Mercurial > hg > nginx
view conf/koi-win @ 7060:1adc6b0d5eaa stable-1.12
Range filter: protect from total size overflows.
The overflow can be used to circumvent the restriction on total size of
ranges introduced in c2a91088b0c0 (1.1.2). Additionally, overflow
allows producing ranges with negative start (such ranges can be created
by using a suffix, "bytes=-100"; normally this results in 200 due to
the total size check). These can result in the following errors in logs:
[crit] ... pread() ... failed (22: Invalid argument)
[alert] ... sendfile() failed (22: Invalid argument)
When using cache, it can be also used to reveal cache file header.
It is believed that there are no other negative effects, at least with
standard nginx modules.
In theory, this can also result in memory disclosure and/or segmentation
faults if multiple ranges are allowed, and the response is returned in a
single in-memory buffer. This never happens with standard nginx modules
though, as well as known 3rd party modules.
Fix is to properly protect from possible overflow when incrementing size.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Tue, 11 Jul 2017 16:06:23 +0300 |
parents | 400711951595 |
children |
line wrap: on
line source
charset_map koi8-r windows-1251 { 80 88 ; # euro 95 95 ; # bullet 9A A0 ; # 9E B7 ; # · A3 B8 ; # small yo A4 BA ; # small Ukrainian ye A6 B3 ; # small Ukrainian i A7 BF ; # small Ukrainian yi AD B4 ; # small Ukrainian soft g AE A2 ; # small Byelorussian short u B0 B0 ; # ° B3 A8 ; # capital YO B4 AA ; # capital Ukrainian YE B6 B2 ; # capital Ukrainian I B7 AF ; # capital Ukrainian YI B9 B9 ; # numero sign BD A5 ; # capital Ukrainian soft G BE A1 ; # capital Byelorussian short U BF A9 ; # (C) C0 FE ; # small yu C1 E0 ; # small a C2 E1 ; # small b C3 F6 ; # small ts C4 E4 ; # small d C5 E5 ; # small ye C6 F4 ; # small f C7 E3 ; # small g C8 F5 ; # small kh C9 E8 ; # small i CA E9 ; # small j CB EA ; # small k CC EB ; # small l CD EC ; # small m CE ED ; # small n CF EE ; # small o D0 EF ; # small p D1 FF ; # small ya D2 F0 ; # small r D3 F1 ; # small s D4 F2 ; # small t D5 F3 ; # small u D6 E6 ; # small zh D7 E2 ; # small v D8 FC ; # small soft sign D9 FB ; # small y DA E7 ; # small z DB F8 ; # small sh DC FD ; # small e DD F9 ; # small shch DE F7 ; # small ch DF FA ; # small hard sign E0 DE ; # capital YU E1 C0 ; # capital A E2 C1 ; # capital B E3 D6 ; # capital TS E4 C4 ; # capital D E5 C5 ; # capital YE E6 D4 ; # capital F E7 C3 ; # capital G E8 D5 ; # capital KH E9 C8 ; # capital I EA C9 ; # capital J EB CA ; # capital K EC CB ; # capital L ED CC ; # capital M EE CD ; # capital N EF CE ; # capital O F0 CF ; # capital P F1 DF ; # capital YA F2 D0 ; # capital R F3 D1 ; # capital S F4 D2 ; # capital T F5 D3 ; # capital U F6 C6 ; # capital ZH F7 C2 ; # capital V F8 DC ; # capital soft sign F9 DB ; # capital Y FA C7 ; # capital Z FB D8 ; # capital SH FC DD ; # capital E FD D9 ; # capital SHCH FE D7 ; # capital CH FF DA ; # capital hard sign }