Google Git
Sign in
nginx/nginx/da8bb22634e9cf5419b839c9ba7a359efc62c7b1^!/./src/core/ngx_resolver.c
commit
da8bb22634e9cf5419b839c9ba7a359efc62c7b1
[log]
author
Ruslan Ermilov <ru@nginx.com>
Mon Jun 18 12:30:45 2012 +0000
committer
Ruslan Ermilov <ru@nginx.com>
Mon Jun 18 12:30:45 2012 +0000
tree
d04633c7105e8e0d73e0eb6ee5408b6e5441b7b4
parent
b9feaa8dd944e7d715b481474ccb08096bdb190c [diff] [blame]
Fixed crash in ngx_resolver_cleanup_tree().

If sending a DNS request fails with an error (e.g., when mistakenly trying
to send it to a local IP broadcast), such a request is not deleted if there
are clients waiting on it.  However, it was still erroneously removed from
the queue.  Later ngx_resolver_cleanup_tree() attempted to remove it from
the queue again that resulted in a NULL pointer dereference.

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 2b0e41a..53fbbf9 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c

@@ -977,12 +977,11 @@
 
         if (rn->waiting) {
 
-            if (ngx_resolver_send_query(r, rn) == NGX_OK) {
+            (void) ngx_resolver_send_query(r, rn);
 
-                rn->expire = now + r->resend_timeout;
+            rn->expire = now + r->resend_timeout;
 
-                ngx_queue_insert_head(queue, &rn->queue);
-            }
+            ngx_queue_insert_head(queue, q);
 
             continue;
         }