Mercurial > hg > nginx
comparison src/http/ngx_http_core_module.c @ 7605:02a539522be4
Tolerate '\0' in URI when mapping URI to path.
If a rewritten URI has the null character, only a part of URI was
copied to a memory buffer allocated for path. In some setups this
could be exploited to expose uninitialized memory via the Location
header.
author | Ruslan Ermilov <ru@nginx.com> |
---|---|
date | Mon, 16 Dec 2019 15:19:01 +0300 |
parents | a7e8f953408e |
children | 1055e43e4fab |
comparison
equal
deleted
inserted
replaced
7604:7aa20af4ac00 | 7605:02a539522be4 |
---|---|
1841 | 1841 |
1842 alias = 0; | 1842 alias = 0; |
1843 } | 1843 } |
1844 } | 1844 } |
1845 | 1845 |
1846 last = ngx_cpystrn(last, r->uri.data + alias, r->uri.len - alias + 1); | 1846 last = ngx_copy(last, r->uri.data + alias, r->uri.len - alias); |
1847 *last = '\0'; | |
1847 | 1848 |
1848 return last; | 1849 return last; |
1849 } | 1850 } |
1850 | 1851 |
1851 | 1852 |