Mercurial > hg > nginx
diff src/core/ngx_crypt.c @ 4852:9be0b6b749ae stable-1.2
Merge of r4785, r4795, r4811, r4812, r4816, r4822: coverity.
*) Resolver: fixed possible memory leak in ngx_resolver_create().
*) Explicitly ignore returned value from unlink() in ngx_open_tempfile().
*) Explicitly ignore returned value from close() in ngx_event_core_init_conf().
*) Added three missing checks for NULL after ngx_array_push() calls.
*) Crypt: fixed handling of corrupted SSHA entries in password file.
*) Mark logically dead code with corresponding comment.
Found by / prodded by Coverity.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 24 Sep 2012 18:54:28 +0000 |
parents | 29928279ec9f |
children | e4441ebe05d5 |
line wrap: on
line diff
--- a/src/core/ngx_crypt.c +++ b/src/core/ngx_crypt.c @@ -194,6 +194,7 @@ static ngx_int_t ngx_crypt_ssha(ngx_pool_t *pool, u_char *key, u_char *salt, u_char **encrypted) { size_t len; + ngx_int_t rc; ngx_str_t encoded, decoded; ngx_sha1_t sha1; @@ -204,12 +205,18 @@ ngx_crypt_ssha(ngx_pool_t *pool, u_char encoded.data = salt + sizeof("{SSHA}") - 1; encoded.len = ngx_strlen(encoded.data); - decoded.data = ngx_pnalloc(pool, ngx_base64_decoded_length(encoded.len)); + len = ngx_max(ngx_base64_decoded_length(encoded.len), 20); + + decoded.data = ngx_pnalloc(pool, len); if (decoded.data == NULL) { return NGX_ERROR; } - ngx_decode_base64(&decoded, &encoded); + rc = ngx_decode_base64(&decoded, &encoded); + + if (rc != NGX_OK || decoded.len < 20) { + decoded.len = 20; + } /* update SHA1 from key and salt */