Welcome! Log In Create A New Profile

Re: A coredump risk in core/ngx_resolver.c

Forum List Message List New Topic Print View

Maxim Dounin

February 03, 2012 05:56AM

Hello!

On Fri, Feb 03, 2012 at 02:02:12PM +0800, devfua wrote:

> /* convert "www.example.com" to "\3www\7example\3com\0" */
>
>
> len = 0;
> p--;
> *p-- = '\0';
>
>
> for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) {
> if (*s != '.') {
> *p = *s;
> len++;
>
>
> } else {
> if (len == 0) {
> return NGX_DECLINED;
> }
>
>
> *p = (u_char) len;
> len = 0;
> }
>
>
> p--;
> }
>
>
> *p = (u_char) len;
>
>
>
> line 1778
> if (*s != '.') {
>
>
> if ctx->name.data = 0x0 ctx->name.len = 0
> s = 0xffffffff
>
>
> *s will cause segment fault。

Nice catch, thanks.

This is not expected to happen with current code, as ngx_resolve_name()
is never called with ctx->name set to { NULL, 0 }. Though it
needs fixing anyway. Care to provide a patch?

Maxim Dounin

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
A coredump risk in core/ngx_resolver.c	devfua	1047	February 03, 2012 01:04AM
Re: A coredump risk in core/ngx_resolver.c	Maxim Dounin	522	February 03, 2012 05:56AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 295

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018