[nginx] Core: fixed segfault with null in wildcard hash names.
Maxim Dounin
mdounin at mdounin.ru
Fri Sep 11 14:12:24 UTC 2015
details: http://hg.nginx.org/nginx/rev/3cf25d33886a
branches:
changeset: 6245:3cf25d33886a
user: Maxim Dounin <mdounin at mdounin.ru>
date: Fri Sep 11 17:04:40 2015 +0300
description:
Core: fixed segfault with null in wildcard hash names.
A configuration like
server { server_name .foo^@; }
server { server_name .foo; }
resulted in a segmentation fault during construction of server names hash.
Reported by Markus Linnala.
Found with afl-fuzz.
diffstat:
src/core/ngx_hash.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diffs (14 lines):
diff --git a/src/core/ngx_hash.c b/src/core/ngx_hash.c
--- a/src/core/ngx_hash.c
+++ b/src/core/ngx_hash.c
@@ -743,6 +743,10 @@ ngx_hash_add_key(ngx_hash_keys_arrays_t
if (key->data[i] == '.' && key->data[i + 1] == '.') {
return NGX_DECLINED;
}
+
+ if (key->data[i] == '\0') {
+ return NGX_DECLINED;
+ }
}
if (key->len > 1 && key->data[0] == '.') {
More information about the nginx-devel
mailing list