Mercurial > hg > nginx
comparison src/mail/ngx_mail_ssl_module.c @ 8088:e32b48848add
SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.
Now it properly detects invalid shared zone configuration with omitted size.
Previously it used to read outside of the buffer boundary.
Found with AddressSanitizer.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 17 Oct 2022 16:24:53 +0400 |
| parents | dc955d274130 |
| children | d1cf09451ae8 |
comparison
equal
deleted
inserted
replaced
| 8087:81b4326daac7 | 8088:e32b48848add |
|---|---|
| 680 } | 680 } |
| 681 | 681 |
| 682 len++; | 682 len++; |
| 683 } | 683 } |
| 684 | 684 |
| 685 if (len == 0) { | 685 if (len == 0 || j == value[i].len) { |
| 686 goto invalid; | 686 goto invalid; |
| 687 } | 687 } |
| 688 | 688 |
| 689 name.len = len; | 689 name.len = len; |
| 690 name.data = value[i].data + sizeof("shared:") - 1; | 690 name.data = value[i].data + sizeof("shared:") - 1; |