[nginx] Parenthesized ASCII-related calculations.
|
Valentin Bartenev
July 17, 2017 10:26AM
|
details: http://hg.nginx.org/nginx/rev/e3723f2a11b7
branches:
changeset: 7067:e3723f2a11b7
user: Valentin Bartenev <vbart@nginx.com>
date: Mon Jul 17 17:23:51 2017 +0300
description:
Parenthesized ASCII-related calculations.
This also fixes potential undefined behaviour in the range and slice filter
modules, caused by local overflows of signed integers in expressions.
diffstat:
src/core/ngx_parse_time.c | 16 ++++++++--------
src/core/ngx_string.c | 8 ++++----
src/event/ngx_event_openssl_stapling.c | 2 +-
src/http/modules/ngx_http_range_filter_module.c | 4 ++--
src/http/modules/ngx_http_slice_filter_module.c | 8 ++++----
src/http/ngx_http_parse.c | 14 +++++++-------
src/http/ngx_http_upstream.c | 6 +++---
7 files changed, 29 insertions(+), 29 deletions(-)
diffs (282 lines):
diff -r a27e0c7e198c -r e3723f2a11b7 src/core/ngx_parse_time.c
--- a/src/core/ngx_parse_time.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/core/ngx_parse_time.c Mon Jul 17 17:23:51 2017 +0300
@@ -58,7 +58,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- day = (*p - '0') * 10 + *(p + 1) - '0';
+ day = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2;
if (*p == ' ') {
@@ -132,7 +132,7 @@ ngx_parse_http_time(u_char *value, size_
}
year = (*p - '0') * 1000 + (*(p + 1) - '0') * 100
- + (*(p + 2) - '0') * 10 + *(p + 3) - '0';
+ + (*(p + 2) - '0') * 10 + (*(p + 3) - '0');
p += 4;
} else if (fmt == rfc850) {
@@ -140,7 +140,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- year = (*p - '0') * 10 + *(p + 1) - '0';
+ year = (*p - '0') * 10 + (*(p + 1) - '0');
year += (year < 70) ? 2000 : 1900;
p += 2;
}
@@ -161,7 +161,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- day = day * 10 + *p++ - '0';
+ day = day * 10 + (*p++ - '0');
}
if (end - p < 14) {
@@ -177,7 +177,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- hour = (*p - '0') * 10 + *(p + 1) - '0';
+ hour = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2;
if (*p++ != ':') {
@@ -188,7 +188,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- min = (*p - '0') * 10 + *(p + 1) - '0';
+ min = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2;
if (*p++ != ':') {
@@ -199,7 +199,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- sec = (*p - '0') * 10 + *(p + 1) - '0';
+ sec = (*p - '0') * 10 + (*(p + 1) - '0');
if (fmt == isoc) {
p += 2;
@@ -216,7 +216,7 @@ ngx_parse_http_time(u_char *value, size_
}
year = (*p - '0') * 1000 + (*(p + 1) - '0') * 100
- + (*(p + 2) - '0') * 10 + *(p + 3) - '0';
+ + (*(p + 2) - '0') * 10 + (*(p + 3) - '0');
}
if (hour > 23 || min > 59 || sec > 59) {
diff -r a27e0c7e198c -r e3723f2a11b7 src/core/ngx_string.c
--- a/src/core/ngx_string.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/core/ngx_string.c Mon Jul 17 17:23:51 2017 +0300
@@ -178,7 +178,7 @@ ngx_vslprintf(u_char *buf, u_char *last,
slen = (size_t) -1;
while (*fmt >= '0' && *fmt <= '9') {
- width = width * 10 + *fmt++ - '0';
+ width = width * 10 + (*fmt++ - '0');
}
@@ -211,7 +211,7 @@ ngx_vslprintf(u_char *buf, u_char *last,
fmt++;
while (*fmt >= '0' && *fmt <= '9') {
- frac_width = frac_width * 10 + *fmt++ - '0';
+ frac_width = frac_width * 10 + (*fmt++ - '0');
}
break;
@@ -1655,7 +1655,7 @@ ngx_unescape_uri(u_char **dst, u_char **
state = sw_usual;
if (ch >= '0' && ch <= '9') {
- ch = (u_char) ((decoded << 4) + ch - '0');
