Fixed segmentation fault in ngx_resolver_create_name_query().

If name passed for resolution was { 0, NULL } (e.g. as a result
of name server returning CNAME pointing to ".") pointer wrapped
to (void *) -1 resulting in segmentation fault on an attempt to
dereference it.

Reported by Lanshun Zhou.

diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 02c484da6941986dd5546b3ac27f40f31d115bf2..ecf97d7f76393ccf2f22cfbd92151688841a1bcc 100644 (file)
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1834,6 +1834,10 @@ ngx_resolver_create_name_query(ngx_resolver_node_t *rn, ngx_resolver_ctx_t *ctx)
     p--;
     *p-- = '\0';
 
+    if (ctx->name.len == 0)  {
+        return NGX_DECLINED;
+    }
+
     for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) {
         if (*s != '.') {
             *p = *s;