From 415c8ec4b4b0bc3f2cd575f33b987661cc62e87d Mon Sep 17 00:00:00 2001
From: Igor Sysoev <igor@sysoev.ru>
Date: Tue, 27 Jan 2015 15:38:15 +0300
Subject: A bounds check of %N format on Windows. Thanks to Joe Bialek, Adam
 Zabrocki and Microsoft Vulnerability Research.

---
 src/core/ngx_string.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src/core')

diff --git a/src/core/ngx_string.c b/src/core/ngx_string.c
index a41c38d37..f8641b7ab 100644
--- a/src/core/ngx_string.c
+++ b/src/core/ngx_string.c
@@ -429,8 +429,12 @@ ngx_vslprintf(u_char *buf, u_char *last, const char *fmt, va_list args)
             case 'N':
 #if (NGX_WIN32)
                 *buf++ = CR;
-#endif
+                if (buf < last) {
+                    *buf++ = LF;
+                }
+#else
                 *buf++ = LF;
+#endif
                 fmt++;
 
                 continue;
-- 
cgit