Mercurial > hg > nginx
comparison src/http/modules/ngx_http_referer_module.c @ 5352:ec0be12c8e29
Referer: fixed hostname buffer overflow check.
Because of premature check the effective buffer size was 255 symbols
while the buffer is able to handle 256.
| author | Valentin Bartenev <vbart@nginx.com> |
|---|---|
| date | Thu, 29 Aug 2013 22:35:54 +0400 |
| parents | a2c772963b04 |
| children | 2cd019520210 |
comparison
equal
deleted
inserted
replaced
| 5351:a2c772963b04 | 5352:ec0be12c8e29 |
|---|---|
| 176 for (p = ref; p < last; p++) { | 176 for (p = ref; p < last; p++) { |
| 177 if (*p == '/' || *p == ':') { | 177 if (*p == '/' || *p == ':') { |
| 178 break; | 178 break; |
| 179 } | 179 } |
| 180 | 180 |
| 181 if (i == 256) { | |
| 182 goto invalid; | |
| 183 } | |
| 184 | |
| 181 buf[i] = ngx_tolower(*p); | 185 buf[i] = ngx_tolower(*p); |
| 182 key = ngx_hash(key, buf[i++]); | 186 key = ngx_hash(key, buf[i++]); |
| 183 | |
| 184 if (i == 256) { | |
| 185 goto invalid; | |
| 186 } | |
| 187 } | 187 } |
| 188 | 188 |
| 189 uri = ngx_hash_find_combined(&rlcf->hash, key, buf, p - ref); | 189 uri = ngx_hash_find_combined(&rlcf->hash, key, buf, p - ref); |
| 190 | 190 |
| 191 if (uri) { | 191 if (uri) { |