nginx-vendor-0-5: src/http/ngx_http

comparison src/http/ngx_http_parse.c @ 336:85cf055f9552 NGINX_0_5_38

nginx 0.5.38 *) Security: a segmentation fault might occur in worker process while specially crafted request handling. Thanks to Chris Ries. *) Bugfix: a segmentation fault might occur in worker process, if error_log was set to info or debug level. Thanks to Sergey Bochenkov.

author	Igor Sysoev <http://sysoev.ru>
date	Mon, 14 Sep 2009 00:00:00 +0400
parents	c60beecc6ab5
children

comparison

equal deleted inserted replaced

-:90de406d5898
+:85cf055f9552
 switch (state) {
 /* first char */
 case sw_start:
+r->header_name_start = p;
 r->invalid_header = 0;
 switch (ch) {
 case CR:
 r->header_end = p;
 case LF:
 r->header_end = p;
 goto header_done;
 default:
 state = sw_name;
-r->header_name_start = p;
 c = lowcase[ch];
 if (c) {
 hash = ngx_hash(0, c);
 #if (NGX_WIN32)
 case '\\':
 #endif
 case '/':
 state = sw_slash;
-u -= 4;
+u -= 5;
-if (u < r->uri.data) {
+for ( ;; ) {
-return NGX_HTTP_PARSE_INVALID_REQUEST;
+if (u < r->uri.data) {
-}
+return NGX_HTTP_PARSE_INVALID_REQUEST;
-while (*(u - 1) != '/') {
+}
+if (*u == '/') {
+u++;
+break;
+}
 u--;
 }
 break;
 case '%':
 quoted_state = state;

Mercurial > hg > nginx-vendor-0-5

comparison src/http/ngx_http_parse.c @ 336:85cf055f9552 NGINX_0_5_38