From 38a97edf3abcd988e6eb731ec3968949960c1be9 Mon Sep 17 00:00:00 2001 From: Sergey Kandaurov Date: Tue, 7 Apr 2015 01:32:08 +0300 Subject: Core: limited levels of subdirectory hierarchy used for temp files. Similar to ngx_http_file_cache_set_slot(), the last component of file->name with a fixed length of 10 bytes, as generated in ngx_create_temp_path(), is used as a source for the names of intermediate subdirectories with each one taking its own part. Ensure that the sum of specified levels with slashes fits into the length (ticket #731). --- src/core/ngx_file.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/core/ngx_file.c') diff --git a/src/core/ngx_file.c b/src/core/ngx_file.c index a8b07ecea..3ebd73d8b 100644 --- a/src/core/ngx_file.c +++ b/src/core/ngx_file.c @@ -372,6 +372,10 @@ ngx_conf_set_path_slot(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) path->len += level + 1; } + if (path->len > 10 + i) { + return "invalid value"; + } + *slot = path; if (ngx_add_path(cf, slot) == NGX_ERROR) { -- cgit