[nginx] A bounds check of %N format on Windows.

Tue Jan 27 12:38:47 UTC 2015

details:   http://hg.nginx.org/nginx/rev/78271500b8de
branches:  
changeset: 5965:78271500b8de
user:      Igor Sysoev <igor at sysoev.ru>
date:      Tue Jan 27 15:38:15 2015 +0300
description:
A bounds check of %N format on Windows.
Thanks to Joe Bialek, Adam Zabrocki and Microsoft Vulnerability Research.

diffstat:

 src/core/ngx_string.c |  6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diffs (17 lines):

diff -r 0a198a517eaf -r 78271500b8de src/core/ngx_string.c

--- a/src/core/ngx_string.c	Wed Jan 14 09:03:35 2015 +0300
+++ b/src/core/ngx_string.c	Tue Jan 27 15:38:15 2015 +0300
@@ -429,8 +429,12 @@ ngx_vslprintf(u_char *buf, u_char *last,
             case 'N':
 #if (NGX_WIN32)
                 *buf++ = CR;
+                if (buf < last) {
+                    *buf++ = LF;
+                }
+#else
+                *buf++ = LF;
 #endif
-                *buf++ = LF;
                 fmt++;
 
                 continue;

