mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 01:12:40 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Parenthesized ASCII-related calculations.

Browse Source 
This also fixes potential undefined behaviour in the range and slice filter
modules, caused by local overflows of signed integers in expressions.
This commit is contained in:
Valentin Bartenev 2017-07-17 17:23:51 +03:00
parent 7b06d9c326
commit 9197a3c874
7 changed files with 29 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/core/ngx_parse_time.c
View File

@ -58,7 +58,7 @@ ngx_parse_http_time(u_char *value, size_t len)
return NGX_ERROR; return NGX_ERROR;
} }
day = (*p - '0') * 10 + *(p + 1) - '0'; day = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2; p += 2;
if (*p == ' ') { if (*p == ' ') {
@ -132,7 +132,7 @@ ngx_parse_http_time(u_char *value, size_t len)
} }
year = (*p - '0') * 1000 + (*(p + 1) - '0') * 100 year = (*p - '0') * 1000 + (*(p + 1) - '0') * 100
+ (*(p + 2) - '0') * 10 + *(p + 3) - '0'; + (*(p + 2) - '0') * 10 + (*(p + 3) - '0');
p += 4; p += 4;
} else if (fmt == rfc850) { } else if (fmt == rfc850) {
@ -140,7 +140,7 @@ ngx_parse_http_time(u_char *value, size_t len)
return NGX_ERROR; return NGX_ERROR;
} }
year = (*p - '0') * 10 + *(p + 1) - '0'; year = (*p - '0') * 10 + (*(p + 1) - '0');
year += (year < 70) ? 2000 : 1900; year += (year < 70) ? 2000 : 1900;
p += 2; p += 2;
} }
@ -161,7 +161,7 @@ ngx_parse_http_time(u_char *value, size_t len)
return NGX_ERROR; return NGX_ERROR;
} }
day = day * 10 + *p++ - '0'; day = day * 10 + (*p++ - '0');
} }
if (end - p < 14) { if (end - p < 14) {
@ -177,7 +177,7 @@ ngx_parse_http_time(u_char *value, size_t len)
return NGX_ERROR; return NGX_ERROR;
} }
hour = (*p - '0') * 10 + *(p + 1) - '0'; hour = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2; p += 2;
if (*p++ != ':') { if (*p++ != ':') {
@ -188,7 +188,7 @@ ngx_parse_http_time(u_char *value, size_t len)
return NGX_ERROR; return NGX_ERROR;
} }
min = (*p - '0') * 10 + *(p + 1) - '0'; min = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2; p += 2;
if (*p++ != ':') { if (*p++ != ':') {
@ -199,7 +199,7 @@ ngx_parse_http_time(u_char *value, size_t len)
return NGX_ERROR; return NGX_ERROR;
} }
sec = (*p - '0') * 10 + *(p + 1) - '0'; sec = (*p - '0') * 10 + (*(p + 1) - '0');
if (fmt == isoc) { if (fmt == isoc) {
p += 2; p += 2;
@ -216,7 +216,7 @@ ngx_parse_http_time(u_char *value, size_t len)
} }
year = (*p - '0') * 1000 + (*(p + 1) - '0') * 100 year = (*p - '0') * 1000 + (*(p + 1) - '0') * 100
+ (*(p + 2) - '0') * 10 + *(p + 3) - '0'; + (*(p + 2) - '0') * 10 + (*(p + 3) - '0');
} }
if (hour > 23 || min > 59 || sec > 59) { if (hour > 23 || min > 59 || sec > 59) {

