SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.

Now it properly detects invalid shared zone configuration with omitted size. Previously it used to read outside of the buffer boundary. Found with AddressSanitizer.
2025-02-25 18:55:26 -06:00 · 2022-10-17 16:24:53 +04:00 · 2022-10-17 16:24:53 +04:00 · 35fce42269
commit 35fce42269
parent 5b23fe690f
3 changed files with 4 additions and 4 deletions
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@ -1093,7 +1093,7 @@ ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
                len++;
            }

-            if (len == 0) {
+            if (len == 0 || j == value[i].len) {
                goto invalid;
            }

@ -1183,7 +1183,7 @@ ngx_http_ssl_ocsp_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
        len++;
    }

-    if (len == 0) {
+    if (len == 0 || j == value[1].len) {
        goto invalid;
    }

--- a/src/mail/ngx_mail_ssl_module.c
+++ b/src/mail/ngx_mail_ssl_module.c
@ -682,7 +682,7 @@ ngx_mail_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
                len++;
            }

-            if (len == 0) {
+            if (len == 0 || j == value[i].len) {
                goto invalid;
            }

--- a/src/stream/ngx_stream_ssl_module.c
+++ b/src/stream/ngx_stream_ssl_module.c
@ -1073,7 +1073,7 @@ ngx_stream_ssl_session_cache(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
                len++;
            }

-            if (len == 0) {
+            if (len == 0 || j == value[i].len) {
                goto invalid;
            }