Mercurial > hg > nginx

diff src/core/ngx_resolver.c @ 4556:1bddc91e78d6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Resolver: added missing sanity checking when creating name queries. Found by Veracode.
author Maxim Dounin <mdounin@mdounin.ru>
date Thu, 22 Mar 2012 11:57:18 +0000
parents 95ab6658654a
children 778d2cc03e22 c92289afb5be
line wrap: on
line diff
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -1840,7 +1840,7 @@ ngx_resolver_create_name_query(ngx_resol
             len++;
 
         } else {
-            if (len == 0) {
+            if (len == 0 || len > 255) {
                 return NGX_DECLINED;
             }
 
@@ -1851,6 +1851,10 @@ ngx_resolver_create_name_query(ngx_resol
         p--;
     }
 
+    if (len == 0 || len > 255) {
+        return NGX_DECLINED;
+    }
+
     *p = (u_char) len;
 
     return NGX_OK;