[nginx] SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.
Sergey Kandaurov
pluknet at nginx.com
Mon Oct 17 12:26:37 UTC 2022
details: https://hg.nginx.org/nginx/rev/e32b48848add
branches:
changeset: 8088:e32b48848add
user: Sergey Kandaurov <pluknet at nginx.com>
date: Mon Oct 17 16:24:53 2022 +0400
description:
SSL: improved validation of ssl_session_cache and ssl_ocsp_cache.
Now it properly detects invalid shared zone configuration with omitted size.
Previously it used to read outside of the buffer boundary.
Found with AddressSanitizer.
diffstat:
src/http/modules/ngx_http_ssl_module.c | 4 ++--
src/mail/ngx_mail_ssl_module.c | 2 +-
src/stream/ngx_stream_ssl_module.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diffs (45 lines):
diff -r 81b4326daac7 -r e32b48848add src/http/modules/ngx_http_ssl_module.c
--- a/src/http/modules/ngx_http_ssl_module.c Thu Oct 13 16:18:56 2022 +0400
+++ b/src/http/modules/ngx_http_ssl_module.c Mon Oct 17 16:24:53 2022 +0400
@@ -1093,7 +1093,7 @@ ngx_http_ssl_session_cache(ngx_conf_t *c
len++;
}
- if (len == 0) {
+ if (len == 0 || j == value[i].len) {
goto invalid;
}
@@ -1183,7 +1183,7 @@ ngx_http_ssl_ocsp_cache(ngx_conf_t *cf,
len++;
}
- if (len == 0) {
+ if (len == 0 || j == value[1].len) {
goto invalid;
}
diff -r 81b4326daac7 -r e32b48848add src/mail/ngx_mail_ssl_module.c
--- a/src/mail/ngx_mail_ssl_module.c Thu Oct 13 16:18:56 2022 +0400
+++ b/src/mail/ngx_mail_ssl_module.c Mon Oct 17 16:24:53 2022 +0400
@@ -682,7 +682,7 @@ ngx_mail_ssl_session_cache(ngx_conf_t *c
len++;
}
- if (len == 0) {
+ if (len == 0 || j == value[i].len) {
goto invalid;
}
diff -r 81b4326daac7 -r e32b48848add src/stream/ngx_stream_ssl_module.c
--- a/src/stream/ngx_stream_ssl_module.c Thu Oct 13 16:18:56 2022 +0400
+++ b/src/stream/ngx_stream_ssl_module.c Mon Oct 17 16:24:53 2022 +0400
@@ -1073,7 +1073,7 @@ ngx_stream_ssl_session_cache(ngx_conf_t
len++;
}
- if (len == 0) {
+ if (len == 0 || j == value[i].len) {
goto invalid;
}
More information about the nginx-devel
mailing list