diff options
| author |   robert <robert@openbsd.org> | 2012-04-04 14:26:40 +0000 |
|---|---|---|
| committer | robert <robert@openbsd.org> | 2012-04-04 14:26:40 +0000 |
| commit | 92e8e13ba90d83215e3fcf413a702a15395e0c55 (patch) | |
| tree | a946115520e2ab289f287a16df560df58a519698 /usr.sbin/nginx/src/core/ngx_cycle.c | |
| parent | Don't 'reserve' a head/track if there is only only 1 head and 1 (diff) | |
| download | wireguard-openbsd-92e8e13ba90d83215e3fcf413a702a15395e0c55.tar.xz wireguard-openbsd-92e8e13ba90d83215e3fcf413a702a15395e0c55.zip | |
Set the correct string lengths when stripping the chroot prefix
from the paths because ngx_str_set() does not set it correctly for us.
This change also avoid a use after free() case which was discovered by sthen@
Based on a diff from Steffen Daode Nurpmeso, tested by me and sthen@
Diffstat (limited to 'usr.sbin/nginx/src/core/ngx_cycle.c')
| -rw-r--r-- | usr.sbin/nginx/src/core/ngx_cycle.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/usr.sbin/nginx/src/core/ngx_cycle.c b/usr.sbin/nginx/src/core/ngx_cycle.c index e6e1c003cff..e8373fe63a4 100644 --- a/usr.sbin/nginx/src/core/ngx_cycle.c +++ b/usr.sbin/nginx/src/core/ngx_cycle.c @@ -1116,7 +1116,6 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user) ngx_uint_t i; ngx_list_part_t *part; ngx_open_file_t *file; - char *buf; part = &cycle->open_files.part; file = part->elts; @@ -1139,15 +1138,15 @@ ngx_reopen_files(ngx_cycle_t *cycle, ngx_uid_t user) len = file[i].pos - file[i].buffer; if ((ngx_process == NGX_PROCESS_WORKER) && ngx_chrooted && file[i].name.data[0] == '/') { - buf = malloc(file[i].name.len); - ngx_cpystrn(buf, file[i].name.data + strlen(NGX_PREFIX), + char *x, *buf = malloc(file[i].name.len); + x = ngx_cpystrn(buf, file[i].name.data + strlen(NGX_PREFIX), file[i].name.len); while (buf[0] == '/') { buf++; } - ngx_str_set(&file[i].name, buf); - free(buf); - } + file[i].name.len = (x - buf); + file[i].name.data = buf; + } if (file[i].buffer && len != 0) { |