Fixed potential segfault in ngx_http_keepalive_handler().

In case of error in the read event handling we close a connection
by calling ngx_http_close_connection(), that also destroys connection
pool. Thereafter, an attempt to free a buffer (added in r4892) that
was allocated from the pool could cause SIGSEGV and is meaningless
as well (the buffer already freed with the pool).

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 763e7bf11726d79de99e9a66cc78b82482aa8052..5dc6942b0013d7ba55b1fbbcce39ab3cc41894b4 100644 (file)
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -2758,6 +2758,7 @@ ngx_http_keepalive_handler(ngx_event_t *rev)
     if (n == NGX_AGAIN) {
         if (ngx_handle_read_event(rev, 0) != NGX_OK) {
             ngx_http_close_connection(c);
+            return;
         }
 
         /*