Mercurial > hg > nginx
comparison src/http/ngx_http_request.c @ 6075:7fcfe113827d stable-1.6
Fixed possible buffer overrun in "too long header line" logging.
Additionally, ellipsis now always added to make it clear that
the header logged is incomplete.
Reported by Daniil Bondarev.
| author | Maxim Dounin <mdounin@mdounin.ru> |
|---|---|
| date | Wed, 08 Oct 2014 17:16:04 +0400 |
| parents | b8188afb3bbb |
| children |
comparison
equal
deleted
inserted
replaced
| 6074:dfb23e4361da | 6075:7fcfe113827d |
|---|---|
| 1225 | 1225 |
| 1226 len = r->header_in->end - p; | 1226 len = r->header_in->end - p; |
| 1227 | 1227 |
| 1228 if (len > NGX_MAX_ERROR_STR - 300) { | 1228 if (len > NGX_MAX_ERROR_STR - 300) { |
| 1229 len = NGX_MAX_ERROR_STR - 300; | 1229 len = NGX_MAX_ERROR_STR - 300; |
| 1230 p[len++] = '.'; p[len++] = '.'; p[len++] = '.'; | |
| 1231 } | 1230 } |
| 1232 | 1231 |
| 1233 ngx_log_error(NGX_LOG_INFO, c->log, 0, | 1232 ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| 1234 "client sent too long header line: \"%*s\"", | 1233 "client sent too long header line: \"%*s...\"", |
| 1235 len, r->header_name_start); | 1234 len, r->header_name_start); |
| 1236 | 1235 |
| 1237 ngx_http_finalize_request(r, | 1236 ngx_http_finalize_request(r, |
| 1238 NGX_HTTP_REQUEST_HEADER_TOO_LARGE); | 1237 NGX_HTTP_REQUEST_HEADER_TOO_LARGE); |
| 1239 return; | 1238 return; |
| 1240 } | 1239 } |