Mercurial > hg > nginx
view auto/headers @ 5590:6808ea2d69e4
SPDY: fixed potential integer overflow while parsing headers.
Previously r->header_size was used to store length for a part of
value that represents an individual already parsed HTTP header,
while r->header_end pointed to the end of the whole value.
Instead of storing length of a following name or value as pointer
to a potential end address (r->header_name_end and r->header_end)
that might be overflowed, now r->lowercase_index counter is used
to store remaining length of a following unparsed field.
It also fixes incorrect $body_bytes_sent value if a request is
closed while parsing of the request header. Since r->header_size
is intended for counting header size, thus abusing it for header
parsing purpose was certainly a bad idea.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Mon, 03 Mar 2014 19:24:55 +0400 |
parents | d620f497c50f |
children |
line wrap: on
line source
# Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. ngx_include="unistd.h"; . auto/include ngx_include="inttypes.h"; . auto/include ngx_include="limits.h"; . auto/include ngx_include="sys/filio.h"; . auto/include ngx_include="sys/param.h"; . auto/include ngx_include="sys/mount.h"; . auto/include ngx_include="sys/statvfs.h"; . auto/include ngx_include="crypt.h"; . auto/include