]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 51f714c) | patch
Cache: check the whole cache key in addition to hashes.
authorMaxim Dounin <mdounin@mdounin.ru>
Fri, 11 Sep 2015 14:03:56 +0000 (17:03 +0300)
committerMaxim Dounin <mdounin@mdounin.ru>
Fri, 11 Sep 2015 14:03:56 +0000 (17:03 +0300)
commitce05841eefe0e6c5d18ae9b0fb8f9fbd7e99afdd
tree90806d4643b0a7e570ed2b67b497b766b10034c0tree | snapshot
parent51f714c85d1554ee2a1ccfe94b416e3cab6a63adcommit | diff
Cache: check the whole cache key in addition to hashes.

This prevents a potential attack that discloses cached data if an attacker
will be able to craft a hash collision between some cache key the attacker
is allowed to access and another cache key with protected data.

See http://mailman.nginx.org/pipermail/nginx-devel/2015-September/007288.html.

Thanks to Gena Makhomed and Sergey Brester.
src/http/ngx_http_file_cache.c diff | blob | history
nginx upstream