8
src/core/ngx_string.c
View File

@ -178,7 +178,7 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
slen = (size_t) -1; slen = (size_t) -1;
while (*fmt >= '0' && *fmt <= '9') { while (*fmt >= '0' && *fmt <= '9') {
width = width * 10 + *fmt++ - '0'; width = width * 10 + (*fmt++ - '0');
} }
@ -211,7 +211,7 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
fmt++; fmt++;
while (*fmt >= '0' && *fmt <= '9') { while (*fmt >= '0' && *fmt <= '9') {
frac_width = frac_width * 10 + *fmt++ - '0'; frac_width = frac_width * 10 + (*fmt++ - '0');
} }
break; break;
@ -1655,7 +1655,7 @@ ngx_unescape_uri(u_char **dst, u_char **src, size_t size, ngx_uint_t type)
state = sw_usual; state = sw_usual;
if (ch >= '0' && ch <= '9') { if (ch >= '0' && ch <= '9') {
ch = (u_char) ((decoded << 4) + ch - '0'); ch = (u_char) ((decoded << 4) + (ch - '0'));
if (type & NGX_UNESCAPE_REDIRECT) { if (type & NGX_UNESCAPE_REDIRECT) {
if (ch > '%' && ch < 0x7f) { if (ch > '%' && ch < 0x7f) {
@ -1675,7 +1675,7 @@ ngx_unescape_uri(u_char **dst, u_char **src, size_t size, ngx_uint_t type)
c = (u_char) (ch | 0x20); c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'f') { if (c >= 'a' && c <= 'f') {
ch = (u_char) ((decoded << 4) + c - 'a' + 10); ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
if (type & NGX_UNESCAPE_URI) { if (type & NGX_UNESCAPE_URI) {
if (ch == '?') { if (ch == '?') {

2
src/event/ngx_event_openssl_stapling.c
View File

@ -1486,7 +1486,7 @@ ngx_ssl_ocsp_parse_status_line(ngx_ssl_ocsp_ctx_t *ctx)
return NGX_ERROR; return NGX_ERROR;
} }
ctx->code = ctx->code * 10 + ch - '0'; ctx->code = ctx->code * 10 + (ch - '0');
if (++ctx->count == 3) { if (++ctx->count == 3) {
state = sw_space_after_status; state = sw_space_after_status;

4
src/http/modules/ngx_http_range_filter_module.c
View File

@ -315,7 +315,7 @@ ngx_http_range_parse(ngx_http_request_t *r, ngx_http_range_filter_ctx_t *ctx,
return NGX_HTTP_RANGE_NOT_SATISFIABLE; return NGX_HTTP_RANGE_NOT_SATISFIABLE;
} }
start = start * 10 + *p++ - '0'; start = start * 10 + (*p++ - '0');
} }
while (*p == ' ') { p++; } while (*p == ' ') { p++; }
@ -345,7 +345,7 @@ ngx_http_range_parse(ngx_http_request_t *r, ngx_http_range_filter_ctx_t *ctx,
return NGX_HTTP_RANGE_NOT_SATISFIABLE; return NGX_HTTP_RANGE_NOT_SATISFIABLE;
} }
end = end * 10 + *p++ - '0'; end = end * 10 + (*p++ - '0');
} }
while (*p == ' ') { p++; } while (*p == ' ') { p++; }

8
src/http/modules/ngx_http_slice_filter_module.c
View File

@ -317,7 +317,7 @@ ngx_http_slice_parse_content_range(ngx_http_request_t *r,
return NGX_ERROR; return NGX_ERROR;
} }
start = start * 10 + *p++ - '0'; start = start * 10 + (*p++ - '0');
} }
while (*p == ' ') { p++; } while (*p == ' ') { p++; }
@ -337,7 +337,7 @@ ngx_http_slice_parse_content_range(ngx_http_request_t *r,
return NGX_ERROR; return NGX_ERROR;
} }
end = end * 10 + *p++ - '0'; end = end * 10 + (*p++ - '0');
} }
end++; end++;
@ -362,7 +362,7 @@ ngx_http_slice_parse_content_range(ngx_http_request_t *r,
return NGX_ERROR; return NGX_ERROR;
} }
complete_length = complete_length * 10 + *p++ - '0'; complete_length = complete_length * 10 + (*p++ - '0');
} }
} else { } else {
@ -479,7 +479,7 @@ ngx_http_slice_get_start(ngx_http_request_t *r)
return 0; return 0;
} }
start = start * 10 + *p++ - '0'; start = start * 10 + (*p++ - '0');
} }
return start; return start;

