Mercurial > hg > nginx-vendor-current
diff src/core/ngx_crypt.c @ 684:660139fd80ca NGINX_1_3_5
nginx 1.3.5
*) Change: the ngx_http_mp4_module module no longer skips tracks in
formats other than H.264 and AAC.
*) Bugfix: a segmentation fault might occur in a worker process if the
"map" directive was used with variables as values.
*) Bugfix: a segmentation fault might occur in a worker process if the
"geo" directive was used with the "ranges" parameter but without the
"default" parameter; the bug had appeared in 0.8.43.
Thanks to Zhen Chen and Weibin Yao.
*) Bugfix: in the -p command-line parameter handling.
*) Bugfix: in the mail proxy server.
*) Bugfix: of minor potential bugs.
Thanks to Coverity.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2005
Express.
Thanks to HAYASHI Kentaro.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 21 Aug 2012 00:00:00 +0400 |
parents | 5cb5db9975ba |
children |
line wrap: on
line diff
--- a/src/core/ngx_crypt.c +++ b/src/core/ngx_crypt.c @@ -194,6 +194,7 @@ static ngx_int_t ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) { size_t len; + ngx_int_t rc; ngx_str_t encoded, decoded; ngx_sha1_t sha1; @@ -204,12 +205,18 @@ ngx_crypt_ssha(ngx_pool_t *pool, u_char encoded.data = salt + sizeof("{SSHA}") - 1; encoded.len = ngx_strlen(encoded.data); - decoded.data = ngx_pnalloc(pool, ngx_base64_decoded_length(encoded.len)); + len = ngx_max(ngx_base64_decoded_length(encoded.len), 20); + + decoded.data = ngx_pnalloc(pool, len); if (decoded.data == NULL) { return NGX_ERROR; } - ngx_decode_base64(&decoded, &encoded); + rc = ngx_decode_base64(&decoded, &encoded); + + if (rc != NGX_OK || decoded.len < 20) { + decoded.len = 20; + } /* update SHA1 from key and salt */