Mercurial > hg > nginx-vendor-1-0
diff src/http/modules/ngx_http_uwsgi_module.c @ 648:fa9b9e42035e NGINX_1_0_14
nginx 1.0.14
*) Security: content of previously freed memory might be sent to a
client if backend returned specially crafted response.
Thanks to Matthew Daley.
author | Igor Sysoev <http://sysoev.ru> |
---|---|
date | Thu, 15 Mar 2012 00:00:00 +0400 |
parents | ad25218fd14b |
children |
line wrap: on
line diff
--- a/src/http/modules/ngx_http_uwsgi_module.c +++ b/src/http/modules/ngx_http_uwsgi_module.c @@ -947,8 +947,10 @@ ngx_http_uwsgi_process_header(ngx_http_r h->value.data = h->key.data + h->key.len + 1; h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1; - ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1); - ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1); + ngx_memcpy(h->key.data, r->header_name_start, h->key.len); + h->key.data[h->key.len] = '\0'; + ngx_memcpy(h->value.data, r->header_start, h->value.len); + h->value.data[h->value.len] = '\0'; if (h->key.len == r->lowcase_index) { ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);