+ ch = (u_char) ((decoded << 4) + (ch - '0'));
if (type & NGX_UNESCAPE_REDIRECT) {
if (ch > '%' && ch < 0x7f) {
@@ -1675,7 +1675,7 @@ ngx_unescape_uri(u_char **dst, u_char **
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'f') {
- ch = (u_char) ((decoded << 4) + c - 'a' + 10);
+ ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
if (type & NGX_UNESCAPE_URI) {
if (ch == '?') {
diff -r a27e0c7e198c -r e3723f2a11b7 src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/event/ngx_event_openssl_stapling.c Mon Jul 17 17:23:51 2017 +0300
@@ -1486,7 +1486,7 @@ ngx_ssl_ocsp_parse_status_line(ngx_ssl_o
return NGX_ERROR;
}
- ctx->code = ctx->code * 10 + ch - '0';
+ ctx->code = ctx->code * 10 + (ch - '0');
if (++ctx->count == 3) {
state = sw_space_after_status;
diff -r a27e0c7e198c -r e3723f2a11b7 src/http/modules/ngx_http_range_filter_module.c
--- a/src/http/modules/ngx_http_range_filter_module.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/http/modules/ngx_http_range_filter_module.c Mon Jul 17 17:23:51 2017 +0300
@@ -315,7 +315,7 @@ ngx_http_range_parse(ngx_http_request_t
return NGX_HTTP_RANGE_NOT_SATISFIABLE;
}
- start = start * 10 + *p++ - '0';
+ start = start * 10 + (*p++ - '0');
}
while (*p == ' ') { p++; }
@@ -345,7 +345,7 @@ ngx_http_range_parse(ngx_http_request_t
return NGX_HTTP_RANGE_NOT_SATISFIABLE;
}
- end = end * 10 + *p++ - '0';
+ end = end * 10 + (*p++ - '0');
}
while (*p == ' ') { p++; }
diff -r a27e0c7e198c -r e3723f2a11b7 src/http/modules/ngx_http_slice_filter_module.c
--- a/src/http/modules/ngx_http_slice_filter_module.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/http/modules/ngx_http_slice_filter_module.c Mon Jul 17 17:23:51 2017 +0300
@@ -317,7 +317,7 @@ ngx_http_slice_parse_content_range(ngx_h
return NGX_ERROR;
}
- start = start * 10 + *p++ - '0';
+ start = start * 10 + (*p++ - '0');
}
while (*p == ' ') { p++; }
@@ -337,7 +337,7 @@ ngx_http_slice_parse_content_range(ngx_h
return NGX_ERROR;
}
- end = end * 10 + *p++ - '0';
+ end = end * 10 + (*p++ - '0');
}
end++;
@@ -362,7 +362,7 @@ ngx_http_slice_parse_content_range(ngx_h
return NGX_ERROR;
}
- complete_length = complete_length * 10 + *p++ - '0';
+ complete_length = complete_length * 10 + (*p++ - '0');
}
} else {
@@ -479,7 +479,7 @@ ngx_http_slice_get_start(ngx_http_reques
return 0;
}
- start = start * 10 + *p++ - '0';
+ start = start * 10 + (*p++ - '0');
}
return start;
diff -r a27e0c7e198c -r e3723f2a11b7 src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/http/ngx_http_parse.c Mon Jul 17 17:23:51 2017 +0300
@@ -742,7 +742,7 @@ ngx_http_parse_request_line(ngx_http_req
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
- r->http_major = r->http_major * 10 + ch - '0';
+ r->http_major = r->http_major * 10 + (ch - '0');
if (r->http_major > 1) {
return NGX_HTTP_PARSE_INVALID_VERSION;
@@ -784,7 +784,7 @@ ngx_http_parse_request_line(ngx_http_req
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
- r->http_minor = r->http_minor * 10 + ch - '0';
+ r->http_minor = r->http_minor * 10 + (ch - '0');
break;
case sw_spaces_after_digit:
@@ -1518,7 +1518,7 @@ ngx_http_parse_complex_uri(ngx_http_requ
case sw_quoted_second:
if (ch >= '0' && ch <= '9') {
- ch = (u_char) ((decoded << 4) + ch - '0');
+ ch = (u_char) ((decoded << 4) + (ch - '0'));
if (ch == '%' || ch == '#') {
state = sw_usual;
@@ -1536,7 +1536,7 @@ ngx_http_parse_complex_uri(ngx_http_requ
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'f') {
