SPDY: fixed possible uninitialized memory access. The frame->stream pointer should always be initialized for control frames since the check against it can be performed in ngx_http_spdy_filter_cleanup().

commit: b2b43ca50f0bfdf31a600f61db28155f13382b22 [log] [tgz]
author: Valentin Bartenev <vbart@nginx.com> Wed Jan 15 17:16:38 2014 +0400
committer: Valentin Bartenev <vbart@nginx.com> Wed Jan 15 17:16:38 2014 +0400
tree: de69045504b6e0bbbc1971c225107c73e3a68092
parent: d143119e3cb939b69cb77d5bce6ac37f16e7c197 [diff] [blame]
diff --git a/src/http/ngx_http_spdy.c b/src/http/ngx_http_spdy.c
index e576196..01b8e28 100644
--- a/src/http/ngx_http_spdy.c
+++ b/src/http/ngx_http_spdy.c

@@ -1633,8 +1633,8 @@
     frame->first = cl;
     frame->last = cl;
     frame->handler = ngx_http_spdy_settings_frame_handler;
-#if (NGX_DEBUG)
     frame->stream = NULL;
+#if (NGX_DEBUG)
     frame->size = NGX_SPDY_FRAME_HEADER_SIZE
                   + NGX_SPDY_SETTINGS_NUM_SIZE
                   + NGX_SPDY_SETTINGS_PAIR_SIZE;
@@ -1722,6 +1722,7 @@
         frame->first = cl;
         frame->last = cl;
         frame->handler = ngx_http_spdy_ctl_frame_handler;
+        frame->stream = NULL;
     }
 
     frame->free = NULL;
@@ -1733,7 +1734,6 @@
         return NULL;
     }
 
-    frame->stream = NULL;
     frame->size = size;
 #endif
commit	b2b43ca50f0bfdf31a600f61db28155f13382b22	[log] [tgz]
author	Valentin Bartenev <vbart@nginx.com>	Wed Jan 15 17:16:38 2014 +0400
committer	Valentin Bartenev <vbart@nginx.com>	Wed Jan 15 17:16:38 2014 +0400
tree	de69045504b6e0bbbc1971c225107c73e3a68092
parent	d143119e3cb939b69cb77d5bce6ac37f16e7c197 [diff] [blame]