Google Git
Sign in
nginx/nginx/afa38fcd12a501ab5d91c100f826d960e00c61ee^!/.
commit
afa38fcd12a501ab5d91c100f826d960e00c61ee
[log] [tgz]
author
Igor Sysoev <igor@sysoev.ru>
Tue Jan 27 15:38:15 2015 +0300
committer
Igor Sysoev <igor@sysoev.ru>
Tue Jan 27 15:38:15 2015 +0300
tree
803449f5fc6e21d9758e1714397c07b7d46836c6
parent
81b2c1498f06b9f8355e8df3b0ee6a27f01b5035 [diff]
A bounds check of %N format on Windows.
Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.

diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index a41c38d..f8641b7 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c

@@ -429,8 +429,12 @@
             case 'N':
 #if (NGX_WIN32)
                 *buf++ = CR;
-#endif
+                if (buf < last) {
+                    *buf++ = LF;
+                }
+#else
                 *buf++ = LF;
+#endif
                 fmt++;
 
                 continue;