stream-lua-nginx-module icon indicating copy to clipboard operation
stream-lua-nginx-module copied to clipboard
verified publisher icon openresty

fixes: add null check for ngx_stream_lua_get_req in ngx_stream_lua_util

Open Fahnenfluchtige opened this issue 8 months ago • 0 comments

The Svace static analysis tool identified a potential issue in the function ngx_stream_lua_req_socket(), where the return value of ngx_stream_lua_get_req is not checked (line 1936):

r = ngx_stream_lua_get_req(L);

The return value of ngx_stream_lua_get_req(L) was used without a null check. But this function (ngx_stream_lua_get_req) is typically checked for NULL in most usages. And moreover, dereferencing a potentially NULL pointer can lead to undefined behavior

So, the solution is to add null-checking:

@@ -1935,6 +1935,10 @@ ngx_stream_lua_req_socket(lua_State *L)
 
     r = ngx_stream_lua_get_req(L);
 
+    if (r == NULL) {
+        return luaL_error(L, "no request found");
+    }

Fahnenfluchtige avatar Apr 10 '25 14:04 Fahnenfluchtige