diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2012-09-24 18:54:28 +0000 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2012-09-24 18:54:28 +0000 |
| commit | 191e31938e81f2a59a4ba4dc6b3f4f28bc232187 (patch) | |
| tree | 4a66b21305d26ed0522557cf19be9ffca6d7a758 | |
| parent | f8c0690d379ad745fe3a7e7f53548964278ce094 (diff) | |
| download | nginx-191e31938e81f2a59a4ba4dc6b3f4f28bc232187.tar.gz nginx-191e31938e81f2a59a4ba4dc6b3f4f28bc232187.zip | |
Merge of r4785, r4795, r4811, r4812, r4816, r4822: coverity.
*) Resolver: fixed possible memory leak in ngx_resolver_create().
*) Explicitly ignore returned value from unlink() in ngx_open_tempfile().
*) Explicitly ignore returned value from close() in ngx_event_core_init_conf().
*) Added three missing checks for NULL after ngx_array_push() calls.
*) Crypt: fixed handling of corrupted SSHA entries in password file.
*) Mark logically dead code with corresponding comment.
Found by / prodded by Coverity.
| -rw-r--r-- | src/core/ngx_crypt.c | 11 | ||||
| -rw-r--r-- | src/core/ngx_resolver.c | 18 | ||||
| -rw-r--r-- | src/event/ngx_event.c | 2 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_fastcgi_module.c | 3 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_limit_conn_module.c | 4 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_limit_req_module.c | 3 | ||||
| -rw-r--r-- | src/http/modules/ngx_http_ssi_filter_module.c | 1 | ||||
| -rw-r--r-- | src/os/unix/ngx_files.c | 2 |
8 files changed, 31 insertions, 13 deletions
diff --git a/src/core/ngx_crypt.c b/src/core/ngx_crypt.c index 365f9c82a..b2e25b901 100644 --- a/src/core/ngx_crypt.c +++ b/src/core/ngx_crypt.c @@ -194,6 +194,7 @@ static ngx_int_t ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) { size_t len; + ngx_int_t rc; ngx_str_t encoded, decoded; ngx_sha1_t sha1; @@ -204,12 +205,18 @@ ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) encoded.data = salt + sizeof("{SSHA}") - 1; encoded.len = ngx_strlen(encoded.data); - decoded.data = ngx_pnalloc(pool, ngx_base64_decoded_length(encoded.len)); + len = ngx_max(ngx_base64_decoded_length(encoded.len), 20); + + decoded.data = ngx_pnalloc(pool, len); if (decoded.data == NULL) { return NGX_ERROR; } - ngx_decode_base64(&decoded, &encoded); + rc = ngx_decode_base64(&decoded, &encoded); + + if (rc != NGX_OK || decoded.len < 20) { + decoded.len = 20; + } /* update SHA1 from key and salt */ diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c index 3e75e05a3..178e0831d 100644 --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -113,15 +113,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) return NULL; } - if (n) { - if (ngx_array_init(&r->udp_connections, cf->pool, n, - sizeof(ngx_udp_connection_t)) - != NGX_OK) - { - return NULL; - } - } - cln->data = r; r->event = ngx_calloc(sizeof(ngx_event_t), cf->log); @@ -153,6 +144,15 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n) r->log = &cf->cycle->new_log; r->log_level = NGX_LOG_ERR; + if (n) { + if (ngx_array_init(&r->udp_connections, cf->pool, n, + sizeof(ngx_udp_connection_t)) + != NGX_OK) + { + return NULL; + } + } + for (i = 0; i < n; i++) { if (ngx_strncmp(names[i].data, "valid=", 6) == 0) { s.len = names[i].len - 6; diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c index 600a43394..976bd6465 100644 --- a/src/event/ngx_event.c +++ b/src/event/ngx_event.c @@ -1214,7 +1214,7 @@ ngx_event_core_init_conf(ngx_cycle_t *cycle, void *conf) fd = epoll_create(100); if (fd != -1) { - close(fd); + (void) close(fd); module = &ngx_epoll_module; } else if (ngx_errno != NGX_ENOSYS) { diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c index 55c3aef29..e8ff24cac 100644 --- a/src/http/modules/ngx_http_fastcgi_module.c +++ b/src/http/modules/ngx_http_fastcgi_module.c @@ -1626,6 +1626,9 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r) } part = ngx_array_push(f->split_parts); + if (part == NULL) { + return NGX_ERROR; + } part->start = part_start; part->end = part_end; diff --git a/src/http/modules/ngx_http_limit_conn_module.c b/src/http/modules/ngx_http_limit_conn_module.c index 106da7a53..e82ca493d 100644 --- a/src/http/modules/ngx_http_limit_conn_module.c +++ b/src/http/modules/ngx_http_limit_conn_module.c @@ -721,6 +721,10 @@ ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) } limit = ngx_array_push(&lccf->limits); + if (limit == NULL) { + return NGX_CONF_ERROR; + } + limit->conn = n; limit->shm_zone = shm_zone; diff --git a/src/http/modules/ngx_http_limit_req_module.c b/src/http/modules/ngx_http_limit_req_module.c index 18db71549..3f9910e71 100644 --- a/src/http/modules/ngx_http_limit_req_module.c +++ b/src/http/modules/ngx_http_limit_req_module.c @@ -937,6 +937,9 @@ ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) } limit = ngx_array_push(&lrcf->limits); + if (limit == NULL) { + return NGX_CONF_ERROR; + } limit->shm_zone = shm_zone; limit->burst = burst * 1000; diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c index 219465ae9..6c2d0a9b0 100644 --- a/src/http/modules/ngx_http_ssi_filter_module.c +++ b/src/http/modules/ngx_http_ssi_filter_module.c @@ -1024,6 +1024,7 @@ ngx_http_ssi_parse(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx) switch (state) { case ssi_start_state: + /* not reached */ break; case ssi_tag_state: diff --git a/src/os/unix/ngx_files.c b/src/os/unix/ngx_files.c index 2dfa1b7a1..d71aec316 100644 --- a/src/os/unix/ngx_files.c +++ b/src/os/unix/ngx_files.c @@ -139,7 +139,7 @@ ngx_open_tempfile(u_char *name, ngx_uint_t persistent, ngx_uint_t access) access ? access : 0600); if (fd != -1 && !persistent) { - unlink((const char *) name); + (void) unlink((const char *) name); } return fd; |