]> git.kaiwu.me - nginx.git/commit
Add missing bounds check in ngx_{http,stream}_compile_complex_value()
authorFeng Wu <wufengwufengwufeng@gmail.com>
Tue, 23 Jun 2026 23:22:43 +0000 (07:22 +0800)
committerVadimZhestikov <108960056+VadimZhestikov@users.noreply.github.com>
Thu, 25 Jun 2026 16:15:44 +0000 (09:15 -0700)
commit42f8df65b694fa193cc2519f91cedd08fbe38a2c
tree80f1534863952438483f19fbaeeb6596893e7415
parent2d71bdcf8b34d9a44608920e34f2d031b3a938b6
Add missing bounds check in ngx_{http,stream}_compile_complex_value()

Complex value compilation scans strings for $1..$9 capture references.
Check that a byte after '$' is present before testing it, matching
ngx_str_t length semantics and avoiding reliance on NUL termination.

Apply the same check to both HTTP and stream implementations.
src/http/ngx_http_script.c
src/stream/ngx_stream_script.c