Potential NULL dereference issue in the function ngx_stream_lua_sema_handler (ngx_stream_lua_semaphore.c)

[3xt3r]

Issue Fix potential null pointer dereference in ngx_stream_lua_sema_handler.

Description The current implementation of ngx_stream_lua_sema_handler function lacks verification of the return value from ngx_stream_lua_get_req. It can potentially lead to a NULL pointer dereference, causing unexpected crashes:

494: r = ngx_stream_lua_get_req(wait_co_ctx->co);
495:
496: ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
497: ngx_stream_lua_assert(ctx != NULL);

r is dereferenced in 496 without verifying that it is not NULL.

Patch

--- ngx_stream_lua_semaphore.c
+++ ngx_stream_lua_semaphore_patch.c
@@ -492,6 +492,10 @@
         }
 
         r = ngx_stream_lua_get_req(wait_co_ctx->co);
+        
+        if (r == NULL) {
+            return luaL_error(L, "no request found");
+        }
 
         ctx = ngx_stream_lua_get_module_ctx(r, ngx_stream_lua_module);
         ngx_stream_lua_assert(ctx != NULL);

Expected Result After applying this patch, the function properly handles the case when the request object (r) is NULL and gracefully returns an error to Lua instead of crashing.