mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-07-20 19:27:29 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

http/static: add null-pointer checks to directory redirect (CWE-476)

Browse Source
This commit is contained in:
엄태용 2025-06-12 19:38:18 +09:00
parent 5b8a5c08ce
commit 674c5c7e63
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/http/modules/ngx_http_static_module.c
View File

@ -163,6 +163,12 @@ ngx_http_static_handler(ngx_http_request_t *r)
len = r->uri.len + 1; len = r->uri.len + 1;
location = path.data + root; location = path.data + root;
if (location == NULL) {
ngx_http_clear_location(r);
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
*last = '/'; *last = '/';
} else { } else {
@ -189,6 +195,17 @@ ngx_http_static_handler(ngx_http_request_t *r)
*last = '/'; *last = '/';
if (r->args.len) { if (r->args.len) {
if (last == NULL) {
ngx_http_clear_location(r);
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
if ((size_t)((location + len) - (last + 1)) < r->args.len) {
ngx_http_clear_location(r);
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
*++last = '?'; *++last = '?';
ngx_memcpy(++last, r->args.data, r->args.len); ngx_memcpy(++last, r->args.data, r->args.len);
} }