mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 17:52:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fixed ngx_parse_time() out of bounds access (ticket #821).

Browse Source 
The code failed to ensure that "s" is within the buffer passed for
parsing when checking for "ms", and this resulted in unexpected errors when
parsing non-null-terminated strings with trailing "m".  The bug manifested
itself when the expires directive was used with variables.

Found by Roman Arutyunyan.
This commit is contained in:
Maxim Dounin 2015-10-30 21:43:30 +03:00
parent e7d298f3fc
commit f9cce38e49
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/ngx_parse.c
View File

@ -188,7 +188,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
break; break;
case 'm': case 'm':
if (*p == 's') { if (p < last && *p == 's') {
if (is_sec || step >= st_msec) { if (is_sec || step >= st_msec) {
return NGX_ERROR; return NGX_ERROR;
} }