Anchels
Anchels
Greetings! I was analyzing **Nginx** modules with the **Svace** static analyzer. It has found an inconsistent code at the following method: https://github.com/yaoweibin/ngx_http_substitutions_filter_module/blob/e12e965ac1837ca709709f9a26f572a54d83430e/ngx_http_subs_filter_module.c#L277-L331 Here the result value `ctx->sub_pairs` of method invocation...
Hello! I was analyzing **Nginx** modules with the **Svace** static analyzer. It has found an inconsistency code at the following sections of the code: https://github.com/samizdatco/nginx-http-auth-digest/blob/5a2cae4812d8a1ba5f83dfbcb8d043d05c8e6f97/ngx_http_auth_digest_module.c#L1227-L1247 and https://github.com/samizdatco/nginx-http-auth-digest/blob/5a2cae4812d8a1ba5f83dfbcb8d043d05c8e6f97/ngx_http_auth_digest_module.c#L1286-L1308 --- In both...
Return value of a function `ngx_pcalloc` is dereferenced at without checking for NULL, but it is usually checked for this function: https://github.com/opentracing-contrib/nginx-opentracing/blob/4325d97b61f48c0204b39196402868ddac69d7de/opentracing/src/ngx_http_opentracing_module.cpp#L252-L259 Consider performing null check `if (!main_conf) return nullptr`...
Greetings! I've been investigating **lua-nginx-module** with **Svace** static analyzer and it found a curious method to look at. https://github.com/openresty/lua-nginx-module/blob/004922e1cf95eabde001203e2010365ff5d3e70d/src/ngx_http_lua_socket_tcp.c#L1629-L1881 Here the return value of method incovation `SSL_set_tlsext_status_type()` (which calls `SSL_ctrl()`...
Return value of a function `lua_touserdata` is dereferenced without checking for NULL, but it is usually checked for this function: https://github.com/openresty/lua-nginx-module/blob/9688812a4eba47c1f43892c998e50b988d740f5d/src/ngx_http_lua_socket_tcp.c#L4662-L4673 Similar issue with fucntion `ngx_http_lua_get_req`: https://github.com/openresty/lua-nginx-module/blob/9688812a4eba47c1f43892c998e50b988d740f5d/src/ngx_http_lua_socket_tcp.c#L5112-L5117 After having been...