The following issues were found
src/core/ngx_open_file_cache.c
10 issues
Line: 27
Column: 49
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static void ngx_open_file_cache_cleanup(void *data);
#if (NGX_HAVE_OPENAT)
static ngx_fd_t ngx_openat_file_owner(ngx_fd_t at_fd, const u_char *name,
ngx_int_t mode, ngx_int_t create, ngx_int_t access, ngx_log_t *log);
#if (NGX_HAVE_O_PATH)
static ngx_int_t ngx_file_o_path_info(ngx_fd_t fd, ngx_file_info_t *fi,
ngx_log_t *log);
#endif
#endif
Reported by FlawFinder.
Line: 35
Column: 15
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#endif
static ngx_fd_t ngx_open_file_wrapper(ngx_str_t *name,
ngx_open_file_info_t *of, ngx_int_t mode, ngx_int_t create,
ngx_int_t access, ngx_log_t *log);
static ngx_int_t ngx_file_info_wrapper(ngx_str_t *name,
ngx_open_file_info_t *of, ngx_file_info_t *fi, ngx_log_t *log);
static ngx_int_t ngx_open_and_stat_file(ngx_str_t *name,
ngx_open_file_info_t *of, ngx_log_t *log);
static void ngx_open_file_add_event(ngx_open_file_cache_t *cache,
Reported by FlawFinder.
Line: 493
Column: 49
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static ngx_fd_t
ngx_openat_file_owner(ngx_fd_t at_fd, const u_char *name,
ngx_int_t mode, ngx_int_t create, ngx_int_t access, ngx_log_t *log)
{
ngx_fd_t fd;
ngx_err_t err;
ngx_file_info_t fi, atfi;
Reported by FlawFinder.
Line: 511
Column: 53
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* symlink during openat() or not).
*/
fd = ngx_openat_file(at_fd, name, mode, create, access);
if (fd == NGX_INVALID_FILE) {
return NGX_INVALID_FILE;
}
Reported by FlawFinder.
Line: 615
Column: 49
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static ngx_fd_t
ngx_open_file_wrapper(ngx_str_t *name, ngx_open_file_info_t *of,
ngx_int_t mode, ngx_int_t create, ngx_int_t access, ngx_log_t *log)
{
ngx_fd_t fd;
#if !(NGX_HAVE_OPENAT)
Reported by FlawFinder.
Line: 621
Column: 50
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
#if !(NGX_HAVE_OPENAT)
fd = ngx_open_file(name->data, mode, create, access);
if (fd == NGX_INVALID_FILE) {
of->err = ngx_errno;
of->failed = ngx_open_file_n;
return NGX_INVALID_FILE;
Reported by FlawFinder.
Line: 638
Column: 54
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
ngx_str_t at_name;
if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) {
fd = ngx_open_file(name->data, mode, create, access);
if (fd == NGX_INVALID_FILE) {
of->err = ngx_errno;
of->failed = ngx_open_file_n;
return NGX_INVALID_FILE;
Reported by FlawFinder.
Line: 748
Column: 56
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
* reopening a directory, we don't depend on it at all.
*/
fd = ngx_openat_file(at_fd, ".", mode, create, access);
goto done;
}
if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER
&& !(create & (NGX_FILE_CREATE_OR_OPEN|NGX_FILE_TRUNCATE)))
Reported by FlawFinder.
Line: 755
Column: 60
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER
&& !(create & (NGX_FILE_CREATE_OR_OPEN|NGX_FILE_TRUNCATE)))
{
fd = ngx_openat_file_owner(at_fd, p, mode, create, access, log);
} else {
fd = ngx_openat_file(at_fd, p, mode|NGX_FILE_NOFOLLOW, create, access);
}
Reported by FlawFinder.
