details: http://hg.nginx.org/nginx/rev/7bdd34cd2711
branches:
changeset: 6071:7bdd34cd2711
user: Sergey Kandaurov <[email protected]>
date: Tue Apr 07 01:32:08 2015 +0300
description:
Core: limited levels of subdirectory hierarchy used for temp files.
Similar to ngx_http_file_cache_set_slot(), the last component of file->name
with a fixed length of 10 bytes, as generated in ngx_create_temp_path(), is
used as a source for the names of intermediate subdirectories with each one
taking its own part. Ensure that the sum of specified levels with slashes
fits into the length (ticket #731).
diffstat:
src/core/ngx_file.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
diffs (14 lines):
diff -r 3f5465a33fa8 -r 7bdd34cd2711 src/core/ngx_file.c
--- a/src/core/ngx_file.c Tue Apr 07 01:32:07 2015 +0300
+++ b/src/core/ngx_file.c Tue Apr 07 01:32:08 2015 +0300
@@ -372,6 +372,10 @@ ngx_conf_set_path_slot(ngx_conf_t *cf, n
path->len += level + 1;
}
+ if (path->len > 10 + i) {
+ return "invalid value";
+ }
+
*slot = path;
if (ngx_add_path(cf, slot) == NGX_ERROR) {
_______________________________________________
nginx-devel mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx-devel
