Possible dereference of Null

[LM4O322]

In result of static analyse of nginx source code (including ngx_http_modsecurity_module) with Svace static analyzer I found error of cathegory "DEREFERENCE OF NULL" (checker finds situations where possible value equal to null can be dereferenced) in ngx_http_modsecurity_module.c

Initialization with possible null returned value here:

ModSecurity-nginx/src/ngx_http_modsecurity_module.c

Line 202 in fd28e6a

location = ngx_list_push(&r->headers_out.headers);

And dereference of location->key field here:

ModSecurity-nginx/src/ngx_http_modsecurity_module.c

Line 203 in fd28e6a

ngx_str_set(&location->key, "Location");

---

Found by Linux Verification Center with SVACE

[LM4O322]

I think that a check should be added to the value assigned to the location variable.

[airween]

Hi @LM4O322,

could you send a PR to fix this issue?