Welcome! Log In Create A New Profile

Advanced

[nginx] Fixed possible buffer overrun in "too long header line" ...

Maxim Dounin
October 08, 2014 09:44AM
details: http://hg.nginx.org/nginx/rev/21043ce2a005
branches:
changeset: 5871:21043ce2a005
user: Maxim Dounin <mdounin@mdounin.ru>
date: Wed Oct 08 17:16:04 2014 +0400
description:
Fixed possible buffer overrun in "too long header line" logging.

Additionally, ellipsis now always added to make it clear that
the header logged is incomplete.

Reported by Daniil Bondarev.

diffstat:

src/http/ngx_http_request.c | 5 ++---
1 files changed, 2 insertions(+), 3 deletions(-)

diffs (18 lines):

diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1227,12 +1227,11 @@ ngx_http_process_request_headers(ngx_eve

if (len > NGX_MAX_ERROR_STR - 300) {
len = NGX_MAX_ERROR_STR - 300;
- p[len++] = '.'; p[len++] = '.'; p[len++] = '.';
}

ngx_log_error(NGX_LOG_INFO, c->log, 0,
- "client sent too long header line: \"%*s\"",
- len, r->header_name_start);
+ "client sent too long header line: \"%*s...\"",
+ len, r->header_name_start);

ngx_http_finalize_request(r,
NGX_HTTP_REQUEST_HEADER_TOO_LARGE);

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[nginx] Fixed possible buffer overrun in "too long header line" ...

Maxim Dounin 719 October 08, 2014 09:44AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 159
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready