Mercurial > hg > nginx
annotate docs/dtd/change_log_conf.dtd @ 7539:d75153522557
SSI: avoid potential buffer overflow.
When "-" follows a parameter of maximum length, a single byte buffer
overflow happens, since the error branch does not check parameter length.
Fix is to avoid saving "-" to the parameter key, and instead use an error
message with "-" explicitly written. The message is mostly identical to
one used in similar cases in the preequal state.
Reported by Patrick Wollgast.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Thu, 18 Jul 2019 18:27:53 +0300 |
parents | 551102312e19 |
children |
rev | line source |
---|---|
450 | 1 |
2 <!ELEMENT configuration (length, start, indent, changes+) > | |
3 | |
4 <!ELEMENT length (#PCDATA) > | |
5 <!ELEMENT start (#PCDATA) > | |
6 <!ELEMENT indent (#PCDATA) > | |
7 | |
8 <!ELEMENT changes (title, length, | |
9 bugfix, feature, change, workaround, | |
10 (month, month, month, month, month, month, | |
11 month, month, month, month, month, month)?) > | |
12 | |
13 <!ATTLIST changes lang ( ru | en) #REQUIRED> | |
14 | |
15 <!ELEMENT title (#PCDATA) > | |
16 | |
17 <!ELEMENT bugfix (#PCDATA) > | |
18 <!ELEMENT feature (#PCDATA) > | |
19 <!ELEMENT change (#PCDATA) > | |
20 <!ELEMENT workaround (#PCDATA) > | |
21 | |
22 <!ELEMENT month (#PCDATA) > |