- ch = (u_char) ((decoded << 4) + c - 'a' + 10);
+ ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
if (ch == '?') {
state = sw_usual;
@@ -1701,7 +1701,7 @@ ngx_http_parse_status_line(ngx_http_requ
return NGX_ERROR;
}
- r->http_major = r->http_major * 10 + ch - '0';
+ r->http_major = r->http_major * 10 + (ch - '0');
break;
/* the first digit of minor HTTP version */
@@ -1729,7 +1729,7 @@ ngx_http_parse_status_line(ngx_http_requ
return NGX_ERROR;
}
- r->http_minor = r->http_minor * 10 + ch - '0';
+ r->http_minor = r->http_minor * 10 + (ch - '0');
break;
/* HTTP status code */
@@ -1742,7 +1742,7 @@ ngx_http_parse_status_line(ngx_http_requ
return NGX_ERROR;
}
- status->code = status->code * 10 + ch - '0';
+ status->code = status->code * 10 + (ch - '0');
if (++status->count == 3) {
state = sw_space_after_status;
diff -r a27e0c7e198c -r e3723f2a11b7 src/http/ngx_http_upstream.c
--- a/src/http/ngx_http_upstream.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/http/ngx_http_upstream.c Mon Jul 17 17:23:51 2017 +0300
@@ -4503,7 +4503,7 @@ ngx_http_upstream_process_cache_control(
}
if (*p >= '0' && *p <= '9') {
- n = n * 10 + *p - '0';
+ n = n * 10 + (*p - '0');
continue;
}
@@ -4531,7 +4531,7 @@ ngx_http_upstream_process_cache_control(
}
if (*p >= '0' && *p <= '9') {
- n = n * 10 + *p - '0';
+ n = n * 10 + (*p - '0');
continue;
}
@@ -4554,7 +4554,7 @@ ngx_http_upstream_process_cache_control(
}
if (*p >= '0' && *p <= '9') {
- n = n * 10 + *p - '0';
+ n = n * 10 + (*p - '0');
continue;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
branches:
changeset: 7067:e3723f2a11b7
user: Valentin Bartenev <vbart@nginx.com>
date: Mon Jul 17 17:23:51 2017 +0300
description:
Parenthesized ASCII-related calculations.
This also fixes potential undefined behaviour in the range and slice filter
modules, caused by local overflows of signed integers in expressions.
diffstat:
src/core/ngx_parse_time.c | 16 ++++++++--------
src/core/ngx_string.c | 8 ++++----
src/event/ngx_event_openssl_stapling.c | 2 +-
src/http/modules/ngx_http_range_filter_module.c | 4 ++--
src/http/modules/ngx_http_slice_filter_module.c | 8 ++++----
src/http/ngx_http_parse.c | 14 +++++++-------
src/http/ngx_http_upstream.c | 6 +++---
7 files changed, 29 insertions(+), 29 deletions(-)
diffs (282 lines):
diff -r a27e0c7e198c -r e3723f2a11b7 src/core/ngx_parse_time.c
--- a/src/core/ngx_parse_time.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/core/ngx_parse_time.c Mon Jul 17 17:23:51 2017 +0300
@@ -58,7 +58,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- day = (*p - '0') * 10 + *(p + 1) - '0';
+ day = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2;
if (*p == ' ') {
@@ -132,7 +132,7 @@ ngx_parse_http_time(u_char *value, size_
}
year = (*p - '0') * 1000 + (*(p + 1) - '0') * 100
- + (*(p + 2) - '0') * 10 + *(p + 3) - '0';
+ + (*(p + 2) - '0') * 10 + (*(p + 3) - '0');
p += 4;
} else if (fmt == rfc850) {
@@ -140,7 +140,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- year = (*p - '0') * 10 + *(p + 1) - '0';
+ year = (*p - '0') * 10 + (*(p + 1) - '0');
year += (year < 70) ? 2000 : 1900;
p += 2;
}
@@ -161,7 +161,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- day = day * 10 + *p++ - '0';
+ day = day * 10 + (*p++ - '0');
}
if (end - p < 14) {
@@ -177,7 +177,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- hour = (*p - '0') * 10 + *(p + 1) - '0';
+ hour = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2;