Line: 758
Column: 72
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
fd = ngx_openat_file_owner(at_fd, p, mode, create, access, log);
} else {
fd = ngx_openat_file(at_fd, p, mode|NGX_FILE_NOFOLLOW, create, access);
}
done:
if (fd == NGX_INVALID_FILE) {
Reported by FlawFinder.
src/core/ngx_connection.c
10 issues
Line: 638
Column: 21
CWE codes:
362
Suggestion:
Use fchmod( ) instead
name = ls[i].addr_text.data + sizeof("unix:") - 1;
mode = (S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
if (chmod((char *) name, mode) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"chmod() \"%s\" failed", name);
}
if (ngx_test_config) {
Reported by FlawFinder.
Line: 1201
Column: 34
CWE codes:
120
20
} else {
if (c->read->active || c->read->disabled) {
ngx_del_event(c->read, NGX_READ_EVENT, NGX_CLOSE_EVENT);
}
if (c->write->active || c->write->disabled) {
ngx_del_event(c->write, NGX_WRITE_EVENT, NGX_CLOSE_EVENT);
}
Reported by FlawFinder.
src/http/ngx_http_request_body.c
8 issues
Line: 528
Column: 69
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
/* empty body with r->request_body_in_file_only */
if (ngx_create_temp_file(&tf->file, tf->path, tf->pool,
tf->persistent, tf->clean, tf->access)
!= NGX_OK)
{
return NGX_ERROR;
}
Reported by FlawFinder.
Line: 299
Column: 46
CWE codes:
120
20
if (rb->busy != NULL) {
if (r->request_body_no_buffering) {
if (c->read->timer_set) {
ngx_del_timer(c->read);
}
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
Reported by FlawFinder.
Line: 378
Column: 30
CWE codes:
120
20
if (!c->read->ready) {
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
ngx_add_timer(c->read, clcf->client_body_timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
Reported by FlawFinder.
Line: 380
Column: 42
CWE codes:
120
20
clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
ngx_add_timer(c->read, clcf->client_body_timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
return NGX_AGAIN;
}
Reported by FlawFinder.
Line: 393
Column: 26
CWE codes:
120
20
}
if (c->read->timer_set) {
ngx_del_timer(c->read);
}
if (!r->request_body_no_buffering) {
r->read_event_handler = ngx_http_block_reading;
rb->post_handler(r);
Reported by FlawFinder.
Line: 591
Column: 26
CWE codes:
120
20
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
rev = r->connection->read;
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, "http set discard body");
if (rev->timer_set) {
ngx_del_timer(rev);
Reported by FlawFinder.
Line: 653
Column: 14
CWE codes:
120
20
ngx_http_core_loc_conf_t *clcf;
c = r->connection;
rev = c->read;
if (rev->timedout) {
c->timedout = 1;
c->error = 1;
ngx_http_finalize_request(r, NGX_ERROR);
Reported by FlawFinder.
src/core/ngx_cycle.c
7 issues
Line: 1229
Column: 21
CWE codes:
362
Suggestion:
Use fchown( ) instead
}
if (fi.st_uid != user) {
if (chown((const char *) file[i].name.data, user, -1) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"chown(\"%s\", %d) failed",
file[i].name.data, user);
if (ngx_close_file(fd) == NGX_FILE_ERROR) {
Reported by FlawFinder.
Line: 1248
Column: 21
CWE codes:
362
Suggestion:
Use fchmod( ) instead
fi.st_mode |= (S_IRUSR|S_IWUSR);
if (chmod((const char *) file[i].name.data, fi.st_mode) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"chmod() \"%s\" failed", file[i].name.data);
if (ngx_close_file(fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
Reported by FlawFinder.
Line: 55
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ngx_listening_t *ls, *nls;
ngx_core_conf_t *ccf, *old_ccf;
ngx_core_module_t *module;
char hostname[NGX_MAXHOSTNAMELEN];
ngx_timezone_update();
/* force localtime update with a new timezone */
Reported by FlawFinder.
Line: 926
Column: 53
CWE codes:
362
ls = cycle->listening.elts;
for (i = 0; i < cycle->listening.nelts; i++) {
if (ls[i].fd == (ngx_socket_t) -1 || !ls[i].open) {
continue;
}
if (ngx_close_socket(ls[i].fd) == -1) {
ngx_log_error(NGX_LOG_EMERG, log, ngx_socket_errno,
Reported by FlawFinder.
