A bounds check of %N format on Windows.

Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.
2024-12-01 11:19:00 +08:00 · 2015-01-27 15:38:15 +03:00 · 2015-01-27 15:38:15 +03:00 · 415c8ec4b4
commit 415c8ec4b4
parent 7e1eba5faa
1 changed files with 5 additions and 1 deletions
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@ -429,8 +429,12 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
            case 'N':
 #if (NGX_WIN32)
                *buf++ = CR;
-#endif
+                if (buf < last) {
+                    *buf++ = LF;
+                }
+#else
                *buf++ = LF;
+#endif
                fmt++;

                continue;