# HG changeset patch
# User Igor Sysoev <igor@sysoev.ru>
# Date 1422362295 -10800
# Node ID 78271500b8ded9d9cc3ccc5f36d4c41f4e32a4a7
# Parent  0a198a517eaf48baad03a76b182698c50496d380
A bounds check of %N format on Windows.
Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.

diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -429,8 +429,12 @@ ngx_vslprintf(u_char *buf, u_char *last,
             case 'N':
 #if (NGX_WIN32)
                 *buf++ = CR;
+                if (buf < last) {
+                    *buf++ = LF;
+                }
+#else
+                *buf++ = LF;
 #endif
-                *buf++ = LF;
                 fmt++;
 
                 continue;