From 84734aa1f96b9049f4425cdc4bdec782b3d52840 Mon Sep 17 00:00:00 2001 From: "Yichun Zhang (agentzh)" Date: Sun, 17 Dec 2017 00:03:29 -0800 Subject: [PATCH] bugfix: fixed double free issues in the new init_cycle_pool_release patch for the nginx core. --- ...nginx-1.13.6-init_cycle_pool_release.patch | 45 ++++++++++++------- 1 file changed, 30 insertions(+), 15 deletions(-) diff --git a/patches/nginx-1.13.6-init_cycle_pool_release.patch b/patches/nginx-1.13.6-init_cycle_pool_release.patch index 8f9f6cf..68cced2 100644 --- a/patches/nginx-1.13.6-init_cycle_pool_release.patch +++ b/patches/nginx-1.13.6-init_cycle_pool_release.patch @@ -1,7 +1,7 @@ -diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c ---- nginx-1.13.6/src/core/nginx.c 2017-12-16 12:04:13.923270925 -0800 -+++ nginx-1.13.6-patched/src/core/nginx.c 2017-12-16 12:03:55.013934545 -0800 -@@ -198,6 +198,7 @@ +diff -rup nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c +--- nginx-1.13.6/src/core/nginx.c 2017-12-17 00:00:38.136470108 -0800 ++++ nginx-1.13.6-patched/src/core/nginx.c 2017-12-16 23:59:51.680958322 -0800 +@@ -186,6 +186,7 @@ static u_char *ngx_prefix; static u_char *ngx_conf_file; static u_char *ngx_conf_params; static char *ngx_signal; @@ -9,7 +9,7 @@ diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c static char **ngx_os_environ; -@@ -265,6 +266,8 @@ +@@ -253,6 +254,8 @@ main(int argc, char *const *argv) return 1; } @@ -18,27 +18,42 @@ diff -ur nginx-1.13.6/src/core/nginx.c nginx-1.13.6-patched/src/core/nginx.c if (ngx_save_argv(&init_cycle, argc, argv) != NGX_OK) { return 1; } -diff -ur nginx-1.13.6/src/core/ngx_core.h nginx-1.13.6-patched/src/core/ngx_core.h +diff -rup nginx-1.13.6/src/core/ngx_core.h nginx-1.13.6-patched/src/core/ngx_core.h --- nginx-1.13.6/src/core/ngx_core.h 2017-10-10 08:22:51.000000000 -0700 -+++ nginx-1.13.6-patched/src/core/ngx_core.h 2017-12-16 12:03:55.013934545 -0800 -@@ -108,4 +108,6 @@ ++++ nginx-1.13.6-patched/src/core/ngx_core.h 2017-12-16 23:59:51.679958370 -0800 +@@ -108,4 +108,6 @@ void ngx_cpuinfo(void); #define NGX_DISABLE_SYMLINKS_NOTOWNER 2 #endif +extern ngx_pool_t *saved_init_cycle_pool; + #endif /* _NGX_CORE_H_INCLUDED_ */ -diff -ur nginx-1.13.6/src/os/unix/ngx_process_cycle.c nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c ---- nginx-1.13.6/src/os/unix/ngx_process_cycle.c 2017-12-16 12:04:13.901271675 -0800 -+++ nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 12:03:55.027933951 -0800 -@@ -785,6 +785,10 @@ +diff -rup nginx-1.13.6/src/core/ngx_cycle.c nginx-1.13.6-patched/src/core/ngx_cycle.c +--- nginx-1.13.6/src/core/ngx_cycle.c 2017-10-10 08:22:51.000000000 -0700 ++++ nginx-1.13.6-patched/src/core/ngx_cycle.c 2017-12-16 23:59:51.678958419 -0800 +@@ -748,6 +748,10 @@ old_shm_zone_done: - ngx_destroy_pool(cycle->pool); + if (ngx_process == NGX_PROCESS_MASTER || ngx_is_init_cycle(old_cycle)) { + ++ if (ngx_is_init_cycle(old_cycle)) { ++ saved_init_cycle_pool = NULL; ++ } ++ + ngx_destroy_pool(old_cycle->pool); + cycle->old_cycle = NULL; + +diff -rup nginx-1.13.6/src/os/unix/ngx_process_cycle.c nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c +--- nginx-1.13.6/src/os/unix/ngx_process_cycle.c 2017-12-17 00:00:38.142469762 -0800 ++++ nginx-1.13.6-patched/src/os/unix/ngx_process_cycle.c 2017-12-16 23:59:51.691957791 -0800 +@@ -783,6 +783,11 @@ ngx_master_process_exit(ngx_cycle_t *cyc + ngx_exit_cycle.files_n = ngx_cycle->files_n; + ngx_cycle = &ngx_exit_cycle; + if (saved_init_cycle_pool != NULL && saved_init_cycle_pool != cycle->pool) { + ngx_destroy_pool(saved_init_cycle_pool); ++ saved_init_cycle_pool = NULL; + } + - exit(0); - } + ngx_destroy_pool(cycle->pool); + exit(0);