A bounds check of %N format on Windows. Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.

commit: afa38fcd12a501ab5d91c100f826d960e00c61ee [log] [tgz]
author: Igor Sysoev <igor@sysoev.ru> Tue Jan 27 15:38:15 2015 +0300
committer: Igor Sysoev <igor@sysoev.ru> Tue Jan 27 15:38:15 2015 +0300
tree: 803449f5fc6e21d9758e1714397c07b7d46836c6
parent: 81b2c1498f06b9f8355e8df3b0ee6a27f01b5035 [diff]
diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index a41c38d..f8641b7 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c

@@ -429,8 +429,12 @@
             case 'N':
 #if (NGX_WIN32)
                 *buf++ = CR;
-#endif
+                if (buf < last) {
+                    *buf++ = LF;
+                }
+#else
                 *buf++ = LF;
+#endif
                 fmt++;
 
                 continue;
commit	afa38fcd12a501ab5d91c100f826d960e00c61ee	[log] [tgz]
author	Igor Sysoev <igor@sysoev.ru>	Tue Jan 27 15:38:15 2015 +0300
committer	Igor Sysoev <igor@sysoev.ru>	Tue Jan 27 15:38:15 2015 +0300
tree	803449f5fc6e21d9758e1714397c07b7d46836c6
parent	81b2c1498f06b9f8355e8df3b0ee6a27f01b5035 [diff]