Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 8088:e32b48848add
SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.
Now it properly detects invalid shared zone configuration with omitted size.
Previously it used to read outside of the buffer boundary.
Found with AddressSanitizer.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Mon, 17 Oct 2022 16:24:53 +0400 |
parents | 3443c02ca1d1 |
children | d1cf09451ae8 3be953161026 |
comparison
equal
deleted
inserted
replaced
8087:81b4326daac7 | 8088:e32b48848add |
---|---|
1071 } | 1071 } |
1072 | 1072 |
1073 len++; | 1073 len++; |
1074 } | 1074 } |
1075 | 1075 |
1076 if (len == 0) { | 1076 if (len == 0 || j == value[i].len) { |
1077 goto invalid; | 1077 goto invalid; |
1078 } | 1078 } |
1079 | 1079 |
1080 name.len = len; | 1080 name.len = len; |
1081 name.data = value[i].data + sizeof("shared:") - 1; | 1081 name.data = value[i].data + sizeof("shared:") - 1; |