From c3e6901f5328ffaaf3201dc75262e21ee0eedc32 Mon Sep 17 00:00:00 2001
From: Axel Duch <axel.duch@nginx.com>
Date: Tue, 28 Jul 2020 14:51:33 +0100
Subject: Configuration: fixed buffer over-read in pattern validation.

There was an undefined behavior in the validation function, caused by testing
one character after the string if a wildcard was at the end.
---
 src/nxt_conf_validation.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/nxt_conf_validation.c b/src/nxt_conf_validation.c
index 27a08861..a5e0663f 100644
--- a/src/nxt_conf_validation.c
+++ b/src/nxt_conf_validation.c
@@ -1454,7 +1454,7 @@ nxt_conf_vldt_match_pattern(nxt_conf_validation_t *vldt,
     nxt_conf_value_t *value)
 {
     nxt_str_t   pattern;
-    nxt_uint_t  i, first;
+    nxt_uint_t  i, first, last;
 
     if (nxt_conf_type(value) != NXT_CONF_STRING) {
         return nxt_conf_vldt_error(vldt, "The \"match\" patterns for \"host\", "
@@ -1468,8 +1468,9 @@ nxt_conf_vldt_match_pattern(nxt_conf_validation_t *vldt,
     }
 
     first = (pattern.start[0] == '!');
+    last = pattern.length - 1;
 
-    for (i = first; i < pattern.length; i++) {
+    for (i = first; i < last; i++) {
         if (pattern.start[i] == '*' && pattern.start[i + 1] == '*') {
             return nxt_conf_vldt_error(vldt, "The \"match\" pattern must "
                                        "not contain double \"*\" markers.");
-- 
cgit