From: Igor Sysoev <igor@sysoev.ru>
Date: Tue, 27 Jan 2015 12:38:15 +0000 (+0300)
Subject: A bounds check of %N format on Windows.
X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=415c8ec4b4b0bc3f2cd575f33b987661cc62e87d;p=nginx.git

A bounds check of %N format on Windows.
Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.
---

diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index a41c38d37..f8641b7ab 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -429,8 +429,12 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
             case 'N':
 #if (NGX_WIN32)
                 *buf++ = CR;
-#endif
+                if (buf < last) {
+                    *buf++ = LF;
+                }
+#else
                 *buf++ = LF;
+#endif
                 fmt++;
 
                 continue;