Mercurial > hg > nginx

changeset 6775:8081e1f3ab8b

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SSL: overcame possible buffer over-read in ngx_ssl_error(). It appeared that ERR_error_string_n() cannot handle zero buffer size well enough and causes over-read. The problem has also been fixed in OpenSSL: https://git.openssl.org/?p=openssl.git;h=e5c1361580d8de79682958b04a5f0d262e680f8b
author Valentin Bartenev <vbart@nginx.com>
date Tue, 18 Oct 2016 20:46:06 +0300
parents bcb107bb89cd
children 1bf4f21b1b72
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 3 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -2137,7 +2137,9 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_
             break;
         }
 
-        if (p >= last) {
+        /* ERR_error_string_n() requires at least one byte */
+
+        if (p >= last - 1) {
             goto next;
         }