From: Valentin Bartenev <vbart@nginx.com>
Date: Tue, 18 Oct 2016 17:46:06 +0000 (+0300)
Subject: SSL: overcame possible buffer over-read in ngx_ssl_error().
X-Git-Url: http://www.kaiwu.me/postgresql/commit/?a=commitdiff_plain;h=841737915c97ae07f626c8199c24679151bebfcd;p=nginx.git

SSL: overcame possible buffer over-read in ngx_ssl_error().

It appeared that ERR_error_string_n() cannot handle zero buffer size well enough
and causes over-read.

The problem has also been fixed in OpenSSL:
https://git.openssl.org/?p=openssl.git;h=e5c1361580d8de79682958b04a5f0d262e680f8b
---

diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 68d02bfef..cddcefdcf 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2137,7 +2137,9 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
             break;
         }
 
-        if (p >= last) {
+        /* ERR_error_string_n() requires at least one byte */
+
+        if (p >= last - 1) {
             goto next;
         }