[PATCH 1 of 2] HTTP: uniform overflow checks in ngx_http_alloc_large_header_buffer
Vladimir Homutov
vl at inspert.ru
Fri Nov 10 09:11:54 UTC 2023
If URI is not fully parsed yet, some pointers are not set.
As a result, the calculation of "new + (ptr - old)" expression
may overflow. In such a case, just avoid calculating it, as value
will be set correctly later by the parser in any case.
The issue was found by GCC undefined behaviour sanitizer.
src/http/ngx_http_request.c | 34 ++++++++++++++++++++++++++--------
1 files changed, 26 insertions(+), 8 deletions(-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx-1.patch
Type: text/x-patch
Size: 2277 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20231110/f176fd33/attachment.bin>
More information about the nginx-devel
mailing list