Mercurial > hg > nginx
comparison src/event/ngx_event_openssl.c @ 6775:8081e1f3ab8b
SSL: overcame possible buffer over-read in ngx_ssl_error().
It appeared that ERR_error_string_n() cannot handle zero buffer size well enough
and causes over-read.
The problem has also been fixed in OpenSSL:
https://git.openssl.org/?p=openssl.git;h=e5c1361580d8de79682958b04a5f0d262e680f8b
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Tue, 18 Oct 2016 20:46:06 +0300 |
parents | 9b9ae81cd4f0 |
children | 56d6bfe6b609 |
comparison
equal
deleted
inserted
replaced
6774:bcb107bb89cd | 6775:8081e1f3ab8b |
---|---|
2135 | 2135 |
2136 if (n == 0) { | 2136 if (n == 0) { |
2137 break; | 2137 break; |
2138 } | 2138 } |
2139 | 2139 |
2140 if (p >= last) { | 2140 /* ERR_error_string_n() requires at least one byte */ |
2141 | |
2142 if (p >= last - 1) { | |
2141 goto next; | 2143 goto next; |
2142 } | 2144 } |
2143 | 2145 |
2144 *p++ = ' '; | 2146 *p++ = ' '; |
2145 | 2147 |