[nginx] Core: fixed segfault with null in wildcard hash names.

Maxim Dounin Fri, 11 Sep 2015 07:13:32 -0700

details:   http://hg.nginx.org/nginx/rev/3cf25d33886a
branches:  
changeset: 6245:3cf25d33886a
user:      Maxim Dounin <mdou...@mdounin.ru>
date:      Fri Sep 11 17:04:40 2015 +0300
description:
Core: fixed segfault with null in wildcard hash names.


A configuration like

    server { server_name .foo^@; }
    server { server_name .foo; }

resulted in a segmentation fault during construction of server names hash.

Reported by Markus Linnala.
Found with afl-fuzz.

diffstat:

 src/core/ngx_hash.c |  4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diffs (14 lines):

diff --git a/src/core/ngx_hash.c b/src/core/ngx_hash.c
--- a/src/core/ngx_hash.c
+++ b/src/core/ngx_hash.c
@@ -743,6 +743,10 @@ ngx_hash_add_key(ngx_hash_keys_arrays_t 
             if (key->data[i] == '.' && key->data[i + 1] == '.') {
                 return NGX_DECLINED;
             }
+
+            if (key->data[i] == '\0') {
+                return NGX_DECLINED;
+            }
         }
 
         if (key->len > 1 && key->data[0] == '.') {

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[nginx] Core: fixed segfault with null in wildcard hash names.

Reply via email to