Line: 1229
Column: 34
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
if (fi.st_uid != user) {
if (chown((const char *) file[i].name.data, user, -1) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"chown(\"%s\", %d) failed",
file[i].name.data, user);
if (ngx_close_file(fd) == NGX_FILE_ERROR) {
Reported by FlawFinder.
Line: 1248
Column: 34
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
fi.st_mode |= (S_IRUSR|S_IWUSR);
if (chmod((const char *) file[i].name.data, fi.st_mode) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"chmod() \"%s\" failed", file[i].name.data);
if (ngx_close_file(fd) == NGX_FILE_ERROR) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
Reported by FlawFinder.
src/http/modules/ngx_http_upstream_keepalive_module.c
6 issues
Line: 428
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
ngx_http_upstream_keepalive_cache_t *item;
int n;
char buf[1];
ngx_connection_t *c;
ngx_log_debug0(NGX_LOG_DEBUG_HTTP, ev->log, 0,
"keepalive close handler");
Reported by FlawFinder.
Line: 354
Column: 34
CWE codes:
120
20
goto invalid;
}
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
goto invalid;
}
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
"free keepalive peer: saving connection %p", c);
Reported by FlawFinder.
Line: 404
Column: 54
CWE codes:
120
20
ngx_memcpy(&item->sockaddr, pc->sockaddr, pc->socklen);
if (c->read->ready) {
ngx_http_upstream_keepalive_close_handler(c->read);
}
invalid:
kp->original_free_peer(pc, kp->data, state);
Reported by FlawFinder.
src/core/ngx_file.h
6 issues
Line: 78
Column: 32
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
ngx_pool_t *pool;
char *warn;
ngx_uint_t access;
unsigned log_level:8;
unsigned persistent:1;
unsigned clean:1;
unsigned thread_write:1;
Reported by FlawFinder.
Line: 88
Column: 32
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
typedef struct {
ngx_uint_t access;
ngx_uint_t path_access;
time_t time;
ngx_fd_t fd;
unsigned create_path:1;
Reported by FlawFinder.
Line: 104
Column: 32
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
off_t size;
size_t buf_size;
ngx_uint_t access;
time_t time;
ngx_log_t *log;
} ngx_copy_file_t;
Reported by FlawFinder.
Line: 119
Column: 32
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct ngx_tree_ctx_s {
off_t size;
off_t fs_size;
ngx_uint_t access;
time_t mtime;
ngx_tree_init_handler_pt init_handler;
ngx_tree_handler_pt file_handler;
ngx_tree_handler_pt pre_tree_handler;
Reported by FlawFinder.
Line: 141
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
ssize_t ngx_write_chain_to_temp_file(ngx_temp_file_t *tf, ngx_chain_t *chain);
ngx_int_t ngx_create_temp_file(ngx_file_t *file, ngx_path_t *path,
ngx_pool_t *pool, ngx_uint_t persistent, ngx_uint_t clean,
ngx_uint_t access);
void ngx_create_hashed_filename(ngx_path_t *path, u_char *file, size_t len);
ngx_int_t ngx_create_path(ngx_file_t *file, ngx_path_t *path);
ngx_err_t ngx_create_full_path(u_char *dir, ngx_uint_t access);
ngx_int_t ngx_add_path(ngx_conf_t *cf, ngx_path_t **slot);
ngx_int_t ngx_create_paths(ngx_cycle_t *cycle, ngx_uid_t user);
Reported by FlawFinder.
