[nginx] Core: fixed potential buffer overrun when initializing h...

Maxim Dounin mdounin at mdounin.ru
Tue Apr 7 13:04:38 UTC 2015


details:   http://hg.nginx.org/nginx/rev/12ab5cd445c0
branches:  stable-1.6
changeset: 6081:12ab5cd445c0
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Tue Feb 24 18:37:14 2015 +0300
description:
Core: fixed potential buffer overrun when initializing hash.

Initial size as calculated from the number of elements may be bigger
than max_size.  If this happens, make sure to set size to max_size.

Reported by Chris West.

diffstat:

 src/core/ngx_hash.c |  2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diffs (12 lines):

diff --git a/src/core/ngx_hash.c b/src/core/ngx_hash.c
--- a/src/core/ngx_hash.c
+++ b/src/core/ngx_hash.c
@@ -312,7 +312,7 @@ ngx_hash_init(ngx_hash_init_t *hinit, ng
         continue;
     }
 
-    size--;
+    size = hinit->max_size;
 
     ngx_log_error(NGX_LOG_WARN, hinit->pool->log, 0,
                   "could not build optimal %s, you should increase "



More information about the nginx-devel mailing list