Changeset 7203:8b0553239592 in nginx


Ignore:
Timestamp:
02/09/18 20:20:08 (13 days ago)
Author:
Ruslan Ermilov <ru@…>
Branch:
default
Message:

HTTP/2: fixed null pointer dereference with server push.

r->headers_in.host can be NULL in ngx_http_v2_push_resource().

This happens when a request is terminated with 400 before the :authority
or Host header is parsed, and either pushing is enabled on the server{}
level or error_page 400 redirects to a location with pushes configured.

Found by Coverity (CID 1429156).

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/http/v2/ngx_http_v2_filter_module.c

    r7202 r7203  
    947947    host = r->headers_in.host;
    948948
    949     if (authority->len == 0 && host) {
     949    if (host == NULL) {
     950        return NGX_ABORT;
     951    }
     952
     953    if (authority->len == 0) {
    950954
    951955        len = 1 + NGX_HTTP_V2_INT_OCTETS + host->value.len;
Note: See TracChangeset for help on using the changeset viewer.