[nginx] A bounds check of %N format on Windows.

Igor Sysoev Tue, 27 Jan 2015 04:39:02 -0800

details:   http://hg.nginx.org/nginx/rev/78271500b8de
branches:  
changeset: 5965:78271500b8de
user:      Igor Sysoev <i...@sysoev.ru>
date:      Tue Jan 27 15:38:15 2015 +0300
description:
A bounds check of %N format on Windows.
Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.


diffstat:

 src/core/ngx_string.c |  6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diffs (17 lines):

diff -r 0a198a517eaf -r 78271500b8de src/core/ngx_string.c
--- a/src/core/ngx_string.c     Wed Jan 14 09:03:35 2015 +0300
+++ b/src/core/ngx_string.c     Tue Jan 27 15:38:15 2015 +0300
@@ -429,8 +429,12 @@ ngx_vslprintf(u_char *buf, u_char *last,
             case 'N':
 #if (NGX_WIN32)
                 *buf++ = CR;
+                if (buf < last) {
+                    *buf++ = LF;
+                }
+#else
+                *buf++ = LF;
 #endif
-                *buf++ = LF;
                 fmt++;
 
                 continue;

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[nginx] A bounds check of %N format on Windows.

Reply via email to