Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 7605:02a539522be4
Tolerate '\0' in URI when mapping URI to path.
If a rewritten URI has the null character, only a part of URI was
copied to a memory buffer allocated for path. In some setups this
could be exploited to expose uninitialized memory via the Location
header.
| author | Ruslan Ermilov <ru@nginx.com> |
|---|---|
| date | Mon, 16 Dec 2019 15:19:01 +0300 |
| parents | a7e8f953408e |
| children | 1055e43e4fab |
comparison
equal
deleted
inserted
replaced
| 7604:7aa20af4ac00 | 7605:02a539522be4 |
|---|---|
| 1841 | 1841 |
| 1842 alias = 0; | 1842 alias = 0; |
| 1843 } | 1843 } |
| 1844 } | 1844 } |
| 1845 | 1845 |
| 1846 last = ngx_cpystrn(last, r->uri.data + alias, r->uri.len - alias + 1); | 1846 last = ngx_copy(last, r->uri.data + alias, r->uri.len - alias); |
| 1847 *last = '\0'; | |
| 1847 | 1848 |
| 1848 return last; | 1849 return last; |
| 1849 } | 1850 } |
| 1850 | 1851 |
| 1851 | 1852 |