]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 66c23ed) | patch
SSL: overcame possible buffer over-read in ngx_ssl_error().
authorValentin Bartenev <vbart@nginx.com>
Tue, 18 Oct 2016 17:46:06 +0000 (20:46 +0300)
committerValentin Bartenev <vbart@nginx.com>
Tue, 18 Oct 2016 17:46:06 +0000 (20:46 +0300)
commit841737915c97ae07f626c8199c24679151bebfcd
tree9d874386904774bc44128631fb426b4e03363b62tree | snapshot
parent66c23edf6308867572d5c4b8341e7a3fe7e97864commit | diff
SSL: overcame possible buffer over-read in ngx_ssl_error().

It appeared that ERR_error_string_n() cannot handle zero buffer size well enough
and causes over-read.

The problem has also been fixed in OpenSSL:
https://git.openssl.org/?p=openssl.git;h=e5c1361580d8de79682958b04a5f0d262e680f8b
src/event/ngx_event_openssl.c diff | blob | history
nginx upstream