if (*p++ != ':') {
@@ -188,7 +188,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- min = (*p - '0') * 10 + *(p + 1) - '0';
+ min = (*p - '0') * 10 + (*(p + 1) - '0');
p += 2;
if (*p++ != ':') {
@@ -199,7 +199,7 @@ ngx_parse_http_time(u_char *value, size_
return NGX_ERROR;
}
- sec = (*p - '0') * 10 + *(p + 1) - '0';
+ sec = (*p - '0') * 10 + (*(p + 1) - '0');
if (fmt == isoc) {
p += 2;
@@ -216,7 +216,7 @@ ngx_parse_http_time(u_char *value, size_
}
year = (*p - '0') * 1000 + (*(p + 1) - '0') * 100
- + (*(p + 2) - '0') * 10 + *(p + 3) - '0';
+ + (*(p + 2) - '0') * 10 + (*(p + 3) - '0');
}
if (hour > 23 || min > 59 || sec > 59) {
diff -r a27e0c7e198c -r e3723f2a11b7 src/core/ngx_string.c
--- a/src/core/ngx_string.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/core/ngx_string.c Mon Jul 17 17:23:51 2017 +0300
@@ -178,7 +178,7 @@ ngx_vslprintf(u_char *buf, u_char *last,
slen = (size_t) -1;
while (*fmt >= '0' && *fmt <= '9') {
- width = width * 10 + *fmt++ - '0';
+ width = width * 10 + (*fmt++ - '0');
}
@@ -211,7 +211,7 @@ ngx_vslprintf(u_char *buf, u_char *last,
fmt++;
while (*fmt >= '0' && *fmt <= '9') {
- frac_width = frac_width * 10 + *fmt++ - '0';
+ frac_width = frac_width * 10 + (*fmt++ - '0');
}
break;
@@ -1655,7 +1655,7 @@ ngx_unescape_uri(u_char **dst, u_char **
state = sw_usual;
if (ch >= '0' && ch <= '9') {
- ch = (u_char) ((decoded << 4) + ch - '0');
+ ch = (u_char) ((decoded << 4) + (ch - '0'));
if (type & NGX_UNESCAPE_REDIRECT) {
if (ch > '%' && ch < 0x7f) {
@@ -1675,7 +1675,7 @@ ngx_unescape_uri(u_char **dst, u_char **
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'f') {
- ch = (u_char) ((decoded << 4) + c - 'a' + 10);
+ ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
if (type & NGX_UNESCAPE_URI) {
if (ch == '?') {
diff -r a27e0c7e198c -r e3723f2a11b7 src/event/ngx_event_openssl_stapling.c
--- a/src/event/ngx_event_openssl_stapling.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/event/ngx_event_openssl_stapling.c Mon Jul 17 17:23:51 2017 +0300
@@ -1486,7 +1486,7 @@ ngx_ssl_ocsp_parse_status_line(ngx_ssl_o
return NGX_ERROR;
}
- ctx->code = ctx->code * 10 + ch - '0';
+ ctx->code = ctx->code * 10 + (ch - '0');
if (++ctx->count == 3) {
state = sw_space_after_status;
diff -r a27e0c7e198c -r e3723f2a11b7 src/http/modules/ngx_http_range_filter_module.c
--- a/src/http/modules/ngx_http_range_filter_module.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/http/modules/ngx_http_range_filter_module.c Mon Jul 17 17:23:51 2017 +0300
@@ -315,7 +315,7 @@ ngx_http_range_parse(ngx_http_request_t
return NGX_HTTP_RANGE_NOT_SATISFIABLE;
}
- start = start * 10 + *p++ - '0';
+ start = start * 10 + (*p++ - '0');
}
while (*p == ' ') { p++; }
@@ -345,7 +345,7 @@ ngx_http_range_parse(ngx_http_request_t
return NGX_HTTP_RANGE_NOT_SATISFIABLE;
}
- end = end * 10 + *p++ - '0';
+ end = end * 10 + (*p++ - '0');
}
while (*p == ' ') { p++; }
diff -r a27e0c7e198c -r e3723f2a11b7 src/http/modules/ngx_http_slice_filter_module.c
--- a/src/http/modules/ngx_http_slice_filter_module.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/http/modules/ngx_http_slice_filter_module.c Mon Jul 17 17:23:51 2017 +0300
@@ -317,7 +317,7 @@ ngx_http_slice_parse_content_range(ngx_h
return NGX_ERROR;
}
- start = start * 10 + *p++ - '0';
+ start = start * 10 + (*p++ - '0');
}
while (*p == ' ') { p++; }
@@ -337,7 +337,7 @@ ngx_http_slice_parse_content_range(ngx_h
