in ngx_http_spdy_filter_cleanup().
This commit is contained in:
Valentin Bartenev
parent
d143119e3c
commit
b2b43ca50f
@ -1633,8 +1633,8 @@ ngx_http_spdy_send_settings(ngx_http_spdy_connection_t *sc)
|
|||||||
frame->first = cl;
|
frame->first = cl;
|
||||||
frame->last = cl;
|
frame->last = cl;
|
||||||
frame->handler = ngx_http_spdy_settings_frame_handler;
|
frame->handler = ngx_http_spdy_settings_frame_handler;
|
||||||
#if (NGX_DEBUG)
|
|
||||||
frame->stream = NULL;
|
frame->stream = NULL;
|
||||||
|
#if (NGX_DEBUG)
|
||||||
frame->size = NGX_SPDY_FRAME_HEADER_SIZE
|
frame->size = NGX_SPDY_FRAME_HEADER_SIZE
|
||||||
+ NGX_SPDY_SETTINGS_NUM_SIZE
|
+ NGX_SPDY_SETTINGS_NUM_SIZE
|
||||||
+ NGX_SPDY_SETTINGS_PAIR_SIZE;
|
+ NGX_SPDY_SETTINGS_PAIR_SIZE;
|
||||||
@ -1722,6 +1722,7 @@ ngx_http_spdy_get_ctl_frame(ngx_http_spdy_connection_t *sc, size_t size,
|
|||||||
frame->first = cl;
|
frame->first = cl;
|
||||||
frame->last = cl;
|
frame->last = cl;
|
||||||
frame->handler = ngx_http_spdy_ctl_frame_handler;
|
frame->handler = ngx_http_spdy_ctl_frame_handler;
|
||||||
|
frame->stream = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
frame->free = NULL;
|
frame->free = NULL;
|
||||||
@ -1733,7 +1734,6 @@ ngx_http_spdy_get_ctl_frame(ngx_http_spdy_connection_t *sc, size_t size,
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
frame->stream = NULL;
|
|
||||||
frame->size = size;
|
frame->size = size;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user