diff options
| author | Maxim Dounin <mdounin@mdounin.ru> | 2012-06-04 10:15:55 +0000 |
|---|---|---|
| committer | Maxim Dounin <mdounin@mdounin.ru> | 2012-06-04 10:15:55 +0000 |
| commit | 5f291006a65d7a7dbcfbb5d315f04eaf3917d868 (patch) | |
| tree | 92cb65aa67c1436b77f9cb516b4aac12b7d24f51 /src/http/ngx_http_request.c | |
| parent | d9a65e9874028c9a38dde1ea52ba744ec2a19d6d (diff) | |
| download | nginx-5f291006a65d7a7dbcfbb5d315f04eaf3917d868.tar.gz nginx-5f291006a65d7a7dbcfbb5d315f04eaf3917d868.zip | |
Merge of r4611, r4620: resolver fixes.
*) Fixed segmentation fault in ngx_resolver_create_name_query().
If name passed for resolution was { 0, NULL } (e.g. as a result
of name server returning CNAME pointing to ".") pointer wrapped
to (void *) -1 resulting in segmentation fault on an attempt to
dereference it.
Reported by Lanshun Zhou.
*) Resolver: protection from duplicate responses.
If we already had CNAME in resolver node (i.e. rn->cnlen and rn->u.cname
set), and got additional response with A record, it resulted in rn->cnlen
set and rn->u.cname overwritten by rn->u.addr (or rn->u.addrs), causing
segmentation fault later in ngx_resolver_free_node() on an attempt to free
overwritten rn->u.cname. The opposite (i.e. CNAME got after A) might cause
similar problems as well.
Diffstat (limited to 'src/http/ngx_http_request.c')
0 files changed, 0 insertions, 0 deletions