From 41ecd45a5bb78b2214c4515768a51aff0c57eead Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Fri, 8 May 2020 19:19:16 +0300
Subject: Variables: fixed buffer over-read when evaluating "$arg_".

---
 src/http/ngx_http_variables.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/http/ngx_http_variables.c')

diff --git a/src/http/ngx_http_variables.c b/src/http/ngx_http_variables.c
index e067cf0c2..c2113c843 100644
--- a/src/http/ngx_http_variables.c
+++ b/src/http/ngx_http_variables.c
@@ -1075,7 +1075,7 @@ ngx_http_variable_argument(ngx_http_request_t *r, ngx_http_variable_value_t *v,
     len = name->len - (sizeof("arg_") - 1);
     arg = name->data + sizeof("arg_") - 1;
 
-    if (ngx_http_arg(r, arg, len, &value) != NGX_OK) {
+    if (len == 0 || ngx_http_arg(r, arg, len, &value) != NGX_OK) {
         v->not_found = 1;
         return NGX_OK;
     }
-- 
cgit