]> git.kaiwu.me - nginx.git/commitdiff
Merge of r5083: fixed potential segfault in keepalive handler.
authorMaxim Dounin <mdounin@mdounin.ru>
Fri, 29 Mar 2013 17:19:11 +0000 (17:19 +0000)
committerMaxim Dounin <mdounin@mdounin.ru>
Fri, 29 Mar 2013 17:19:11 +0000 (17:19 +0000)
Fixed potential segfault in ngx_http_keepalive_handler().

In case of error in the read event handling we close a connection
by calling ngx_http_close_connection(), that also destroys connection
pool. Thereafter, an attempt to free a buffer (added in r4892) that
was allocated from the pool could cause SIGSEGV and is meaningless
as well (the buffer already freed with the pool).

src/http/ngx_http_request.c

index ee00fd3af077f1c367da30192c3f0788e2fc9aee..bac35fcc9d74cdd1649da8fa4807622933d8b6dc 100644 (file)
@@ -2743,6 +2743,7 @@ ngx_http_keepalive_handler(ngx_event_t *rev)
     if (n == NGX_AGAIN) {
         if (ngx_handle_read_event(rev, 0) != NGX_OK) {
             ngx_http_close_connection(c);
+            return;
         }
 
         /*