Merge of r4785, r4795, r4811, r4812, r4816, r4822: coverity.

*) Resolver: fixed possible memory leak in ngx_resolver_create().

*) Explicitly ignore returned value from unlink() in ngx_open_tempfile().

*) Explicitly ignore returned value from close() in ngx_event_core_init_conf().

*) Added three missing checks for NULL after ngx_array_push() calls.

*) Crypt: fixed handling of corrupted SSHA entries in password file.

*) Mark logically dead code with corresponding comment.

Found by / prodded by Coverity.

diff --git a/src/core/ngx_crypt.c b/src/core/ngx_crypt.c
index 365f9c82a8e8ea460bac2340da0d72dabe8b475f..b2e25b9010125340f3c67ac8bd4ea3b3dab04ffb 100644 (file)
--- a/src/core/ngx_crypt.c
+++ b/src/core/ngx_crypt.c
@@ -194,6 +194,7 @@ static ngx_int_t
 ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
 {
     size_t       len;
+    ngx_int_t    rc;
     ngx_str_t    encoded, decoded;
     ngx_sha1_t   sha1;
 
@@ -204,12 +205,18 @@ ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted)
     encoded.data = salt + sizeof("{SSHA}") - 1;
     encoded.len = ngx_strlen(encoded.data);
 
-    decoded.data = ngx_pnalloc(pool, ngx_base64_decoded_length(encoded.len));
+    len = ngx_max(ngx_base64_decoded_length(encoded.len), 20);
+
+    decoded.data = ngx_pnalloc(pool, len);
     if (decoded.data == NULL) {
         return NGX_ERROR;
     }
 
-    ngx_decode_base64(&decoded, &encoded);
+    rc = ngx_decode_base64(&decoded, &encoded);
+
+    if (rc != NGX_OK || decoded.len < 20) {
+        decoded.len = 20;
+    }
 
     /* update SHA1 from key and salt */
 

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 3e75e05a37896266f1bda8e6f014996e9145a0df..178e0831d56177c6cf073f849c992a1a3371bcbb 100644 (file)
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -113,15 +113,6 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
         return NULL;
     }
 
-    if (n) {
-        if (ngx_array_init(&r->udp_connections, cf->pool, n,
-                           sizeof(ngx_udp_connection_t))
-            != NGX_OK)
-        {
-            return NULL;
-        }
-    }
-
     cln->data = r;
 
     r->event = ngx_calloc(sizeof(ngx_event_t), cf->log);
@@ -153,6 +144,15 @@ ngx_resolver_create(ngx_conf_t *cf, ngx_str_t *names, ngx_uint_t n)
     r->log = &cf->cycle->new_log;
     r->log_level = NGX_LOG_ERR;
 
+    if (n) {
+        if (ngx_array_init(&r->udp_connections, cf->pool, n,
+                           sizeof(ngx_udp_connection_t))
+            != NGX_OK)
+        {
+            return NULL;
+        }
+    }
+
     for (i = 0; i < n; i++) {
         if (ngx_strncmp(names[i].data, "valid=", 6) == 0) {
             s.len = names[i].len - 6;

diff --git a/src/event/ngx_event.c b/src/event/ngx_event.c
index 600a433942f5a9b234eb3185c88c340ca1905883..976bd646581caa3db7603e9d3cb818b00d2e4098 100644 (file)
--- a/src/event/ngx_event.c
+++ b/src/event/ngx_event.c
@@ -1214,7 +1214,7 @@ ngx_event_core_init_conf(ngx_cycle_t *cycle, void *conf)
     fd = epoll_create(100);
 
     if (fd != -1) {
-        close(fd);
+        (void) close(fd);
         module = &ngx_epoll_module;
 
     } else if (ngx_errno != NGX_ENOSYS) {

diff --git a/src/http/modules/ngx_http_fastcgi_module.c b/src/http/modules/ngx_http_fastcgi_module.c
index 55c3aef2931d8d9e829098ec85a9315bf6bbb523..e8ff24cac94c12e17f6c2d50729a1f2758bc88e6 100644 (file)
--- a/src/http/modules/ngx_http_fastcgi_module.c
+++ b/src/http/modules/ngx_http_fastcgi_module.c
@@ -1626,6 +1626,9 @@ ngx_http_fastcgi_process_header(ngx_http_request_t *r)
         }
 
         part = ngx_array_push(f->split_parts);
+        if (part == NULL) {
+            return NGX_ERROR;
+        }
 
         part->start = part_start;
         part->end = part_end;

diff --git a/src/http/modules/ngx_http_limit_conn_module.c b/src/http/modules/ngx_http_limit_conn_module.c
index 106da7a535e8ef76ccacdef187d617c22b2bf34c..e82ca493dab30ee967d5019e793db0444523f23b 100644 (file)
--- a/src/http/modules/ngx_http_limit_conn_module.c
+++ b/src/http/modules/ngx_http_limit_conn_module.c
@@ -721,6 +721,10 @@ ngx_http_limit_conn(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     }
 
     limit = ngx_array_push(&lccf->limits);
+    if (limit == NULL) {
+        return NGX_CONF_ERROR;
+    }
+
     limit->conn = n;
     limit->shm_zone = shm_zone;
 

diff --git a/src/http/modules/ngx_http_limit_req_module.c b/src/http/modules/ngx_http_limit_req_module.c
index 18db7154958e6c3ad50b2496611246a262c7aecf..3f9910e7178ea9af1179b5f563c2782b73129967 100644 (file)
--- a/src/http/modules/ngx_http_limit_req_module.c
+++ b/src/http/modules/ngx_http_limit_req_module.c
@@ -937,6 +937,9 @@ ngx_http_limit_req(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
     }
 
     limit = ngx_array_push(&lrcf->limits);
+    if (limit == NULL) {
+        return NGX_CONF_ERROR;
+    }
 
     limit->shm_zone = shm_zone;
     limit->burst = burst * 1000;

diff --git a/src/http/modules/ngx_http_ssi_filter_module.c b/src/http/modules/ngx_http_ssi_filter_module.c
index 219465ae909473843fc2b2c4e31918552d66a51a..6c2d0a9b0429cdee32dfedc83ca9656644714496 100644 (file)
--- a/src/http/modules/ngx_http_ssi_filter_module.c
+++ b/src/http/modules/ngx_http_ssi_filter_module.c
@@ -1024,6 +1024,7 @@ ngx_http_ssi_parse(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx)
         switch (state) {
 
         case ssi_start_state:
+            /* not reached */
             break;
 
         case ssi_tag_state:

diff --git a/src/os/unix/ngx_files.c b/src/os/unix/ngx_files.c
index 2dfa1b7a1ab967a5f02c5f5ff572e8c03b99d7a4..d71aec316d49fd96f030f8f338d6553e4e359866 100644 (file)
--- a/src/os/unix/ngx_files.c
+++ b/src/os/unix/ngx_files.c
@@ -139,7 +139,7 @@ ngx_open_tempfile(u_char *name, ngx_uint_t persistent, ngx_uint_t access)
               access ? access : 0600);
 
     if (fd != -1 && !persistent) {
-        unlink((const char *) name);
+        (void) unlink((const char *) name);
     }
 
     return fd;