bugfix: fixed double free issues in the new init_cycle_pool_release patch for the nginx core.

2017-12-17 00:03:29 -08:00 · 2017-12-17 00:03:29 -08:00 · 84734aa1f9
parent f721f66b4e
commit 84734aa1f9
1 changed files with 30 additions and 15 deletions
--- a/patches/nginx-1.13.6-init_cycle_pool_release.patch
+++ b/patches/nginx-1.13.6-init_cycle_pool_release.patch
@ -1,7 +1,7 @@
-diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c
--- nginx-1.13.6/src/core/nginx.c	2017-12-16 12:04:13.923270925 -0800
-+++ nginx-1.13.6-patched/src/core/nginx.c	2017-12-16 12:03:55.013934545 -0800
-@@ -198,6 +198,7 @@
+diff -rup nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c
+--- nginx-1.13.6/src/core/nginx.c	2017-12-17 00:00:38.136470108 -0800
+++ nginx-1.13.6-patched/src/core/nginx.c	2017-12-16 23:59:51.680958322 -0800
+@@ -186,6 +186,7 @@ static u_char      *ngx_prefix;
 static u_char      *ngx_conf_file;
 static u_char      *ngx_conf_params;
 static char        *ngx_signal;
@ -9,7 +9,7 @@ diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c
 
 
 static char **ngx_os_environ;
-@@ -265,6 +266,8 @@
+@@ -253,6 +254,8 @@ main(int argc, char *const *argv)
         return 1;
     }
 
@ -18,27 +18,42 @@ diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c
     if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) {
         return 1;
     }
-diff -ur nginx-1.13.6/src/core/ngx_core.h nginx-1.13.6-patched/src/core/ngx_core.h
+diff -rup nginx-1.13.6/src/core/ngx_core.h nginx-1.13.6-patched/src/core/ngx_core.h
 --- nginx-1.13.6/src/core/ngx_core.h	2017-10-10 08:22:51.000000000 -0700
-+++ nginx-1.13.6-patched/src/core/ngx_core.h	2017-12-16 12:03:55.013934545 -0800
-@@ -108,4 +108,6 @@
+++ nginx-1.13.6-patched/src/core/ngx_core.h	2017-12-16 23:59:51.679958370 -0800
+@@ -108,4 +108,6 @@ void ngx_cpuinfo(void);
 #define NGX_DISABLE_SYMLINKS_NOTOWNER   2
 #endif
 
 +extern ngx_pool_t        *saved_init_cycle_pool;
 +
 #endif /* _NGX_CORE_H_INCLUDED_ */
-diff -ur nginx-1.13.6/src/os/unix/ngx_process_cycle.c nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c
--- nginx-1.13.6/src/os/unix/ngx_process_cycle.c	2017-12-16 12:04:13.901271675 -0800
-+++ nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c	2017-12-16 12:03:55.027933951 -0800
-@@ -785,6 +785,10 @@
+diff -rup nginx-1.13.6/src/core/ngx_cycle.c nginx-1.13.6-patched/src/core/ngx_cycle.c
+--- nginx-1.13.6/src/core/ngx_cycle.c	2017-10-10 08:22:51.000000000 -0700
+++ nginx-1.13.6-patched/src/core/ngx_cycle.c	2017-12-16 23:59:51.678958419 -0800
+@@ -748,6 +748,10 @@ old_shm_zone_done:
 
-     ngx_destroy_pool(cycle->pool);
+     if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) {
+ 
+        if (ngx_is_init_cycle(old_cycle)) {
+            saved_init_cycle_pool = NULL;
+        }
+
+         ngx_destroy_pool(old_cycle->pool);
+         cycle->old_cycle = NULL;
+ 
+diff -rup nginx-1.13.6/src/os/unix/ngx_process_cycle.c nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c
+--- nginx-1.13.6/src/os/unix/ngx_process_cycle.c	2017-12-17 00:00:38.142469762 -0800
+++ nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c	2017-12-16 23:59:51.691957791 -0800
+@@ -783,6 +783,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc
+     ngx_exit_cycle.files_n = ngx_cycle->files_n;
+     ngx_cycle = &ngx_exit_cycle;
 
 +    if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) {
 +        ngx_destroy_pool(saved_init_cycle_pool);
+        saved_init_cycle_pool = NULL;
 +    }
 +
-     exit(0);
- }
+     ngx_destroy_pool(cycle->pool);
 
+     exit(0);