Mercurial > hg > nginx
annotate src/http/v2/ngx_http_v2_huff_encode.c @ 6287:4ccb37b04454
Fixed ngx_parse_time() out of bounds access (ticket #821).
The code failed to ensure that "s" is within the buffer passed for
parsing when checking for "ms", and this resulted in unexpected errors when
parsing non-null-terminated strings with trailing "m". The bug manifested
itself when the expires directive was used with variables.
Found by Roman Arutyunyan.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Fri, 30 Oct 2015 21:43:30 +0300 |
| parents | 257b51c37c5a |
| children | ba3c2ca21aa5 |
| rev | line source |
|---|---|
|
6246
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
1 |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
2 /* |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
3 * Copyright (C) Nginx, Inc. |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
4 * Copyright (C) Valentin V. Bartenev |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
5 */ |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
6 |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
7 |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
8 #include <ngx_config.h> |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
9 #include <ngx_core.h> |
|
257b51c37c5a
The HTTP/2 implementation (RFC 7240, 7241).
Valentin Bartenev <vbart@nginx.com>
parents:
diff
changeset
|
10 #include <ngx_http.h> |