SSL: overcame possible buffer over-read in ngx_ssl_error().

It appeared that ERR_error_string_n() cannot handle zero buffer size well enough and causes over-read. The problem has also been fixed in OpenSSL: https://git.openssl.org/?p=openssl.git;h=e5c1361580d8de79682958b04a5f0d262e680f8b
2025-02-25 18:55:26 -06:00 · 2016-10-18 20:46:06 +03:00 · 2016-10-18 20:46:06 +03:00 · 841737915c
commit 841737915c
parent 66c23edf63
1 changed files with 3 additions and 1 deletions
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@ -2137,7 +2137,9 @@ ngx_ssl_error(ngx_uint_t level, ngx_log_t *log, ngx_err_t err, char *fmt, ...)
            break;
        }

-        if (p >= last) {
+        /* ERR_error_string_n() requires at least one byte */
+
+        if (p >= last - 1) {
            goto next;
        }