Mercurial > hg > nginx

diff src/mail/ngx_mail_ssl_module.c @ 8088:e32b48848add

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: improved validation of ssl_session_cache and ssl_ocsp_cache. Now it properly detects invalid shared zone configuration with omitted size. Previously it used to read outside of the buffer boundary. Found with AddressSanitizer.
author Sergey Kandaurov <pluknet@nginx.com>
date Mon, 17 Oct 2022 16:24:53 +0400
parents dc955d274130
children d1cf09451ae8
line wrap: on
line diff
--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@@ -682,7 +682,7 @@ ngx_mail_ssl_session_cache(ngx_conf_t *c
                 len++;
             }
 
-            if (len == 0) {
+            if (len == 0 || j == value[i].len) {
                 goto invalid;
             }