Mercurial > hg > nginx-quic
changeset 5904:abb466a57a22
SPDY: fixed check for too long header name or value.
For further progress a new buffer must be at least two bytes larger than
the remaining unparsed data. One more byte is needed for null-termination
and another one for further progress. Otherwise inflate() fails with
Z_BUF_ERROR.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Fri, 07 Nov 2014 17:22:19 +0300 |
parents | 571e66f7c12c |
children | 2f7e557eab5b |
files | src/http/ngx_http_spdy.c |
diffstat | 1 files changed, 3 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/src/http/ngx_http_spdy.c +++ b/src/http/ngx_http_spdy.c @@ -2660,10 +2660,10 @@ ngx_http_spdy_alloc_large_header_buffer( rest = r->header_in->last - r->header_in->pos; /* - * equality is prohibited since one more byte is needed - * for null-termination + * One more byte is needed for null-termination + * and another one for further progress. */ - if (rest >= cscf->large_client_header_buffers.size) { + if (rest > cscf->large_client_header_buffers.size - 2) { p = r->header_in->pos; if (rest > NGX_MAX_ERROR_STR - 300) {