diff options
| author | Igor Sysoev <igor@sysoev.ru> | 2015-01-27 15:38:15 +0300 |
|---|---|---|
| committer | Igor Sysoev <igor@sysoev.ru> | 2015-01-27 15:38:15 +0300 |
| commit | 415c8ec4b4b0bc3f2cd575f33b987661cc62e87d (patch) | |
| tree | 803449f5fc6e21d9758e1714397c07b7d46836c6 /src/core/ngx_string.c | |
| parent | 7e1eba5faadaff9a103434dc9472ed321ea98d7e (diff) | |
| download | nginx-415c8ec4b4b0bc3f2cd575f33b987661cc62e87d.tar.gz nginx-415c8ec4b4b0bc3f2cd575f33b987661cc62e87d.zip | |
A bounds check of %N format on Windows.
Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.
Diffstat (limited to 'src/core/ngx_string.c')
| -rw-r--r-- | src/core/ngx_string.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c index a41c38d37..f8641b7ab 100644 --- a/src/core/ngx_string.c +++ b/src/core/ngx_string.c @@ -429,8 +429,12 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args) case 'N': #if (NGX_WIN32) *buf++ = CR; -#endif + if (buf < last) { + *buf++ = LF; + } +#else *buf++ = LF; +#endif fmt++; continue; |