A coredump risk in core/ngx_resolver.c

devfua devfua at qq.com
Fri Feb 3 05:28:25 UTC 2012


/* convert "www.example.com" to "\3www\7example\3com\0" */


    len = 0;
    p--;
    *p-- = '\0';


    for (s = ctx->name.data + ctx->name.len - 1; s >= ctx->name.data; s--) {
        if (*s != '.') {
            *p = *s;
            len++;


        } else {
            if (len == 0) {
                return NGX_DECLINED;
            }


            *p = (u_char) len;
            len = 0;
        }


        p--;
    }


    *p = (u_char) len;



line 1778
        if (*s != '.') {


if ctx->name.data = 0x0  ctx->name.len = 0
s = 0xffffffff


*s will cause segment fault。




Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20120203/4f802f16/attachment.html>


More information about the nginx-devel mailing list