]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e4209c0)
Referer: fixed hostname buffer overflow check.
authorValentin Bartenev <vbart@nginx.com>
Thu, 29 Aug 2013 18:35:54 +0000 (22:35 +0400)
committerValentin Bartenev <vbart@nginx.com>
Thu, 29 Aug 2013 18:35:54 +0000 (22:35 +0400)
Because of premature check the effective buffer size was 255 symbols
while the buffer is able to handle 256.

src/http/modules/ngx_http_referer_module.c patch | blob | history

diff --git a/src/http/modules/ngx_http_referer_module.c b/src/http/modules/ngx_http_referer_module.c
index a511767131b2d408ab19c567a37ebf1a27bfffd7..b417eb227b05494d0dfef49a2fe9d7156b163eb0 100644 (file)
--- a/src/http/modules/ngx_http_referer_module.c
+++ b/src/http/modules/ngx_http_referer_module.c
@@ -178,12 +178,12 @@ valid_scheme:
             break;
         }
 
-        buf[i] = ngx_tolower(*p);
-        key = ngx_hash(key, buf[i++]);
-
         if (i == 256) {
             goto invalid;
         }
+
+        buf[i] = ngx_tolower(*p);
+        key = ngx_hash(key, buf[i++]);
     }
 
     uri = ngx_hash_find_combined(&rlcf->hash, key, buf, p - ref);
nginx upstream