Hello!

I've noticed a small memory overflow issue in ngx_resolver's debug
logging code that was caught by Valgrind/Memcheck on Linux x86_64.

Basically, when calling ngx_log_debug6 from within
ngx_resolver_process_response, the "%ui" formatter is incorrectly used
for int-typed values "(query->nns_hi << 8) + query->nns_lo" and
"(query->nar_hi << 8) + query->nar_lo".

Below attaches a patch for nginx 1.3.0 :)

Hope this helps,
-agentzh

--- nginx-1.3.0/src/core/ngx_resolver.c 2012-05-14 17:13:45.000000000 +0800
+++ nginx-1.3.0-patched/src/core/ngx_resolver.c 2012-06-01
18:08:06.512047421 +0800
@@ -1035,7 +1035,7 @@
nan = (query->nan_hi << 8) + query->nan_lo;

ngx_log_debug6(NGX_LOG_DEBUG_CORE, r->log, 0,
- "resolver DNS response %ui fl:%04Xui %ui/%ui/%ui/%ui",
+ "resolver DNS response %ui fl:%04Xui %ui/%ui/%ud/%ud",
ident, flags, nqs, nan,
(query->nns_hi << 8) + query->nns_lo,
(query->nar_hi << 8) + query->nar_lo);
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel