Mercurial > hg > nginx-vendor-0-5
diff src/http/ngx_http_parse.c @ 336:85cf055f9552 NGINX_0_5_38
nginx 0.5.38
*) Security: a segmentation fault might occur in worker process while
specially crafted request handling.
Thanks to Chris Ries.
*) Bugfix: a segmentation fault might occur in worker process, if
error_log was set to info or debug level.
Thanks to Sergey Bochenkov.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Mon, 14 Sep 2009 00:00:00 +0400 |
parents | c60beecc6ab5 |
children |
line wrap: on
line diff
--- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -738,6 +738,7 @@ ngx_http_parse_header_line(ngx_http_requ /* first char */ case sw_start: + r->header_name_start = p; r->invalid_header = 0; switch (ch) { @@ -750,7 +751,6 @@ ngx_http_parse_header_line(ngx_http_requ goto header_done; default: state = sw_name; - r->header_name_start = p; c = lowcase[ch]; @@ -1123,11 +1123,15 @@ ngx_http_parse_complex_uri(ngx_http_requ #endif case '/': state = sw_slash; - u -= 4; - if (u < r->uri.data) { - return NGX_HTTP_PARSE_INVALID_REQUEST; - } - while (*(u - 1) != '/') { + u -= 5; + for ( ;; ) { + if (u < r->uri.data) { + return NGX_HTTP_PARSE_INVALID_REQUEST; + } + if (*u == '/') { + u++; + break; + } u--; } break;