14
src/http/ngx_http_parse.c
View File

@ -742,7 +742,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
return NGX_HTTP_PARSE_INVALID_REQUEST; return NGX_HTTP_PARSE_INVALID_REQUEST;
} }
r->http_major = r->http_major * 10 + ch - '0'; r->http_major = r->http_major * 10 + (ch - '0');
if (r->http_major > 1) { if (r->http_major > 1) {
return NGX_HTTP_PARSE_INVALID_VERSION; return NGX_HTTP_PARSE_INVALID_VERSION;
@ -784,7 +784,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
return NGX_HTTP_PARSE_INVALID_REQUEST; return NGX_HTTP_PARSE_INVALID_REQUEST;
} }
r->http_minor = r->http_minor * 10 + ch - '0'; r->http_minor = r->http_minor * 10 + (ch - '0');
break; break;
case sw_spaces_after_digit: case sw_spaces_after_digit:
@ -1518,7 +1518,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
case sw_quoted_second: case sw_quoted_second:
if (ch >= '0' && ch <= '9') { if (ch >= '0' && ch <= '9') {
ch = (u_char) ((decoded << 4) + ch - '0'); ch = (u_char) ((decoded << 4) + (ch - '0'));
if (ch == '%' || ch == '#') { if (ch == '%' || ch == '#') {
state = sw_usual; state = sw_usual;
@ -1536,7 +1536,7 @@ ngx_http_parse_complex_uri(ngx_http_request_t *r, ngx_uint_t merge_slashes)
c = (u_char) (ch | 0x20); c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'f') { if (c >= 'a' && c <= 'f') {
ch = (u_char) ((decoded << 4) + c - 'a' + 10); ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
if (ch == '?') { if (ch == '?') {
state = sw_usual; state = sw_usual;
@ -1701,7 +1701,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
return NGX_ERROR; return NGX_ERROR;
} }
r->http_major = r->http_major * 10 + ch - '0'; r->http_major = r->http_major * 10 + (ch - '0');
break; break;
/* the first digit of minor HTTP version */ /* the first digit of minor HTTP version */
@ -1729,7 +1729,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
return NGX_ERROR; return NGX_ERROR;
} }
r->http_minor = r->http_minor * 10 + ch - '0'; r->http_minor = r->http_minor * 10 + (ch - '0');
break; break;
/* HTTP status code */ /* HTTP status code */
@ -1742,7 +1742,7 @@ ngx_http_parse_status_line(ngx_http_request_t *r, ngx_buf_t *b,
return NGX_ERROR; return NGX_ERROR;
} }
status->code = status->code * 10 + ch - '0'; status->code = status->code * 10 + (ch - '0');
if (++status->count == 3) { if (++status->count == 3) {
state = sw_space_after_status; state = sw_space_after_status;

6
src/http/ngx_http_upstream.c
View File

@ -4503,7 +4503,7 @@ ngx_http_upstream_process_cache_control(ngx_http_request_t *r,
} }
if (*p >= '0' && *p <= '9') { if (*p >= '0' && *p <= '9') {
n = n * 10 + *p - '0'; n = n * 10 + (*p - '0');
continue; continue;
} }
@ -4531,7 +4531,7 @@ ngx_http_upstream_process_cache_control(ngx_http_request_t *r,
} }
if (*p >= '0' && *p <= '9') { if (*p >= '0' && *p <= '9') {
n = n * 10 + *p - '0'; n = n * 10 + (*p - '0');
continue; continue;
} }
@ -4554,7 +4554,7 @@ ngx_http_upstream_process_cache_control(ngx_http_request_t *r,
} }
if (*p >= '0' && *p <= '9') { if (*p >= '0' && *p <= '9') {
n = n * 10 + *p - '0'; n = n * 10 + (*p - '0');
continue; continue;
} }