A coredump risk in core/ngx_resolver.c
devfua
devfua at qq.com
Fri Feb 3 06:02:12 UTC 2012
/* convert "www.example.com" to "\3www\7example\3com\0" */
len = 0;
p--;
*p-- = '\0';
for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) {
if (*s != '.') {
*p = *s;
len++;
} else {
if (len == 0) {
return NGX_DECLINED;
}
*p = (u_char) len;
len = 0;
}
p--;
}
*p = (u_char) len;
line 1778
if (*s != '.') {
if ctx->name.data = 0x0 ctx->name.len = 0
s = 0xffffffff
*s will cause segment fault。
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20120203/5929b851/attachment.html>
More information about the nginx-devel
mailing list