Mercurial > hg > nginx-mail
diff src/http/ngx_http_request.c @ 583:c04fa65fe604 NGINX_0_8_22
nginx 0.8.22
*) Feature: the "proxy_bind", "fastcgi_bind", and "memcached_bind"
directives.
*) Feature: the "access" and the "deny" directives support IPv6.
*) Feature: the "set_real_ip_from" directive supports IPv6 addresses in
request headers.
*) Feature: the "unix:" parameter of the "set_real_ip_from" directive.
*) Bugfix: nginx did not delete unix domain socket after configuration
testing.
*) Bugfix: nginx deleted unix domain socket while online upgrade.
*) Bugfix: the "!-x" operator did not work.
Thanks to Maxim Dounin.
*) Bugfix: a segmentation fault might occur in a worker process, if
limit_rate was used in HTTPS server.
Thanks to Maxim Dounin.
*) Bugfix: a segmentation fault might occur in a worker process while
$limit_rate logging.
Thanks to Maxim Dounin.
*) Bugfix: a segmentation fault might occur in a worker process, if
there was no "listen" directive in "server" block; the bug had
appeared in 0.8.21.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Tue, 03 Nov 2009 00:00:00 +0300 |
parents | 1dcf6adad484 |
children | e19e5f542878 |
line wrap: on
line diff
--- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -954,9 +954,17 @@ ngx_http_process_request_headers(ngx_eve } if (rv == NGX_DECLINED) { - len = r->header_in->end - r->header_name_start; p = r->header_name_start; + if (p == NULL) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent too large request"); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return; + } + + len = r->header_in->end - p; + if (len > NGX_MAX_ERROR_STR - 300) { len = NGX_MAX_ERROR_STR - 300; p[len++] = '.'; p[len++] = '.'; p[len++] = '.';