Nginx/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2024-11-21 16:28:40 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

QUIC: fixed null pointer dereference in MAX_DATA handler.

Browse Source 
If a MAX_DATA frame was received before any stream was created, then the worker
process would crash in nginx_quic_handle_max_data_frame() while traversing the
stream tree.  The issue is solved by adding a check that makes sure the tree is
not empty.
This commit is contained in:
Mariano Di Martino 2021-09-03 14:23:50 +03:00
parent 47c993da63
commit 9985ab86bf
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/event/quic/ngx_event_quic_streams.c
View File

@ -1000,7 +1000,9 @@ ngx_quic_handle_max_data_frame(ngx_connection_t *c,
return NGX_OK;
}
if (qc->streams.sent >= qc->streams.send_max_data) {
if (tree->root != tree->sentinel
&& qc->streams.sent >= qc->streams.send_max_data)
{
for (node = ngx_rbtree_min(tree->root, tree->sentinel);
node;