Line: 144
Column: 56
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
ngx_uint_t access);
void ngx_create_hashed_filename(ngx_path_t *path, u_char *file, size_t len);
ngx_int_t ngx_create_path(ngx_file_t *file, ngx_path_t *path);
ngx_err_t ngx_create_full_path(u_char *dir, ngx_uint_t access);
ngx_int_t ngx_add_path(ngx_conf_t *cf, ngx_path_t **slot);
ngx_int_t ngx_create_paths(ngx_cycle_t *cycle, ngx_uid_t user);
ngx_int_t ngx_ext_rename_file(ngx_str_t *src, ngx_str_t *to,
ngx_ext_rename_file_t *ext);
ngx_int_t ngx_copy_file(u_char *from, u_char *to, ngx_copy_file_t *cf);
Reported by FlawFinder.
src/mail/ngx_mail_imap_handler.c
5 issues
Line: 47
Column: 22
CWE codes:
120
20
c->read->handler = ngx_mail_imap_init_protocol;
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
Reported by FlawFinder.
Line: 126
Column: 38
CWE codes:
120
20
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "imap send handler busy");
s->blocked = 1;
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
return;
}
return;
Reported by FlawFinder.
Line: 139
Column: 38
CWE codes:
120
20
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN) {
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return;
}
return;
Reported by FlawFinder.
src/mail/ngx_mail_handler.c
5 issues
Line: 169
Column: 14
CWE codes:
120
20
c->log_error = NGX_ERROR_INFO;
rev = c->read;
rev->handler = ngx_mail_init_session_handler;
if (addr_conf->proxy_protocol) {
c->log->action = "reading PROXY protocol";
Reported by FlawFinder.
Line: 340
Column: 30
CWE codes:
120
20
if (!c->read->timer_set) {
cscf = ngx_mail_get_module_srv_conf(s, ngx_mail_core_module);
ngx_add_timer(c->read, cscf->timeout);
}
c->ssl->handler = ngx_mail_ssl_handshake_handler;
return;
Reported by FlawFinder.
Line: 372
Column: 46
CWE codes:
120
20
c->read->handler = cscf->protocol->init_protocol;
c->write->handler = ngx_mail_send;
cscf->protocol->init_protocol(c->read);
return;
}
c->read->ready = 0;
Reported by FlawFinder.
src/mail/ngx_mail_pop3_handler.c
5 issues
Line: 68
Column: 22
CWE codes:
120
20
c->read->handler = ngx_mail_pop3_init_protocol;
ngx_add_timer(c->read, cscf->timeout);
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
}
Reported by FlawFinder.
Line: 142
Column: 38
CWE codes:
120
20
ngx_log_debug0(NGX_LOG_DEBUG_MAIL, c->log, 0, "pop3 send handler busy");
s->blocked = 1;
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_close_connection(c);
return;
}
return;
Reported by FlawFinder.
Line: 155
Column: 38
CWE codes:
120
20
rc = ngx_mail_read_command(s, c);
if (rc == NGX_AGAIN) {
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return;
}
return;
Reported by FlawFinder.
Line: 300
Column: 38
CWE codes:
120
20
s->arg_start = s->buffer->pos;
}
if (ngx_handle_read_event(c->read, 0) != NGX_OK) {
ngx_mail_session_internal_server_error(s);
return;
}
ngx_mail_send(c->write);
Reported by FlawFinder.
src/event/modules/ngx_epoll_module.c
5 issues
Line: 442
Column: 13
CWE codes:
120
20
if (++ev->index == NGX_MAX_UINT32_VALUE) {
ev->index = 0;
n = read(notify_fd, &count, sizeof(uint64_t));
err = ngx_errno;
ngx_log_debug3(NGX_LOG_DEBUG_EVENT, ev->log, 0,
"read() eventfd %d: %z count:%uL", notify_fd, n, count);
Reported by FlawFinder.
Line: 842
Column: 18
CWE codes:
120
20
instance = (uintptr_t) c & 1;
c = (ngx_connection_t *) ((uintptr_t) c & (uintptr_t) ~1);
rev = c->read;
if (c->fd == -1 || rev->instance != instance) {
/*
* the stale event from a file descriptor
Reported by FlawFinder.
Line: 955
Column: 9
CWE codes:
120
20
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, ev->log, 0, "eventfd handler");
n = read(ngx_eventfd, &ready, 8);
err = ngx_errno;
ngx_log_debug1(NGX_LOG_DEBUG_EVENT, ev->log, 0, "eventfd: %d", n);
Reported by FlawFinder.