one more result. If DEBUG is 0 in Perl script, Signal 11 occurs, if DEBUG=1 everything works. Christian _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-develby Christian Felsing - Nginx Development
Hi, Am 27.04.2014 12:53, schrieb Filipe Da Silva: > I'm not sure about this, as this buffer already has an oversized allocation: ....I hope so... > Same about the certificate subject. > C strings are zero terminated, whatever its contains : UTF-8 or not. if all used libraries do so, this should be ok. > Please try this patch : > It will directly check if there is any buffer ovby Christian Felsing - Nginx Development
Hello, this patch has an buffer length calculation issue in src/mail/ngx_mail_auth_http_module.c, in case of multiple login - logout sequences sometimes I got signal 11 errors in log which are caused by memory access outside that buffer. This may also a security issue. len = sizeof("GET ") - 1 + ahcf->uri.len + sizeof(" HTTP/1.0" CRLF) - 1 + sizeof("Hostby Christian Felsing - Nginx Development
Hello, is that patch available somewhere in Nginx Mercurial? Christian Am 25.04.2014 17:30, schrieb Maxim Dounin: > Latest work on this seems to be in this thread: > > http://mailman.nginx.org/pipermail/nginx-devel/2014-March/005067.html > http://mailman.nginx.org/pipermail/nginx-devel/2014-April/005179.html > > The code yet to be improved though. > ____________________by Christian Felsing - Nginx Mailing List - English