From 674c5c7e63d9474e0c7f92b85301922adaf36f56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=EC=97=84=ED=83=9C=EC=9A=A9?= <lg65438805@gmail.com>
Date: Thu, 12 Jun 2025 19:38:18 +0900
Subject: [PATCH] http/static: add null-pointer checks to directory redirect
 (CWE-476)

---
 src/http/modules/ngx_http_static_module.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c
index 8b0bb1478..1b173d556 100644
--- a/src/http/modules/ngx_http_static_module.c
+++ b/src/http/modules/ngx_http_static_module.c
@@ -163,6 +163,12 @@ ngx_http_static_handler(ngx_http_request_t *r)
             len = r->uri.len + 1;
             location = path.data + root;
 
+        if (location == NULL) {
+                ngx_http_clear_location(r);
+                return NGX_HTTP_INTERNAL_SERVER_ERROR;
+            }
+
+
             *last = '/';
 
         } else {
@@ -189,6 +195,17 @@ ngx_http_static_handler(ngx_http_request_t *r)
             *last = '/';
 
             if (r->args.len) {
+
+                if (last == NULL) {
+                ngx_http_clear_location(r);
+                return NGX_HTTP_INTERNAL_SERVER_ERROR;
+            }
+
+            
+            if ((size_t)((location + len) - (last + 1)) < r->args.len) {
+                ngx_http_clear_location(r);
+                return NGX_HTTP_INTERNAL_SERVER_ERROR;
+            }
                 *++last = '?';
                 ngx_memcpy(++last, r->args.data, r->args.len);
             }