diff options
| author | Sergey Kandaurov <pluknet@nginx.com> | 2015-04-07 01:32:08 +0300 |
|---|---|---|
| committer | Sergey Kandaurov <pluknet@nginx.com> | 2015-04-07 01:32:08 +0300 |
| commit | 38a97edf3abcd988e6eb731ec3968949960c1be9 (patch) | |
| tree | 37a8d4b572d0df35d2e131119cd59b6af3fadbac | |
| parent | 256082c4f85e23888c3b56fbfcd86fc63547bd87 (diff) | |
| download | nginx-38a97edf3abcd988e6eb731ec3968949960c1be9.tar.gz | |
Core: limited levels of subdirectory hierarchy used for temp files.
Similar to ngx_http_file_cache_set_slot(), the last component of file->name
with a fixed length of 10 bytes, as generated in ngx_create_temp_path(), is
used as a source for the names of intermediate subdirectories with each one
taking its own part. Ensure that the sum of specified levels with slashes
fits into the length (ticket #731).
| -rw-r--r-- | src/core/ngx_file.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c index a8b07ecea..3ebd73d8b 100644 --- a/src/core/ngx_file.c +++ b/src/core/ngx_file.c @@ -372,6 +372,10 @@ ngx_conf_set_path_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) path->len += level + 1; } + if (path->len > 10 + i) { + return "invalid value"; + } + *slot = path; if (ngx_add_path(cf, slot) == NGX_ERROR) { |