ei
/
nginx-upload-progress-module
espelhamento de https://github.com/masterzen/nginx-upload-progress-module
Observar 1
Favorito 0
Fork 0
Código Issues 0 Versões 15 Wiki Atividade
Ver código fonte

fixed crash in read_event_handler if using id after the request died

tags/v0.4
Brice Figureau 18 anos atrás
pai
ba428437fc
commit
2feeda413b
1 arquivos alterados com 27 adições e 0 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 27
    0
      ngx_http_uploadprogress_module.c

+ 27
- 0
ngx_http_uploadprogress_module.c Ver arquivo 

@@ -285,6 +285,25 @@ ngx_http_uploadprogress_content_handler(ngx_http_request_t *r)
285 285 
     return rc;
286 286 
 }
287 287
288 
+static ngx_str_t* ngx_http_uploadprogress_strdup(ngx_str_t *src,  ngx_log_t * log)
289 
+{
290 
+    ngx_str_t *dst;
291 
+    dst = ngx_alloc(src->len + sizeof(ngx_str_t), log);
292 
+    if (dst == NULL) {
293 
+        return NULL;
294 
+    }
295 
+
296 
+    dst->len = src->len;
297 
+    ngx_memcpy(((char*)dst + sizeof(ngx_str_t)) , src->data, src->len);
298 
+    dst->data = ((u_char*)dst + sizeof(ngx_str_t));
299 
+    return dst;
300 
+}
301 
+
302 
+static void ngx_http_uploadprogress_strdupfree(ngx_str_t *str)
303 
+{
304 
+    ngx_free(str);
305 
+}
306 
+
288 307 
 static void ngx_http_uploadprogress_event_handler(ngx_http_request_t *r)
289 308 
 {
290 309 
     ngx_str_t                                   *id;
 
@@ -301,6 +320,10 @@ static void ngx_http_uploadprogress_event_handler(ngx_http_request_t *r)
301 320
302 321 
     /* find node, update rest */
303 322 
     id = get_tracking_id(r);
323 
+
324 
+    /* perform a deep copy of id */
325 
+    id = ngx_http_uploadprogress_strdup(id, r->connection->log);
326 
+
304 327 
     ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
305 328 
                    "upload-progress: read_event_handler found id: %V", id);
306 329 
     upcf = ngx_http_get_module_loc_conf(r, ngx_http_uploadprogress_module);
 
@@ -311,6 +334,8 @@ static void ngx_http_uploadprogress_event_handler(ngx_http_request_t *r)
311 334
312 335 
     /* at this stage, r is not anymore safe to use */
313 336 
     /* the request could have been closed/freed behind our back */
337 
+    /* and thats the same issue with any other material that was allocated in the request pool */
338 
+    /* like id for instance... */
314 339
315 340 
     if (id == NULL) {
316 341 
         ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
 
@@ -319,6 +344,7 @@ static void ngx_http_uploadprogress_event_handler(ngx_http_request_t *r)
319 344 
     }
320 345
321 346 
     if (upcf->shm_zone == NULL) {
347 
+        ngx_http_uploadprogress_strdupfree(id);
322 348 
         ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ngx_cycle->log, 0,
323 349 
                        "upload-progress: read_event_handler no shm_zone for id: %V", id);
324 350 
         return;
 
@@ -344,6 +370,7 @@ static void ngx_http_uploadprogress_event_handler(ngx_http_request_t *r)
344 370 
                        "upload-progress: read_event_handler not found: %V", id);
345 371 
     }
346 372 
     ngx_shmtx_unlock(&shpool->mutex);
373 
+    ngx_http_uploadprogress_strdupfree(id);
347 374 
 }
348 375
349 376 
 /* This generates the response for the report */

Escrever Pré-visualização
Carregando…
Cancelar
Salvar