Welcome! Log In Create A New Profile

Advanced

bug in "search_headers_in"

April 15, 2022 12:29AM
Inside nginx blog: "Managing request headers" , there is a method: search_headers_in which can search for arbitrary headers, however this method use ngx_strcasecmp( "ngx_strcasecmp(u_char *s1, u_char *s2)") which assume the input s1 must be '\0' terminated.

so inside the code below, this function may get wrong result , beause name is not '\0\ terminated.
"
if (len != h[i].key.len || ngx_strcasecmp(name, h[i].key.data) != 0) {
/* This header doesn't match. */
continue;
}
"

the right way use "search_headers_in" is:

ngx_strsearch_header2;
ngx_str_t search_header=ngx_string("to_be_searched");
search_header2.data=ngx_pnlloc(search_header.len+1);
search_header2.len=search_header.len;

search_headers_in(r, search_header2.data, search_header2.len);



==========================
static ngx_table_elt_t *
search_headers_in(ngx_http_request_t *r, u_char *name, size_t len) {
ngx_list_part_t *part;
ngx_table_elt_t *h;
ngx_uint_t i;

/*
Get the first part of the list. There is usual only one part.
*/
part = &r->headers_in.headers.part;
h = part->elts;

/*
Headers list array may consist of more than one part,
so loop through all of it
*/
for (i = 0; /* void */ ; i++) {
if (i >= part->nelts) {
if (part->next == NULL) {
/* The last part, search is done. */
break;
}

part = part->next;
h = part->elts;
i = 0;
}

/*
Just compare the lengths and then the names case insensitively.
*/
if (len != h[i].key.len || ngx_strcasecmp(name, h[i].key.data) != 0) {
/* This header doesn't match. */
continue;
}

/*
Ta-da, we got one!
Note, we'v stop the search at the first matched header
while more then one header may fit.
*/
return &h[i];
}

/*
No headers was found
*/
return NULL;
}
=============================
Subject Author Posted

bug in "search_headers_in"

shanlei April 15, 2022 12:29AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready