Fixed ngx_parse_time() out of bounds access (ticket #821).
The code failed to ensure that "s" is within the buffer passed for parsing when checking for "ms", and this resulted in unexpected errors when parsing non-null-terminated strings with trailing "m". The bug manifested itself when the expires directive was used with variables. Found by Roman Arutyunyan.
This commit is contained in:
parent
fe6e13e579
commit
f38b4d5a56
|
@ -188,7 +188,7 @@ ngx_parse_time(ngx_str_t *line, ngx_uint_t is_sec)
|
|||
break;
|
||||
|
||||
case 'm':
|
||||
if (*p == 's') {
|
||||
if (p < last && *p == 's') {
|
||||
if (is_sec || step >= st_msec) {
|
||||
return NGX_ERROR;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue