From 07c3c53e00b49aa25451a38fdb0aadb875ff8432 Mon Sep 17 00:00:00 2001 From: Maxim Dounin Date: Fri, 29 Mar 2013 17:19:11 +0000 Subject: Merge of r5083: fixed potential segfault in keepalive handler. Fixed potential segfault in ngx_http_keepalive_handler(). In case of error in the read event handling we close a connection by calling ngx_http_close_connection(), that also destroys connection pool. Thereafter, an attempt to free a buffer (added in r4892) that was allocated from the pool could cause SIGSEGV and is meaningless as well (the buffer already freed with the pool). --- src/http/ngx_http_request.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index ee00fd3af..bac35fcc9 100644 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -2743,6 +2743,7 @@ ngx_http_keepalive_handler(ngx_event_t *rev) if (n == NGX_AGAIN) { if (ngx_handle_read_event(rev, 0) != NGX_OK) { ngx_http_close_connection(c); + return; } /* -- cgit v1.2.1