Skip to content

Commit

Permalink
Merge pull request alibaba#909 from hongxiaolong/CVE-2017-7529
Browse files Browse the repository at this point in the history 
Patch for CVE-2017-7529
  • Loading branch information
@chobits
chobits authored Jul 12, 2017
2 parents 39f6b6c + 4621add commit 4c36c5d
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions src/http/modules/ngx_http_range_filter_module.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,10 @@ ngx_http_range_parse(ngx_http_request_t *r, ngx_http_range_filter_ctx_t *ctx,
range->start = start;
range->end = end;

if (size > NGX_MAX_OFF_T_VALUE - (end - start)) {
return NGX_HTTP_RANGE_NOT_SATISFIABLE;
}

size += end - start;

if (ranges-- == 0) {
Expand Down

0 comments on commit 4c36c5d

Please sign in to comment.