Welcome! Log In Create A New Profile

[PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok

Forum List Message List New Topic Print View

agentzh

December 21, 2011 10:20PM

Hello!

Here attaches a patch for ngx_http_core_module (of the Nginx 1.0.10
core) to fix a memory invalid read bug captured by the valgrind
memcheck tool on my side.

When the Accept-Encoding request header takes the exact "gzip" value,
the ngx_http_gzip_ok function might run out of the memory block by 1
byte when calling ngx_memcmp to compare exactly 5 bytes of data.

Hopefully this patch can be applied to the mainstream nginx :)

Thanks!
-agentzh

--- nginx-1.0.10/src/http/ngx_http_core_module.c 2011-11-01
21:45:33.000000000 +0800
+++ nginx-1.0.10-patched/src/http/ngx_http_core_module.c 2011-12-22
11:08:02.546297974 +0800
@@ -2070,7 +2070,7 @@
* Opera: "gzip, deflate"
*/

- if (ngx_memcmp(ae->value.data, "gzip,", 5) != 0
+ if (ngx_memcmp(ae->value.data, "gzip,", ngx_min(ae->value.len, 5)) != 0
&& ngx_http_gzip_accept_encoding(&ae->value) != NGX_OK)
{
return NGX_DECLINED;
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok	agentzh	1295	December 21, 2011 10:20PM
Re: [PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok	Maxim Dounin	470	December 22, 2011 04:02AM
Re: [PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok	agentzh	450	December 22, 2011 07:20AM
Re: [PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok	Maxim Dounin	414	December 22, 2011 08:22AM
Re: [PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok	agentzh	473	December 22, 2011 08:38AM
Re: [PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok	Maxim Dounin	469	December 22, 2011 10:18AM
Re: [PATCH] Fix a memory invalid read issue in ngx_http_gzip_ok	agentzh	613	December 23, 2011 06:12AM