Mercurial > hg > nginx
comparison src/stream/ngx_stream_ssl_module.c @ 8088:e32b48848add
SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.
Now it properly detects invalid shared zone configuration with omitted size.
Previously it used to read outside of the buffer boundary.
Found with AddressSanitizer.
| author | Sergey Kandaurov <pluknet@nginx.com> |
|---|---|
| date | Mon, 17 Oct 2022 16:24:53 +0400 |
| parents | 3443c02ca1d1 |
| children | d1cf09451ae8 3be953161026 |
comparison
equal
deleted
inserted
replaced
| 8087:81b4326daac7 | 8088:e32b48848add |
|---|---|
| 1071 } | 1071 } |
| 1072 | 1072 |
| 1073 len++; | 1073 len++; |
| 1074 } | 1074 } |
| 1075 | 1075 |
| 1076 if (len == 0) { | 1076 if (len == 0 || j == value[i].len) { |
| 1077 goto invalid; | 1077 goto invalid; |
| 1078 } | 1078 } |
| 1079 | 1079 |
| 1080 name.len = len; | 1080 name.len = len; |
| 1081 name.data = value[i].data + sizeof("shared:") - 1; | 1081 name.data = value[i].data + sizeof("shared:") - 1; |