Mercurial > hg > nginx
comparison src/http/modules/ngx_http_ssl_module.c @ 8088:e32b48848add
SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.
Now it properly detects invalid shared zone configuration with omitted size.
Previously it used to read outside of the buffer boundary.
Found with AddressSanitizer.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 17 Oct 2022 16:24:53 +0400 |
parents | 3443c02ca1d1 |
children | d1cf09451ae8 3be953161026 |
comparison
equal
deleted
inserted
replaced
8087:81b4326daac7 | 8088:e32b48848add |
---|---|
1091 } | 1091 } |
1092 | 1092 |
1093 len++; | 1093 len++; |
1094 } | 1094 } |
1095 | 1095 |
1096 if (len == 0) { | 1096 if (len == 0 || j == value[i].len) { |
1097 goto invalid; | 1097 goto invalid; |
1098 } | 1098 } |
1099 | 1099 |
1100 name.len = len; | 1100 name.len = len; |
1101 name.data = value[i].data + sizeof("shared:") - 1; | 1101 name.data = value[i].data + sizeof("shared:") - 1; |
1181 } | 1181 } |
1182 | 1182 |
1183 len++; | 1183 len++; |
1184 } | 1184 } |
1185 | 1185 |
1186 if (len == 0) { | 1186 if (len == 0 || j == value[1].len) { |
1187 goto invalid; | 1187 goto invalid; |
1188 } | 1188 } |
1189 | 1189 |
1190 name.len = len; | 1190 name.len = len; |
1191 name.data = value[1].data + sizeof("shared:") - 1; | 1191 name.data = value[1].data + sizeof("shared:") - 1; |