# HG changeset patch # User Sergey Kandaurov # Date 1428359528 -10800 # Node ID 7bdd34cd27114e7376c9e53c815b51108f94be89 # Parent 3f5465a33fa8475bd859e43c30b1ceba2bc84286 Core: limited levels of subdirectory hierarchy used for temp files. Similar to ngx_http_file_cache_set_slot(), the last component of file->name with a fixed length of 10 bytes, as generated in ngx_create_temp_path(), is used as a source for the names of intermediate subdirectories with each one taking its own part. Ensure that the sum of specified levels with slashes fits into the length (ticket #731). diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c --- a/src/core/ngx_file.c +++ b/src/core/ngx_file.c @@ -372,6 +372,10 @@ ngx_conf_set_path_slot(ngx_conf_t *cf, n path->len += level + 1; } + if (path->len > 10 + i) { + return "invalid value"; + } + *slot = path; if (ngx_add_path(cf, slot) == NGX_ERROR) {