Changeset 6013:9653092a79fd in nginx


Ignore:
Timestamp:
03/16/15 21:26:24 (5 years ago)
Author:
Ruslan Ermilov <ru@…>
Branch:
default
Phase:
public
Message:

Overflow detection in ngx_http_range_parse().

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/http/modules/ngx_http_range_filter_module.c

    r5621 r6013  
    275275{
    276276    u_char            *p;
    277     off_t              start, end, size, content_length;
     277    off_t              start, end, size, content_length, cutoff, cutlim;
    278278    ngx_uint_t         suffix;
    279279    ngx_http_range_t  *range;
     
    282282    size = 0;
    283283    content_length = r->headers_out.content_length_n;
     284
     285    cutoff = NGX_MAX_OFF_T_VALUE / 10;
     286    cutlim = NGX_MAX_OFF_T_VALUE % 10;
    284287
    285288    for ( ;; ) {
     
    296299
    297300            while (*p >= '0' && *p <= '9') {
     301                if (start >= cutoff && (start > cutoff || *p - '0' > cutlim)) {
     302                    return NGX_HTTP_RANGE_NOT_SATISFIABLE;
     303                }
     304
    298305                start = start * 10 + *p++ - '0';
    299306            }
     
    322329
    323330        while (*p >= '0' && *p <= '9') {
     331            if (end >= cutoff && (end > cutoff || *p - '0' > cutlim)) {
     332                return NGX_HTTP_RANGE_NOT_SATISFIABLE;
     333            }
     334
    324335            end = end * 10 + *p++ - '0';
    325336        }
Note: See TracChangeset for help on using the changeset viewer.