diff options
author | DavidKorczynski <david@adalogics.com> | 2021-06-23 19:34:45 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-23 11:34:45 -0700 |
commit | 8154eaf3cb4604d8a470c699e4c5eb3eda13d1a9 (patch) | |
tree | 7edd44322289678ec6ba41d403adb85e66bd9b5e /projects/nginx | |
parent | 5426b732a152147ce1e0f7853f8ee03b4adfac23 (diff) | |
download | oss-fuzz-8154eaf3cb4604d8a470c699e4c5eb3eda13d1a9.tar.gz |
[nginx] memory leak fix (#5964)
* nginx: fix memleaks in fuzzer.
* simply fix.
Diffstat (limited to 'projects/nginx')
-rw-r--r-- | projects/nginx/fuzz/http_request_fuzzer.cc | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/projects/nginx/fuzz/http_request_fuzzer.cc b/projects/nginx/fuzz/http_request_fuzzer.cc index 8d69e82c8..d70e71997 100644 --- a/projects/nginx/fuzz/http_request_fuzzer.cc +++ b/projects/nginx/fuzz/http_request_fuzzer.cc @@ -286,6 +286,7 @@ DEFINE_PROTO_FUZZER(const HttpProto &input) { 255, &ngx_log); // 255 - (hopefully unused) socket descriptor c->shared = 1; + c->destroyed = 0; c->type = SOCK_STREAM; c->pool = ngx_create_pool(256, ngx_cycle->log); c->sockaddr = ls->sockaddr; @@ -301,10 +302,24 @@ DEFINE_PROTO_FUZZER(const HttpProto &input) { c->socklen = ls->socklen; c->local_sockaddr = ls->sockaddr; c->local_socklen = ls->socklen; + c->data = NULL; read_event1.ready = 1; write_event1.ready = write_event1.delayed = 1; // Will redirect to http parser ngx_http_init_connection(c); + + // We do not provide working timers or events, and thus we have to manually + // clean up the requests we created. We do this here. + // Cross-referencing: https://trac.nginx.org/nginx/ticket/2080#no1).I + // This is a fix that should be bettered in the future, by creating proper + // timers and events. + if (c->destroyed != 1) { + if (c->read->data != NULL) { + ngx_connection_t *c2 = (ngx_connection_t*)c->read->data; + ngx_http_free_request((ngx_http_request_t*)c2->data, 0); + } + ngx_http_close_connection(c); + } } |