Forum List Message List New Topic Print View

Maxim Dounin

September 11, 2015 10:14AM

details: http://hg.nginx.org/nginx/rev/3cf25d33886a
branches:
changeset: 6245:3cf25d33886a
user: Maxim Dounin <mdounin@mdounin.ru>
date: Fri Sep 11 17:04:40 2015 +0300
description:
Core: fixed segfault with null in wildcard hash names.

A configuration like

server { server_name .foo^@; }
server { server_name .foo; }

resulted in a segmentation fault during construction of server names hash.

Reported by Markus Linnala.
Found with afl-fuzz.

diffstat:

src/core/ngx_hash.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)

diffs (14 lines):

diff --git a/src/core/ngx_hash.c b/src/core/ngx_hash.c
--- a/src/core/ngx_hash.c
+++ b/src/core/ngx_hash.c
@@ -743,6 +743,10 @@ ngx_hash_add_key(ngx_hash_keys_arrays_t
if (key->data[i] == '.' && key->data[i + 1] == '.') {
return NGX_DECLINED;
}
+
+ if (key->data[i] == '\0') {
+ return NGX_DECLINED;
+ }
}

if (key->len > 1 && key->data[0] == '.') {

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] Core: fixed segfault with null in wildcard hash names.	Maxim Dounin	994	September 11, 2015 10:14AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 239

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

[nginx] Core: fixed segfault with null in wildcard hash names.

Online Users