return NGX_ERROR;
}
- end = end * 10 + *p++ - '0';
+ end = end * 10 + (*p++ - '0');
}
end++;
@@ -362,7 +362,7 @@ ngx_http_slice_parse_content_range(ngx_h
return NGX_ERROR;
}
- complete_length = complete_length * 10 + *p++ - '0';
+ complete_length = complete_length * 10 + (*p++ - '0');
}
} else {
@@ -479,7 +479,7 @@ ngx_http_slice_get_start(ngx_http_reques
return 0;
}
- start = start * 10 + *p++ - '0';
+ start = start * 10 + (*p++ - '0');
}
return start;
diff -r a27e0c7e198c -r e3723f2a11b7 src/http/ngx_http_parse.c
--- a/src/http/ngx_http_parse.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/http/ngx_http_parse.c Mon Jul 17 17:23:51 2017 +0300
@@ -742,7 +742,7 @@ ngx_http_parse_request_line(ngx_http_req
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
- r->http_major = r->http_major * 10 + ch - '0';
+ r->http_major = r->http_major * 10 + (ch - '0');
if (r->http_major > 1) {
return NGX_HTTP_PARSE_INVALID_VERSION;
@@ -784,7 +784,7 @@ ngx_http_parse_request_line(ngx_http_req
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
- r->http_minor = r->http_minor * 10 + ch - '0';
+ r->http_minor = r->http_minor * 10 + (ch - '0');
break;
case sw_spaces_after_digit:
@@ -1518,7 +1518,7 @@ ngx_http_parse_complex_uri(ngx_http_requ
case sw_quoted_second:
if (ch >= '0' && ch <= '9') {
- ch = (u_char) ((decoded << 4) + ch - '0');
+ ch = (u_char) ((decoded << 4) + (ch - '0'));
if (ch == '%' || ch == '#') {
state = sw_usual;
@@ -1536,7 +1536,7 @@ ngx_http_parse_complex_uri(ngx_http_requ
c = (u_char) (ch | 0x20);
if (c >= 'a' && c <= 'f') {
- ch = (u_char) ((decoded << 4) + c - 'a' + 10);
+ ch = (u_char) ((decoded << 4) + (c - 'a') + 10);
if (ch == '?') {
state = sw_usual;
@@ -1701,7 +1701,7 @@ ngx_http_parse_status_line(ngx_http_requ
return NGX_ERROR;
}
- r->http_major = r->http_major * 10 + ch - '0';
+ r->http_major = r->http_major * 10 + (ch - '0');
break;
/* the first digit of minor HTTP version */
@@ -1729,7 +1729,7 @@ ngx_http_parse_status_line(ngx_http_requ
return NGX_ERROR;
}
- r->http_minor = r->http_minor * 10 + ch - '0';
+ r->http_minor = r->http_minor * 10 + (ch - '0');
break;
/* HTTP status code */
@@ -1742,7 +1742,7 @@ ngx_http_parse_status_line(ngx_http_requ
return NGX_ERROR;
}
- status->code = status->code * 10 + ch - '0';
+ status->code = status->code * 10 + (ch - '0');
if (++status->count == 3) {
state = sw_space_after_status;
diff -r a27e0c7e198c -r e3723f2a11b7 src/http/ngx_http_upstream.c
--- a/src/http/ngx_http_upstream.c Wed Jul 12 11:34:04 2017 +0300
+++ b/src/http/ngx_http_upstream.c Mon Jul 17 17:23:51 2017 +0300
@@ -4503,7 +4503,7 @@ ngx_http_upstream_process_cache_control(
}
if (*p >= '0' && *p <= '9') {
- n = n * 10 + *p - '0';
+ n = n * 10 + (*p - '0');
continue;
}
@@ -4531,7 +4531,7 @@ ngx_http_upstream_process_cache_control(
}
if (*p >= '0' && *p <= '9') {
- n = n * 10 + *p - '0';
+ n = n * 10 + (*p - '0');
continue;
}
@@ -4554,7 +4554,7 @@ ngx_http_upstream_process_cache_control(
}
if (*p >= '0' && *p <= '9') {
- n = n * 10 + *p - '0';
+ n = n * 10 + (*p - '0');
continue;
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
| Subject | Author | Views | Posted |
|---|---|---|---|
|
Valentin Bartenev | 473 | July 17, 2017 10:26AM |
Sorry, you do not have permission to post/reply in this forum.
Online Users
Guests:
87
Record Number of Users:
8
on April 13, 2023
Record Number of Guests:
421
on December 02, 2018
This forum is powered by Phorum.
 |
 |
 |
 |
|