git.kaiwu.me - nginx.git/commit

]> git.kaiwu.me - nginx.git/commit

projects / nginx.git / commit

summary | shortlog | log | commit | commitdiff | tree
(parent: 20c8c4f) | patch

author	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 18 Jul 2019 15:27:53 +0000 (18:27 +0300)
committer	Maxim Dounin <mdounin@mdounin.ru>
	Thu, 18 Jul 2019 15:27:53 +0000 (18:27 +0300)
commit	ad42d70fed67c1e7098055fb25721ab904db2389
tree	6748017ca7433b1712daa1b88307eca271c2018b	tree \| snapshot
parent	20c8c4fe35d290abe298cea9a4f1756fcfec19f4	commit \| diff

SSI: avoid potential buffer overflow.

When "-" follows a parameter of maximum length, a single byte buffer
overflow happens, since the error branch does not check parameter length.
Fix is to avoid saving "-" to the parameter key, and instead use an error
message with "-" explicitly written. The message is mostly identical to
one used in similar cases in the preequal state.

Reported by Patrick Wollgast.

src/http/modules/ngx_http_ssi_filter_module.c

diff | blob | history

nginx upstream