mirror of
https://github.com/nginx/nginx.git
synced 2024-12-19 21:53:31 -06:00
Core: allow strings without null-termination in ngx_parse_url().
This fixes buffer over-read while using variables in the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives, where result of string evaluation isn't null-terminated. Found with MemorySanitizer. Signed-off-by: Piotr Sikora <piotrsikora@google.com>
This commit is contained in:
parent
030a1f959c
commit
c3aed0a233
@ -529,14 +529,16 @@ ngx_int_t
|
||||
ngx_parse_url(ngx_pool_t *pool, ngx_url_t *u)
|
||||
{
|
||||
u_char *p;
|
||||
size_t len;
|
||||
|
||||
p = u->url.data;
|
||||
len = u->url.len;
|
||||
|
||||
if (ngx_strncasecmp(p, (u_char *) "unix:", 5) == 0) {
|
||||
if (len >= 5 && ngx_strncasecmp(p, (u_char *) "unix:", 5) == 0) {
|
||||
return ngx_parse_unix_domain_url(pool, u);
|
||||
}
|
||||
|
||||
if (p[0] == '[') {
|
||||
if (len && p[0] == '[') {
|
||||
return ngx_parse_inet6_url(pool, u);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user