Cleaned up r->headers_out.headers allocation error handling.

If initialization of a header failed for some reason after ngx_list_push(), leaving the header as is can result in uninitialized memory access by the header filter or the log module. The fix is to clear partially initialized headers in case of errors. For the Cache-Control header, the fix is to postpone pushing r->headers_out.cache_control until its value is completed.
author: Sergey Kandaurov <pluknet@nginx.com> 2017-04-20 18:26:37 +0300
committer: Sergey Kandaurov <pluknet@nginx.com> 2017-04-20 18:26:37 +0300
commit: 9ecf8428645579cf66adc5ba939bf1267924c5bc (patch)
tree: bffebdeaec5665d8c6e1c128cffb6f9287773d2a /src/http/modules/ngx_http_auth_basic_module.c
parent: 30e26a8c57fab4b7d95eacc7fd5c0bae23364529 (diff)
download: nginx-9ecf8428645579cf66adc5ba939bf1267924c5bc.tar.gz
nginx-9ecf8428645579cf66adc5ba939bf1267924c5bc.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/http/modules/ngx_http_auth_basic_module.c b/src/http/modules/ngx_http_auth_basic_module.c
index 1e7a0c2df..4aa684f8a 100644
--- a/src/http/modules/ngx_http_auth_basic_module.c
+++ b/src/http/modules/ngx_http_auth_basic_module.c
@@ -361,6 +361,8 @@ ngx_http_auth_basic_set_realm(ngx_http_request_t *r, ngx_str_t *realm)
 
     basic = ngx_pnalloc(r->pool, len);
     if (basic == NULL) {
+        r->headers_out.www_authenticate->hash = 0;
+        r->headers_out.www_authenticate = NULL;
         return NGX_HTTP_INTERNAL_SERVER_ERROR;
     }
author	Sergey Kandaurov <pluknet@nginx.com>	2017-04-20 18:26:37 +0300
committer	Sergey Kandaurov <pluknet@nginx.com>	2017-04-20 18:26:37 +0300
commit	9ecf8428645579cf66adc5ba939bf1267924c5bc (patch)
tree	bffebdeaec5665d8c6e1c128cffb6f9287773d2a /src/http/modules/ngx_http_auth_basic_module.c
parent	30e26a8c57fab4b7d95eacc7fd5c0bae23364529 (diff)
download	nginx-9ecf8428645579cf66adc5ba939bf1267924c5bc.tar.gz nginx-9ecf8428645579cf66adc5ba939bf1267924c5bc.zip